Canonical USN OVAL Generator 1 5.11.1 2024-05-04T03:27:09 Copyright (C) 2024 Canonical LTD. All rights reserved. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License version 3 for more details. You should have received a copy of the GNU General Public License version 3 along with this program. If not, see http://www.gnu.org/licenses/. Ubuntu 16.04 LTS Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, and Randell Jesup discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1952) Nicolas Golubovic discovered that CSP violation reports can be used to overwrite local files. If a user were tricked in to opening a specially crafted website in a browsing context with addon signing disabled and unpacked addons installed, an attacker could potentially exploit this to gain additional privileges. (CVE-2016-1954) Jose Martinez and Romina Santillan discovered a memory leak in libstagefright during MPEG4 video file processing in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via memory exhaustion. (CVE-2016-1957) A use-after-free was discovered in the HTML5 string parser. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1960) A use-after-free was discovered in the SetBody function of HTMLDocument. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1961) Nicolas Grégoire discovered a use-after-free during XML transformations. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1964) A memory corruption issues was discovered in the NPAPI subsystem. If a user were tricked in to opening a specially crafted website in a browsing context with a malicious plugin installed, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1966) Ronald Crane discovered an out-of-bounds read following a failed allocation in the HTML parser in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1974) Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. A remote attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1950) Holger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple memory safety issues in the Graphite 2 library. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802) Update Instructions: Run `sudo pro fix USN-2934-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-bn - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-fr - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-en-us - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-es-es - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-nb-no - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-br - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-dsb - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-fy - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-vi - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-mk - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-bn-bd - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-hu - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-es-ar - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-be - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-bg - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-ja - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-lt - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-sl - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-en-gb - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-cy - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-si - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-gnome-support - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-hr - 1:38.7.2+build1-0ubuntu0.16.04.1 xul-ext-calendar-timezones - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-de - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-en - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-da - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-nl - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-nn - 1:38.7.2+build1-0ubuntu0.16.04.1 xul-ext-lightning - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-ga-ie - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-fy-nl - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-sv - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-pa-in - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-sr - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-sq - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-he - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-hsb - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-ar - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-uk - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-globalmenu - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-cn - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-ta-lk - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-ru - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-cs - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-mozsymbols - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-fi - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-testsuite - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-ro - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-af - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-pt-pt - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-sk - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-dev - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-hy - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-ca - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-sv-se - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-pt-br - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-el - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-pa - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-rm - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-ka - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-nn-no - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-ko - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-ga - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-ast - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-tr - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-it - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-pl - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-gd - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-tw - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-id - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-gl - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-nb - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-pt - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-eu - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-et - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-hant - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-hans - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-is - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-es - 1:38.7.2+build1-0ubuntu0.16.04.1 thunderbird-locale-ta - 1:38.7.2+build1-0ubuntu0.16.04.1 No subscription required Medium CVE-2016-1950 CVE-2016-1952 CVE-2016-1954 CVE-2016-1957 CVE-2016-1960 CVE-2016-1961 CVE-2016-1964 CVE-2016-1966 CVE-2016-1974 CVE-2016-1977 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 Ubuntu 16.04 LTS Christian Holler, Tyson Smith, Phil Ringalda, Gary Kwong, Jesse Ruderman, Mats Palmgren, Carsten Book, Boris Zbarsky, David Bolter, Randell Jesup, Andrew McCreight, and Steve Fink discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-2804, CVE-2016-2806, CVE-2016-2807) An invalid write was discovered when using the JavaScript .watch() method in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-2808) Looben Yang discovered a use-after-free and buffer overflow in service workers. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-2811, CVE-2016-2812) Sascha Just discovered a buffer overflow in libstagefright in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-2814) Muneaki Nishimura discovered that CSP is not applied correctly to web content sent with the multipart/x-mixed-replace MIME type. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks when they would otherwise be prevented. (CVE-2016-2816) Muneaki Nishimura discovered that the chrome.tabs.update API for web extensions allows for navigation to javascript: URLs. A malicious extension could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2016-2817) Mark Goodwin discovered that about:healthreport accepts certain events from any content present in the remote-report iframe. If another vulnerability allowed the injection of web content in the remote-report iframe, an attacker could potentially exploit this to change the user's sharing preferences. (CVE-2016-2820) Update Instructions: Run `sudo pro fix USN-2936-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-nn - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-nb - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-fa - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-fi - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-fr - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-fy - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-or - 46.0+build5-0ubuntu0.16.04.2 firefox-testsuite - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-oc - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-cs - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-ga - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-gd - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-gn - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-gl - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-gu - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-pa - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-pl - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-cy - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-pt - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-hi - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-ms - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-he - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-hy - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-hr - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-hu - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-it - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-as - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-ar - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-az - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-id - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-mai - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-af - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-is - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-vi - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-an - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-bs - 46.0+build5-0ubuntu0.16.04.2 firefox - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-ro - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-ja - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-ru - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-br - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-zh-hant - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-zh-hans - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-bn - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-be - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-bg - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-sl - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-sk - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-si - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-sw - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-sv - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-sr - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-sq - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-ko - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-kn - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-km - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-kk - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-ka - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-xh - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-ca - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-ku - 46.0+build5-0ubuntu0.16.04.2 firefox-mozsymbols - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-lv - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-lt - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-th - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-hsb - 46.0+build5-0ubuntu0.16.04.2 firefox-dev - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-te - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-ta - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-lg - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-tr - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-nso - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-de - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-da - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-uk - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-mr - 46.0+build5-0ubuntu0.16.04.2 firefox-globalmenu - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-uz - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-ml - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-mn - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-mk - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-eu - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-et - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-es - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-csb - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-el - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-eo - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-en - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-zu - 46.0+build5-0ubuntu0.16.04.2 firefox-locale-ast - 46.0+build5-0ubuntu0.16.04.2 No subscription required Medium CVE-2016-2804 CVE-2016-2806 CVE-2016-2807 CVE-2016-2808 CVE-2016-2811 CVE-2016-2812 CVE-2016-2814 CVE-2016-2816 CVE-2016-2817 CVE-2016-2820 Ubuntu 16.04 LTS USN-2936-1 fixed vulnerabilities in Firefox. The update caused an issue where a device update POST request was sent every time about:preferences#sync was shown. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christian Holler, Tyson Smith, Phil Ringalda, Gary Kwong, Jesse Ruderman, Mats Palmgren, Carsten Book, Boris Zbarsky, David Bolter, Randell Jesup, Andrew McCreight, and Steve Fink discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-2804, CVE-2016-2806, CVE-2016-2807) An invalid write was discovered when using the JavaScript .watch() method in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-2808) Looben Yang discovered a use-after-free and buffer overflow in service workers. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-2811, CVE-2016-2812) Sascha Just discovered a buffer overflow in libstagefright in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-2814) Muneaki Nishimura discovered that CSP is not applied correctly to web content sent with the multipart/x-mixed-replace MIME type. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks when they would otherwise be prevented. (CVE-2016-2816) Muneaki Nishimura discovered that the chrome.tabs.update API for web extensions allows for navigation to javascript: URLs. A malicious extension could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2016-2817) Mark Goodwin discovered that about:healthreport accepts certain events from any content present in the remote-report iframe. If another vulnerability allowed the injection of web content in the remote-report iframe, an attacker could potentially exploit this to change the user's sharing preferences. (CVE-2016-2820) Update Instructions: Run `sudo pro fix USN-2936-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-nn - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-nb - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-fa - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-fi - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-fr - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-fy - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-or - 46.0.1+build1-0ubuntu0.16.04.2 firefox-testsuite - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-oc - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-cs - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-ga - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-gd - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-gn - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-gl - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-gu - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-pa - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-pl - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-cy - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-pt - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-hi - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-ms - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-he - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-hy - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-hr - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-hu - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-it - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-as - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-ar - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-az - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-id - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-mai - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-af - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-is - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-vi - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-an - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-bs - 46.0.1+build1-0ubuntu0.16.04.2 firefox - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-ro - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-ja - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-ru - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-br - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-zh-hant - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-zh-hans - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-bn - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-be - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-bg - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-sl - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-sk - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-si - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-sw - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-sv - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-sr - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-sq - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-ko - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-kn - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-km - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-kk - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-ka - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-xh - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-ca - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-ku - 46.0.1+build1-0ubuntu0.16.04.2 firefox-mozsymbols - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-lv - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-lt - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-th - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-hsb - 46.0.1+build1-0ubuntu0.16.04.2 firefox-dev - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-te - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-ta - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-lg - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-tr - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-nso - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-de - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-da - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-uk - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-mr - 46.0.1+build1-0ubuntu0.16.04.2 firefox-globalmenu - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-uz - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-ml - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-mn - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-mk - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-eu - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-et - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-es - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-csb - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-el - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-eo - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-en - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-zu - 46.0.1+build1-0ubuntu0.16.04.2 firefox-locale-ast - 46.0.1+build1-0ubuntu0.16.04.2 No subscription required None https://launchpad.net/bugs/1583389 Ubuntu 16.04 LTS USN-2950-1 fixed vulnerabilities in Samba. The updated Samba packages introduced a compatibility issue with NTLM authentication in libsoup. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a machine-in-the-middle attack, or possibly execute arbitrary code. (CVE-2015-5370) Stefan Metzmacher discovered that Samba contained multiple flaws in the NTLMSSP authentication implementation. A remote attacker could use this issue to downgrade connections to plain text by performing a machine-in-the-middle attack. (CVE-2016-2110) Alberto Solino discovered that a Samba domain controller would establish a secure connection to a server with a spoofed computer name. A remote attacker could use this issue to obtain sensitive information. (CVE-2016-2111) Stefan Metzmacher discovered that the Samba LDAP implementation did not enforce integrity protection. A remote attacker could use this issue to hijack LDAP connections by performing a machine-in-the-middle attack. (CVE-2016-2112) Stefan Metzmacher discovered that Samba did not validate TLS certificates. A remote attacker could use this issue to spoof a Samba server. (CVE-2016-2113) Stefan Metzmacher discovered that Samba did not enforce SMB signing even if configured to. A remote attacker could use this issue to perform a machine-in-the-middle attack. (CVE-2016-2114) Stefan Metzmacher discovered that Samba did not enable integrity protection for IPC traffic. A remote attacker could use this issue to perform a machine-in-the-middle attack. (CVE-2016-2115) Stefan Metzmacher discovered that Samba incorrectly handled the MS-SAMR and MS-LSAD protocols. A remote attacker could use this flaw with a machine-in-the-middle attack to impersonate users and obtain sensitive information from the Security Account Manager database. This flaw is known as Badlock. (CVE-2016-2118) Samba has been updated to 4.3.8 in Ubuntu 14.04 LTS and Ubuntu 15.10. Ubuntu 12.04 LTS has been updated to 3.6.25 with backported security fixes. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Configuration changes may be required in certain environments. Update Instructions: Run `sudo pro fix USN-2950-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsoup-gnome2.4-1 - 2.52.2-1ubuntu0.1 libsoup-gnome2.4-dev - 2.52.2-1ubuntu0.1 gir1.2-soup-2.4 - 2.52.2-1ubuntu0.1 libsoup2.4-1 - 2.52.2-1ubuntu0.1 libsoup2.4-dev - 2.52.2-1ubuntu0.1 libsoup2.4-doc - 2.52.2-1ubuntu0.1 No subscription required None https://launchpad.net/bugs/1573494 Ubuntu 16.04 LTS USN-2950-1 fixed vulnerabilities in Samba. The fixes introduced in Samba 4.3.8 caused certain regressions and interoperability issues. This update resolves some of these issues by updating to Samba 4.3.9 in Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. Backported regression fixes were added to Samba 3.6.25 in Ubuntu 12.04 LTS. This advisory was inadvertently published as USN-2950-2 originally. Original advisory details: Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a machine-in-the-middle attack, or possibly execute arbitrary code. (CVE-2015-5370) Stefan Metzmacher discovered that Samba contained multiple flaws in the NTLMSSP authentication implementation. A remote attacker could use this issue to downgrade connections to plain text by performing a machine-in-the-middle attack. (CVE-2016-2110) Alberto Solino discovered that a Samba domain controller would establish a secure connection to a server with a spoofed computer name. A remote attacker could use this issue to obtain sensitive information. (CVE-2016-2111) Stefan Metzmacher discovered that the Samba LDAP implementation did not enforce integrity protection. A remote attacker could use this issue to hijack LDAP connections by performing a machine-in-the-middle attack. (CVE-2016-2112) Stefan Metzmacher discovered that Samba did not validate TLS certificates. A remote attacker could use this issue to spoof a Samba server. (CVE-2016-2113) Stefan Metzmacher discovered that Samba did not enforce SMB signing even if configured to. A remote attacker could use this issue to perform a machine-in-the-middle attack. (CVE-2016-2114) Stefan Metzmacher discovered that Samba did not enable integrity protection for IPC traffic. A remote attacker could use this issue to perform a machine-in-the-middle attack. (CVE-2016-2115) Stefan Metzmacher discovered that Samba incorrectly handled the MS-SAMR and MS-LSAD protocols. A remote attacker could use this flaw with a machine-in-the-middle attack to impersonate users and obtain sensitive information from the Security Account Manager database. This flaw is known as Badlock. (CVE-2016-2118) Samba has been updated to 4.3.8 in Ubuntu 14.04 LTS and Ubuntu 15.10. Ubuntu 12.04 LTS has been updated to 3.6.25 with backported security fixes. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Configuration changes may be required in certain environments. Update Instructions: Run `sudo pro fix USN-2950-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.3.9+dfsg-0ubuntu0.16.04.1 samba - 2:4.3.9+dfsg-0ubuntu0.16.04.1 libnss-winbind - 2:4.3.9+dfsg-0ubuntu0.16.04.1 libpam-winbind - 2:4.3.9+dfsg-0ubuntu0.16.04.1 libsmbclient - 2:4.3.9+dfsg-0ubuntu0.16.04.1 smbclient - 2:4.3.9+dfsg-0ubuntu0.16.04.1 python-samba - 2:4.3.9+dfsg-0ubuntu0.16.04.1 winbind - 2:4.3.9+dfsg-0ubuntu0.16.04.1 samba-testsuite - 2:4.3.9+dfsg-0ubuntu0.16.04.1 samba-dev - 2:4.3.9+dfsg-0ubuntu0.16.04.1 samba-common-bin - 2:4.3.9+dfsg-0ubuntu0.16.04.1 libwbclient0 - 2:4.3.9+dfsg-0ubuntu0.16.04.1 samba-dsdb-modules - 2:4.3.9+dfsg-0ubuntu0.16.04.1 libwbclient-dev - 2:4.3.9+dfsg-0ubuntu0.16.04.1 libsmbclient-dev - 2:4.3.9+dfsg-0ubuntu0.16.04.1 samba-vfs-modules - 2:4.3.9+dfsg-0ubuntu0.16.04.1 samba-common - 2:4.3.9+dfsg-0ubuntu0.16.04.1 registry-tools - 2:4.3.9+dfsg-0ubuntu0.16.04.1 samba-libs - 2:4.3.9+dfsg-0ubuntu0.16.04.1 ctdb - 2:4.3.9+dfsg-0ubuntu0.16.04.1 No subscription required None https://launchpad.net/bugs/1577739 Ubuntu 16.04 LTS USN-2950-1 fixed vulnerabilities in Samba. USN-2950-3 updated Samba to version 4.3.9, which introduced a regression when using the ntlm_auth tool. This update fixes the problem. Original advisory details: Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a machine-in-the-middle attack, or possibly execute arbitrary code. (CVE-2015-5370) Stefan Metzmacher discovered that Samba contained multiple flaws in the NTLMSSP authentication implementation. A remote attacker could use this issue to downgrade connections to plain text by performing a machine-in-the-middle attack. (CVE-2016-2110) Alberto Solino discovered that a Samba domain controller would establish a secure connection to a server with a spoofed computer name. A remote attacker could use this issue to obtain sensitive information. (CVE-2016-2111) Stefan Metzmacher discovered that the Samba LDAP implementation did not enforce integrity protection. A remote attacker could use this issue to hijack LDAP connections by performing a machine-in-the-middle attack. (CVE-2016-2112) Stefan Metzmacher discovered that Samba did not validate TLS certificates. A remote attacker could use this issue to spoof a Samba server. (CVE-2016-2113) Stefan Metzmacher discovered that Samba did not enforce SMB signing even if configured to. A remote attacker could use this issue to perform a machine-in-the-middle attack. (CVE-2016-2114) Stefan Metzmacher discovered that Samba did not enable integrity protection for IPC traffic. A remote attacker could use this issue to perform a machine-in-the-middle attack. (CVE-2016-2115) Stefan Metzmacher discovered that Samba incorrectly handled the MS-SAMR and MS-LSAD protocols. A remote attacker could use this flaw with a machine-in-the-middle attack to impersonate users and obtain sensitive information from the Security Account Manager database. This flaw is known as Badlock. (CVE-2016-2118) Samba has been updated to 4.3.8 in Ubuntu 14.04 LTS and Ubuntu 15.10. Ubuntu 12.04 LTS has been updated to 3.6.25 with backported security fixes. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Configuration changes may be required in certain environments. Update Instructions: Run `sudo pro fix USN-2950-5` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.3.9+dfsg-0ubuntu0.16.04.2 samba - 2:4.3.9+dfsg-0ubuntu0.16.04.2 libnss-winbind - 2:4.3.9+dfsg-0ubuntu0.16.04.2 libpam-winbind - 2:4.3.9+dfsg-0ubuntu0.16.04.2 libsmbclient - 2:4.3.9+dfsg-0ubuntu0.16.04.2 smbclient - 2:4.3.9+dfsg-0ubuntu0.16.04.2 python-samba - 2:4.3.9+dfsg-0ubuntu0.16.04.2 winbind - 2:4.3.9+dfsg-0ubuntu0.16.04.2 samba-testsuite - 2:4.3.9+dfsg-0ubuntu0.16.04.2 samba-dev - 2:4.3.9+dfsg-0ubuntu0.16.04.2 samba-common-bin - 2:4.3.9+dfsg-0ubuntu0.16.04.2 libwbclient0 - 2:4.3.9+dfsg-0ubuntu0.16.04.2 samba-dsdb-modules - 2:4.3.9+dfsg-0ubuntu0.16.04.2 libwbclient-dev - 2:4.3.9+dfsg-0ubuntu0.16.04.2 libsmbclient-dev - 2:4.3.9+dfsg-0ubuntu0.16.04.2 samba-vfs-modules - 2:4.3.9+dfsg-0ubuntu0.16.04.2 samba-common - 2:4.3.9+dfsg-0ubuntu0.16.04.2 registry-tools - 2:4.3.9+dfsg-0ubuntu0.16.04.2 samba-libs - 2:4.3.9+dfsg-0ubuntu0.16.04.2 ctdb - 2:4.3.9+dfsg-0ubuntu0.16.04.2 No subscription required None https://launchpad.net/bugs/1578576 Ubuntu 16.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.7.12 in Ubuntu 16.04 LTS. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-12.html http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html Update Instructions: Run `sudo pro fix USN-2954-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.12-0ubuntu1 mysql-source-5.7 - 5.7.12-0ubuntu1 libmysqlclient-dev - 5.7.12-0ubuntu1 mysql-client-core-5.7 - 5.7.12-0ubuntu1 mysql-client-5.7 - 5.7.12-0ubuntu1 libmysqlclient20 - 5.7.12-0ubuntu1 mysql-server-5.7 - 5.7.12-0ubuntu1 mysql-common - 5.7.12-0ubuntu1 mysql-server - 5.7.12-0ubuntu1 mysql-server-core-5.7 - 5.7.12-0ubuntu1 mysql-testsuite - 5.7.12-0ubuntu1 libmysqld-dev - 5.7.12-0ubuntu1 mysql-testsuite-5.7 - 5.7.12-0ubuntu1 No subscription required Medium CVE-2016-0639 CVE-2016-0642 CVE-2016-0643 CVE-2016-0647 CVE-2016-0648 CVE-2016-0655 CVE-2016-0657 CVE-2016-0659 CVE-2016-0662 CVE-2016-0666 CVE-2016-0667 CVE-2016-2047 Ubuntu 16.04 LTS A use-after-free was discovered when responding synchronously to permission requests. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2016-1578) An out-of-bounds read was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. (CVE-2016-1646) A use-after-free was discovered in the navigation implementation in Chromium in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2016-1647) A buffer overflow was discovered in ANGLE. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2016-1649) An out-of-bounds write was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed renderer process. (CVE-2016-1653) An invalid read was discovered in the media subsystem in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2016-1654) It was discovered that frame removal during callback execution could trigger a use-after-free in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed renderer process. (CVE-2016-1655) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2016-1659) Multiple security issues were discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2016-3679) Update Instructions: Run `sudo pro fix USN-2955-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.14.7-0ubuntu1 liboxideqt-qmlplugin - 1.14.7-0ubuntu1 liboxideqtquick-dev - 1.14.7-0ubuntu1 oxideqt-codecs-extra - 1.14.7-0ubuntu1 liboxideqtcore-dev - 1.14.7-0ubuntu1 oxideqt-codecs - 1.14.7-0ubuntu1 liboxideqtquick0 - 1.14.7-0ubuntu1 No subscription required Medium CVE-2016-1578 CVE-2016-1646 CVE-2016-1647 CVE-2016-1649 CVE-2016-1653 CVE-2016-1654 CVE-2016-1655 CVE-2016-1659 CVE-2016-3679 https://launchpad.net/bugs/1561450 Ubuntu 16.04 LTS Zygmunt Krynicki discovered that ubuntu-core-launcher did not properly sanitize its input and contained a logic error when determining the mountpoint of bind mounts when using snaps on Ubuntu classic systems (eg, traditional desktop and server). If a user were tricked into installing a malicious snap with a crafted snap name, an attacker could perform a delayed attack to steal data or execute code within the security context of another snap. This issue did not affect Ubuntu Core systems. Update Instructions: Run `sudo pro fix USN-2956-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ubuntu-core-launcher - 1.0.27.1 No subscription required High CVE-2016-1580 Ubuntu 16.04 LTS USN-2957-1 fixed a vulnerability in Libtasn1. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: Pascal Cuoq and Miod Vallat discovered that Libtasn1 incorrectly handled certain malformed DER certificates. A remote attacker could possibly use this issue to cause applications using Libtasn1 to hang, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-2957-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtasn1-6-dev - 4.7-3ubuntu0.16.04.1 libtasn1-3-bin - 4.7-3ubuntu0.16.04.1 libtasn1-doc - 4.7-3ubuntu0.16.04.1 libtasn1-bin - 4.7-3ubuntu0.16.04.1 libtasn1-6 - 4.7-3ubuntu0.16.04.1 No subscription required Medium CVE-2016-4008 Ubuntu 16.04 LTS Huzaifa Sidhpurwala, Hanno Böck, and David Benjamin discovered that OpenSSL incorrectly handled memory when decoding ASN.1 structures. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-2108) Juraj Somorovsky discovered that OpenSSL incorrectly performed padding when the connection uses the AES CBC cipher and the server supports AES-NI. A remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. (CVE-2016-2107) Guido Vranken discovered that OpenSSL incorrectly handled large amounts of input data to the EVP_EncodeUpdate() function. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-2105) Guido Vranken discovered that OpenSSL incorrectly handled large amounts of input data to the EVP_EncryptUpdate() function. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-2106) Brian Carpenter discovered that OpenSSL incorrectly handled memory when ASN.1 data is read from a BIO. A remote attacker could possibly use this issue to cause memory consumption, resulting in a denial of service. (CVE-2016-2109) As a security improvement, this update also modifies OpenSSL behaviour to reject DH key sizes below 1024 bits, preventing a possible downgrade attack. Update Instructions: Run `sudo pro fix USN-2959-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.2g-1ubuntu4.1 libssl-dev - 1.0.2g-1ubuntu4.1 openssl - 1.0.2g-1ubuntu4.1 libssl-doc - 1.0.2g-1ubuntu4.1 libcrypto1.0.0-udeb - 1.0.2g-1ubuntu4.1 libssl1.0.0-udeb - 1.0.2g-1ubuntu4.1 No subscription required High CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 Ubuntu 16.04 LTS An out of bounds write was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code. (CVE-2016-1660) It was discovered that Blink assumes that a frame which passes same-origin checks is local in some cases. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code. (CVE-2016-1661) A use-after-free was discovered in the V8 bindings in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code. (CVE-2016-1663) It was discovered that the JSGenericLowering class in V8 mishandles comparison operators. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2016-1665) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code. (CVE-2016-1666) It was discovered that the TreeScope::adoptIfNeeded function in Blink does not prevent script execution during node-adoption operations. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-1667) It was discovered that the forEachForBinding in the V8 bindings in Blink uses an improper creation context. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-1668) A buffer overflow was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code. (CVE-2016-1669) A race condition was discovered in ResourceDispatcherHostImpl in Chromium. An attacker could potentially exploit this to make arbitrary HTTP requests. (CVE-2016-1670) Update Instructions: Run `sudo pro fix USN-2960-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.14.9-0ubuntu0.16.04.1 liboxideqt-qmlplugin - 1.14.9-0ubuntu0.16.04.1 liboxideqtquick-dev - 1.14.9-0ubuntu0.16.04.1 oxideqt-codecs-extra - 1.14.9-0ubuntu0.16.04.1 liboxideqtcore-dev - 1.14.9-0ubuntu0.16.04.1 oxideqt-codecs - 1.14.9-0ubuntu0.16.04.1 liboxideqtquick0 - 1.14.9-0ubuntu0.16.04.1 No subscription required Medium CVE-2016-1660 CVE-2016-1661 CVE-2016-1663 CVE-2016-1665 CVE-2016-1666 CVE-2016-1667 CVE-2016-1668 CVE-2016-1669 CVE-2016-1670 Ubuntu 16.04 LTS Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. (CVE-2016-0686, CVE-2016-0687, CVE-2016-3427) Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit this to expose sensitive data over the network. (CVE-2016-0695, CVE-2016-3426) A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit this to cause a denial of service. (CVE-2016-3425) Update Instructions: Run `sudo pro fix USN-2963-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-8-doc - 8u91-b14-0ubuntu4~16.04.1 openjdk-8-jdk - 8u91-b14-0ubuntu4~16.04.1 openjdk-8-jre-headless - 8u91-b14-0ubuntu4~16.04.1 openjdk-8-jre - 8u91-b14-0ubuntu4~16.04.1 openjdk-8-jdk-headless - 8u91-b14-0ubuntu4~16.04.1 openjdk-8-source - 8u91-b14-0ubuntu4~16.04.1 openjdk-8-jre-zero - 8u91-b14-0ubuntu4~16.04.1 openjdk-8-demo - 8u91-b14-0ubuntu4~16.04.1 openjdk-8-jre-jamvm - 8u91-b14-0ubuntu4~16.04.1 No subscription required Medium CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-3425 CVE-2016-3426 CVE-2016-3427 Ubuntu 16.04 LTS Jann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel did not properly reference count file descriptors, leading to a use-after-free. A local unprivileged attacker could use this to gain administrative privileges. (CVE-2016-4557) Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2184) Ralf Spenneberg discovered that the ATI Wonder Remote II USB driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2185) Ralf Spenneberg discovered that the PowerMate USB driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2186) Ralf Spenneberg discovered that the I/O-Warrior USB device driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2188) Sergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the MCT USB RS232 Converter device driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3136) Sergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the Cypress M8 USB device driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3137) Sergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the USB abstract device control driver for modems and ISDN adapters did not validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3138) Sergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the Linux kernel's USB driver for Digi AccelePort serial converters did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3140) It was discovered that the IPv4 implementation in the Linux kernel did not perform the destruction of inet device objects properly. An attacker in a guest OS could use this to cause a denial of service (networking outage) in the host OS. (CVE-2016-3156) Andy Lutomirski discovered that the Linux kernel did not properly context- switch IOPL on 64-bit PV Xen guests. An attacker in a guest OS could use this to cause a denial of service (guest OS crash), gain privileges, or obtain sensitive information. (CVE-2016-3157) Hector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program. (CVE-2016-3672) It was discovered that the Linux kernel's USB driver for IMS Passenger Control Unit devices did not properly validate the device's interfaces. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3689) Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951) It was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-3955) Update Instructions: Run `sudo pro fix USN-2965-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-22-powerpc-e500mc - 4.4.0-22.39 linux-image-4.4.0-22-powerpc64-smp - 4.4.0-22.39 linux-image-4.4.0-22-generic-lpae - 4.4.0-22.39 linux-image-4.4.0-22-lowlatency - 4.4.0-22.39 linux-image-4.4.0-22-powerpc-smp - 4.4.0-22.39 linux-image-4.4.0-22-generic - 4.4.0-22.39 linux-image-4.4.0-22-powerpc64-emb - 4.4.0-22.39 linux-image-extra-4.4.0-22-generic - 4.4.0-22.39 No subscription required High CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-3136 CVE-2016-3137 CVE-2016-3138 CVE-2016-3140 CVE-2016-3156 CVE-2016-3157 CVE-2016-3672 CVE-2016-3689 CVE-2016-3951 CVE-2016-3955 CVE-2016-4557 Ubuntu 16.04 LTS Jann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel did not properly reference count file descriptors, leading to a use-after-free. A local unprivileged attacker could use this to gain administrative privileges. (CVE-2016-4557) Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2184) Ralf Spenneberg discovered that the ATI Wonder Remote II USB driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2185) Ralf Spenneberg discovered that the PowerMate USB driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2186) Ralf Spenneberg discovered that the I/O-Warrior USB device driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2188) Sergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the MCT USB RS232 Converter device driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3136) Sergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the Cypress M8 USB device driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3137) Sergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the USB abstract device control driver for modems and ISDN adapters did not validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3138) Sergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the Linux kernel's USB driver for Digi AccelePort serial converters did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3140) It was discovered that the IPv4 implementation in the Linux kernel did not perform the destruction of inet device objects properly. An attacker in a guest OS could use this to cause a denial of service (networking outage) in the host OS. (CVE-2016-3156) Andy Lutomirski discovered that the Linux kernel did not properly context- switch IOPL on 64-bit PV Xen guests. An attacker in a guest OS could use this to cause a denial of service (guest OS crash), gain privileges, or obtain sensitive information. (CVE-2016-3157) Hector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program. (CVE-2016-3672) It was discovered that the Linux kernel's USB driver for IMS Passenger Control Unit devices did not properly validate the device's interfaces. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3689) Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951) It was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-3955) Update Instructions: Run `sudo pro fix USN-2965-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1010-raspi2 - 4.4.0-1010.12 No subscription required High CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-3136 CVE-2016-3137 CVE-2016-3138 CVE-2016-3140 CVE-2016-3156 CVE-2016-3157 CVE-2016-3672 CVE-2016-3689 CVE-2016-3951 CVE-2016-3955 CVE-2016-4557 Ubuntu 16.04 LTS Jann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel did not properly reference count file descriptors, leading to a use-after-free. A local unprivileged attacker could use this to gain administrative privileges. Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2184) Ralf Spenneberg discovered that the ATI Wonder Remote II USB driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2185) Ralf Spenneberg discovered that the PowerMate USB driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2186) Ralf Spenneberg discovered that the I/O-Warrior USB device driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2188) Sergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the MCT USB RS232 Converter device driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3136) Sergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the Cypress M8 USB device driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3137) Sergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the USB abstract device control driver for modems and ISDN adapters did not validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3138) Sergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the Linux kernel's USB driver for Digi AccelePort serial converters did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3140) It was discovered that the IPv4 implementation in the Linux kernel did not perform the destruction of inet device objects properly. An attacker in a guest OS could use this to cause a denial of service (networking outage) in the host OS. (CVE-2016-3156) Andy Lutomirski discovered that the Linux kernel did not properly context- switch IOPL on 64-bit PV Xen guests. An attacker in a guest OS could use this to cause a denial of service (guest OS crash), gain privileges, or obtain sensitive information. (CVE-2016-3157) Hector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program. (CVE-2016-3672) It was discovered that the Linux kernel's USB driver for IMS Passenger Control Unit devices did not properly validate the device's interfaces. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3689) Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951) It was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-3955) Update Instructions: Run `sudo pro fix USN-2965-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1013-snapdragon - 4.4.0-1013.14 No subscription required High CVE-2016-4557 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-3136 CVE-2016-3137 CVE-2016-3138 CVE-2016-3140 CVE-2016-3156 CVE-2016-3157 CVE-2016-3672 CVE-2016-3689 CVE-2016-3951 CVE-2016-3955 Ubuntu 16.04 LTS Christian Holler, Tyson Smith, and Phil Ringalda discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-2805, CVE-2016-2807) Hanno Böck discovered that calculations with mp_div and mp_exptmod in NSS produce incorrect results in some circumstances, resulting in cryptographic weaknesses. (CVE-2016-1938) A use-after-free was discovered in ssl3_HandleECDHServerKeyExchange in NSS. A remote attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-1978) A use-after-free was discovered in PK11_ImportDERPrivateKeyInfoAndReturnKey in NSS. A remote attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-1979) Update Instructions: Run `sudo pro fix USN-2973-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-bn - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fr - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-en-us - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-es-es - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nb-no - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-br - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-dsb - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fy - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-vi - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-mk - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-bn-bd - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hu - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-es-ar - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-be - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-bg - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ja - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-lt - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sl - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-en-gb - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-cy - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-si - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-gnome-support - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hr - 1:38.8.0+build1-0ubuntu0.16.04.1 xul-ext-calendar-timezones - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-de - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-en - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-da - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nl - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nn - 1:38.8.0+build1-0ubuntu0.16.04.1 xul-ext-lightning - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ga-ie - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fy-nl - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sv - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pa-in - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sr - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sq - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-he - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hsb - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ar - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-uk - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-globalmenu - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-cn - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ta-lk - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ru - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-cs - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-mozsymbols - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fi - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-testsuite - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ro - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-af - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pt-pt - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sk - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-dev - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hy - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ca - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sv-se - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pt-br - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-el - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pa - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-rm - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ka - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nn-no - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ko - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ga - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ast - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-tr - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-it - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pl - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-gd - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-tw - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-id - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-gl - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nb - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pt - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-eu - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-et - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-hant - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-hans - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-is - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-es - 1:38.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ta - 1:38.8.0+build1-0ubuntu0.16.04.1 No subscription required Medium CVE-2016-1938 CVE-2016-1978 CVE-2016-1979 CVE-2016-2805 CVE-2016-2807 Ubuntu 16.04 LTS Zuozhi Fzz discovered that QEMU incorrectly handled USB OHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-2391) Qinghao Tang discovered that QEMU incorrectly handled USB Net emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-2392) Qinghao Tang discovered that QEMU incorrectly handled USB Net emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly leak host memory bytes. (CVE-2016-2538) Hongke Yang discovered that QEMU incorrectly handled NE2000 emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-2841) Ling Liu discovered that QEMU incorrectly handled IP checksum routines. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly leak host memory bytes. (CVE-2016-2857) It was discovered that QEMU incorrectly handled the PRNG back-end support. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-2858) Wei Xiao and Qinghao Tang discovered that QEMU incorrectly handled access in the VGA module. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2016-3710) Zuozhi Fzz discovered that QEMU incorrectly handled access in the VGA module. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2016-3712) Oleksandr Bazhaniuk discovered that QEMU incorrectly handled Luminary Micro Stellaris ethernet controller emulation. A remote attacker could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-4001) Oleksandr Bazhaniuk discovered that QEMU incorrectly handled MIPSnet controller emulation. A remote attacker could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-4002) Donghai Zdh discovered that QEMU incorrectly handled the Task Priority Register(TPR). A privileged attacker inside the guest could use this issue to possibly leak host memory bytes. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-4020) Du Shaobo discovered that QEMU incorrectly handled USB EHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. (CVE-2016-4037) Update Instructions: Run `sudo pro fix USN-2974-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.5+dfsg-5ubuntu10.1 qemu-user-static - 1:2.5+dfsg-5ubuntu10.1 qemu-system-s390x - 1:2.5+dfsg-5ubuntu10.1 qemu-block-extra - 1:2.5+dfsg-5ubuntu10.1 qemu-kvm - 1:2.5+dfsg-5ubuntu10.1 qemu-user - 1:2.5+dfsg-5ubuntu10.1 qemu-guest-agent - 1:2.5+dfsg-5ubuntu10.1 qemu-system - 1:2.5+dfsg-5ubuntu10.1 qemu-utils - 1:2.5+dfsg-5ubuntu10.1 qemu-system-aarch64 - 1:2.5+dfsg-5ubuntu10.1 qemu-system-mips - 1:2.5+dfsg-5ubuntu10.1 qemu-user-binfmt - 1:2.5+dfsg-5ubuntu10.1 qemu-system-x86 - 1:2.5+dfsg-5ubuntu10.1 qemu-system-arm - 1:2.5+dfsg-5ubuntu10.1 qemu-system-sparc - 1:2.5+dfsg-5ubuntu10.1 qemu - 1:2.5+dfsg-5ubuntu10.1 qemu-system-ppc - 1:2.5+dfsg-5ubuntu10.1 qemu-system-misc - 1:2.5+dfsg-5ubuntu10.1 No subscription required Medium CVE-2016-2391 CVE-2016-2392 CVE-2016-2538 CVE-2016-2841 CVE-2016-2857 CVE-2016-2858 CVE-2016-3710 CVE-2016-3712 CVE-2016-4001 CVE-2016-4002 CVE-2016-4020 CVE-2016-4037 Ubuntu 16.04 LTS David Matlack discovered that the Kernel-based Virtual Machine (KVM) implementation in the Linux kernel did not properly restrict variable Memory Type Range Registers (MTRR) in KVM guests. A privileged user in a guest VM could use this to cause a denial of service (system crash) in the host, expose sensitive information from the host, or possibly gain administrative privileges in the host. (CVE-2016-3713) Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-0758) Update Instructions: Run `sudo pro fix USN-2979-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-22-powerpc-e500mc - 4.4.0-22.40 linux-image-4.4.0-22-powerpc64-smp - 4.4.0-22.40 linux-image-4.4.0-22-generic-lpae - 4.4.0-22.40 linux-image-4.4.0-22-lowlatency - 4.4.0-22.40 linux-image-4.4.0-22-powerpc-smp - 4.4.0-22.40 linux-image-4.4.0-22-generic - 4.4.0-22.40 linux-image-4.4.0-22-powerpc64-emb - 4.4.0-22.40 linux-image-extra-4.4.0-22-generic - 4.4.0-22.40 No subscription required High CVE-2016-0758 CVE-2016-3713 Ubuntu 16.04 LTS Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Update Instructions: Run `sudo pro fix USN-2979-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1010-raspi2 - 4.4.0-1010.13 No subscription required High CVE-2016-0758 Ubuntu 16.04 LTS Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Update Instructions: Run `sudo pro fix USN-2979-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1013-snapdragon - 4.4.0-1013.15 No subscription required High CVE-2016-0758 Ubuntu 16.04 LTS Julien Bernard discovered that libndp incorrectly performed origin checks when receiving Neighbor Discovery Protocol (NDP) messages. A remote attacker outside of the local network could use this issue to advertise a node as a router, causing a denial of service, or possibly to act as a machine-in-the-middle. Update Instructions: Run `sudo pro fix USN-2980-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libndp0 - 1.4-2ubuntu0.16.04.1 libndp-dev - 1.4-2ubuntu0.16.04.1 libndp-tools - 1.4-2ubuntu0.16.04.1 No subscription required Medium CVE-2016-3698 Ubuntu 16.04 LTS It was discovered that libarchive incorrectly handled certain entry-size values in ZIP archives. A remote attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-1541) It was discovered that libarchive incorrectly handled memory when processing certain tar files. A remote attacker could use this issue to cause libarchive to crash, resulting in a denial of service. (CVE number pending) Update Instructions: Run `sudo pro fix USN-2981-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bsdcpio - 3.1.2-11ubuntu0.16.04.1 libarchive13 - 3.1.2-11ubuntu0.16.04.1 bsdtar - 3.1.2-11ubuntu0.16.04.1 libarchive-dev - 3.1.2-11ubuntu0.16.04.1 No subscription required Medium CVE-2016-1541 Ubuntu 16.04 LTS Hanno Böck discovered that Libksba incorrectly handled decoding certain BER data. An attacker could use this issue to cause Libksba to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-4353) Hanno Böck discovered that Libksba incorrectly handled decoding certain BER data. An attacker could use this issue to cause Libksba to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-4354, CVE-2016-4355) Hanno Böck discovered that Libksba incorrectly handled incorrect utf-8 strings when decoding certain DN data. An attacker could use this issue to cause Libksba to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-4356) Pascal Cuoq discovered that Libksba incorrectly handled incorrect utf-8 strings when decoding certain DN data. An attacker could use this issue to cause Libksba to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-4574) Pascal Cuoq discovered that Libksba incorrectly handled decoding certain data. An attacker could use this issue to cause Libksba to crash, resulting in a denial of service. (CVE-2016-4579) Update Instructions: Run `sudo pro fix USN-2982-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libksba8 - 1.3.3-1ubuntu0.16.04.1 libksba-dev - 1.3.3-1ubuntu0.16.04.1 No subscription required Medium CVE-2016-4353 CVE-2016-4354 CVE-2016-4355 CVE-2016-4356 CVE-2016-4574 CVE-2016-4579 Ubuntu 16.04 LTS Gustavo Grieco discovered that Expat incorrectly handled malformed XML data. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2016-0718) Update Instructions: Run `sudo pro fix USN-2983-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libexpat1 - 2.1.0-7ubuntu0.16.04.1 expat - 2.1.0-7ubuntu0.16.04.1 libexpat1-dev - 2.1.0-7ubuntu0.16.04.1 lib64expat1-dev - 2.1.0-7ubuntu0.16.04.1 libexpat1-udeb - 2.1.0-7ubuntu0.16.04.1 lib64expat1 - 2.1.0-7ubuntu0.16.04.1 No subscription required Medium CVE-2016-0718 Ubuntu 16.04 LTS It was discovered that the PHP Fileinfo component incorrectly handled certain magic files. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-8865) Hans Jerry Illikainen discovered that the PHP Zip extension incorrectly handled certain malformed Zip archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3078) It was discovered that PHP incorrectly handled invalid indexes in the SplDoublyLinkedList class. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3132) It was discovered that the PHP rawurlencode() function incorrectly handled large strings. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4070) It was discovered that the PHP php_snmp_error() function incorrectly handled string formatting. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4071) It was discovered that the PHP phar extension incorrectly handled certain filenames in archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4072) It was discovered that the PHP mb_strcut() function incorrectly handled string formatting. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4073) It was discovered that the PHP phar extension incorrectly handled certain archive files. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-4342, CVE-2016-4343) It was discovered that the PHP bcpowmod() function incorrectly handled memory. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-4537, CVE-2016-4538) It was discovered that the PHP XML parser incorrectly handled certain malformed XML data. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-4539) It was discovered that certain PHP grapheme functions incorrectly handled negative offsets. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-4540, CVE-2016-4541) It was discovered that PHP incorrectly handled certain malformed EXIF tags. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-4542, CVE-2016-4543, CVE-2016-4544) Update Instructions: Run `sudo pro fix USN-2984-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.0-cgi - 7.0.4-7ubuntu2.1 php7.0-mcrypt - 7.0.4-7ubuntu2.1 php7.0-xsl - 7.0.4-7ubuntu2.1 php7.0-fpm - 7.0.4-7ubuntu2.1 php7.0-phpdbg - 7.0.4-7ubuntu2.1 php7.0-curl - 7.0.4-7ubuntu2.1 php7.0-ldap - 7.0.4-7ubuntu2.1 php7.0-mbstring - 7.0.4-7ubuntu2.1 php7.0-gmp - 7.0.4-7ubuntu2.1 libphp7.0-embed - 7.0.4-7ubuntu2.1 php7.0-gd - 7.0.4-7ubuntu2.1 php7.0-common - 7.0.4-7ubuntu2.1 php7.0-enchant - 7.0.4-7ubuntu2.1 php7.0-odbc - 7.0.4-7ubuntu2.1 php7.0-cli - 7.0.4-7ubuntu2.1 php7.0-json - 7.0.4-7ubuntu2.1 php7.0-pgsql - 7.0.4-7ubuntu2.1 libapache2-mod-php7.0 - 7.0.4-7ubuntu2.1 php7.0-zip - 7.0.4-7ubuntu2.1 php7.0-imap - 7.0.4-7ubuntu2.1 php7.0-sqlite3 - 7.0.4-7ubuntu2.1 php7.0-sybase - 7.0.4-7ubuntu2.1 php7.0-pspell - 7.0.4-7ubuntu2.1 php7.0-xml - 7.0.4-7ubuntu2.1 php7.0-bz2 - 7.0.4-7ubuntu2.1 php7.0-recode - 7.0.4-7ubuntu2.1 php7.0-soap - 7.0.4-7ubuntu2.1 php7.0 - 7.0.4-7ubuntu2.1 php7.0-tidy - 7.0.4-7ubuntu2.1 php7.0-interbase - 7.0.4-7ubuntu2.1 php7.0-opcache - 7.0.4-7ubuntu2.1 php7.0-readline - 7.0.4-7ubuntu2.1 php7.0-intl - 7.0.4-7ubuntu2.1 php7.0-mysql - 7.0.4-7ubuntu2.1 php7.0-xmlrpc - 7.0.4-7ubuntu2.1 php7.0-bcmath - 7.0.4-7ubuntu2.1 php7.0-dev - 7.0.4-7ubuntu2.1 php7.0-snmp - 7.0.4-7ubuntu2.1 No subscription required Medium CVE-2015-8865 CVE-2016-3078 CVE-2016-3132 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 CVE-2016-4342 CVE-2016-4343 CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 Ubuntu 16.04 LTS Hanno Böck discovered that dosfstools incorrectly handled certain malformed filesystems. A local attacker could use this issue to cause dosfstools to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-2986-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dosfstools - 3.0.28-2ubuntu0.1 dosfstools-udeb - 3.0.28-2ubuntu0.1 No subscription required Medium CVE-2015-8872 CVE-2016-4804 Ubuntu 16.04 LTS It was discovered that the GD library incorrectly handled certain color tables in XPM images. If a user or automated system were tricked into processing a specially crafted XPM image, an attacker could cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-2497) It was discovered that the GD library incorrectly handled certain malformed GIF images. If a user or automated system were tricked into processing a specially crafted GIF image, an attacker could cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-9709) It was discovered that the GD library incorrectly handled memory when using gdImageFillToBorder(). A remote attacker could possibly use this issue to cause a denial of service. (CVE-2015-8874) It was discovered that the GD library incorrectly handled memory when using gdImageScaleTwoPass(). A remote attacker could possibly use this issue to cause a denial of service. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2015-8877) Hans Jerry Illikainen discovered that the GD library incorrectly handled certain malformed GD images. If a user or automated system were tricked into processing a specially crafted GD image, an attacker could cause a denial of service or possibly execute arbitrary code. (CVE-2016-3074) Update Instructions: Run `sudo pro fix USN-2987-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgd3 - 2.1.1-4ubuntu0.16.04.1 libgd-tools - 2.1.1-4ubuntu0.16.04.1 libgd-dev - 2.1.1-4ubuntu0.16.04.1 No subscription required Medium CVE-2014-2497 CVE-2014-9709 CVE-2015-8874 CVE-2015-8877 CVE-2016-3074 Ubuntu 16.04 LTS Robie Basak discovered that LXD incorrectly set permissions when setting up a loop based ZFS pool. A local attacker could use this issue to copy and read the data of any LXD container. (CVE-2016-1581) Robie Basak discovered that LXD incorrectly set permissions when switching an unprivileged container into privileged mode. A local attacker could use this issue to access any world readable path in the container directory, including setuid binaries. (CVE-2016-1582) Update Instructions: Run `sudo pro fix USN-2988-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: golang-github-lxc-lxd-dev - 2.0.2-0ubuntu1~16.04.1 lxc2 - 2.0.2-0ubuntu1~16.04.1 lxd-client - 2.0.2-0ubuntu1~16.04.1 lxd - 2.0.2-0ubuntu1~16.04.1 lxd-tools - 2.0.2-0ubuntu1~16.04.1 No subscription required Medium CVE-2016-1581 CVE-2016-1582 Ubuntu 16.04 LTS Nikolay Ermishkin and Stewie discovered that ImageMagick incorrectly sanitized untrusted input. A remote attacker could use these issues to execute arbitrary code. These issues are known as "ImageTragick". This update disables problematic coders via the /etc/ImageMagick-6/policy.xml configuration file. In certain environments the coders may need to be manually re-enabled after making sure that ImageMagick does not process untrusted input. (CVE-2016-3714, CVE-2016-3715, CVE-2016-3716, CVE-2016-3717, CVE-2016-3718) Bob Friesenhahn discovered that ImageMagick allowed injecting commands via an image file or filename. A remote attacker could use this issue to execute arbitrary code. (CVE-2016-5118) Update Instructions: Run `sudo pro fix USN-2990-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.8.9.9-7ubuntu5.1 libmagickcore-6.q16-dev - 8:6.8.9.9-7ubuntu5.1 libmagickcore-dev - 8:6.8.9.9-7ubuntu5.1 imagemagick - 8:6.8.9.9-7ubuntu5.1 imagemagick-doc - 8:6.8.9.9-7ubuntu5.1 libmagickwand-dev - 8:6.8.9.9-7ubuntu5.1 libmagickwand-6.q16-dev - 8:6.8.9.9-7ubuntu5.1 libmagick++-6-headers - 8:6.8.9.9-7ubuntu5.1 libimage-magick-q16-perl - 8:6.8.9.9-7ubuntu5.1 libimage-magick-perl - 8:6.8.9.9-7ubuntu5.1 libmagick++-dev - 8:6.8.9.9-7ubuntu5.1 imagemagick-6.q16 - 8:6.8.9.9-7ubuntu5.1 libmagick++-6.q16-5v5 - 8:6.8.9.9-7ubuntu5.1 perlmagick - 8:6.8.9.9-7ubuntu5.1 libmagickwand-6.q16-2 - 8:6.8.9.9-7ubuntu5.1 libmagickcore-6-arch-config - 8:6.8.9.9-7ubuntu5.1 libmagick++-6.q16-dev - 8:6.8.9.9-7ubuntu5.1 libmagickcore-6.q16-2-extra - 8:6.8.9.9-7ubuntu5.1 libmagickcore-6-headers - 8:6.8.9.9-7ubuntu5.1 libmagickwand-6-headers - 8:6.8.9.9-7ubuntu5.1 libmagickcore-6.q16-2 - 8:6.8.9.9-7ubuntu5.1 No subscription required Medium CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 CVE-2016-5118 Ubuntu 16.04 LTS It was discovered that nginx incorrectly handled saving client request bodies to temporary files. A remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-2991-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nginx-extras - 1.10.0-0ubuntu0.16.04.2 nginx-core - 1.10.0-0ubuntu0.16.04.2 nginx-common - 1.10.0-0ubuntu0.16.04.2 nginx-full - 1.10.0-0ubuntu0.16.04.2 nginx - 1.10.0-0ubuntu0.16.04.2 nginx-doc - 1.10.0-0ubuntu0.16.04.2 nginx-light - 1.10.0-0ubuntu0.16.04.2 No subscription required Medium CVE-2016-4450 Ubuntu 16.04 LTS An unspecified security issue was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2016-1673) An issue was discovered with Document reattachment in Blink in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2016-1675) A type confusion bug was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2016-1677) A heap overflow was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service (application crash) or execute arbitrary code. (CVE-2016-1678) A use-after-free was discovered in the V8ValueConverter implementation in Chromium in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service (application crash) or execute arbitrary code. (CVE-2016-1679) A use-after-free was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service (application crash) or execute arbitrary code. (CVE-2016-1680) A security issue was discovered in ServiceWorker registration in Blink in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass Content Security Policy (CSP) protections. (CVE-2016-1682) An out-of-bounds memory access was discovered in libxslt. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service (application crash) or execute arbitrary code. (CVE-2016-1683) An integer overflow was discovered in libxslt. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service (application crash or resource consumption). (CVE-2016-1684) An out-of-bounds read was discovered in the regular expression implementation in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service (application crash). (CVE-2016-1688) A heap overflow was discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service (application crash) or execute arbitrary code. (CVE-2016-1689) A heap overflow was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service (application crash) or execute arbitrary code. (CVE-2016-1691) It was discovered that Blink permits cross-origin loading of stylesheets by a service worker even when the stylesheet download has an incorrect MIME type. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2016-1692) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service (application crash) or execute arbitrary code. (CVE-2016-1695, CVE-2016-1703) It was discovered that Blink does not prevent frame navigation during DocumentLoader detach operations. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2016-1697) A parameter sanitization bug was discovered in the devtools subsystem in Blink. An attacker could potentially exploit this to bypass intended access restrictions. (CVE-2016-1699) An out-of-bounds read was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service (application crash). (CVE-2016-1702) Update Instructions: Run `sudo pro fix USN-2992-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.15.7-0ubuntu0.16.04.1 liboxideqt-qmlplugin - 1.15.7-0ubuntu0.16.04.1 liboxideqtquick-dev - 1.15.7-0ubuntu0.16.04.1 oxideqt-codecs-extra - 1.15.7-0ubuntu0.16.04.1 liboxideqtcore-dev - 1.15.7-0ubuntu0.16.04.1 oxideqt-codecs - 1.15.7-0ubuntu0.16.04.1 liboxideqtquick0 - 1.15.7-0ubuntu0.16.04.1 No subscription required Medium CVE-2016-1673 CVE-2016-1675 CVE-2016-1677 CVE-2016-1678 CVE-2016-1679 CVE-2016-1680 CVE-2016-1682 CVE-2016-1683 CVE-2016-1684 CVE-2016-1688 CVE-2016-1689 CVE-2016-1691 CVE-2016-1692 CVE-2016-1695 CVE-2016-1697 CVE-2016-1699 CVE-2016-1702 CVE-2016-1703 Ubuntu 16.04 LTS Christian Holler, Gary Kwong, Jesse Ruderman, Tyson Smith, Timothy Nikkel, Sylvestre Ledru, Julian Seward, Olli Pettay, Karl Tomlinson, Christoph Diehl, Julian Hector, Jan de Mooij, Mats Palmgren, and Tooru Fujisawa discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-2815, CVE-2016-2818) A buffer overflow was discovered when parsing HTML5 fragments in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-2819) A use-after-free was discovered in contenteditable mode in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-2821) Jordi Chancel discovered a way to use a persistent menu within a <select> element and place this in an arbitrary location. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to spoof the addressbar contents. (CVE-2016-2822) Armin Razmdjou that the location.host property can be set to an arbitrary string after creating an invalid data: URI. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass some same-origin protections. (CVE-2016-2825) A use-after-free was discovered when processing WebGL content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-2828) Tim McCormack discovered that the permissions notification can show the wrong icon when a page requests several permissions in quick succession. An attacker could potentially exploit this by tricking the user in to giving consent for access to the wrong resource. (CVE-2016-2829) It was discovered that a pointerlock can be created in a fullscreen window without user consent in some circumstances, and this pointerlock cannot be cancelled without quitting Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service or conduct clickjacking attacks. (CVE-2016-2831) John Schoenick discovered that CSS pseudo-classes can leak information about plugins that are installed but disabled. An attacker could potentially exploit this to fingerprint users. (CVE-2016-2832) Matt Wobensmith discovered that Content Security Policy (CSP) does not block the loading of cross-domain Java applets when specified by policy. An attacker could potentially exploit this to bypass CSP protections and conduct cross-site scripting (XSS) attacks. (CVE-2016-2833) In addition, multiple unspecified security issues were discovered in NSS. (CVE-2016-2834) Update Instructions: Run `sudo pro fix USN-2993-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-nn - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-nb - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-fa - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-fi - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-fr - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-fy - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-or - 47.0+build3-0ubuntu0.16.04.1 firefox-testsuite - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-oc - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-cs - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-ga - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-gd - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-gn - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-gl - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-gu - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-pa - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-pl - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-cy - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-pt - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-hi - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-ms - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-he - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-hy - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-hr - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-hu - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-it - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-as - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-ar - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-az - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-id - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-mai - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-af - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-is - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-vi - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-an - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-bs - 47.0+build3-0ubuntu0.16.04.1 firefox - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-ro - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-ja - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-ru - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-br - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-zh-hant - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-zh-hans - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-bn - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-be - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-bg - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-sl - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-sk - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-si - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-sw - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-sv - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-sr - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-sq - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-ko - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-kn - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-km - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-kk - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-ka - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-xh - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-ca - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-ku - 47.0+build3-0ubuntu0.16.04.1 firefox-mozsymbols - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-lv - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-lt - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-th - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-hsb - 47.0+build3-0ubuntu0.16.04.1 firefox-dev - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-te - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-cak - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-ta - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-lg - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-tr - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-nso - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-de - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-da - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-uk - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-mr - 47.0+build3-0ubuntu0.16.04.1 firefox-globalmenu - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-uz - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-ml - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-mn - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-mk - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-eu - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-et - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-es - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-csb - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-el - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-eo - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-en - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-zu - 47.0+build3-0ubuntu0.16.04.1 firefox-locale-ast - 47.0+build3-0ubuntu0.16.04.1 No subscription required Medium CVE-2016-2815 CVE-2016-2818 CVE-2016-2819 CVE-2016-2821 CVE-2016-2822 CVE-2016-2825 CVE-2016-2828 CVE-2016-2829 CVE-2016-2831 CVE-2016-2832 CVE-2016-2833 CVE-2016-2834 Ubuntu 16.04 LTS It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. (CVE-2015-8806, CVE-2016-2073, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447) It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-1762, CVE-2016-1834) Mateusz Jurczyk discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-1833, CVE-2016-1838, CVE-2016-1839) Wei Lei and Liu Yang discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-1835, CVE-2016-1837) Wei Lei and Liu Yang discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-1836) Kostya Serebryany discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-1840) It was discovered that libxml2 would load certain XML external entities. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly obtain access to arbitrary files or cause resource consumption. (CVE-2016-4449) Gustavo Grieco discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. (CVE-2016-4483) Update Instructions: Run `sudo pro fix USN-2994-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxml2 - 2.9.3+dfsg1-1ubuntu0.1 libxml2-utils - 2.9.3+dfsg1-1ubuntu0.1 libxml2 - 2.9.3+dfsg1-1ubuntu0.1 libxml2-udeb - 2.9.3+dfsg1-1ubuntu0.1 libxml2-doc - 2.9.3+dfsg1-1ubuntu0.1 libxml2-dev - 2.9.3+dfsg1-1ubuntu0.1 No subscription required Medium CVE-2015-8806 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-2073 CVE-2016-3627 CVE-2016-3705 CVE-2016-4447 CVE-2016-4449 CVE-2016-4483 Ubuntu 16.04 LTS Yuriy M. Kaminskiy discovered that the Squid pinger utility incorrectly handled certain ICMPv6 packets. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly cause Squid to leak information into log files. (CVE-2016-3947) Yuriy M. Kaminskiy discovered that the Squid cachemgr.cgi tool incorrectly handled certain crafted data. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-4051) It was discovered that Squid incorrectly handled certain Edge Side Includes (ESI) responses. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-4052, CVE-2016-4053, CVE-2016-4054) Jianjun Chen discovered that Squid did not correctly ignore the Host header when absolute-URI is provided. A remote attacker could possibly use this issue to conduct cache-poisoning attacks. This issue only affected Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-4553) Jianjun Chen discovered that Squid incorrectly handled certain HTTP Host headers. A remote attacker could possibly use this issue to conduct cache-poisoning attacks. (CVE-2016-4554) It was discovered that Squid incorrectly handled certain Edge Side Includes (ESI) responses. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2016-4555, CVE-2016-4556) Update Instructions: Run `sudo pro fix USN-2995-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squid-common - 3.5.12-1ubuntu7.2 squid - 3.5.12-1ubuntu7.2 squid-cgi - 3.5.12-1ubuntu7.2 squid-purge - 3.5.12-1ubuntu7.2 squidclient - 3.5.12-1ubuntu7.2 squid3 - 3.5.12-1ubuntu7.2 No subscription required Medium CVE-2016-3947 CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 CVE-2016-4553 CVE-2016-4554 CVE-2016-4555 CVE-2016-4556 Ubuntu 16.04 LTS Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117) Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583) Multiple race conditions where discovered in the Linux kernel's ext4 file system. A local user could exploit this flaw to cause a denial of service (disk corruption) by writing to a page that is associated with a different users file after unsynchronized hole punching and page-fault handling. (CVE-2015-8839) Ralf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187) Vitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. An attacker in the guest OS could cause a denial of service (guest system crash). (CVE-2016-3961) Kangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485) Kangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486) Jann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel could overflow reference counters on systems with more than 32GB of physical ram and with RLIMIT_MEMLOCK set to infinite. A local unprivileged attacker could use to create a use-after- free situation, causing a denial of service (system crash) or possibly gain administrative privileges. (CVE-2016-4558) Jann Horn discovered that the InfiniBand interfaces within the Linux kernel could be coerced into overwriting kernel memory. A local unprivileged attacker could use this to possibly gain administrative privileges on systems where InifiniBand related kernel modules are loaded. (CVE-2016-4565) It was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash). (CVE-2016-4581) Update Instructions: Run `sudo pro fix USN-3006-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-24-generic - 4.4.0-24.43 linux-image-4.4.0-24-powerpc-e500mc - 4.4.0-24.43 linux-image-4.4.0-24-powerpc64-emb - 4.4.0-24.43 linux-image-extra-4.4.0-24-generic - 4.4.0-24.43 linux-image-4.4.0-24-generic-lpae - 4.4.0-24.43 linux-image-4.4.0-24-powerpc-smp - 4.4.0-24.43 linux-image-4.4.0-24-powerpc64-smp - 4.4.0-24.43 linux-image-4.4.0-24-lowlatency - 4.4.0-24.43 No subscription required High CVE-2015-8839 CVE-2016-1583 CVE-2016-2117 CVE-2016-2187 CVE-2016-3961 CVE-2016-4485 CVE-2016-4486 CVE-2016-4558 CVE-2016-4565 CVE-2016-4581 Ubuntu 16.04 LTS Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117) Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583) Multiple race conditions where discovered in the Linux kernel's ext4 file system. A local user could exploit this flaw to cause a denial of service (disk corruption) by writing to a page that is associated with a different users file after unsynchronized hole punching and page-fault handling. (CVE-2015-8839) Ralf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187) Vitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. An attacker in the guest OS could cause a denial of service (guest system crash). (CVE-2016-3961) Kangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485) Kangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486) Jann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel could overflow reference counters on systems with more than 32GB of physical ram and with RLIMIT_MEMLOCK set to infinite. A local unprivileged attacker could use to create a use-after- free situation, causing a denial of service (system crash) or possibly gain administrative privileges. (CVE-2016-4558) Jann Horn discovered that the InfiniBand interfaces within the Linux kernel could be coerced into overwriting kernel memory. A local unprivileged attacker could use this to possibly gain administrative privileges on systems where InifiniBand related kernel modules are loaded. (CVE-2016-4565) It was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash). (CVE-2016-4581) Update Instructions: Run `sudo pro fix USN-3007-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1012-raspi2 - 4.4.0-1012.16 No subscription required High CVE-2015-8839 CVE-2016-1583 CVE-2016-2117 CVE-2016-2187 CVE-2016-3961 CVE-2016-4485 CVE-2016-4486 CVE-2016-4558 CVE-2016-4565 CVE-2016-4581 Ubuntu 16.04 LTS Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Update Instructions: Run `sudo pro fix USN-3008-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1015-snapdragon - 4.4.0-1015.18 No subscription required High CVE-2016-1583 Ubuntu 16.04 LTS Edwin Török discovered that Dnsmasq incorrectly handled certain CNAME responses. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3009-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsmasq - 2.75-1ubuntu0.16.04.1 dnsmasq-utils - 2.75-1ubuntu0.16.04.1 dnsmasq-base - 2.75-1ubuntu0.16.04.1 No subscription required Medium CVE-2015-8899 Ubuntu 16.04 LTS It was discovered that Expat unexpectedly called srand in certain circumstances. This could reduce the security of calling applications. (CVE-2012-6702) It was discovered that Expat incorrectly handled seeding the random number generator. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-5300) Update Instructions: Run `sudo pro fix USN-3010-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libexpat1 - 2.1.0-7ubuntu0.16.04.2 expat - 2.1.0-7ubuntu0.16.04.2 libexpat1-dev - 2.1.0-7ubuntu0.16.04.2 lib64expat1-dev - 2.1.0-7ubuntu0.16.04.2 libexpat1-udeb - 2.1.0-7ubuntu0.16.04.2 lib64expat1 - 2.1.0-7ubuntu0.16.04.2 No subscription required Medium CVE-2012-6702 CVE-2016-5300 Ubuntu 16.04 LTS Falco Schmutz discovered that HAProxy incorrectly handled the reqdeny filter. A remote attacker could use this issue to cause HAProxy to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3011-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: haproxy - 1.6.3-1ubuntu0.1 haproxy-doc - 1.6.3-1ubuntu0.1 vim-haproxy - 1.6.3-1ubuntu0.1 No subscription required Medium CVE-2016-5360 Ubuntu 16.04 LTS Dawid Golunski discovered that Wget incorrectly handled filenames when being redirected from an HTTP to an FTP URL. A malicious server could possibly use this issue to overwrite local files. Update Instructions: Run `sudo pro fix USN-3012-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: wget - 1.17.1-1ubuntu1.1 wget-udeb - 1.17.1-1ubuntu1.1 No subscription required Medium CVE-2016-4971 Ubuntu 16.04 LTS Jing Zhao discovered that the Spice smartcard support incorrectly handled memory. A remote attacker could use this issue to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-0749) Frediano Ziglio discovered that Spice incorrectly handled certain primary surface parameters. A malicious guest operating system could potentially exploit this issue to escape virtualization. (CVE-2016-2150) Update Instructions: Run `sudo pro fix USN-3014-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libspice-server1 - 0.12.6-4ubuntu0.1 libspice-server-dev - 0.12.6-4ubuntu0.1 No subscription required Medium CVE-2016-0749 CVE-2016-2150 Ubuntu 16.04 LTS Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-1704) Update Instructions: Run `sudo pro fix USN-3015-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.15.8-0ubuntu0.16.04.1 liboxideqt-qmlplugin - 1.15.8-0ubuntu0.16.04.1 liboxideqtquick-dev - 1.15.8-0ubuntu0.16.04.1 oxideqt-codecs-extra - 1.15.8-0ubuntu0.16.04.1 liboxideqtcore-dev - 1.15.8-0ubuntu0.16.04.1 oxideqt-codecs - 1.15.8-0ubuntu0.16.04.1 liboxideqtquick0 - 1.15.8-0ubuntu0.16.04.1 No subscription required Medium CVE-2016-1704 Ubuntu 16.04 LTS Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. (CVE-2016-4997) Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4482) Kangjie Lu discovered an information leak in the timer handling implementation in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4569, CVE-2016-4578) Kangjie Lu discovered an information leak in the X.25 Call Request handling in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4580) It was discovered that an information leak exists in the Rock Ridge implementation in the Linux kernel. A local attacker who is able to mount a malicious iso9660 file system image could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2016-4913) Baozeng Ding discovered that the Transparent Inter-process Communication (TIPC) implementation in the Linux kernel did not verify socket existence before use in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-4951) Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2016-4998) Update Instructions: Run `sudo pro fix USN-3016-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-28-powerpc64-smp - 4.4.0-28.47 linux-image-4.4.0-28-lowlatency - 4.4.0-28.47 linux-image-4.4.0-28-powerpc-smp - 4.4.0-28.47 linux-image-4.4.0-28-generic-lpae - 4.4.0-28.47 linux-image-extra-4.4.0-28-generic - 4.4.0-28.47 linux-image-4.4.0-28-powerpc64-emb - 4.4.0-28.47 linux-image-4.4.0-28-generic - 4.4.0-28.47 linux-image-4.4.0-28-powerpc-e500mc - 4.4.0-28.47 No subscription required High CVE-2016-4482 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4913 CVE-2016-4951 CVE-2016-4997 CVE-2016-4998 Ubuntu 16.04 LTS Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. (CVE-2016-4997) Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4482) Kangjie Lu discovered an information leak in the timer handling implementation in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4569, CVE-2016-4578) Kangjie Lu discovered an information leak in the X.25 Call Request handling in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4580) It was discovered that an information leak exists in the Rock Ridge implementation in the Linux kernel. A local attacker who is able to mount a malicious iso9660 file system image could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2016-4913) Baozeng Ding discovered that the Transparent Inter-process Communication (TIPC) implementation in the Linux kernel did not verify socket existence before use in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-4951) Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2016-4998) Update Instructions: Run `sudo pro fix USN-3016-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1016-raspi2 - 4.4.0-1016.22 No subscription required High CVE-2016-4482 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4913 CVE-2016-4951 CVE-2016-4997 CVE-2016-4998 Ubuntu 16.04 LTS Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. (CVE-2016-4997) Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4482) Kangjie Lu discovered an information leak in the timer handling implementation in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4569, CVE-2016-4578) Kangjie Lu discovered an information leak in the X.25 Call Request handling in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4580) It was discovered that an information leak exists in the Rock Ridge implementation in the Linux kernel. A local attacker who is able to mount a malicious iso9660 file system image could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2016-4913) Baozeng Ding discovered that the Transparent Inter-process Communication (TIPC) implementation in the Linux kernel did not verify socket existence before use in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-4951) Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2016-4998) Update Instructions: Run `sudo pro fix USN-3016-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1019-snapdragon - 4.4.0-1019.22 No subscription required High CVE-2016-4482 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4913 CVE-2016-4951 CVE-2016-4997 CVE-2016-4998 Ubuntu 16.04 LTS It was discovered that LibreOffice incorrectly handled RTF document files. If a user were tricked into opening a specially crafted RTF document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3022-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libreoffice-mysql-connector - 1.0.2+LibO5.1.4-0ubuntu1 No subscription required libreoffice-wiki-publisher - 1.2.0+LibO5.1.4-0ubuntu1 No subscription required libreoffice-impress - 1:5.1.4-0ubuntu1 libreoffice-officebean - 1:5.1.4-0ubuntu1 libreoffice-base - 1:5.1.4-0ubuntu1 libreoffice-librelogo - 1:5.1.4-0ubuntu1 libreoffice-java-common - 1:5.1.4-0ubuntu1 gir1.2-lokdocview-0.1 - 1:5.1.4-0ubuntu1 libreoffice-subsequentcheckbase - 1:5.1.4-0ubuntu1 libreoffice-style-elementary - 1:5.1.4-0ubuntu1 libreoffice-kde - 1:5.1.4-0ubuntu1 libreoffice-style-galaxy - 1:5.1.4-0ubuntu1 libreoffice-style-hicontrast - 1:5.1.4-0ubuntu1 libreoffice-core - 1:5.1.4-0ubuntu1 libreoffice-script-provider-bsh - 1:5.1.4-0ubuntu1 libreoffice-avmedia-backend-gstreamer - 1:5.1.4-0ubuntu1 libreofficekit-dev - 1:5.1.4-0ubuntu1 libreoffice-script-provider-python - 1:5.1.4-0ubuntu1 libreoffice-common - 1:5.1.4-0ubuntu1 libreoffice-gnome - 1:5.1.4-0ubuntu1 libreoffice-dev - 1:5.1.4-0ubuntu1 libreoffice-gtk3 - 1:5.1.4-0ubuntu1 libreoffice-report-builder - 1:5.1.4-0ubuntu1 libreoffice-pdfimport - 1:5.1.4-0ubuntu1 libreoffice-base-core - 1:5.1.4-0ubuntu1 libreoffice-ogltrans - 1:5.1.4-0ubuntu1 libreoffice-sdbc-hsqldb - 1:5.1.4-0ubuntu1 libreoffice-gtk - 1:5.1.4-0ubuntu1 libreoffice-calc - 1:5.1.4-0ubuntu1 libreoffice-base-drivers - 1:5.1.4-0ubuntu1 libreoffice-style-oxygen - 1:5.1.4-0ubuntu1 libreoffice-style-tango - 1:5.1.4-0ubuntu1 libreoffice-style-human - 1:5.1.4-0ubuntu1 libreoffice-sdbc-firebird - 1:5.1.4-0ubuntu1 python3-uno - 1:5.1.4-0ubuntu1 libreoffice-math - 1:5.1.4-0ubuntu1 libreoffice-writer - 1:5.1.4-0ubuntu1 libreoffice-report-builder-bin - 1:5.1.4-0ubuntu1 libreoffice-style-breeze - 1:5.1.4-0ubuntu1 libreoffice-script-provider-js - 1:5.1.4-0ubuntu1 libreoffice - 1:5.1.4-0ubuntu1 libreoffice-draw - 1:5.1.4-0ubuntu1 libreoffice-style-sifr - 1:5.1.4-0ubuntu1 libreoffice-dev-doc - 1:5.1.4-0ubuntu1 libreoffice-l10n-in - 1:5.1.4-0ubuntu1 libreoffice-l10n-za - 1:5.1.4-0ubuntu1 libreoffice-sdbc-postgresql - 1:5.1.4-0ubuntu1 No subscription required fonts-opensymbol - 2:102.7+LibO5.1.4-0ubuntu1 No subscription required uno-libs3 - 5.1.4-0ubuntu1 ure - 5.1.4-0ubuntu1 No subscription required Medium CVE-2016-4324 Ubuntu 16.04 LTS It was discovered that NSPR incorrectly handled memory allocation. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-1951) Christian Holler, Gary Kwong, Jesse Ruderman, Tyson Smith, Timothy Nikkel, Sylvestre Ledru, Julian Seward, Olli Pettay, and Karl Tomlinson, discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-2818) Update Instructions: Run `sudo pro fix USN-3023-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-bn - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fr - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-en-us - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-es-es - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nb-no - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-br - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-dsb - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fy - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-vi - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-mk - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-bn-bd - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hu - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-es-ar - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-be - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-bg - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ja - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-lt - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sl - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-en-gb - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-cy - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-si - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-gnome-support - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hr - 1:45.2.0+build1-0ubuntu0.16.04.1 xul-ext-calendar-timezones - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-de - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-en - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-da - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nl - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nn - 1:45.2.0+build1-0ubuntu0.16.04.1 xul-ext-lightning - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ga-ie - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fy-nl - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sv - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pa-in - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sr - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sq - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-he - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hsb - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ar - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-uk - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-globalmenu - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-cn - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ta-lk - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ru - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-cs - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-mozsymbols - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fi - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-testsuite - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ro - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-af - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pt-pt - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sk - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-dev - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hy - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ca - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sv-se - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pt-br - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-el - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pa - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-rm - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ka - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nn-no - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ko - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ga - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ast - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-tr - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-it - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pl - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-gd - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-tw - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-id - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-gl - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nb - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pt - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-eu - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-et - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-hant - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-hans - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-is - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-es - 1:45.2.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ta - 1:45.2.0+build1-0ubuntu0.16.04.1 No subscription required Medium CVE-2016-1951 CVE-2016-2818 Ubuntu 16.04 LTS It was discovered that Tomcat incorrectly handled pathnames used by web applications in a getResource, getResourceAsStream, or getResourcePaths call. A remote attacker could use this issue to possibly list a parent directory . This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5174) It was discovered that the Tomcat mapper component incorrectly handled redirects. A remote attacker could use this issue to determine the existence of a directory. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5345) It was discovered that Tomcat incorrectly handled different session settings when multiple versions of the same web application was deployed. A remote attacker could possibly use this issue to hijack web sessions. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5346) It was discovered that the Tomcat Manager and Host Manager applications incorrectly handled new requests. A remote attacker could possibly use this issue to bypass CSRF protection mechanisms. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5351) It was discovered that Tomcat did not place StatusManagerServlet on the RestrictedServlets list. A remote attacker could possibly use this issue to read arbitrary HTTP requests, including session ID values. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-0706) It was discovered that the Tomcat session-persistence implementation incorrectly handled session attributes. A remote attacker could possibly use this issue to execute arbitrary code in a privileged context. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-0714) It was discovered that the Tomcat setGlobalContext method incorrectly checked if callers were authorized. A remote attacker could possibly use this issue to read or wite to arbitrary application data, or cause a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-0763) It was discovered that the Tomcat Fileupload library incorrectly handled certain upload requests. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-3092) Update Instructions: Run `sudo pro fix USN-3024-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tomcat7-common - 7.0.68-1ubuntu0.1 libservlet3.0-java - 7.0.68-1ubuntu0.1 tomcat7-docs - 7.0.68-1ubuntu0.1 libservlet3.0-java-doc - 7.0.68-1ubuntu0.1 tomcat7 - 7.0.68-1ubuntu0.1 libtomcat7-java - 7.0.68-1ubuntu0.1 tomcat7-user - 7.0.68-1ubuntu0.1 tomcat7-admin - 7.0.68-1ubuntu0.1 tomcat7-examples - 7.0.68-1ubuntu0.1 No subscription required Medium CVE-2015-5174 CVE-2015-5345 CVE-2015-5346 CVE-2015-5351 CVE-2016-0706 CVE-2016-0714 CVE-2016-0763 CVE-2016-3092 Ubuntu 16.04 LTS It was discovered that libimobiledevice incorrectly handled socket permissions. A remote attacker could use this issue to access services on iOS devices, contrary to expectations. Update Instructions: Run `sudo pro fix USN-3026-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libimobiledevice-utils - 1.2.0+dfsg-3~ubuntu0.2 libimobiledevice6 - 1.2.0+dfsg-3~ubuntu0.2 libimobiledevice-dev - 1.2.0+dfsg-3~ubuntu0.2 python-imobiledevice - 1.2.0+dfsg-3~ubuntu0.2 libimobiledevice-doc - 1.2.0+dfsg-3~ubuntu0.2 No subscription required Medium CVE-2016-5104 Ubuntu 16.04 LTS It was discovered that libusbmuxd incorrectly handled socket permissions. A remote attacker could use this issue to access services on iOS devices, contrary to expectations. Update Instructions: Run `sudo pro fix USN-3026-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libusbmuxd-tools - 1.0.10-2ubuntu0.1 libusbmuxd4 - 1.0.10-2ubuntu0.1 libusbmuxd-dev - 1.0.10-2ubuntu0.1 No subscription required Medium CVE-2016-5104 Ubuntu 16.04 LTS It was discovered that the Tomcat Fileupload library incorrectly handled certain upload requests. A remote attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3027-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tomcat8-docs - 8.0.32-1ubuntu1.1 tomcat8-user - 8.0.32-1ubuntu1.1 libservlet3.1-java - 8.0.32-1ubuntu1.1 libservlet3.1-java-doc - 8.0.32-1ubuntu1.1 tomcat8-examples - 8.0.32-1ubuntu1.1 tomcat8-admin - 8.0.32-1ubuntu1.1 libtomcat8-java - 8.0.32-1ubuntu1.1 tomcat8-common - 8.0.32-1ubuntu1.1 tomcat8 - 8.0.32-1ubuntu1.1 No subscription required Medium CVE-2016-3092 Ubuntu 16.04 LTS It was discovered that NSPR incorrectly handled memory allocation. A remote attacker could use this issue to cause NSPR to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3028-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnspr4-dev - 2:4.12-0ubuntu0.16.04.1 libnspr4 - 2:4.12-0ubuntu0.16.04.1 libnspr4-0d - 2:4.12-0ubuntu0.16.04.1 No subscription required Medium CVE-2016-1951 Ubuntu 16.04 LTS Tyson Smith and Jed Davis discovered that NSS incorrectly handled memory. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. This update refreshes the NSS package to version 3.23 which includes the latest CA certificate bundle. As a security improvement, this update also modifies NSS behaviour to reject DH key sizes below 1024 bits, preventing a possible downgrade attack. Update Instructions: Run `sudo pro fix USN-3029-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.23-0ubuntu0.16.04.1 libnss3-dev - 2:3.23-0ubuntu0.16.04.1 libnss3 - 2:3.23-0ubuntu0.16.04.1 libnss3-1d - 2:3.23-0ubuntu0.16.04.1 libnss3-tools - 2:3.23-0ubuntu0.16.04.1 No subscription required Medium CVE-2016-2834 Ubuntu 16.04 LTS It was discovered that the GD library incorrectly handled memory when using gdImageScaleTwoPass(). A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2013-7456) It was discovered that the GD library incorrectly handled certain malformed XBM images. If a user or automated system were tricked into processing a specially crafted XBM image, an attacker could cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-5116) It was discovered that the GD library incorrectly handled memory when using _gd2GetHeader(). A remote attacker could possibly use this issue to cause a denial of service or possibly execute arbitrary code. (CVE-2016-5766) It was discovered that the GD library incorrectly handled certain color indexes. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-6128) It was discovered that the GD library incorrectly handled memory when encoding a GIF image. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-6161) Update Instructions: Run `sudo pro fix USN-3030-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgd3 - 2.1.1-4ubuntu0.16.04.2 libgd-tools - 2.1.1-4ubuntu0.16.04.2 libgd-dev - 2.1.1-4ubuntu0.16.04.2 No subscription required Medium CVE-2013-7456 CVE-2016-5116 CVE-2016-5766 CVE-2016-6128 CVE-2016-6161 Ubuntu 16.04 LTS It was discovered that eCryptfs incorrectly configured the encrypted swap partition for certain drive types. An attacker could use this issue to discover sensitive information. Update Instructions: Run `sudo pro fix USN-3032-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ecryptfs-utils - 111-0ubuntu1.1 python-ecryptfs - 111-0ubuntu1.1 libecryptfs1 - 111-0ubuntu1.1 libecryptfs-dev - 111-0ubuntu1.1 No subscription required Medium CVE-2016-6224 Ubuntu 16.04 LTS Hanno Böck discovered that libarchive contained multiple security issues when processing certain malformed archive files. A remote attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-8916, CVE-2015-8917 CVE-2015-8919, CVE-2015-8920, CVE-2015-8921, CVE-2015-8922, CVE-2015-8923, CVE-2015-8924, CVE-2015-8925, CVE-2015-8926, CVE-2015-8928, CVE-2015-8930, CVE-2015-8931, CVE-2015-8932, CVE-2015-8933, CVE-2015-8934, CVE-2016-5844) Marcin "Icewall" Noga discovered that libarchive contained multiple security issues when processing certain malformed archive files. A remote attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-4300, CVE-2016-4302) It was discovered that libarchive incorrectly handled memory allocation with large cpio symlinks. A remote attacker could use this issue to possibly cause libarchive to crash, resulting in a denial of service. (CVE-2016-4809) Update Instructions: Run `sudo pro fix USN-3033-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bsdcpio - 3.1.2-11ubuntu0.16.04.2 libarchive13 - 3.1.2-11ubuntu0.16.04.2 bsdtar - 3.1.2-11ubuntu0.16.04.2 libarchive-dev - 3.1.2-11ubuntu0.16.04.2 No subscription required Medium CVE-2015-8916 CVE-2015-8917 CVE-2015-8919 CVE-2015-8920 CVE-2015-8921 CVE-2015-8922 CVE-2015-8923 CVE-2015-8924 CVE-2015-8925 CVE-2015-8926 CVE-2015-8928 CVE-2015-8930 CVE-2015-8931 CVE-2015-8932 CVE-2015-8933 CVE-2015-8934 CVE-2016-4300 CVE-2016-4302 CVE-2016-4809 CVE-2016-5844 Ubuntu 16.04 LTS It was discovered that the Apache HTTP Server would set the HTTP_PROXY environment variable based on the contents of the Proxy header from HTTP requests. A remote attacker could possibly use this issue in combination with CGI scripts that honour the HTTP_PROXY variable to redirect outgoing HTTP requests. Update Instructions: Run `sudo pro fix USN-3038-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2-data - 2.4.18-2ubuntu3.1 apache2-utils - 2.4.18-2ubuntu3.1 apache2-dev - 2.4.18-2ubuntu3.1 apache2-suexec-pristine - 2.4.18-2ubuntu3.1 apache2-suexec-custom - 2.4.18-2ubuntu3.1 apache2 - 2.4.18-2ubuntu3.1 apache2-doc - 2.4.18-2ubuntu3.1 apache2-bin - 2.4.18-2ubuntu3.1 No subscription required Medium CVE-2016-5387 Ubuntu 16.04 LTS It was discovered that Django incorrectly handled the admin's add/change related popup. A remote attacker could possibly use this issue to perform a cross-site scripting attack. Update Instructions: Run `sudo pro fix USN-3039-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1.8.7-1ubuntu5.1 python-django-doc - 1.8.7-1ubuntu5.1 python-django-common - 1.8.7-1ubuntu5.1 python-django - 1.8.7-1ubuntu5.1 No subscription required Medium CVE-2016-6186 Ubuntu 16.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.50 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 15.10 has been updated to MySQL 5.6.31. Ubuntu 16.04 LTS has been updated to MySQL 5.7.13. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-13.html http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html Update Instructions: Run `sudo pro fix USN-3040-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.13-0ubuntu0.16.04.2 mysql-source-5.7 - 5.7.13-0ubuntu0.16.04.2 libmysqlclient-dev - 5.7.13-0ubuntu0.16.04.2 mysql-client-core-5.7 - 5.7.13-0ubuntu0.16.04.2 mysql-client-5.7 - 5.7.13-0ubuntu0.16.04.2 libmysqlclient20 - 5.7.13-0ubuntu0.16.04.2 mysql-server-5.7 - 5.7.13-0ubuntu0.16.04.2 mysql-common - 5.7.13-0ubuntu0.16.04.2 mysql-server - 5.7.13-0ubuntu0.16.04.2 mysql-server-core-5.7 - 5.7.13-0ubuntu0.16.04.2 mysql-testsuite - 5.7.13-0ubuntu0.16.04.2 libmysqld-dev - 5.7.13-0ubuntu0.16.04.2 mysql-testsuite-5.7 - 5.7.13-0ubuntu0.16.04.2 No subscription required Medium CVE-2016-3424 CVE-2016-3459 CVE-2016-3477 CVE-2016-3486 CVE-2016-3501 CVE-2016-3518 CVE-2016-3521 CVE-2016-3588 CVE-2016-3614 CVE-2016-3615 CVE-2016-5436 CVE-2016-5437 CVE-2016-5439 CVE-2016-5440 CVE-2016-5441 CVE-2016-5442 CVE-2016-5443 Ubuntu 16.04 LTS Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service (application crash) or execute arbitrary code. (CVE-2016-1705) It was discovered that the PPAPI implementation does not validate the origin of IPC messages to the plugin broker process. A remote attacker could potentially exploit this to bypass sandbox protection mechanisms. (CVE-2016-1706) It was discovered that Blink does not prevent window creation by a deferred frame. A remote attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-1710) It was discovered that Blink does not disable frame navigation during a detach operation on a DocumentLoader object. A remote attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-1711) A use-after-free was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer process crash, or execute arbitrary code. (CVE-2016-5127) It was discovered that objects.cc in V8 does not prevent API interceptors from modifying a store target without setting a property. A remote attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-5128) A memory corruption was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer process crash, or execute arbitrary code. (CVE-2016-5129) A security issue was discovered in Chromium. A remote attacker could potentially exploit this to spoof the currently displayed URL. (CVE-2016-5130) A use-after-free was discovered in libxml. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer process crash, or execute arbitrary code. (CVE-2016-5131) The Service Workers implementation in Chromium does not properly implement the Secure Contexts specification during decisions about whether to control a subframe. A remote attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-5132) It was discovered that Chromium mishandles origin information during proxy authentication. A machine-in-the-middle attacker could potentially exploit this to spoof a proxy authentication login prompt. (CVE-2016-5133) It was discovered that the Proxy Auto-Config (PAC) feature in Chromium does not ensure that URL information is restricted to a scheme, host and port. A remote attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5134) It was discovered that Blink does not consider referrer-policy information inside an HTML document during a preload request. A remote attacker could potentially exploit this to bypass Content Security Policy (CSP) protections. (CVE-2016-5135) It was discovered that the Content Security Policy (CSP) implementation in Blink does not apply http :80 policies to https :443 URLs. A remote attacker could potentially exploit this to determine whether a specific HSTS web site has been visited by reading a CSP report. (CVE-2016-5137) Update Instructions: Run `sudo pro fix USN-3041-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.16.5-0ubuntu0.16.04.1 liboxideqt-qmlplugin - 1.16.5-0ubuntu0.16.04.1 liboxideqtquick-dev - 1.16.5-0ubuntu0.16.04.1 oxideqt-codecs-extra - 1.16.5-0ubuntu0.16.04.1 liboxideqtcore-dev - 1.16.5-0ubuntu0.16.04.1 oxideqt-codecs - 1.16.5-0ubuntu0.16.04.1 liboxideqtquick0 - 1.16.5-0ubuntu0.16.04.1 No subscription required Medium CVE-2016-1705 CVE-2016-1706 CVE-2016-1710 CVE-2016-1711 CVE-2016-5127 CVE-2016-5128 CVE-2016-5129 CVE-2016-5130 CVE-2016-5131 CVE-2016-5132 CVE-2016-5133 CVE-2016-5134 CVE-2016-5135 CVE-2016-5137 Ubuntu 16.04 LTS Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. (CVE-2016-3587, CVE-2016-3598, CVE-2016-3606, CVE-2016-3610) A vulnerability was discovered in the OpenJDK JRE related to data integrity. An attacker could exploit this to expose sensitive data over the network or possibly execute arbitrary code. (CVE-2016-3458) Multiple vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. (CVE-2016-3500, CVE-2016-3508) A vulnerability was discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit this to expose sensitive data over the network. (CVE-2016-3550) Update Instructions: Run `sudo pro fix USN-3043-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-8-doc - 8u91-b14-3ubuntu1~16.04.1 openjdk-8-jdk - 8u91-b14-3ubuntu1~16.04.1 openjdk-8-jre-headless - 8u91-b14-3ubuntu1~16.04.1 openjdk-8-jre - 8u91-b14-3ubuntu1~16.04.1 openjdk-8-jdk-headless - 8u91-b14-3ubuntu1~16.04.1 openjdk-8-source - 8u91-b14-3ubuntu1~16.04.1 openjdk-8-jre-zero - 8u91-b14-3ubuntu1~16.04.1 openjdk-8-demo - 8u91-b14-3ubuntu1~16.04.1 openjdk-8-jre-jamvm - 8u91-b14-3ubuntu1~16.04.1 No subscription required Medium CVE-2016-3458 CVE-2016-3500 CVE-2016-3508 CVE-2016-3550 CVE-2016-3587 CVE-2016-3598 CVE-2016-3606 CVE-2016-3610 Ubuntu 16.04 LTS Gustavo Grieco discovered an out-of-bounds read during XML parsing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or obtain sensitive information. (CVE-2016-0718) Toni Huttunen discovered that once a favicon is requested from a site, the remote server can keep the network connection open even after the page is closed. A remote attacked could potentially exploit this to track users, resulting in information disclosure. (CVE-2016-2830) Christian Holler, Tyson Smith, Boris Zbarsky, Byron Campen, Julian Seward, Carsten Book, Gary Kwong, Jesse Ruderman, Andrew McCreight, and Phil Ringnalda discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-2835, CVE-2016-2836) A buffer overflow was discovered in the ClearKey Content Decryption Module (CDM) during video playback. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via plugin process crash, or, in combination with another vulnerability to escape the GMP sandbox, execute arbitrary code. (CVE-2016-2837) Atte Kettunen discovered a buffer overflow when rendering SVG content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-2838) Bert Massop discovered a crash in Cairo with version 0.10 of FFmpeg. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code. (CVE-2016-2839) Catalin Dumitru discovered that URLs of resources loaded after a navigation start could be leaked to the following page via the Resource Timing API. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5250) Firas Salem discovered an issue with non-ASCII and emoji characters in data: URLs. An attacker could potentially exploit this to spoof the addressbar contents. (CVE-2016-5251) Georg Koppen discovered a stack buffer underflow during 2D graphics rendering in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5252) Abhishek Arya discovered a use-after-free when the alt key is used with top-level menus. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5254) Jukka Jylänki discovered a crash during garbage collection. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code. (CVE-2016-5255) Looben Yang discovered a use-after-free in WebRTC. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5258) Looben Yang discovered a use-after-free when working with nested sync events in service workers. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5259) Mike Kaply discovered that plain-text passwords can be stored in session restore if an input field type is changed from "password" to "text" during a session, leading to information disclosure. (CVE-2016-5260) Samuel Groß discovered an integer overflow in WebSockets during data buffering in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5261) Nikita Arykov discovered that JavaScript event handlers on a <marquee> element can execute in a sandboxed iframe without the allow-scripts flag set. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2016-5262) A type confusion bug was discovered in display transformation during rendering. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5263) A use-after-free was discovered when applying effects to SVG elements in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5264) Abdulrahman Alqabandi discovered a same-origin policy violation relating to local HTML files and saved shortcut files. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5265) Rafael Gieschke discovered an information disclosure issue related to drag and drop. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5266) A text injection issue was discovered with about: URLs. An attacker could potentially exploit this to spoof internal error pages. (CVE-2016-5268) Update Instructions: Run `sudo pro fix USN-3044-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-nn - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-nb - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-fa - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-fi - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-fr - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-fy - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-or - 48.0+build2-0ubuntu0.16.04.1 firefox-testsuite - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-oc - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-cs - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-ga - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-gd - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-gn - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-gl - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-gu - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-pa - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-pl - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-cy - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-pt - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-hi - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-ms - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-he - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-hy - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-hr - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-hu - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-it - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-as - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-ar - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-az - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-id - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-mai - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-af - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-is - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-vi - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-an - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-bs - 48.0+build2-0ubuntu0.16.04.1 firefox - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-ro - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-ja - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-ru - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-br - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-zh-hant - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-zh-hans - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-bn - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-be - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-bg - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-sl - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-sk - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-si - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-sw - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-sv - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-sr - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-sq - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-ko - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-kn - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-km - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-kk - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-ka - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-xh - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-ca - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-ku - 48.0+build2-0ubuntu0.16.04.1 firefox-mozsymbols - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-lv - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-lt - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-th - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-hsb - 48.0+build2-0ubuntu0.16.04.1 firefox-dev - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-te - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-cak - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-ta - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-lg - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-tr - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-nso - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-de - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-da - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-uk - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-mr - 48.0+build2-0ubuntu0.16.04.1 firefox-globalmenu - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-uz - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-ml - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-mn - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-mk - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-eu - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-et - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-es - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-csb - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-el - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-eo - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-en - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-zu - 48.0+build2-0ubuntu0.16.04.1 firefox-locale-ast - 48.0+build2-0ubuntu0.16.04.1 No subscription required Medium CVE-2016-0718 CVE-2016-2830 CVE-2016-2835 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-2839 CVE-2016-5250 CVE-2016-5251 CVE-2016-5252 CVE-2016-5254 CVE-2016-5255 CVE-2016-5258 CVE-2016-5259 CVE-2016-5260 CVE-2016-5261 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-5266 CVE-2016-5268 Ubuntu 16.04 LTS It was discovered that PHP incorrectly handled certain SplMinHeap::compare operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-4116) It was discovered that PHP incorrectly handled recursive method calls. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8873) It was discovered that PHP incorrectly validated certain Exception objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8876) It was discovered that PHP header() function performed insufficient filtering for Internet Explorer. A remote attacker could possibly use this issue to perform a XSS attack. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8935) It was discovered that PHP incorrectly handled certain locale operations. An attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5093) It was discovered that the PHP php_html_entities() function incorrectly handled certain string lengths. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5094, CVE-2016-5095) It was discovered that the PHP fread() function incorrectly handled certain lengths. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5096) It was discovered that the PHP FastCGI Process Manager (FPM) SAPI incorrectly handled memory in the access logging feature. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly expose sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5114) It was discovered that PHP would not protect applications from contents of the HTTP_PROXY environment variable when based on the contents of the Proxy header from HTTP requests. A remote attacker could possibly use this issue in combination with scripts that honour the HTTP_PROXY variable to redirect outgoing HTTP requests. (CVE-2016-5385) Hans Jerry Illikainen discovered that the PHP bzread() function incorrectly performed error handling. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-5399) It was discovered that certain PHP multibyte string functions incorrectly handled memory. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-5768) It was discovered that the PHP Mcrypt extension incorrectly handled memory. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5769) It was discovered that the PHP garbage collector incorrectly handled certain objects when unserializing malicious data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue was only addressed in Ubuntu Ubuntu 14.04 LTS. (CVE-2016-5771, CVE-2016-5773) It was discovered that PHP incorrectly handled memory when unserializing malicious xml data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5772) It was discovered that the PHP php_url_parse_ex() function incorrectly handled string termination. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-6288) It was discovered that PHP incorrectly handled path lengths when extracting certain Zip archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6289) It was discovered that PHP incorrectly handled session deserialization. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6290) It was discovered that PHP incorrectly handled exif headers when processing certain JPEG images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6291, CVE-2016-6292) It was discovered that PHP incorrectly handled certain locale operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6294) It was discovered that the PHP garbage collector incorrectly handled certain objects when unserializing SNMP data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6295) It was discovered that the PHP xmlrpc_encode_request() function incorrectly handled certain lengths. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6296) It was discovered that the PHP php_stream_zip_opener() function incorrectly handled memory. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6297) Update Instructions: Run `sudo pro fix USN-3045-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.0-cgi - 7.0.8-0ubuntu0.16.04.2 php7.0-mcrypt - 7.0.8-0ubuntu0.16.04.2 php7.0-xsl - 7.0.8-0ubuntu0.16.04.2 php7.0-fpm - 7.0.8-0ubuntu0.16.04.2 libphp7.0-embed - 7.0.8-0ubuntu0.16.04.2 php7.0-phpdbg - 7.0.8-0ubuntu0.16.04.2 php7.0-curl - 7.0.8-0ubuntu0.16.04.2 php7.0-ldap - 7.0.8-0ubuntu0.16.04.2 php7.0-mbstring - 7.0.8-0ubuntu0.16.04.2 php7.0-gmp - 7.0.8-0ubuntu0.16.04.2 php7.0-sqlite3 - 7.0.8-0ubuntu0.16.04.2 php7.0-gd - 7.0.8-0ubuntu0.16.04.2 php7.0-common - 7.0.8-0ubuntu0.16.04.2 php7.0-enchant - 7.0.8-0ubuntu0.16.04.2 php7.0-odbc - 7.0.8-0ubuntu0.16.04.2 php7.0-cli - 7.0.8-0ubuntu0.16.04.2 php7.0-json - 7.0.8-0ubuntu0.16.04.2 php7.0-pgsql - 7.0.8-0ubuntu0.16.04.2 libapache2-mod-php7.0 - 7.0.8-0ubuntu0.16.04.2 php7.0-zip - 7.0.8-0ubuntu0.16.04.2 php7.0-mysql - 7.0.8-0ubuntu0.16.04.2 php7.0-dba - 7.0.8-0ubuntu0.16.04.2 php7.0-sybase - 7.0.8-0ubuntu0.16.04.2 php7.0-pspell - 7.0.8-0ubuntu0.16.04.2 php7.0-xml - 7.0.8-0ubuntu0.16.04.2 php7.0-bz2 - 7.0.8-0ubuntu0.16.04.2 php7.0-recode - 7.0.8-0ubuntu0.16.04.2 php7.0-soap - 7.0.8-0ubuntu0.16.04.2 php7.0 - 7.0.8-0ubuntu0.16.04.2 php7.0-tidy - 7.0.8-0ubuntu0.16.04.2 php7.0-interbase - 7.0.8-0ubuntu0.16.04.2 php7.0-opcache - 7.0.8-0ubuntu0.16.04.2 php7.0-readline - 7.0.8-0ubuntu0.16.04.2 php7.0-intl - 7.0.8-0ubuntu0.16.04.2 php7.0-imap - 7.0.8-0ubuntu0.16.04.2 php7.0-xmlrpc - 7.0.8-0ubuntu0.16.04.2 php7.0-bcmath - 7.0.8-0ubuntu0.16.04.2 php7.0-dev - 7.0.8-0ubuntu0.16.04.2 php7.0-snmp - 7.0.8-0ubuntu0.16.04.2 No subscription required Medium CVE-2015-4116 CVE-2015-8873 CVE-2015-8876 CVE-2015-8935 CVE-2016-5093 CVE-2016-5094 CVE-2016-5095 CVE-2016-5096 CVE-2016-5114 CVE-2016-5385 CVE-2016-5399 CVE-2016-5768 CVE-2016-5769 CVE-2016-5771 CVE-2016-5772 CVE-2016-5773 CVE-2016-6288 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6292 CVE-2016-6294 CVE-2016-6295 CVE-2016-6296 CVE-2016-6297 Ubuntu 16.04 LTS Li Qiang discovered that QEMU incorrectly handled 53C9X Fast SCSI controller emulation. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-4439, CVE-2016-4441, CVE-2016-5238, CVE-2016-5338, CVE-2016-6351) Li Qiang and Qinghao Tang discovered that QEMU incorrectly handled the VMWare VGA module. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly to obtain sensitive host memory. (CVE-2016-4453, CVE-2016-4454) Li Qiang discovered that QEMU incorrectly handled VMWARE PVSCSI paravirtual SCSI bus emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-4952) Li Qiang discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 Host Bus Adapter emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly to obtain sensitive host memory. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5105, CVE-2016-5106, CVE-2016-5107, CVE-2016-5337) It was discovered that QEMU incorrectly handled certain iSCSI asynchronous I/O ioctl calls. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5126) Zhenhao Hong discovered that QEMU incorrectly handled the Virtio module. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-5403) Update Instructions: Run `sudo pro fix USN-3047-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.5+dfsg-5ubuntu10.3 qemu-user-static - 1:2.5+dfsg-5ubuntu10.3 qemu-system-s390x - 1:2.5+dfsg-5ubuntu10.3 qemu-block-extra - 1:2.5+dfsg-5ubuntu10.3 qemu-kvm - 1:2.5+dfsg-5ubuntu10.3 qemu-user - 1:2.5+dfsg-5ubuntu10.3 qemu-guest-agent - 1:2.5+dfsg-5ubuntu10.3 qemu-system - 1:2.5+dfsg-5ubuntu10.3 qemu-utils - 1:2.5+dfsg-5ubuntu10.3 qemu-system-aarch64 - 1:2.5+dfsg-5ubuntu10.3 qemu-system-mips - 1:2.5+dfsg-5ubuntu10.3 qemu-user-binfmt - 1:2.5+dfsg-5ubuntu10.3 qemu-system-x86 - 1:2.5+dfsg-5ubuntu10.3 qemu-system-arm - 1:2.5+dfsg-5ubuntu10.3 qemu-system-sparc - 1:2.5+dfsg-5ubuntu10.3 qemu - 1:2.5+dfsg-5ubuntu10.3 qemu-system-ppc - 1:2.5+dfsg-5ubuntu10.3 qemu-system-misc - 1:2.5+dfsg-5ubuntu10.3 No subscription required Medium CVE-2016-4439 CVE-2016-4441 CVE-2016-4453 CVE-2016-4454 CVE-2016-4952 CVE-2016-5105 CVE-2016-5106 CVE-2016-5107 CVE-2016-5126 CVE-2016-5238 CVE-2016-5337 CVE-2016-5338 CVE-2016-5403 CVE-2016-6351 Ubuntu 16.04 LTS USN-3047-1 fixed vulnerabilities in QEMU. The patch to fix CVE-2016-5403 caused a regression which resulted in save/restore failures when virtio memory balloon statistics are enabled. This update temporarily reverts the security fix for CVE-2016-5403 pending further investigation. We apologize for the inconvenience. Original advisory details: Li Qiang discovered that QEMU incorrectly handled 53C9X Fast SCSI controller emulation. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-4439, CVE-2016-4441, CVE-2016-5238, CVE-2016-5338, CVE-2016-6351) Li Qiang and Qinghao Tang discovered that QEMU incorrectly handled the VMWare VGA module. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly to obtain sensitive host memory. (CVE-2016-4453, CVE-2016-4454) Li Qiang discovered that QEMU incorrectly handled VMWARE PVSCSI paravirtual SCSI bus emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-4952) Li Qiang discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 Host Bus Adapter emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly to obtain sensitive host memory. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5105, CVE-2016-5106, CVE-2016-5107, CVE-2016-5337) It was discovered that QEMU incorrectly handled certain iSCSI asynchronous I/O ioctl calls. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5126) Zhenhao Hong discovered that QEMU incorrectly handled the Virtio module. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-5403) Update Instructions: Run `sudo pro fix USN-3047-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.5+dfsg-5ubuntu10.4 qemu-user-static - 1:2.5+dfsg-5ubuntu10.4 qemu-system-s390x - 1:2.5+dfsg-5ubuntu10.4 qemu-block-extra - 1:2.5+dfsg-5ubuntu10.4 qemu-kvm - 1:2.5+dfsg-5ubuntu10.4 qemu-user - 1:2.5+dfsg-5ubuntu10.4 qemu-guest-agent - 1:2.5+dfsg-5ubuntu10.4 qemu-system - 1:2.5+dfsg-5ubuntu10.4 qemu-utils - 1:2.5+dfsg-5ubuntu10.4 qemu-system-aarch64 - 1:2.5+dfsg-5ubuntu10.4 qemu-system-mips - 1:2.5+dfsg-5ubuntu10.4 qemu-user-binfmt - 1:2.5+dfsg-5ubuntu10.4 qemu-system-x86 - 1:2.5+dfsg-5ubuntu10.4 qemu-system-arm - 1:2.5+dfsg-5ubuntu10.4 qemu-system-sparc - 1:2.5+dfsg-5ubuntu10.4 qemu - 1:2.5+dfsg-5ubuntu10.4 qemu-system-ppc - 1:2.5+dfsg-5ubuntu10.4 qemu-system-misc - 1:2.5+dfsg-5ubuntu10.4 No subscription required None https://launchpad.net/bugs/1612089 Ubuntu 16.04 LTS Bru Rom discovered that curl incorrectly handled client certificates when resuming a TLS session. (CVE-2016-5419) It was discovered that curl incorrectly handled client certificates when reusing TLS connections. (CVE-2016-5420) Marcelo Echeverria and Fernando Muñoz discovered that curl incorrectly reused a connection struct, contrary to expectations. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5421) Update Instructions: Run `sudo pro fix USN-3048-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.47.0-1ubuntu2.1 libcurl4-openssl-dev - 7.47.0-1ubuntu2.1 libcurl3-gnutls - 7.47.0-1ubuntu2.1 libcurl4-doc - 7.47.0-1ubuntu2.1 libcurl3-nss - 7.47.0-1ubuntu2.1 libcurl4-nss-dev - 7.47.0-1ubuntu2.1 libcurl3 - 7.47.0-1ubuntu2.1 curl - 7.47.0-1ubuntu2.1 No subscription required Medium CVE-2016-5419 CVE-2016-5420 CVE-2016-5421 Ubuntu 16.04 LTS Ben Hawkes discovered an integer overflow in the Linux netfilter implementation. On systems running 32 bit kernels, a local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3135) It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-4470) Sasha Levin discovered that a use-after-free existed in the percpu allocator in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-4794) Kangjie Lu discovered an information leak in the netlink implementation of the Linux kernel. A local attacker could use this to obtain sensitive information from kernel memory. (CVE-2016-5243) Update Instructions: Run `sudo pro fix USN-3055-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-34-generic-lpae - 4.4.0-34.53 linux-image-4.4.0-34-powerpc-e500mc - 4.4.0-34.53 linux-image-4.4.0-34-powerpc64-smp - 4.4.0-34.53 linux-image-4.4.0-34-generic - 4.4.0-34.53 linux-image-4.4.0-34-powerpc64-emb - 4.4.0-34.53 linux-image-extra-4.4.0-34-generic - 4.4.0-34.53 linux-image-4.4.0-34-powerpc-smp - 4.4.0-34.53 linux-image-4.4.0-34-lowlatency - 4.4.0-34.53 No subscription required Medium CVE-2016-3135 CVE-2016-4470 CVE-2016-4794 CVE-2016-5243 Ubuntu 16.04 LTS Ben Hawkes discovered an integer overflow in the Linux netfilter implementation. On systems running 32 bit kernels, a local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3135) It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-4470) Sasha Levin discovered that a use-after-free existed in the percpu allocator in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-4794) Kangjie Lu discovered an information leak in the netlink implementation of the Linux kernel. A local attacker could use this to obtain sensitive information from kernel memory. (CVE-2016-5243) Update Instructions: Run `sudo pro fix USN-3056-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1019-raspi2 - 4.4.0-1019.25 No subscription required Medium CVE-2016-3135 CVE-2016-4470 CVE-2016-4794 CVE-2016-5243 Ubuntu 16.04 LTS Ben Hawkes discovered an integer overflow in the Linux netfilter implementation. On systems running 32 bit kernels, a local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3135) It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-4470) Sasha Levin discovered that a use-after-free existed in the percpu allocator in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-4794) Kangjie Lu discovered an information leak in the netlink implementation of the Linux kernel. A local attacker could use this to obtain sensitive information from kernel memory. (CVE-2016-5243) Update Instructions: Run `sudo pro fix USN-3057-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1022-snapdragon - 4.4.0-1022.25 No subscription required Medium CVE-2016-3135 CVE-2016-4470 CVE-2016-4794 CVE-2016-5243 Ubuntu 16.04 LTS An issue was discovered in Blink involving the provisional URL for an initially empty document. An attacker could potentially exploit this to spoof the currently displayed URL. (CVE-2016-5141) A use-after-free was discovered in the WebCrypto implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5142) It was discovered that the devtools subsystem in Blink mishandles various parameters. An attacker could exploit this to bypass intended access restrictions. (CVE-2016-5143, CVE-2016-5144) It was discovered that Blink does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-5145) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5146, CVE-2016-5167) It was discovered that Blink mishandles deferred page loads. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2016-5147) An issue was discovered in Blink related to widget updates. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2016-5148) A use-after-free was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5150) A use-after-free was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5153) It was discovered that Chromium does not correctly validate access to the initial document. An attacker could potentially exploit this to spoof the currently displayed URL. (CVE-2016-5155) A use-after-free was discovered in the event bindings in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5156) A type confusion bug was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5161) An issue was discovered with the devtools implementation. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2016-5164) An issue was discovered with the devtools implementation. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2016-5165) Update Instructions: Run `sudo pro fix USN-3058-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.17.7-0ubuntu0.16.04.1 liboxideqt-qmlplugin - 1.17.7-0ubuntu0.16.04.1 liboxideqtquick-dev - 1.17.7-0ubuntu0.16.04.1 oxideqt-codecs-extra - 1.17.7-0ubuntu0.16.04.1 liboxideqtcore-dev - 1.17.7-0ubuntu0.16.04.1 oxideqt-codecs - 1.17.7-0ubuntu0.16.04.1 liboxideqtquick0 - 1.17.7-0ubuntu0.16.04.1 No subscription required Medium CVE-2016-5141 CVE-2016-5142 CVE-2016-5143 CVE-2016-5144 CVE-2016-5145 CVE-2016-5146 CVE-2016-5147 CVE-2016-5148 CVE-2016-5150 CVE-2016-5153 CVE-2016-5155 CVE-2016-5156 CVE-2016-5161 CVE-2016-5164 CVE-2016-5165 CVE-2016-5167 Ubuntu 16.04 LTS It was discovered that xmlrpc-epi incorrectly handled lengths in the simplestring_addn function. A remote attacker could use this issue to cause applications using xmlrpc-epi such as PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3059-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxmlrpc-epi0 - 0.54.2-1.1ubuntu0.1 libxmlrpc-epi-dev - 0.54.2-1.1ubuntu0.1 No subscription required Medium CVE-2016-6296 Ubuntu 16.04 LTS It was discovered that the GD library incorrectly handled certain malformed TGA images. If a user or automated system were tricked into processing a specially crafted TGA image, an attacker could cause a denial of service. (CVE-2016-6132, CVE-2016-6214) It was discovered that the GD library incorrectly handled memory when using gdImageScale(). A remote attacker could possibly use this issue to cause a denial of service or possibly execute arbitrary code. (CVE-2016-6207) Update Instructions: Run `sudo pro fix USN-3060-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgd3 - 2.1.1-4ubuntu0.16.04.3 libgd-tools - 2.1.1-4ubuntu0.16.04.3 libgd-dev - 2.1.1-4ubuntu0.16.04.3 No subscription required Medium CVE-2016-6132 CVE-2016-6207 CVE-2016-6214 Ubuntu 16.04 LTS Eddie Harari discovered that OpenSSH incorrectly handled password hashing when authenticating non-existing users. A remote attacker could perform a timing attack and enumerate valid users. (CVE-2016-6210) Tomas Kuthan, Andres Rojas, and Javier Nieto discovered that OpenSSH did not limit password lengths. A remote attacker could use this issue to cause OpenSSH to consume resources, leading to a denial of service. (CVE-2016-6515) Update Instructions: Run `sudo pro fix USN-3061-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssh-server-udeb - 1:7.2p2-4ubuntu2.1 ssh-krb5 - 1:7.2p2-4ubuntu2.1 openssh-client - 1:7.2p2-4ubuntu2.1 openssh-server - 1:7.2p2-4ubuntu2.1 openssh-client-ssh1 - 1:7.2p2-4ubuntu2.1 ssh - 1:7.2p2-4ubuntu2.1 ssh-askpass-gnome - 1:7.2p2-4ubuntu2.1 openssh-client-udeb - 1:7.2p2-4ubuntu2.1 openssh-sftp-server - 1:7.2p2-4ubuntu2.1 No subscription required Medium CVE-2016-6210 CVE-2016-6515 Ubuntu 16.04 LTS Tobias Stoeckmann discovered that Fontconfig incorrectly handled cache files. A local attacker could possibly use this issue with a specially crafted cache file to elevate privileges. Update Instructions: Run `sudo pro fix USN-3063-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: fontconfig-config - 2.11.94-0ubuntu1.1 libfontconfig1 - 2.11.94-0ubuntu1.1 fontconfig-udeb - 2.11.94-0ubuntu1.1 libfontconfig1-dev - 2.11.94-0ubuntu1.1 fontconfig - 2.11.94-0ubuntu1.1 No subscription required Medium CVE-2016-5384 Ubuntu 16.04 LTS Felix Dörre and Vladimir Klebanov discovered that GnuPG incorrectly handled mixing functions in the random number generator. An attacker able to obtain 4640 bits from the RNG can trivially predict the next 160 bits of output. Update Instructions: Run `sudo pro fix USN-3064-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gnupg-curl - 1.4.20-1ubuntu3.1 gpgv-udeb - 1.4.20-1ubuntu3.1 gpgv - 1.4.20-1ubuntu3.1 gnupg - 1.4.20-1ubuntu3.1 No subscription required High CVE-2016-6313 Ubuntu 16.04 LTS Felix Dörre and Vladimir Klebanov discovered that Libgcrypt incorrectly handled mixing functions in the random number generator. An attacker able to obtain 4640 bits from the RNG can trivially predict the next 160 bits of output. Update Instructions: Run `sudo pro fix USN-3065-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgcrypt11-dev - 1.5.4-3+really1.6.5-2ubuntu0.2 No subscription required libgcrypt20 - 1.6.5-2ubuntu0.2 libgcrypt20-doc - 1.6.5-2ubuntu0.2 libgcrypt20-udeb - 1.6.5-2ubuntu0.2 libgcrypt20-dev - 1.6.5-2ubuntu0.2 No subscription required High CVE-2016-6313 Ubuntu 16.04 LTS Heikki Linnakangas discovered that PostgreSQL incorrectly handled certain nested CASE/WHEN expressions. A remote attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service. (CVE-2016-5423) Nathan Bossart discovered that PostgreSQL incorrectly handled special characters in database and role names. A remote attacker could possibly use this issue to escalate privileges. (CVE-2016-5424) Update Instructions: Run `sudo pro fix USN-3066-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-doc-9.5 - 9.5.4-0ubuntu0.16.04 postgresql-plperl-9.5 - 9.5.4-0ubuntu0.16.04 postgresql-server-dev-9.5 - 9.5.4-0ubuntu0.16.04 postgresql-9.5 - 9.5.4-0ubuntu0.16.04 postgresql-plpython-9.5 - 9.5.4-0ubuntu0.16.04 libecpg6 - 9.5.4-0ubuntu0.16.04 postgresql-client-9.5 - 9.5.4-0ubuntu0.16.04 libpq-dev - 9.5.4-0ubuntu0.16.04 postgresql-contrib-9.5 - 9.5.4-0ubuntu0.16.04 libpgtypes3 - 9.5.4-0ubuntu0.16.04 libecpg-dev - 9.5.4-0ubuntu0.16.04 postgresql-pltcl-9.5 - 9.5.4-0ubuntu0.16.04 libpq5 - 9.5.4-0ubuntu0.16.04 postgresql-plpython3-9.5 - 9.5.4-0ubuntu0.16.04 libecpg-compat3 - 9.5.4-0ubuntu0.16.04 No subscription required Medium CVE-2016-5423 CVE-2016-5424 Ubuntu 16.04 LTS Kostya Serebryany discovered that HarfBuzz incorrectly handled memory. A remote attacker could use this issue to cause HarfBuzz to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-8947) It was discovered that HarfBuzz incorrectly handled certain length checks. A remote attacker could use this issue to cause HarfBuzz to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 16.04 LTS. (CVE-2016-2052) Update Instructions: Run `sudo pro fix USN-3067-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-harfbuzz-0.0 - 1.0.1-1ubuntu0.1 libharfbuzz-gobject0 - 1.0.1-1ubuntu0.1 libharfbuzz-dev - 1.0.1-1ubuntu0.1 libharfbuzz-icu0 - 1.0.1-1ubuntu0.1 libharfbuzz0b - 1.0.1-1ubuntu0.1 libharfbuzz-bin - 1.0.1-1ubuntu0.1 libharfbuzz0-udeb - 1.0.1-1ubuntu0.1 libharfbuzz-doc - 1.0.1-1ubuntu0.1 No subscription required Medium CVE-2015-8947 CVE-2016-2052 Ubuntu 16.04 LTS Thijs Alkemade, Gustavo Grieco, Daniel Stenberg, and Nikos Mavrogiannopoulos discovered that Libidn incorrectly handled invalid UTF-8 characters. A remote attacker could use this issue to cause Libidn to crash, resulting in a denial of service, or possibly disclose sensitive memory. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-2059) Hanno Böck discovered that Libidn incorrectly handled certain input. A remote attacker could possibly use this issue to cause Libidn to crash, resulting in a denial of service. (CVE-2015-8948, CVE-2016-6262, CVE-2016-6261, CVE-2016-6263) Update Instructions: Run `sudo pro fix USN-3068-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: idn - 1.32-3ubuntu1.1 libidn11-dev - 1.32-3ubuntu1.1 libidn11-java - 1.32-3ubuntu1.1 libidn11 - 1.32-3ubuntu1.1 No subscription required Medium CVE-2015-2059 CVE-2015-8948 CVE-2016-6261 CVE-2016-6262 CVE-2016-6263 Ubuntu 16.04 LTS It was discovered that Eye of GNOME incorrectly handled certain invalid UTF-8 strings. If a user were tricked into opening a specially-crafted image, a remote attacker could use this issue to cause Eye of GNOME to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3069-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: eog-dev - 3.18.2-1ubuntu2.1 eog - 3.18.2-1ubuntu2.1 No subscription required Medium CVE-2016-6855 Ubuntu 16.04 LTS A missing permission check when settings ACLs was discovered in nfsd. A local user could exploit this flaw to gain access to any file by setting an ACL. (CVE-2016-1237) Kangjie Lu discovered an information leak in the Reliable Datagram Sockets (RDS) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-5244) James Patrick-Evans discovered that the airspy USB device driver in the Linux kernel did not properly handle certain error conditions. An attacker with physical access could use this to cause a denial of service (memory consumption). (CVE-2016-5400) Yue Cao et al discovered a flaw in the TCP implementation's handling of challenge acks in the Linux kernel. A remote attacker could use this to cause a denial of service (reset connection) or inject content into an TCP stream. (CVE-2016-5696) Pengfei Wang discovered a race condition in the MIC VOP driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2016-5728) Cyril Bur discovered that on PowerPC platforms, the Linux kernel mishandled transactional memory state on exec(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-5828) It was discovered that a heap based buffer overflow existed in the USB HID driver in the Linux kernel. A local attacker could use this cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-5829) It was discovered that the OverlayFS implementation in the Linux kernel did not properly verify dentry state before proceeding with unlink and rename operations. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6197) Update Instructions: Run `sudo pro fix USN-3070-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-36-generic-lpae - 4.4.0-36.55 linux-image-4.4.0-36-powerpc64-smp - 4.4.0-36.55 linux-image-4.4.0-36-powerpc-e500mc - 4.4.0-36.55 linux-image-4.4.0-36-powerpc64-emb - 4.4.0-36.55 linux-image-4.4.0-36-lowlatency - 4.4.0-36.55 linux-image-extra-4.4.0-36-generic - 4.4.0-36.55 linux-image-4.4.0-36-generic - 4.4.0-36.55 linux-image-4.4.0-36-powerpc-smp - 4.4.0-36.55 No subscription required Medium CVE-2016-1237 CVE-2016-5244 CVE-2016-5400 CVE-2016-5696 CVE-2016-5728 CVE-2016-5828 CVE-2016-5829 CVE-2016-6197 Ubuntu 16.04 LTS A missing permission check when settings ACLs was discovered in nfsd. A local user could exploit this flaw to gain access to any file by setting an ACL. (CVE-2016-1237) Kangjie Lu discovered an information leak in the Reliable Datagram Sockets (RDS) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-5244) James Patrick-Evans discovered that the airspy USB device driver in the Linux kernel did not properly handle certain error conditions. An attacker with physical access could use this to cause a denial of service (memory consumption). (CVE-2016-5400) Yue Cao et al discovered a flaw in the TCP implementation's handling of challenge acks in the Linux kernel. A remote attacker could use this to cause a denial of service (reset connection) or inject content into an TCP stream. (CVE-2016-5696) Pengfei Wang discovered a race condition in the MIC VOP driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2016-5728) Cyril Bur discovered that on PowerPC platforms, the Linux kernel mishandled transactional memory state on exec(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-5828) It was discovered that a heap based buffer overflow existed in the USB HID driver in the Linux kernel. A local attacker could use this cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-5829) It was discovered that the OverlayFS implementation in the Linux kernel did not properly verify dentry state before proceeding with unlink and rename operations. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6197) Update Instructions: Run `sudo pro fix USN-3070-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1021-raspi2 - 4.4.0-1021.27 No subscription required Medium CVE-2016-1237 CVE-2016-5244 CVE-2016-5400 CVE-2016-5696 CVE-2016-5728 CVE-2016-5828 CVE-2016-5829 CVE-2016-6197 Ubuntu 16.04 LTS A missing permission check when settings ACLs was discovered in nfsd. A local user could exploit this flaw to gain access to any file by setting an ACL. (CVE-2016-1237) Kangjie Lu discovered an information leak in the Reliable Datagram Sockets (RDS) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-5244) James Patrick-Evans discovered that the airspy USB device driver in the Linux kernel did not properly handle certain error conditions. An attacker with physical access could use this to cause a denial of service (memory consumption). (CVE-2016-5400) Yue Cao et al discovered a flaw in the TCP implementation's handling of challenge acks in the Linux kernel. A remote attacker could use this to cause a denial of service (reset connection) or inject content into an TCP stream. (CVE-2016-5696) Pengfei Wang discovered a race condition in the MIC VOP driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2016-5728) Cyril Bur discovered that on PowerPC platforms, the Linux kernel mishandled transactional memory state on exec(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-5828) It was discovered that a heap based buffer overflow existed in the USB HID driver in the Linux kernel. A local attacker could use this cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-5829) It was discovered that the OverlayFS implementation in the Linux kernel did not properly verify dentry state before proceeding with unlink and rename operations. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6197) Update Instructions: Run `sudo pro fix USN-3070-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1024-snapdragon - 4.4.0-1024.27 No subscription required Medium CVE-2016-1237 CVE-2016-5244 CVE-2016-5400 CVE-2016-5696 CVE-2016-5728 CVE-2016-5828 CVE-2016-5829 CVE-2016-6197 Ubuntu 16.04 LTS Christian Holler, Carsten Book, Gary Kwong, Jesse Ruderman, Andrew McCreight, and Phil Ringnalda discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-2836) Update Instructions: Run `sudo pro fix USN-3073-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-bn - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-fr - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-en-us - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-es-es - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-nb-no - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-br - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-dsb - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-fy - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-vi - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-mk - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-bn-bd - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-hu - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-es-ar - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-be - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-bg - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ja - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-lt - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-sl - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-en-gb - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-cy - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-si - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-gnome-support - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-hr - 1:45.3.0+build1-0ubuntu0.16.04.2 xul-ext-calendar-timezones - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-de - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-en - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-da - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-nl - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-nn - 1:45.3.0+build1-0ubuntu0.16.04.2 xul-ext-lightning - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ga-ie - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-fy-nl - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-sv - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-pa-in - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-sr - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-sq - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-he - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-hsb - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ar - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-uk - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-globalmenu - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-zh-cn - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ta-lk - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ru - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-cs - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-mozsymbols - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-fi - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-testsuite - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ro - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-af - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-pt-pt - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-sk - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-dev - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-hy - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ca - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-sv-se - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-pt-br - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-el - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-pa - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-rm - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ka - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-nn-no - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ko - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ga - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ast - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-tr - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-it - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-pl - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-gd - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-zh-tw - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-id - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-gl - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-nb - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-pt - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-eu - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-et - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-zh-hant - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-zh-hans - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-is - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-es - 1:45.3.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ta - 1:45.3.0+build1-0ubuntu0.16.04.2 No subscription required Medium CVE-2016-2836 Ubuntu 16.04 LTS It was discovered that File Roller incorrectly handled symlinks. If a user were tricked into extracting a specially-crafted archive, an attacker could delete files outside of the extraction directory. Update Instructions: Run `sudo pro fix USN-3074-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: file-roller - 3.16.5-0ubuntu1.2 No subscription required Medium CVE-2016-7162 https://launchpad.net/bugs/1171236 Ubuntu 16.04 LTS Jakub Wilk discovered an out of bounds read in the GIF loader implementation in Imlib2. An attacker could use this to cause a denial of service (application crash) or possibly obtain sensitive information. (CVE-2016-3994) Yuriy M. Kaminskiy discovered an off-by-one error when handling coordinates in Imlib2. An attacker could use this to cause a denial of service (application crash). (CVE-2016-3993) Yuriy M. Kaminskiy discovered that integer overflows existed in Imlib2 when handling images with large dimensions. An attacker could use this to cause a denial of service (memory exhaustion or application crash). (CVE-2014-9771, CVE-2016-4024) Kevin Ryde discovered that the ellipse drawing code in Imlib2 would attempt to divide by zero when drawing a 2x1 ellipse. An attacker could use this to cause a denial of service (application crash). (CVE-2011-5326) It was discovered that Imlib2 did not properly handled GIF images without colormaps. An attacker could use this to cause a denial of service (application crash). This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-9762) It was discovered that Imlib2 did not properly handle some PNM images, leading to a division by zero. An attacker could use this to cause a denial of service (application crash). This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-9763) It was discovered that Imlib2 did not properly handle error conditions when loading some GIF images. An attacker could use this to cause a denial of service (application crash). This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-9764) Update Instructions: Run `sudo pro fix USN-3075-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libimlib2-dev - 1.4.7-1ubuntu0.1 libimlib2 - 1.4.7-1ubuntu0.1 No subscription required Medium CVE-2011-5326 CVE-2014-9762 CVE-2014-9763 CVE-2014-9764 CVE-2014-9771 CVE-2016-3993 CVE-2016-3994 CVE-2016-4024 Ubuntu 16.04 LTS Atte Kettunen discovered an out-of-bounds read when handling certain Content Security Policy (CSP) directives in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2016-2827) Christoph Diehl, Christian Holler, Gary Kwong, Nathan Froyd, Honza Bambas, Seth Fowler, Michael Smith, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, and Carsten Book discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5256, CVE-2016-5257) Atte Kettunen discovered a heap buffer overflow during text conversion with some unicode characters. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5270) Abhishek Arya discovered an out of bounds read during the processing of text runs in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2016-5271) Abhishek Arya discovered a bad cast when processing layout with input elements in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5272) A crash was discovered in accessibility. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code. (CVE-2016-5273) A use-after-free was discovered in web animations during restyling. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5274) A buffer overflow was discovered when working with empty filters during canvas rendering. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5275) A use-after-free was discovered in accessibility. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5276) A use-after-free was discovered in web animations when destroying a timeline. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5277) A buffer overflow was discovered when encoding image frames to images in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5278) Rafael Gieschke discovered that the full path of files is available to web pages after a drag and drop operation. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5279) Mei Wang discovered a use-after-free when changing text direction. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5280) Brian Carpenter discovered a use-after-free when manipulating SVG content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5281) Richard Newman discovered that favicons can be loaded through protocols not in the allowlist, such as jar:. (CVE-2016-5282) Gavin Sharp discovered a timing attack vulnerability involving document resizes and link colours. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5283) An issue was discovered with the preloaded Public Key Pinning (HPKP). If a machine-in-the-middle (MITM) attacker was able to obtain a fraudulent certificate for a Mozilla site, they could exploit this by providing malicious addon updates. (CVE-2016-5284) Update Instructions: Run `sudo pro fix USN-3076-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-nn - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-nb - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-fa - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-fi - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-fr - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-fy - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-or - 49.0+build4-0ubuntu0.16.04.1 firefox-testsuite - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-oc - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-cs - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-ga - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-gd - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-gn - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-gl - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-gu - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-pa - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-pl - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-cy - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-pt - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-hi - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-ms - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-he - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-hy - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-hr - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-hu - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-it - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-as - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-ar - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-az - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-id - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-mai - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-af - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-is - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-vi - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-an - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-bs - 49.0+build4-0ubuntu0.16.04.1 firefox - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-ro - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-ja - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-ru - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-br - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-zh-hant - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-zh-hans - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-bn - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-be - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-bg - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-sl - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-sk - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-si - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-sw - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-sv - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-sr - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-sq - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-ko - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-kn - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-km - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-kk - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-ka - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-xh - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-ca - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-ku - 49.0+build4-0ubuntu0.16.04.1 firefox-mozsymbols - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-lv - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-lt - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-th - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-hsb - 49.0+build4-0ubuntu0.16.04.1 firefox-dev - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-te - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-cak - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-ta - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-lg - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-tr - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-nso - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-de - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-da - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-uk - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-mr - 49.0+build4-0ubuntu0.16.04.1 firefox-globalmenu - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-uz - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-ml - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-mn - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-mk - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-eu - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-et - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-es - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-csb - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-el - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-eo - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-en - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-zu - 49.0+build4-0ubuntu0.16.04.1 firefox-locale-ast - 49.0+build4-0ubuntu0.16.04.1 No subscription required Medium CVE-2016-2827 CVE-2016-5256 CVE-2016-5257 CVE-2016-5270 CVE-2016-5271 CVE-2016-5272 CVE-2016-5273 CVE-2016-5274 CVE-2016-5275 CVE-2016-5276 CVE-2016-5277 CVE-2016-5278 CVE-2016-5279 CVE-2016-5280 CVE-2016-5281 CVE-2016-5282 CVE-2016-5283 CVE-2016-5284 Ubuntu 16.04 LTS Dawid Golunski discovered that MySQL incorrectly handled configuration files. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. MySQL has been updated to 5.5.52 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04 LTS has been updated to MySQL 5.7.15. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-51.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-14.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html Update Instructions: Run `sudo pro fix USN-3078-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.15-0ubuntu0.16.04.1 mysql-source-5.7 - 5.7.15-0ubuntu0.16.04.1 libmysqlclient-dev - 5.7.15-0ubuntu0.16.04.1 mysql-client-core-5.7 - 5.7.15-0ubuntu0.16.04.1 mysql-client-5.7 - 5.7.15-0ubuntu0.16.04.1 libmysqlclient20 - 5.7.15-0ubuntu0.16.04.1 mysql-server-5.7 - 5.7.15-0ubuntu0.16.04.1 mysql-common - 5.7.15-0ubuntu0.16.04.1 mysql-server - 5.7.15-0ubuntu0.16.04.1 mysql-server-core-5.7 - 5.7.15-0ubuntu0.16.04.1 mysql-testsuite - 5.7.15-0ubuntu0.16.04.1 libmysqld-dev - 5.7.15-0ubuntu0.16.04.1 mysql-testsuite-5.7 - 5.7.15-0ubuntu0.16.04.1 No subscription required Medium CVE-2016-6662 Ubuntu 16.04 LTS A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-3079-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.12.5-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.12.5-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-dev - 2.12.5-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 - 2.12.5-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-18 - 2.12.5-0ubuntu0.16.04.1 libwebkit2gtk-4.0-doc - 2.12.5-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-bin - 2.12.5-0ubuntu0.16.04.1 gir1.2-webkit2-4.0 - 2.12.5-0ubuntu0.16.04.1 libwebkit2gtk-4.0-dev - 2.12.5-0ubuntu0.16.04.1 No subscription required Medium CVE-2016-1854 CVE-2016-1856 CVE-2016-1857 CVE-2016-1858 CVE-2016-1859 CVE-2016-4583 CVE-2016-4585 CVE-2016-4586 CVE-2016-4588 CVE-2016-4589 CVE-2016-4590 CVE-2016-4591 CVE-2016-4622 CVE-2016-4623 CVE-2016-4624 CVE-2016-4651 Ubuntu 16.04 LTS Dawid Golunski discovered that the Tomcat init script incorrectly handled creating log files. A remote attacker could possibly use this issue to obtain root privileges. (CVE-2016-1240) This update also reverts a change in behaviour introduced in USN-3024-1 by setting mapperContextRootRedirectEnabled to True by default. Update Instructions: Run `sudo pro fix USN-3081-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tomcat8-docs - 8.0.32-1ubuntu1.2 tomcat8-user - 8.0.32-1ubuntu1.2 libservlet3.1-java - 8.0.32-1ubuntu1.2 libservlet3.1-java-doc - 8.0.32-1ubuntu1.2 tomcat8-examples - 8.0.32-1ubuntu1.2 tomcat8-admin - 8.0.32-1ubuntu1.2 libtomcat8-java - 8.0.32-1ubuntu1.2 tomcat8-common - 8.0.32-1ubuntu1.2 tomcat8 - 8.0.32-1ubuntu1.2 No subscription required Medium CVE-2016-1240 https://launchpad.net/bugs/1609819 Ubuntu 16.04 LTS Dawid Golunski discovered that the Tomcat init script incorrectly handled creating log files. A remote attacker could possibly use this issue to obtain root privileges. Update Instructions: Run `sudo pro fix USN-3081-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libservlet2.5-java - 6.0.45+dfsg-1ubuntu0.2 libservlet2.5-java-doc - 6.0.45+dfsg-1ubuntu0.2 No subscription required Medium CVE-2016-1240 Ubuntu 16.04 LTS Pengfei Wang discovered a race condition in the audit subsystem in the Linux kernel. A local attacker could use this to corrupt audit logs or disrupt system-call auditing. (CVE-2016-6136) It was discovered that the powerpc and powerpc64 hypervisor-mode KVM implementation in the Linux kernel for did not properly maintain state about transactional memory. An unprivileged attacker in a guest could cause a denial of service (CPU lockup) in the host OS. (CVE-2016-5412) Pengfei Wang discovered a race condition in the Chrome OS embedded controller device driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6156) Update Instructions: Run `sudo pro fix USN-3084-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-38-powerpc64-emb - 4.4.0-38.57 linux-image-4.4.0-38-powerpc64-smp - 4.4.0-38.57 linux-image-4.4.0-38-generic - 4.4.0-38.57 linux-image-4.4.0-38-powerpc-e500mc - 4.4.0-38.57 linux-image-extra-4.4.0-38-generic - 4.4.0-38.57 linux-image-4.4.0-38-powerpc-smp - 4.4.0-38.57 linux-image-4.4.0-38-lowlatency - 4.4.0-38.57 linux-image-4.4.0-38-generic-lpae - 4.4.0-38.57 No subscription required Medium CVE-2016-5412 CVE-2016-6136 CVE-2016-6156 Ubuntu 16.04 LTS Pengfei Wang discovered a race condition in the audit subsystem in the Linux kernel. A local attacker could use this to corrupt audit logs or disrupt system-call auditing. (CVE-2016-6136) It was discovered that the powerpc and powerpc64 hypervisor-mode KVM implementation in the Linux kernel for did not properly maintain state about transactional memory. An unprivileged attacker in a guest could cause a denial of service (CPU lockup) in the host OS. (CVE-2016-5412) Pengfei Wang discovered a race condition in the Chrome OS embedded controller device driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6156) Update Instructions: Run `sudo pro fix USN-3084-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1023-raspi2 - 4.4.0-1023.29 No subscription required Medium CVE-2016-5412 CVE-2016-6136 CVE-2016-6156 Ubuntu 16.04 LTS Pengfei Wang discovered a race condition in the audit subsystem in the Linux kernel. A local attacker could use this to corrupt audit logs or disrupt system-call auditing. (CVE-2016-6136) It was discovered that the powerpc and powerpc64 hypervisor-mode KVM implementation in the Linux kernel for did not properly maintain state about transactional memory. An unprivileged attacker in a guest could cause a denial of service (CPU lockup) in the host OS. (CVE-2016-5412) Pengfei Wang discovered a race condition in the Chrome OS embedded controller device driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6156) Update Instructions: Run `sudo pro fix USN-3084-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1026-snapdragon - 4.4.0-1026.29 No subscription required Medium CVE-2016-5412 CVE-2016-6136 CVE-2016-6156 Ubuntu 16.04 LTS It was discovered that the GDK-PixBuf library did not properly handle specially crafted bmp images, leading to a heap-based buffer overflow. If a user or automated system were tricked into opening a specially crafted bmp file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-7552) It was discovered that the GDK-PixBuf library contained an integer overflow when handling certain images. If a user or automated system were tricked into opening a crafted image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8875) Franco Costantini discovered that the GDK-PixBuf library contained an out-of-bounds write error when parsing an ico file. If a user or automated system were tricked into opening a crafted ico file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6352) Update Instructions: Run `sudo pro fix USN-3085-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgdk-pixbuf2.0-0 - 2.32.2-1ubuntu1.2 libgdk-pixbuf2.0-common - 2.32.2-1ubuntu1.2 libgdk-pixbuf2.0-dev - 2.32.2-1ubuntu1.2 libgdk-pixbuf2.0-0-udeb - 2.32.2-1ubuntu1.2 libgdk-pixbuf2.0-doc - 2.32.2-1ubuntu1.2 gir1.2-gdkpixbuf-2.0 - 2.32.2-1ubuntu1.2 No subscription required Medium CVE-2015-7552 CVE-2015-8875 CVE-2016-6352 Ubuntu 16.04 LTS Gabriel Campana and Adrien Guinet discovered that the format parsing code in Irssi did not properly verify 24bit color codes. A remote attacker could use this to cause a denial of service (application crash). (CVE-2016-7044) Gabriel Campana and Adrien Guinet discovered that a buffer overflow existed in the format parsing code in Irssi. A remote attacker could use this to cause a denial of service (application crash). (CVE-2016-7045) Update Instructions: Run `sudo pro fix USN-3086-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: irssi-dev - 0.8.19-1ubuntu1.2 irssi - 0.8.19-1ubuntu1.2 No subscription required Medium CVE-2016-7044 CVE-2016-7045 Ubuntu 16.04 LTS Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request extension. A remote attacker could possibly use this issue to cause memory consumption, resulting in a denial of service. (CVE-2016-6304) Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2177) César Pereida, Billy Brumley, and Yuval Yarom discovered that OpenSSL did not properly use constant-time operations when performing DSA signing. A remote attacker could possibly use this issue to perform a cache-timing attack and recover private DSA keys. (CVE-2016-2178) Quan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. A remote attacker could possibly use this issue to consume memory, resulting in a denial of service. (CVE-2016-2179) Shi Lei discovered that OpenSSL incorrectly handled memory in the TS_OBJ_print_bio() function. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-2180) It was discovered that the OpenSSL incorrectly handled the DTLS anti-replay feature. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-2181) Shi Lei discovered that OpenSSL incorrectly validated division results. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-2182) Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves DES from the HIGH cipher list to MEDIUM. (CVE-2016-2183) Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. A remote attacker could use this issue to cause a denial of service. (CVE-2016-6302) Shi Lei discovered that OpenSSL incorrectly handled memory in the MDC2_Update() function. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-6303) Shi Lei discovered that OpenSSL incorrectly performed certain message length checks. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-6306) Update Instructions: Run `sudo pro fix USN-3087-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.2g-1ubuntu4.4 libssl-dev - 1.0.2g-1ubuntu4.4 openssl - 1.0.2g-1ubuntu4.4 libssl-doc - 1.0.2g-1ubuntu4.4 libcrypto1.0.0-udeb - 1.0.2g-1ubuntu4.4 libssl1.0.0-udeb - 1.0.2g-1ubuntu4.4 No subscription required High CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 Ubuntu 16.04 LTS USN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request extension. A remote attacker could possibly use this issue to cause memory consumption, resulting in a denial of service. (CVE-2016-6304) Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2177) César Pereida, Billy Brumley, and Yuval Yarom discovered that OpenSSL did not properly use constant-time operations when performing DSA signing. A remote attacker could possibly use this issue to perform a cache-timing attack and recover private DSA keys. (CVE-2016-2178) Quan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. A remote attacker could possibly use this issue to consume memory, resulting in a denial of service. (CVE-2016-2179) Shi Lei discovered that OpenSSL incorrectly handled memory in the TS_OBJ_print_bio() function. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-2180) It was discovered that the OpenSSL incorrectly handled the DTLS anti-replay feature. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-2181) Shi Lei discovered that OpenSSL incorrectly validated division results. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-2182) Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves DES from the HIGH cipher list to MEDIUM. (CVE-2016-2183) Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. A remote attacker could use this issue to cause a denial of service. (CVE-2016-6302) Shi Lei discovered that OpenSSL incorrectly handled memory in the MDC2_Update() function. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-6303) Shi Lei discovered that OpenSSL incorrectly performed certain message length checks. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-6306) Update Instructions: Run `sudo pro fix USN-3087-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.2g-1ubuntu4.5 libssl-dev - 1.0.2g-1ubuntu4.5 openssl - 1.0.2g-1ubuntu4.5 libssl-doc - 1.0.2g-1ubuntu4.5 libcrypto1.0.0-udeb - 1.0.2g-1ubuntu4.5 libssl1.0.0-udeb - 1.0.2g-1ubuntu4.5 No subscription required None https://launchpad.net/bugs/1626883 Ubuntu 16.04 LTS It was discovered that Bind incorrectly handled building responses to certain specially crafted requests. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3088-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libisccfg-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.1 libisc160 - 1:9.10.3.dfsg.P4-8ubuntu1.1 libisccc-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.1 libdns162 - 1:9.10.3.dfsg.P4-8ubuntu1.1 libbind-dev - 1:9.10.3.dfsg.P4-8ubuntu1.1 libisc-export160-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.1 liblwres141 - 1:9.10.3.dfsg.P4-8ubuntu1.1 libisccc-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.1 libisccfg-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.1 bind9 - 1:9.10.3.dfsg.P4-8ubuntu1.1 libisc-export160 - 1:9.10.3.dfsg.P4-8ubuntu1.1 libdns-export162-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.1 bind9-doc - 1:9.10.3.dfsg.P4-8ubuntu1.1 libbind-export-dev - 1:9.10.3.dfsg.P4-8ubuntu1.1 libisccc140 - 1:9.10.3.dfsg.P4-8ubuntu1.1 host - 1:9.10.3.dfsg.P4-8ubuntu1.1 libisccfg140 - 1:9.10.3.dfsg.P4-8ubuntu1.1 bind9-host - 1:9.10.3.dfsg.P4-8ubuntu1.1 dnsutils - 1:9.10.3.dfsg.P4-8ubuntu1.1 libdns-export162 - 1:9.10.3.dfsg.P4-8ubuntu1.1 bind9utils - 1:9.10.3.dfsg.P4-8ubuntu1.1 libirs-export141-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.1 libbind9-140 - 1:9.10.3.dfsg.P4-8ubuntu1.1 libirs141 - 1:9.10.3.dfsg.P4-8ubuntu1.1 libirs-export141 - 1:9.10.3.dfsg.P4-8ubuntu1.1 lwresd - 1:9.10.3.dfsg.P4-8ubuntu1.1 No subscription required Medium CVE-2016-2776 Ubuntu 16.04 LTS Sergey Bobrov discovered that Django incorrectly parsed cookies when being used with Google Analytics. A remote attacker could possibly use this issue to set arbitrary cookies leading to a CSRF protection bypass. Update Instructions: Run `sudo pro fix USN-3089-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1.8.7-1ubuntu5.2 python-django-doc - 1.8.7-1ubuntu5.2 python-django-common - 1.8.7-1ubuntu5.2 python-django - 1.8.7-1ubuntu5.2 No subscription required Medium CVE-2016-7401 Ubuntu 16.04 LTS A use-after-free was discovered in the V8 bindings in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5170) A use-after-free was discovered in the V8 bindings in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5171) An issue was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to ontain sensitive information from arbitrary memory locations. (CVE-2016-5172) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5175, CVE-2016-5178) A use-after-free was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5177) It was discovered that Chromium does not ensure the recipient of a certain IPC message is a valid RenderFrame or RenderWidget. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitary code. (CVE-2016-7549) Update Instructions: Run `sudo pro fix USN-3091-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.17.9-0ubuntu0.16.04.1 liboxideqt-qmlplugin - 1.17.9-0ubuntu0.16.04.1 liboxideqtquick-dev - 1.17.9-0ubuntu0.16.04.1 oxideqt-codecs-extra - 1.17.9-0ubuntu0.16.04.1 liboxideqtcore-dev - 1.17.9-0ubuntu0.16.04.1 oxideqt-codecs - 1.17.9-0ubuntu0.16.04.1 liboxideqtquick0 - 1.17.9-0ubuntu0.16.04.1 No subscription required Medium CVE-2016-5170 CVE-2016-5171 CVE-2016-5172 CVE-2016-5175 CVE-2016-5177 CVE-2016-5178 CVE-2016-7549 Ubuntu 16.04 LTS Stefan Metzmacher discovered that Samba incorrectly handled certain flags in SMB2/3 client connections. A remote attacker could use this issue to disable client signing and impersonate servers by performing a machine-in-the-middle attack. Samba has been updated to 4.3.11 in Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. In addition to the security fix, the updated packages contain bug fixes, new features, and possibly incompatible changes. Update Instructions: Run `sudo pro fix USN-3092-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.16.04.1 samba - 2:4.3.11+dfsg-0ubuntu0.16.04.1 libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.1 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.1 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.1 smbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.1 python-samba - 2:4.3.11+dfsg-0ubuntu0.16.04.1 winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.1 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.16.04.1 samba-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.1 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.16.04.1 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.16.04.1 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.1 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.1 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.1 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.1 samba-common - 2:4.3.11+dfsg-0ubuntu0.16.04.1 registry-tools - 2:4.3.11+dfsg-0ubuntu0.16.04.1 samba-libs - 2:4.3.11+dfsg-0ubuntu0.16.04.1 ctdb - 2:4.3.11+dfsg-0ubuntu0.16.04.1 No subscription required Medium CVE-2016-2119 Ubuntu 16.04 LTS It was discovered that ClamAV incorrectly handled certain malformed files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the ClamAV AppArmor profile. Update Instructions: Run `sudo pro fix USN-3093-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.99.2+dfsg-0ubuntu0.16.04.1 clamav-testfiles - 0.99.2+dfsg-0ubuntu0.16.04.1 clamav-base - 0.99.2+dfsg-0ubuntu0.16.04.1 clamav - 0.99.2+dfsg-0ubuntu0.16.04.1 libclamav7 - 0.99.2+dfsg-0ubuntu0.16.04.1 clamav-daemon - 0.99.2+dfsg-0ubuntu0.16.04.1 clamav-milter - 0.99.2+dfsg-0ubuntu0.16.04.1 clamav-docs - 0.99.2+dfsg-0ubuntu0.16.04.1 clamav-freshclam - 0.99.2+dfsg-0ubuntu0.16.04.1 clamdscan - 0.99.2+dfsg-0ubuntu0.16.04.1 No subscription required Medium CVE-2016-1371 CVE-2016-1372 CVE-2016-1405 Ubuntu 16.04 LTS Andrew Ayer discovered that Systemd improperly handled zero-length notification messages. A local unprivileged attacker could use this to cause a denial of service (init crash leading to system unavailability). Update Instructions: Run `sudo pro fix USN-3094-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: systemd-coredump - 229-4ubuntu10 systemd - 229-4ubuntu10 udev-udeb - 229-4ubuntu10 libsystemd0 - 229-4ubuntu10 systemd-container - 229-4ubuntu10 libnss-myhostname - 229-4ubuntu10 libudev1-udeb - 229-4ubuntu10 libudev1 - 229-4ubuntu10 libsystemd-dev - 229-4ubuntu10 systemd-journal-remote - 229-4ubuntu10 libpam-systemd - 229-4ubuntu10 libnss-mymachines - 229-4ubuntu10 libnss-resolve - 229-4ubuntu10 systemd-sysv - 229-4ubuntu10 udev - 229-4ubuntu10 libudev-dev - 229-4ubuntu10 No subscription required None https://launchpad.net/bugs/1628687 Ubuntu 16.04 LTS Taoguang Chen discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7124) Taoguang Chen discovered that PHP incorrectly handled invalid session names. A remote attacker could use this issue to inject arbitrary session data. (CVE-2016-7125) It was discovered that PHP incorrectly handled certain gamma values in the imagegammacorrect function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7127) It was discovered that PHP incorrectly handled certain crafted TIFF image thumbnails. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly expose sensitive information. (CVE-2016-7128) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7129, CVE-2016-7130, CVE-2016-7131, CVE-2016-7132, CVE-2016-7413) It was discovered that PHP incorrectly handled certain memory operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-7133) It was discovered that PHP incorrectly handled long strings in curl_escape calls. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-7134) Taoguang Chen discovered that PHP incorrectly handled certain failures when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-7411) It was discovered that PHP incorrectly handled certain flags in the MySQL driver. Malicious remote MySQL servers could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7412) It was discovered that PHP incorrectly handled ZIP file signature verification when processing a PHAR archive. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7414) It was discovered that PHP incorrectly handled certain locale operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7416) It was discovered that PHP incorrectly handled SplArray unserializing. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7417) Ke Liu discovered that PHP incorrectly handled unserializing wddxPacket XML documents with incorrect boolean elements. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7418) Update Instructions: Run `sudo pro fix USN-3095-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.0-cgi - 7.0.8-0ubuntu0.16.04.3 php7.0-mcrypt - 7.0.8-0ubuntu0.16.04.3 php7.0-xsl - 7.0.8-0ubuntu0.16.04.3 php7.0-fpm - 7.0.8-0ubuntu0.16.04.3 libphp7.0-embed - 7.0.8-0ubuntu0.16.04.3 php7.0-phpdbg - 7.0.8-0ubuntu0.16.04.3 php7.0-curl - 7.0.8-0ubuntu0.16.04.3 php7.0-ldap - 7.0.8-0ubuntu0.16.04.3 php7.0-mbstring - 7.0.8-0ubuntu0.16.04.3 php7.0-gmp - 7.0.8-0ubuntu0.16.04.3 php7.0-sqlite3 - 7.0.8-0ubuntu0.16.04.3 php7.0-gd - 7.0.8-0ubuntu0.16.04.3 php7.0-common - 7.0.8-0ubuntu0.16.04.3 php7.0-enchant - 7.0.8-0ubuntu0.16.04.3 php7.0-odbc - 7.0.8-0ubuntu0.16.04.3 php7.0-cli - 7.0.8-0ubuntu0.16.04.3 php7.0-json - 7.0.8-0ubuntu0.16.04.3 php7.0-pgsql - 7.0.8-0ubuntu0.16.04.3 libapache2-mod-php7.0 - 7.0.8-0ubuntu0.16.04.3 php7.0-zip - 7.0.8-0ubuntu0.16.04.3 php7.0-mysql - 7.0.8-0ubuntu0.16.04.3 php7.0-dba - 7.0.8-0ubuntu0.16.04.3 php7.0-sybase - 7.0.8-0ubuntu0.16.04.3 php7.0-pspell - 7.0.8-0ubuntu0.16.04.3 php7.0-xml - 7.0.8-0ubuntu0.16.04.3 php7.0-bz2 - 7.0.8-0ubuntu0.16.04.3 php7.0-recode - 7.0.8-0ubuntu0.16.04.3 php7.0-soap - 7.0.8-0ubuntu0.16.04.3 php7.0 - 7.0.8-0ubuntu0.16.04.3 php7.0-tidy - 7.0.8-0ubuntu0.16.04.3 php7.0-interbase - 7.0.8-0ubuntu0.16.04.3 php7.0-opcache - 7.0.8-0ubuntu0.16.04.3 php7.0-readline - 7.0.8-0ubuntu0.16.04.3 php7.0-intl - 7.0.8-0ubuntu0.16.04.3 php7.0-imap - 7.0.8-0ubuntu0.16.04.3 php7.0-xmlrpc - 7.0.8-0ubuntu0.16.04.3 php7.0-bcmath - 7.0.8-0ubuntu0.16.04.3 php7.0-dev - 7.0.8-0ubuntu0.16.04.3 php7.0-snmp - 7.0.8-0ubuntu0.16.04.3 No subscription required Medium CVE-2016-7124 CVE-2016-7125 CVE-2016-7127 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 CVE-2016-7132 CVE-2016-7133 CVE-2016-7134 CVE-2016-7411 CVE-2016-7412 CVE-2016-7413 CVE-2016-7414 CVE-2016-7416 CVE-2016-7417 CVE-2016-7418 Ubuntu 16.04 LTS Aanchal Malhotra discovered that NTP incorrectly handled authenticated broadcast mode. A remote attacker could use this issue to perform a replay attack. (CVE-2015-7973) Matt Street discovered that NTP incorrectly verified peer associations of symmetric keys. A remote attacker could use this issue to perform an impersonation attack. (CVE-2015-7974) Jonathan Gardner discovered that the NTP ntpq utility incorrectly handled memory. An attacker could possibly use this issue to cause ntpq to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-7975) Jonathan Gardner discovered that the NTP ntpq utility incorrectly handled dangerous characters in filenames. An attacker could possibly use this issue to overwrite arbitrary files. (CVE-2015-7976) Stephen Gray discovered that NTP incorrectly handled large restrict lists. An attacker could use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2015-7977, CVE-2015-7978) Aanchal Malhotra discovered that NTP incorrectly handled authenticated broadcast mode. A remote attacker could use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2015-7979) Jonathan Gardner discovered that NTP incorrectly handled origin timestamp checks. A remote attacker could use this issue to spoof peer servers. (CVE-2015-8138) Jonathan Gardner discovered that the NTP ntpq utility did not properly handle certain incorrect values. An attacker could possibly use this issue to cause ntpq to hang, resulting in a denial of service. (CVE-2015-8158) It was discovered that the NTP cronjob incorrectly cleaned up the statistics directory. A local attacker could possibly use this to escalate privileges. (CVE-2016-0727) Stephen Gray and Matthew Van Gundy discovered that NTP incorrectly validated crypto-NAKs. A remote attacker could possibly use this issue to prevent clients from synchronizing. (CVE-2016-1547) Miroslav Lichvar and Jonathan Gardner discovered that NTP incorrectly handled switching to interleaved symmetric mode. A remote attacker could possibly use this issue to prevent clients from synchronizing. (CVE-2016-1548) Matthew Van Gundy, Stephen Gray and Loganaden Velvindron discovered that NTP incorrectly handled message authentication. A remote attacker could possibly use this issue to recover the message digest key. (CVE-2016-1550) Yihan Lian discovered that NTP incorrectly handled duplicate IPs on unconfig directives. An authenticated remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2016-2516) Yihan Lian discovered that NTP incorrectly handled certail peer associations. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2016-2518) Jakub Prokes discovered that NTP incorrectly handled certain spoofed packets. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-4954) Miroslav Lichvar discovered that NTP incorrectly handled certain packets when autokey is enabled. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-4955) Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed broadcast packets. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-4956) In the default installation, attackers would be isolated by the NTP AppArmor profile. Update Instructions: Run `sudo pro fix USN-3096-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ntp - 1:4.2.8p4+dfsg-3ubuntu5.3 ntp-doc - 1:4.2.8p4+dfsg-3ubuntu5.3 ntpdate - 1:4.2.8p4+dfsg-3ubuntu5.3 No subscription required Medium CVE-2015-7973 CVE-2015-7974 CVE-2015-7975 CVE-2015-7976 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8138 CVE-2015-8158 CVE-2016-0727 CVE-2016-1547 CVE-2016-1548 CVE-2016-1550 CVE-2016-2516 CVE-2016-2518 CVE-2016-4954 CVE-2016-4955 CVE-2016-4956 Ubuntu 16.04 LTS Vladimír Beneš discovered an unbounded recursion in the VLAN and TEB Generic Receive Offload (GRO) processing implementations in the Linux kernel, A remote attacker could use this to cause a stack corruption, leading to a denial of service (system crash). (CVE-2016-7039) Marco Grassi discovered a use-after-free condition could occur in the TCP retransmit queue handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-6828) Pengfei Wang discovered a race condition in the s390 SCLP console driver for the Linux kernel when handling ioctl()s. A local attacker could use this to obtain sensitive information from kernel memory. (CVE-2016-6130) Pengfei Wang discovered a race condition in the Adaptec AAC RAID controller driver in the Linux kernel when handling ioctl()s. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6480) Update Instructions: Run `sudo pro fix USN-3099-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-42-powerpc-smp - 4.4.0-42.62 linux-image-4.4.0-42-generic-lpae - 4.4.0-42.62 linux-image-4.4.0-42-powerpc-e500mc - 4.4.0-42.62 linux-image-4.4.0-42-powerpc64-emb - 4.4.0-42.62 linux-image-extra-4.4.0-42-generic - 4.4.0-42.62 linux-image-4.4.0-42-generic - 4.4.0-42.62 linux-image-4.4.0-42-powerpc64-smp - 4.4.0-42.62 linux-image-4.4.0-42-lowlatency - 4.4.0-42.62 No subscription required High CVE-2016-6130 CVE-2016-6480 CVE-2016-6828 CVE-2016-7039 Ubuntu 16.04 LTS Vladimír Beneš discovered an unbounded recursion in the VLAN and TEB Generic Receive Offload (GRO) processing implementations in the Linux kernel, A remote attacker could use this to cause a stack corruption, leading to a denial of service (system crash). (CVE-2016-7039) Marco Grassi discovered a use-after-free condition could occur in the TCP retransmit queue handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-6828) Pengfei Wang discovered a race condition in the Adaptec AAC RAID controller driver in the Linux kernel when handling ioctl()s. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6480) Update Instructions: Run `sudo pro fix USN-3099-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1027-raspi2 - 4.4.0-1027.33 No subscription required High CVE-2016-6480 CVE-2016-6828 CVE-2016-7039 Ubuntu 16.04 LTS Vladimír Beneš discovered an unbounded recursion in the VLAN and TEB Generic Receive Offload (GRO) processing implementations in the Linux kernel, A remote attacker could use this to cause a stack corruption, leading to a denial of service (system crash). (CVE-2016-7039) Marco Grassi discovered a use-after-free condition could occur in the TCP retransmit queue handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-6828) Pengfei Wang discovered a race condition in the Adaptec AAC RAID controller driver in the Linux kernel when handling ioctl()s. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6480) Update Instructions: Run `sudo pro fix USN-3099-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1030-snapdragon - 4.4.0-1030.33 No subscription required High CVE-2016-6480 CVE-2016-6828 CVE-2016-7039 Ubuntu 16.04 LTS It was discovered that Tracker incorrectly handled certain malformed GIF images. If a user or automated system were tricked into downloading a specially-crafted GIF image, Tracker could crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3101-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtracker-miner-1.0-dev - 1.6.2-0ubuntu1.1 libtracker-miner-1.0-0 - 1.6.2-0ubuntu1.1 tracker-miner-fs - 1.6.2-0ubuntu1.1 libtracker-control-doc - 1.6.2-0ubuntu1.1 libtracker-control-1.0-dev - 1.6.2-0ubuntu1.1 libtracker-sparql-1.0-dev - 1.6.2-0ubuntu1.1 libtracker-sparql-1.0-0 - 1.6.2-0ubuntu1.1 gir1.2-tracker-1.0 - 1.6.2-0ubuntu1.1 tracker - 1.6.2-0ubuntu1.1 libtracker-control-1.0-0 - 1.6.2-0ubuntu1.1 tracker-gui - 1.6.2-0ubuntu1.1 libtracker-miner-doc - 1.6.2-0ubuntu1.1 tracker-extract - 1.6.2-0ubuntu1.1 libtracker-sparql-doc - 1.6.2-0ubuntu1.1 No subscription required None https://launchpad.net/bugs/1178402 Ubuntu 16.04 LTS It was discovered that Quagga incorrectly handled dumping data. A remote attacker could possibly use a large BGP packet to cause Quagga to crash, resulting in a denial of service. (CVE-2016-4049) It was discovered that the Quagga package incorrectly set permissions on the configuration directory. A local user could use this issue to possibly obtain sensitive information. (CVE-2016-4036) Update Instructions: Run `sudo pro fix USN-3102-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: quagga - 0.99.24.1-2ubuntu1.1 quagga-doc - 0.99.24.1-2ubuntu1.1 No subscription required Medium CVE-2016-4036 CVE-2016-4049 Ubuntu 16.04 LTS It was discovered that a race condition existed in the memory manager of the Linux kernel when handling copy-on-write breakage of private read-only memory mappings. A local attacker could use this to gain administrative privileges. Update Instructions: Run `sudo pro fix USN-3106-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-45-powerpc64-emb - 4.4.0-45.66 linux-image-4.4.0-45-powerpc-smp - 4.4.0-45.66 linux-image-4.4.0-45-lowlatency - 4.4.0-45.66 linux-image-4.4.0-45-generic - 4.4.0-45.66 linux-image-extra-4.4.0-45-generic - 4.4.0-45.66 linux-image-4.4.0-45-generic-lpae - 4.4.0-45.66 linux-image-4.4.0-45-powerpc-e500mc - 4.4.0-45.66 linux-image-4.4.0-45-powerpc64-smp - 4.4.0-45.66 No subscription required High CVE-2016-5195 Ubuntu 16.04 LTS It was discovered that a race condition existed in the memory manager of the Linux kernel when handling copy-on-write breakage of private read-only memory mappings. A local attacker could use this to gain administrative privileges. Update Instructions: Run `sudo pro fix USN-3106-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1029-raspi2 - 4.4.0-1029.36 No subscription required High CVE-2016-5195 Ubuntu 16.04 LTS It was discovered that a race condition existed in the memory manager of the Linux kernel when handling copy-on-write breakage of private read-only memory mappings. A local attacker could use this to gain administrative privileges. Update Instructions: Run `sudo pro fix USN-3106-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1032-snapdragon - 4.4.0-1032.36 No subscription required High CVE-2016-5195 Ubuntu 16.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.53 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 16.10 have been updated to MySQL 5.7.16. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-16.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html Update Instructions: Run `sudo pro fix USN-3109-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.16-0ubuntu0.16.04.1 mysql-source-5.7 - 5.7.16-0ubuntu0.16.04.1 libmysqlclient-dev - 5.7.16-0ubuntu0.16.04.1 mysql-client-core-5.7 - 5.7.16-0ubuntu0.16.04.1 mysql-client-5.7 - 5.7.16-0ubuntu0.16.04.1 libmysqlclient20 - 5.7.16-0ubuntu0.16.04.1 mysql-server-5.7 - 5.7.16-0ubuntu0.16.04.1 mysql-common - 5.7.16-0ubuntu0.16.04.1 mysql-server - 5.7.16-0ubuntu0.16.04.1 mysql-server-core-5.7 - 5.7.16-0ubuntu0.16.04.1 mysql-testsuite - 5.7.16-0ubuntu0.16.04.1 libmysqld-dev - 5.7.16-0ubuntu0.16.04.1 mysql-testsuite-5.7 - 5.7.16-0ubuntu0.16.04.1 No subscription required Medium CVE-2016-5584 CVE-2016-7440 Ubuntu 16.04 LTS David Lamparter discovered that Quagga incorrectly handled certain IPv6 router advertisements. A remote attacker could possibly use this issue to cause Quagga to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3110-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: quagga - 0.99.24.1-2ubuntu1.2 quagga-doc - 0.99.24.1-2ubuntu1.2 No subscription required Medium CVE-2016-1245 Ubuntu 16.04 LTS A use-after-free was discovered in service workers. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via program crash, or execute arbitrary code. (CVE-2016-5287) It was discovered that web content could access information in the HTTP cache in some circumstances. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5288) Update Instructions: Run `sudo pro fix USN-3111-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-nn - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-nb - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-fa - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-fi - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-fr - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-fy - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-or - 49.0.2+build2-0ubuntu0.16.04.2 firefox-testsuite - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-oc - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-cs - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-ga - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-gd - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-gn - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-gl - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-gu - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-pa - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-pl - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-cy - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-pt - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-hi - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-ms - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-he - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-hy - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-hr - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-hu - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-it - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-as - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-ar - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-az - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-id - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-mai - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-af - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-is - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-vi - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-an - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-bs - 49.0.2+build2-0ubuntu0.16.04.2 firefox - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-ro - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-ja - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-ru - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-br - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-zh-hant - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-zh-hans - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-bn - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-be - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-bg - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-sl - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-sk - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-si - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-sw - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-sv - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-sr - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-sq - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-ko - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-kn - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-km - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-kk - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-ka - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-xh - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-ca - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-ku - 49.0.2+build2-0ubuntu0.16.04.2 firefox-mozsymbols - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-lv - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-lt - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-th - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-hsb - 49.0.2+build2-0ubuntu0.16.04.2 firefox-dev - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-te - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-cak - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-ta - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-lg - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-tr - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-nso - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-de - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-da - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-uk - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-mr - 49.0.2+build2-0ubuntu0.16.04.2 firefox-globalmenu - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-uz - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-ml - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-mn - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-mk - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-eu - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-et - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-es - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-csb - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-el - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-eo - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-en - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-zu - 49.0.2+build2-0ubuntu0.16.04.2 firefox-locale-ast - 49.0.2+build2-0ubuntu0.16.04.2 No subscription required Medium CVE-2016-5287 CVE-2016-5288 Ubuntu 16.04 LTS Catalin Dumitru discovered that URLs of resources loaded after a navigation start could be leaked to the following page via the Resource Timing API. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5250) Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, and Carsten Book discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5257) Atte Kettunen discovered a heap buffer overflow during text conversion with some unicode characters. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5270) Abhishek Arya discovered a bad cast when processing layout with input elements in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5272) A use-after-free was discovered in web animations during restyling. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5274) A use-after-free was discovered in accessibility. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5276) A use-after-free was discovered in web animations when destroying a timeline. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5277) A buffer overflow was discovered when encoding image frames to images in some circumstances. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5278) Mei Wang discovered a use-after-free when changing text direction. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5280) Brian Carpenter discovered a use-after-free when manipulating SVG content in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5281) An issue was discovered with the preloaded Public Key Pinning (HPKP). If a machine-in-the-middle (MITM) attacker was able to obtain a fraudulent certificate for a Mozilla site, they could exploit this by providing malicious addon updates. (CVE-2016-5284) Update Instructions: Run `sudo pro fix USN-3112-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-bn - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fr - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-en-us - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-es-es - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nb-no - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-br - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-dsb - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fy - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-vi - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-mk - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-bn-bd - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hu - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-es-ar - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-be - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-bg - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ja - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-lt - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sl - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-en-gb - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-cy - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-si - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-gnome-support - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hr - 1:45.4.0+build1-0ubuntu0.16.04.1 xul-ext-calendar-timezones - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-de - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-en - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-da - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nl - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nn - 1:45.4.0+build1-0ubuntu0.16.04.1 xul-ext-lightning - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ga-ie - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fy-nl - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sv - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pa-in - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sr - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sq - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-he - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hsb - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ar - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-uk - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-globalmenu - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-cn - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ta-lk - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ru - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-cs - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-mozsymbols - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fi - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-testsuite - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ro - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-af - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pt-pt - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sk - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-dev - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hy - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ca - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sv-se - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pt-br - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-el - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pa - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-rm - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ka - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nn-no - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ko - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ga - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ast - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-tr - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-it - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pl - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-gd - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-tw - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-id - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-gl - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nb - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pt - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-eu - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-et - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-hant - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-hans - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-is - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-es - 1:45.4.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ta - 1:45.4.0+build1-0ubuntu0.16.04.1 No subscription required Medium CVE-2016-5250 CVE-2016-5257 CVE-2016-5270 CVE-2016-5272 CVE-2016-5274 CVE-2016-5276 CVE-2016-5277 CVE-2016-5278 CVE-2016-5280 CVE-2016-5281 CVE-2016-5284 Ubuntu 16.04 LTS It was discovered that a long running unload handler could cause an incognito profile to be reused in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2016-1586) Multiple security vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting (XSS) attacks, spoof an application's URL bar, obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5181, CVE-2016-5182, CVE-2016-5185, CVE-2016-5186, CVE-2016-5187, CVE-2016-5188, CVE-2016-5189, CVE-2016-5192, CVE-2016-5194) Update Instructions: Run `sudo pro fix USN-3113-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.18.3-0ubuntu0.16.04.1 liboxideqt-qmlplugin - 1.18.3-0ubuntu0.16.04.1 liboxideqtquick-dev - 1.18.3-0ubuntu0.16.04.1 oxideqt-codecs-extra - 1.18.3-0ubuntu0.16.04.1 liboxideqtcore-dev - 1.18.3-0ubuntu0.16.04.1 oxideqt-codecs - 1.18.3-0ubuntu0.16.04.1 liboxideqtquick0 - 1.18.3-0ubuntu0.16.04.1 No subscription required Medium CVE-2016-1586 CVE-2016-5181 CVE-2016-5182 CVE-2016-5185 CVE-2016-5186 CVE-2016-5187 CVE-2016-5188 CVE-2016-5189 CVE-2016-5192 CVE-2016-5194 Ubuntu 16.04 LTS Dawid Golunski discovered that the nginx package incorrectly handled log file permissions. A remote attacker could possibly use this issue to obtain root privileges. Update Instructions: Run `sudo pro fix USN-3114-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nginx-extras - 1.10.0-0ubuntu0.16.04.3 nginx-core - 1.10.0-0ubuntu0.16.04.3 nginx-common - 1.10.0-0ubuntu0.16.04.3 nginx-full - 1.10.0-0ubuntu0.16.04.3 nginx - 1.10.0-0ubuntu0.16.04.3 nginx-doc - 1.10.0-0ubuntu0.16.04.3 nginx-light - 1.10.0-0ubuntu0.16.04.3 No subscription required Medium CVE-2016-1247 Ubuntu 16.04 LTS USN-3114-1 fixed a vulnerability in nginx. A packaging issue prevented nginx from being reinstalled or upgraded to a subsequent release. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Dawid Golunski discovered that the nginx package incorrectly handled log file permissions. A remote attacker could possibly use this issue to obtain root privileges. Update Instructions: Run `sudo pro fix USN-3114-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nginx-extras - 1.10.0-0ubuntu0.16.04.4 nginx-core - 1.10.0-0ubuntu0.16.04.4 nginx-common - 1.10.0-0ubuntu0.16.04.4 nginx-full - 1.10.0-0ubuntu0.16.04.4 nginx - 1.10.0-0ubuntu0.16.04.4 nginx-doc - 1.10.0-0ubuntu0.16.04.4 nginx-light - 1.10.0-0ubuntu0.16.04.4 No subscription required None https://launchpad.net/bugs/1637058 Ubuntu 16.04 LTS Marti Raudsepp discovered that Django incorrectly used a hardcoded password when running tests on an Oracle database. A remote attacker could possibly connect to the database while the tests are running and prevent the test user with the hardcoded password from being removed. (CVE-2016-9013) Aymeric Augustin discovered that Django incorrectly validated hosts when being run with the debug setting enabled. A remote attacker could possibly use this issue to perform DNS rebinding attacks. (CVE-2016-9014) Update Instructions: Run `sudo pro fix USN-3115-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1.8.7-1ubuntu5.4 python-django-doc - 1.8.7-1ubuntu5.4 python-django-common - 1.8.7-1ubuntu5.4 python-django - 1.8.7-1ubuntu5.4 No subscription required Medium CVE-2016-9013 CVE-2016-9014 Ubuntu 16.04 LTS It was discovered that DBus incorrectly validated the source of ActivationFailure signals. A local attacker could use this issue to cause a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-0245) It was discovered that DBus incorrectly handled certain format strings. A local attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue is only exposed to unprivileged users when the fix for CVE-2015-0245 is not applied, hence this issue is only likely to affect Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 16.10 have been updated as a preventative measure in the event that a new attack vector for this issue is discovered. (No CVE number) Update Instructions: Run `sudo pro fix USN-3116-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dbus-1-doc - 1.10.6-1ubuntu3.1 dbus - 1.10.6-1ubuntu3.1 libdbus-1-dev - 1.10.6-1ubuntu3.1 dbus-udeb - 1.10.6-1ubuntu3.1 dbus-user-session - 1.10.6-1ubuntu3.1 libdbus-1-3-udeb - 1.10.6-1ubuntu3.1 dbus-x11 - 1.10.6-1ubuntu3.1 dbus-tests - 1.10.6-1ubuntu3.1 libdbus-1-3 - 1.10.6-1ubuntu3.1 No subscription required Medium CVE-2015-0245 Ubuntu 16.04 LTS Ibrahim El-Sayed discovered that the GD library incorrectly handled certain malformed Tiff images. If a user or automated system were tricked into processing a specially crafted Tiff image, an attacker could cause a denial of service. (CVE-2016-6911) Ke Liu discovered that the GD library incorrectly handled certain integers when processing WebP images. If a user or automated system were tricked into processing a specially crafted WebP image, an attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7568) Emmanuel Law discovered that the GD library incorrectly handled certain strings when creating images. If a user or automated system were tricked into processing a specially crafted image, an attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2016-8670) Update Instructions: Run `sudo pro fix USN-3117-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgd3 - 2.1.1-4ubuntu0.16.04.5 libgd-tools - 2.1.1-4ubuntu0.16.04.5 libgd-dev - 2.1.1-4ubuntu0.16.04.5 No subscription required Medium CVE-2016-6911 CVE-2016-7568 CVE-2016-8670 Ubuntu 16.04 LTS It was discovered that the Mailman administrative web interface did not protect against cross-site request forgery (CSRF) attacks. If an authenticated user were tricked into visiting a malicious website while logged into Mailman, a remote attacker could perform administrative actions. This issue only affected Ubuntu 12.04 LTS. (CVE-2016-7123) Nishant Agarwala discovered that the Mailman user options page did not protect against cross-site request forgery (CSRF) attacks. If an authenticated user were tricked into visiting a malicious website while logged into Mailman, a remote attacker could modify user options. (CVE-2016-6893) Update Instructions: Run `sudo pro fix USN-3118-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mailman - 1:2.1.20-1ubuntu0.1 No subscription required Medium CVE-2016-6893 CVE-2016-7123 Ubuntu 16.04 LTS Tony Finch and Marco Davids discovered that Bind incorrectly handled certain responses containing a DNAME answer. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3119-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libisccfg-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.2 libisc160 - 1:9.10.3.dfsg.P4-8ubuntu1.2 libisccc-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.2 libdns162 - 1:9.10.3.dfsg.P4-8ubuntu1.2 libbind-dev - 1:9.10.3.dfsg.P4-8ubuntu1.2 libisc-export160-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.2 liblwres141 - 1:9.10.3.dfsg.P4-8ubuntu1.2 libisccc-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.2 libisccfg-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.2 bind9 - 1:9.10.3.dfsg.P4-8ubuntu1.2 libisc-export160 - 1:9.10.3.dfsg.P4-8ubuntu1.2 libdns-export162-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.2 bind9-doc - 1:9.10.3.dfsg.P4-8ubuntu1.2 libbind-export-dev - 1:9.10.3.dfsg.P4-8ubuntu1.2 libisccc140 - 1:9.10.3.dfsg.P4-8ubuntu1.2 host - 1:9.10.3.dfsg.P4-8ubuntu1.2 libisccfg140 - 1:9.10.3.dfsg.P4-8ubuntu1.2 bind9-host - 1:9.10.3.dfsg.P4-8ubuntu1.2 dnsutils - 1:9.10.3.dfsg.P4-8ubuntu1.2 libdns-export162 - 1:9.10.3.dfsg.P4-8ubuntu1.2 bind9utils - 1:9.10.3.dfsg.P4-8ubuntu1.2 libirs-export141-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.2 libbind9-140 - 1:9.10.3.dfsg.P4-8ubuntu1.2 libirs141 - 1:9.10.3.dfsg.P4-8ubuntu1.2 libirs-export141 - 1:9.10.3.dfsg.P4-8ubuntu1.2 lwresd - 1:9.10.3.dfsg.P4-8ubuntu1.2 No subscription required Medium CVE-2016-8864 Ubuntu 16.04 LTS Aleksandar Nikolic discovered that Memcached incorrectly handled certain malformed commands. A remote attacker could use this issue to cause Memcached to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3120-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: memcached - 1.4.25-2ubuntu1.2 No subscription required High CVE-2016-8704 CVE-2016-8705 CVE-2016-8706 Ubuntu 16.04 LTS It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An attacker could use this to bypass Java sandbox restrictions. (CVE-2016-5582) It was discovered that OpenJDK did not restrict the set of algorithms used for Jar integrity verification. An attacker could use this to modify without detection the content of a JAR file, affecting system integrity. (CVE-2016-5542) It was discovered that the JMX component of OpenJDK did not sufficiently perform classloader consistency checks. An attacker could use this to bypass Java sandbox restrictions. (CVE-2016-5554) It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could use this to send debugging commands to a Java application with debugging enabled. (CVE-2016-5573) It was discovered that OpenJDK did not properly handle HTTP proxy authentication. An attacker could use this to expose HTTPS server authentication credentials. (CVE-2016-5597) Update Instructions: Run `sudo pro fix USN-3121-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-8-doc - 8u111-b14-2ubuntu0.16.04.2 openjdk-8-jdk - 8u111-b14-2ubuntu0.16.04.2 openjdk-8-jre-headless - 8u111-b14-2ubuntu0.16.04.2 openjdk-8-jre - 8u111-b14-2ubuntu0.16.04.2 openjdk-8-jdk-headless - 8u111-b14-2ubuntu0.16.04.2 openjdk-8-source - 8u111-b14-2ubuntu0.16.04.2 openjdk-8-jre-zero - 8u111-b14-2ubuntu0.16.04.2 openjdk-8-demo - 8u111-b14-2ubuntu0.16.04.2 openjdk-8-jre-jamvm - 8u111-b14-2ubuntu0.16.04.2 No subscription required Medium CVE-2016-5542 CVE-2016-5554 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597 Ubuntu 16.04 LTS It was discovered that the NVIDIA graphics drivers incorrectly sanitized user mode inputs. A local attacker could use this issue to possibly gain root privileges. Update Instructions: Run `sudo pro fix USN-3122-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nvidia-current-dev - 304.132-0ubuntu0.16.04.2 libcuda1-304 - 304.132-0ubuntu0.16.04.2 nvidia-libopencl1-304-updates - 304.132-0ubuntu0.16.04.2 nvidia-304-updates - 304.132-0ubuntu0.16.04.2 nvidia-304 - 304.132-0ubuntu0.16.04.2 nvidia-current - 304.132-0ubuntu0.16.04.2 nvidia-304-updates-dev - 304.132-0ubuntu0.16.04.2 nvidia-304-dev - 304.132-0ubuntu0.16.04.2 libcuda1-304-updates - 304.132-0ubuntu0.16.04.2 nvidia-libopencl1-304 - 304.132-0ubuntu0.16.04.2 nvidia-opencl-icd-304-updates - 304.132-0ubuntu0.16.04.2 nvidia-opencl-icd-304 - 304.132-0ubuntu0.16.04.2 No subscription required nvidia-331 - 340.98-0ubuntu0.16.04.1 nvidia-opencl-icd-331 - 340.98-0ubuntu0.16.04.1 nvidia-libopencl1-331-updates - 340.98-0ubuntu0.16.04.1 libcuda1-340 - 340.98-0ubuntu0.16.04.1 nvidia-340-updates - 340.98-0ubuntu0.16.04.1 nvidia-331-updates - 340.98-0ubuntu0.16.04.1 nvidia-opencl-icd-340-updates - 340.98-0ubuntu0.16.04.1 libcuda1-331-updates - 340.98-0ubuntu0.16.04.1 nvidia-opencl-icd-331-updates - 340.98-0ubuntu0.16.04.1 nvidia-340-dev - 340.98-0ubuntu0.16.04.1 nvidia-340-updates-dev - 340.98-0ubuntu0.16.04.1 nvidia-libopencl1-331 - 340.98-0ubuntu0.16.04.1 nvidia-340 - 340.98-0ubuntu0.16.04.1 nvidia-opencl-icd-340 - 340.98-0ubuntu0.16.04.1 libcuda1-340-updates - 340.98-0ubuntu0.16.04.1 libcuda1-331 - 340.98-0ubuntu0.16.04.1 nvidia-331-updates-dev - 340.98-0ubuntu0.16.04.1 nvidia-331-dev - 340.98-0ubuntu0.16.04.1 nvidia-331-updates-uvm - 340.98-0ubuntu0.16.04.1 nvidia-libopencl1-340 - 340.98-0ubuntu0.16.04.1 nvidia-libopencl1-340-updates - 340.98-0ubuntu0.16.04.1 nvidia-340-uvm - 340.98-0ubuntu0.16.04.1 nvidia-331-uvm - 340.98-0ubuntu0.16.04.1 No subscription required libcuda1-367 - 367.57-0ubuntu0.16.04.1 libcuda1-361 - 367.57-0ubuntu0.16.04.1 nvidia-367-dev - 367.57-0ubuntu0.16.04.1 nvidia-opencl-icd-367 - 367.57-0ubuntu0.16.04.1 nvidia-367 - 367.57-0ubuntu0.16.04.1 nvidia-361 - 367.57-0ubuntu0.16.04.1 nvidia-361-dev - 367.57-0ubuntu0.16.04.1 nvidia-opencl-icd-361 - 367.57-0ubuntu0.16.04.1 nvidia-libopencl1-367 - 367.57-0ubuntu0.16.04.1 nvidia-libopencl1-361 - 367.57-0ubuntu0.16.04.1 No subscription required High CVE-2016-7382 CVE-2016-7389 Ubuntu 16.04 LTS It was discovered that curl incorrectly reused client certificates when built with NSS. A remote attacker could possibly use this issue to hijack the authentication of a TLS connection. (CVE-2016-7141) Nguyen Vu Hoang discovered that curl incorrectly handled escaping certain strings. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7167) It was discovered that curl incorrectly handled storing cookies. A remote attacker could possibly use this issue to inject cookies for arbitrary domains in the cookie jar. (CVE-2016-8615) It was discovered that curl incorrect handled case when comparing user names and passwords. A remote attacker with knowledge of a case-insensitive version of the correct password could possibly use this issue to cause a connection to be reused. (CVE-2016-8616) It was discovered that curl incorrect handled memory when encoding to base64. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-8617) It was discovered that curl incorrect handled memory when preparing formatted output. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-8618) It was discovered that curl incorrect handled memory when performing Kerberos authentication. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-8619) Luật Nguyễn discovered that curl incorrectly handled parsing globs. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-8620) Luật Nguyễn discovered that curl incorrectly handled converting dates. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service. (CVE-2016-8621) It was discovered that curl incorrectly handled URL percent-encoding decoding. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-8622) It was discovered that curl incorrectly handled shared cookies. A remote server could possibly obtain incorrect cookies or other sensitive information. (CVE-2016-8623) Fernando Muñoz discovered that curl incorrect parsed certain URLs. A remote attacker could possibly use this issue to trick curl into connecting to a different host. (CVE-2016-8624) Update Instructions: Run `sudo pro fix USN-3123-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.47.0-1ubuntu2.2 libcurl4-openssl-dev - 7.47.0-1ubuntu2.2 libcurl3-gnutls - 7.47.0-1ubuntu2.2 libcurl4-doc - 7.47.0-1ubuntu2.2 libcurl3-nss - 7.47.0-1ubuntu2.2 libcurl4-nss-dev - 7.47.0-1ubuntu2.2 libcurl3 - 7.47.0-1ubuntu2.2 curl - 7.47.0-1ubuntu2.2 No subscription required Medium CVE-2016-7141 CVE-2016-7167 CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 Ubuntu 16.04 LTS Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, Markus Stange, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5289, CVE-2016-5290) A same-origin policy bypass was discovered with local HTML files in some circumstances. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5291) A crash was discovered when parsing URLs in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code. (CVE-2016-5292) A heap buffer-overflow was discovered in Cairo when processing SVG content. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5296) An error was discovered in argument length checking in Javascript. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5297) An integer overflow was discovered in the Expat library. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2016-9063) It was discovered that addon updates failed to verify that the addon ID inside the signed package matched the ID of the addon being updated. An attacker that could perform a machine-in-the-middle (MITM) attack could potentially exploit this to provide malicious addon updates. (CVE-2016-9064) A buffer overflow was discovered in nsScriptLoadHandler. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9066) 2 use-after-free bugs were discovered during DOM operations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9067, CVE-2016-9069) A heap use-after-free was discovered during web animations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9068) It was discovered that a page loaded in to the sidebar through a bookmark could reference a privileged chrome window. An attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-9070) An issue was discovered with Content Security Policy (CSP) in combination with HTTP to HTTPS redirection. An attacker could potentially exploit this to verify whether a site is within the user's browsing history. (CVE-2016-9071) An issue was discovered with the windows.create() WebExtensions API. If a user were tricked in to installing a malicious extension, an attacker could potentially exploit this to escape the WebExtensions sandbox. (CVE-2016-9073) It was discovered that WebExtensions can use the mozAddonManager API. An attacker could potentially exploit this to install additional extensions without user permission. (CVE-2016-9075) It was discovered that <select> element dropdown menus can cover location bar content when e10s is enabled. An attacker could potentially exploit this to conduct UI spoofing attacks. (CVE-2016-9076) It was discovered that canvas allows the use of the feDisplacementMap filter on cross-origin images. An attacker could potentially exploit this to conduct timing attacks. (CVE-2016-9077) Update Instructions: Run `sudo pro fix USN-3124-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-nn - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-nb - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-fa - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-fi - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-fr - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-fy - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-or - 50.0+build2-0ubuntu0.16.04.2 firefox-testsuite - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-oc - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-cs - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-ga - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-gd - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-gn - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-gl - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-gu - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-pa - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-pl - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-cy - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-pt - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-hi - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-ms - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-he - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-hy - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-hr - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-hu - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-it - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-as - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-ar - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-az - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-id - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-mai - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-af - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-is - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-vi - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-an - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-bs - 50.0+build2-0ubuntu0.16.04.2 firefox - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-ro - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-ja - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-ru - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-br - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-zh-hant - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-zh-hans - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-bn - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-be - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-bg - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-sl - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-sk - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-si - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-sw - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-sv - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-sr - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-sq - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-ko - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-kn - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-km - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-kk - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-ka - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-xh - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-ca - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-ku - 50.0+build2-0ubuntu0.16.04.2 firefox-mozsymbols - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-lv - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-lt - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-th - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-hsb - 50.0+build2-0ubuntu0.16.04.2 firefox-dev - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-te - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-cak - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-ta - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-lg - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-tr - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-nso - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-de - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-da - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-uk - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-mr - 50.0+build2-0ubuntu0.16.04.2 firefox-globalmenu - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-uz - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-ml - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-mn - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-mk - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-eu - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-et - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-es - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-csb - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-el - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-eo - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-en - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-zu - 50.0+build2-0ubuntu0.16.04.2 firefox-locale-ast - 50.0+build2-0ubuntu0.16.04.2 No subscription required Medium CVE-2016-5289 CVE-2016-5290 CVE-2016-5291 CVE-2016-5292 CVE-2016-5296 CVE-2016-5297 CVE-2016-9063 CVE-2016-9064 CVE-2016-9066 CVE-2016-9067 CVE-2016-9068 CVE-2016-9069 CVE-2016-9070 CVE-2016-9071 CVE-2016-9073 CVE-2016-9075 CVE-2016-9076 CVE-2016-9077 Ubuntu 16.04 LTS Zhenhao Hong discovered that QEMU incorrectly handled the Virtio module. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. (CVE-2016-5403) Li Qiang discovered that QEMU incorrectly handled VMWARE VMXNET3 network card emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-6833, CVE-2016-6834, CVE-2016-6888) Li Qiang discovered that QEMU incorrectly handled VMWARE VMXNET3 network card emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-6835) Li Qiang discovered that QEMU incorrectly handled VMWARE VMXNET3 network card emulation support. A privileged attacker inside the guest could use this issue to possibly to obtain sensitive host memory. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-6836) Felix Wilhelm discovered that QEMU incorrectly handled Plan 9 File System (9pfs) support. A privileged attacker inside the guest could use this issue to possibly to obtain sensitive host files. (CVE-2016-7116) Li Qiang and Tom Victor discovered that QEMU incorrectly handled VMWARE PVSCSI paravirtual SCSI bus emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7155) Li Qiang discovered that QEMU incorrectly handled VMWARE PVSCSI paravirtual SCSI bus emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7156, CVE-2016-7421) Tom Victor discovered that QEMU incorrectly handled LSI SAS1068 host bus emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.10. (CVE-2016-7157) Hu Chaojian discovered that QEMU incorrectly handled xlnx.xps-ethernetlite emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2016-7161) Qinghao Tang and Li Qiang discovered that QEMU incorrectly handled the VMWare VGA module. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-7170) Qinghao Tang and Zhenhao Hong discovered that QEMU incorrectly handled the Virtio module. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.10. (CVE-2016-7422) Li Qiang discovered that QEMU incorrectly handled LSI SAS1068 host bus emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.10. (CVE-2016-7423) Li Qiang discovered that QEMU incorrectly handled USB xHCI controller emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7466) Li Qiang discovered that QEMU incorrectly handled ColdFire Fast Ethernet Controller emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-7908) Li Qiang discovered that QEMU incorrectly handled AMD PC-Net II emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-7909) Li Qiang discovered that QEMU incorrectly handled the Virtio GPU support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7994) Li Qiang discovered that QEMU incorrectly handled USB EHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. This issue only affected Ubuntu 16.10. (CVE-2016-7995) Li Qiang discovered that QEMU incorrectly handled USB xHCI controller support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-8576) Li Qiang discovered that QEMU incorrectly handled Plan 9 File System (9pfs) support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-8577, CVE-2016-8578) It was discovered that QEMU incorrectly handled Rocker switch emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-8668) It was discovered that QEMU incorrectly handled Intel HDA controller emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. (CVE-2016-8909) Andrew Henderson discovered that QEMU incorrectly handled RTL8139 ethernet controller emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. (CVE-2016-8910) Li Qiang discovered that QEMU incorrectly handled Intel i8255x ethernet controller emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. (CVE-2016-9101) Li Qiang discovered that QEMU incorrectly handled Plan 9 File System (9pfs) support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. (CVE-2016-9102, CVE-2016-9104, CVE-2016-9105) Li Qiang discovered that QEMU incorrectly handled Plan 9 File System (9pfs) support. A privileged attacker inside the guest could use this issue to possibly to obtain sensitive host memory. (CVE-2016-9103) Li Qiang discovered that QEMU incorrectly handled Plan 9 File System (9pfs) support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9106) Update Instructions: Run `sudo pro fix USN-3125-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.5+dfsg-5ubuntu10.6 qemu-user-static - 1:2.5+dfsg-5ubuntu10.6 qemu-system-s390x - 1:2.5+dfsg-5ubuntu10.6 qemu-block-extra - 1:2.5+dfsg-5ubuntu10.6 qemu-kvm - 1:2.5+dfsg-5ubuntu10.6 qemu-user - 1:2.5+dfsg-5ubuntu10.6 qemu-guest-agent - 1:2.5+dfsg-5ubuntu10.6 qemu-system - 1:2.5+dfsg-5ubuntu10.6 qemu-utils - 1:2.5+dfsg-5ubuntu10.6 qemu-system-aarch64 - 1:2.5+dfsg-5ubuntu10.6 qemu-system-mips - 1:2.5+dfsg-5ubuntu10.6 qemu-user-binfmt - 1:2.5+dfsg-5ubuntu10.6 qemu-system-x86 - 1:2.5+dfsg-5ubuntu10.6 qemu-system-arm - 1:2.5+dfsg-5ubuntu10.6 qemu-system-sparc - 1:2.5+dfsg-5ubuntu10.6 qemu - 1:2.5+dfsg-5ubuntu10.6 qemu-system-ppc - 1:2.5+dfsg-5ubuntu10.6 qemu-system-misc - 1:2.5+dfsg-5ubuntu10.6 No subscription required Medium CVE-2016-5403 CVE-2016-6833 CVE-2016-6834 CVE-2016-6835 CVE-2016-6836 CVE-2016-6888 CVE-2016-7116 CVE-2016-7155 CVE-2016-7156 CVE-2016-7157 CVE-2016-7161 CVE-2016-7170 CVE-2016-7421 CVE-2016-7422 CVE-2016-7423 CVE-2016-7466 CVE-2016-7908 CVE-2016-7909 CVE-2016-7994 CVE-2016-7995 CVE-2016-8576 CVE-2016-8577 CVE-2016-8578 CVE-2016-8668 CVE-2016-8909 CVE-2016-8910 CVE-2016-9101 CVE-2016-9102 CVE-2016-9103 CVE-2016-9104 CVE-2016-9105 CVE-2016-9106 Ubuntu 16.04 LTS Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service (system crash). Update Instructions: Run `sudo pro fix USN-3128-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-47-powerpc64-emb - 4.4.0-47.68 linux-image-extra-4.4.0-47-generic - 4.4.0-47.68 linux-image-4.4.0-47-lowlatency - 4.4.0-47.68 linux-image-4.4.0-47-powerpc64-smp - 4.4.0-47.68 linux-image-4.4.0-47-generic - 4.4.0-47.68 linux-image-4.4.0-47-powerpc-smp - 4.4.0-47.68 linux-image-4.4.0-47-generic-lpae - 4.4.0-47.68 linux-image-4.4.0-47-powerpc-e500mc - 4.4.0-47.68 No subscription required Medium CVE-2016-7042 Ubuntu 16.04 LTS Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service (system crash). Update Instructions: Run `sudo pro fix USN-3128-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1035-snapdragon - 4.4.0-1035.39 No subscription required Medium CVE-2016-7042 Ubuntu 16.04 LTS It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-3131-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.8.9.9-7ubuntu5.2 libmagickcore-6.q16-dev - 8:6.8.9.9-7ubuntu5.2 libmagickcore-dev - 8:6.8.9.9-7ubuntu5.2 imagemagick - 8:6.8.9.9-7ubuntu5.2 imagemagick-doc - 8:6.8.9.9-7ubuntu5.2 libmagickwand-dev - 8:6.8.9.9-7ubuntu5.2 libmagickwand-6.q16-dev - 8:6.8.9.9-7ubuntu5.2 libmagick++-6-headers - 8:6.8.9.9-7ubuntu5.2 libimage-magick-q16-perl - 8:6.8.9.9-7ubuntu5.2 libimage-magick-perl - 8:6.8.9.9-7ubuntu5.2 libmagick++-dev - 8:6.8.9.9-7ubuntu5.2 imagemagick-6.q16 - 8:6.8.9.9-7ubuntu5.2 libmagick++-6.q16-5v5 - 8:6.8.9.9-7ubuntu5.2 perlmagick - 8:6.8.9.9-7ubuntu5.2 libmagickwand-6.q16-2 - 8:6.8.9.9-7ubuntu5.2 libmagickcore-6-arch-config - 8:6.8.9.9-7ubuntu5.2 libmagick++-6.q16-dev - 8:6.8.9.9-7ubuntu5.2 libmagickcore-6.q16-2-extra - 8:6.8.9.9-7ubuntu5.2 libmagickcore-6-headers - 8:6.8.9.9-7ubuntu5.2 libmagickwand-6-headers - 8:6.8.9.9-7ubuntu5.2 libmagickcore-6.q16-2 - 8:6.8.9.9-7ubuntu5.2 No subscription required Medium CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716 CVE-2014-9805 CVE-2014-9806 CVE-2014-9807 CVE-2014-9808 CVE-2014-9809 CVE-2014-9810 CVE-2014-9811 CVE-2014-9812 CVE-2014-9813 CVE-2014-9814 CVE-2014-9815 CVE-2014-9816 CVE-2014-9817 CVE-2014-9818 CVE-2014-9819 CVE-2014-9820 CVE-2014-9821 CVE-2014-9822 CVE-2014-9823 CVE-2014-9826 CVE-2014-9828 CVE-2014-9829 CVE-2014-9830 CVE-2014-9831 CVE-2014-9833 CVE-2014-9834 CVE-2014-9835 CVE-2014-9836 CVE-2014-9837 CVE-2014-9838 CVE-2014-9839 CVE-2014-9840 CVE-2014-9841 CVE-2014-9843 CVE-2014-9844 CVE-2014-9845 CVE-2014-9846 CVE-2014-9847 CVE-2014-9848 CVE-2014-9849 CVE-2014-9850 CVE-2014-9851 CVE-2014-9853 CVE-2014-9854 CVE-2014-9907 CVE-2015-8894 CVE-2015-8895 CVE-2015-8896 CVE-2015-8897 CVE-2015-8898 CVE-2015-8900 CVE-2015-8901 CVE-2015-8902 CVE-2015-8903 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-4562 CVE-2016-4563 CVE-2016-4564 CVE-2016-5010 CVE-2016-5687 CVE-2016-5688 CVE-2016-5689 CVE-2016-5690 CVE-2016-5691 CVE-2016-5841 CVE-2016-5842 CVE-2016-6491 CVE-2016-6823 CVE-2016-7101 CVE-2016-7513 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7520 CVE-2016-7521 CVE-2016-7522 CVE-2016-7523 CVE-2016-7524 CVE-2016-7525 CVE-2016-7526 CVE-2016-7527 CVE-2016-7528 CVE-2016-7529 CVE-2016-7530 CVE-2016-7531 CVE-2016-7532 CVE-2016-7533 CVE-2016-7534 CVE-2016-7535 CVE-2016-7536 CVE-2016-7537 CVE-2016-7538 CVE-2016-7539 CVE-2016-7540 Ubuntu 16.04 LTS Harry Sintonen discovered that tar incorrectly handled extracting files when path names are specified on the command line. If a user or automated system were tricked into processing a specially crafted archive, an attacker could possibly overwrite arbitrary files. Update Instructions: Run `sudo pro fix USN-3132-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tar-scripts - 1.28-2.1ubuntu0.1 tar - 1.28-2.1ubuntu0.1 No subscription required Medium CVE-2016-6321 Ubuntu 16.04 LTS Multiple security vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5198, CVE-2016-5200, CVE-2016-5202) A heap-corruption issue was discovered in FFmpeg. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5199) Update Instructions: Run `sudo pro fix USN-3133-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.18.5-0ubuntu0.16.04.1 liboxideqt-qmlplugin - 1.18.5-0ubuntu0.16.04.1 liboxideqtquick-dev - 1.18.5-0ubuntu0.16.04.1 oxideqt-codecs-extra - 1.18.5-0ubuntu0.16.04.1 liboxideqtcore-dev - 1.18.5-0ubuntu0.16.04.1 oxideqt-codecs - 1.18.5-0ubuntu0.16.04.1 liboxideqtquick0 - 1.18.5-0ubuntu0.16.04.1 No subscription required Medium CVE-2016-5198 CVE-2016-5199 CVE-2016-5200 CVE-2016-5202 Ubuntu 16.04 LTS It was discovered that the smtplib library in Python did not return an error when StartTLS fails. A remote attacker could possibly use this to expose sensitive information. (CVE-2016-0772) Rémi Rampin discovered that Python would not protect CGI applications from contents of the HTTP_PROXY environment variable when based on the contents of the Proxy header from HTTP requests. A remote attacker could possibly use this to cause a CGI application to redirect outgoing HTTP requests. (CVE-2016-1000110) Insu Yun discovered an integer overflow in the zipimporter module in Python that could lead to a heap-based overflow. An attacker could use this to craft a special zip file that when read by Python could possibly execute arbitrary code. (CVE-2016-5636) Guido Vranken discovered that the urllib modules in Python did not properly handle carriage return line feed (CRLF) in headers. A remote attacker could use this to craft URLs that inject arbitrary HTTP headers. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5699) Update Instructions: Run `sudo pro fix USN-3134-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python2.7-dev - 2.7.12-1ubuntu0~16.04.1 python2.7-doc - 2.7.12-1ubuntu0~16.04.1 libpython2.7-stdlib - 2.7.12-1ubuntu0~16.04.1 libpython2.7-minimal - 2.7.12-1ubuntu0~16.04.1 libpython2.7 - 2.7.12-1ubuntu0~16.04.1 libpython2.7-testsuite - 2.7.12-1ubuntu0~16.04.1 python2.7 - 2.7.12-1ubuntu0~16.04.1 idle-python2.7 - 2.7.12-1ubuntu0~16.04.1 python2.7-examples - 2.7.12-1ubuntu0~16.04.1 libpython2.7-dev - 2.7.12-1ubuntu0~16.04.1 python2.7-minimal - 2.7.12-1ubuntu0~16.04.1 No subscription required libpython3.5-stdlib - 3.5.2-2ubuntu0~16.04.1 python3.5-venv - 3.5.2-2ubuntu0~16.04.1 python3.5-doc - 3.5.2-2ubuntu0~16.04.1 python3.5-dev - 3.5.2-2ubuntu0~16.04.1 libpython3.5-dev - 3.5.2-2ubuntu0~16.04.1 libpython3.5-minimal - 3.5.2-2ubuntu0~16.04.1 python3.5 - 3.5.2-2ubuntu0~16.04.1 idle-python3.5 - 3.5.2-2ubuntu0~16.04.1 libpython3.5-testsuite - 3.5.2-2ubuntu0~16.04.1 python3.5-examples - 3.5.2-2ubuntu0~16.04.1 python3.5-minimal - 3.5.2-2ubuntu0~16.04.1 libpython3.5 - 3.5.2-2ubuntu0~16.04.1 No subscription required Medium CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 Ubuntu 16.04 LTS Chris Evans discovered that GStreamer Good Plugins did not correctly handle malformed FLC movie files. If a user were tricked into opening a crafted FLC movie file with a GStreamer application, an attacker could cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-3135-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gstreamer1.0-plugins-good - 1.8.2-1ubuntu0.2 gstreamer1.0-pulseaudio - 1.8.2-1ubuntu0.2 gstreamer1.0-plugins-good-doc - 1.8.2-1ubuntu0.2 libgstreamer-plugins-good1.0-0 - 1.8.2-1ubuntu0.2 libgstreamer-plugins-good1.0-dev - 1.8.2-1ubuntu0.2 No subscription required None https://launchpad.net/bugs/1643901 Ubuntu 16.04 LTS USN-3135-1 fixed a vulnerability in GStreamer Good Plugins. The original security fix was incomplete. This update fixes the problem. Original advisory details: Chris Evans discovered that GStreamer Good Plugins did not correctly handle malformed FLC movie files. If a user were tricked into opening a crafted FLC movie file with a GStreamer application, an attacker could cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-3135-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gstreamer1.0-plugins-good - 1.8.2-1ubuntu0.3 gstreamer1.0-pulseaudio - 1.8.2-1ubuntu0.3 gstreamer1.0-plugins-good-doc - 1.8.2-1ubuntu0.3 libgstreamer-plugins-good1.0-0 - 1.8.2-1ubuntu0.3 libgstreamer-plugins-good1.0-dev - 1.8.2-1ubuntu0.3 No subscription required None https://launchpad.net/bugs/1643901 Ubuntu 16.04 LTS Roman Fiedler discovered a directory traversal flaw in lxc-attach. An attacker with access to an LXC container could exploit this flaw to access files outside of the container. Update Instructions: Run `sudo pro fix USN-3136-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lxc-common - 2.0.5-0ubuntu1~ubuntu16.04.3 lxc-dev - 2.0.5-0ubuntu1~ubuntu16.04.3 liblxc1 - 2.0.5-0ubuntu1~ubuntu16.04.3 lua-lxc - 2.0.5-0ubuntu1~ubuntu16.04.3 lxc-templates - 2.0.5-0ubuntu1~ubuntu16.04.3 python3-lxc - 2.0.5-0ubuntu1~ubuntu16.04.3 lxc1 - 2.0.5-0ubuntu1~ubuntu16.04.3 lxc - 2.0.5-0ubuntu1~ubuntu16.04.3 lxc-tests - 2.0.5-0ubuntu1~ubuntu16.04.3 No subscription required Medium CVE-2016-8649 Ubuntu 16.04 LTS It was discovered that MoinMoin did not properly sanitize certain inputs, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Update Instructions: Run `sudo pro fix USN-3137-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-moinmoin - 1.9.8-1ubuntu1.16.04.1 No subscription required Medium CVE-2016-7146 CVE-2016-7148 CVE-2016-9119 Ubuntu 16.04 LTS Markus Döring discovered that python-cryptography incorrectly handled certain HKDF lengths. This could result in python-cryptography returning an empty string instead of the expected derived key. Update Instructions: Run `sudo pro fix USN-3138-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-cryptography - 1.2.3-1ubuntu0.1 python-cryptography - 1.2.3-1ubuntu0.1 python-cryptography-doc - 1.2.3-1ubuntu0.1 No subscription required Medium CVE-2016-9243 Ubuntu 16.04 LTS Florian Larysch discovered that the Vim text editor did not properly validate values for the 'filetype', 'syntax', and 'keymap' options. An attacker could trick a user into opening a file with specially crafted modelines and possibly execute arbitrary code with the user's privileges. Update Instructions: Run `sudo pro fix USN-3139-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:7.4.1689-3ubuntu1.2 vim-nox-py2 - 2:7.4.1689-3ubuntu1.2 vim-gnome - 2:7.4.1689-3ubuntu1.2 vim-athena-py2 - 2:7.4.1689-3ubuntu1.2 vim-athena - 2:7.4.1689-3ubuntu1.2 vim-gtk - 2:7.4.1689-3ubuntu1.2 vim-gui-common - 2:7.4.1689-3ubuntu1.2 vim - 2:7.4.1689-3ubuntu1.2 vim-gtk3-py2 - 2:7.4.1689-3ubuntu1.2 vim-doc - 2:7.4.1689-3ubuntu1.2 vim-gtk-py2 - 2:7.4.1689-3ubuntu1.2 vim-tiny - 2:7.4.1689-3ubuntu1.2 vim-gnome-py2 - 2:7.4.1689-3ubuntu1.2 vim-gtk3 - 2:7.4.1689-3ubuntu1.2 vim-nox - 2:7.4.1689-3ubuntu1.2 vim-runtime - 2:7.4.1689-3ubuntu1.2 No subscription required Medium CVE-2016-1248 Ubuntu 16.04 LTS It was discovered that data: URLs can inherit the wrong origin after a HTTP redirect in some circumstances. An attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2016-9078) A use-after-free was discovered in SVG animations. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9079) Update Instructions: Run `sudo pro fix USN-3140-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nn - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nb - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fa - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fi - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fr - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fy - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-or - 50.0.2+build1-0ubuntu0.16.04.1 firefox-testsuite - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-oc - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cs - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ga - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gd - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gn - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gl - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gu - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pa - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pl - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cy - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pt - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hi - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ms - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-he - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hy - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hr - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hu - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-it - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-as - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ar - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-az - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-id - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mai - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-af - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-is - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-vi - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-an - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bs - 50.0.2+build1-0ubuntu0.16.04.1 firefox - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ro - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ja - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ru - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-br - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zh-hant - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zh-hans - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bn - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-be - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bg - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sl - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sk - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-si - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sw - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sv - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sr - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sq - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ko - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kn - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-km - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kk - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ka - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-xh - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ca - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ku - 50.0.2+build1-0ubuntu0.16.04.1 firefox-mozsymbols - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lv - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lt - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-th - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hsb - 50.0.2+build1-0ubuntu0.16.04.1 firefox-dev - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-te - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cak - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ta - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lg - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-tr - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nso - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-de - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-da - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-uk - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mr - 50.0.2+build1-0ubuntu0.16.04.1 firefox-globalmenu - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-uz - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ml - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mn - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mk - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-eu - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-et - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-es - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-csb - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-el - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-eo - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-en - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zu - 50.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ast - 50.0.2+build1-0ubuntu0.16.04.1 No subscription required Medium CVE-2016-9078 CVE-2016-9079 Ubuntu 16.04 LTS Christian Holler, Jon Coppeard, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5290) A same-origin policy bypass was discovered with local HTML files in some circumstances. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5291) A heap buffer-overflow was discovered in Cairo when processing SVG content. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5296) An error was discovered in argument length checking in Javascript. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5297) A buffer overflow was discovered in nsScriptLoadHandler. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9066) A use-after-free was discovered in SVG animations. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9079) Update Instructions: Run `sudo pro fix USN-3141-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-bn - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-fr - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-en-us - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-es-es - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-nb-no - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-br - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-dsb - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-fy - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-vi - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-mk - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-bn-bd - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-hu - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-es-ar - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-be - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-bg - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ja - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-lt - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-sl - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-en-gb - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-cy - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-si - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-gnome-support - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-hr - 1:45.5.1+build1-0ubuntu0.16.04.1 xul-ext-calendar-timezones - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-de - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-en - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-da - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-nl - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-nn - 1:45.5.1+build1-0ubuntu0.16.04.1 xul-ext-lightning - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ga-ie - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-fy-nl - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-sv - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-pa-in - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-sr - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-sq - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-he - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-hsb - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ar - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-uk - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-globalmenu - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-cn - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ta-lk - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ru - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-cs - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-mozsymbols - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-fi - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-testsuite - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ro - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-af - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-pt-pt - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-sk - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-dev - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-hy - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ca - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-sv-se - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-pt-br - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-el - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-pa - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-rm - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ka - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-nn-no - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ko - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ga - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ast - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-tr - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-it - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-pl - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-gd - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-tw - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-id - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-gl - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-nb - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-pt - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-eu - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-et - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-hant - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-hans - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-is - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-es - 1:45.5.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ta - 1:45.5.1+build1-0ubuntu0.16.04.1 No subscription required Medium CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297 CVE-2016-9066 CVE-2016-9079 Ubuntu 16.04 LTS It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-3142-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.8.9.9-7ubuntu5.3 libmagickcore-6.q16-dev - 8:6.8.9.9-7ubuntu5.3 libmagickcore-dev - 8:6.8.9.9-7ubuntu5.3 imagemagick - 8:6.8.9.9-7ubuntu5.3 imagemagick-doc - 8:6.8.9.9-7ubuntu5.3 libmagickwand-dev - 8:6.8.9.9-7ubuntu5.3 libmagickwand-6.q16-dev - 8:6.8.9.9-7ubuntu5.3 libmagick++-6-headers - 8:6.8.9.9-7ubuntu5.3 libimage-magick-q16-perl - 8:6.8.9.9-7ubuntu5.3 libimage-magick-perl - 8:6.8.9.9-7ubuntu5.3 libmagick++-dev - 8:6.8.9.9-7ubuntu5.3 imagemagick-6.q16 - 8:6.8.9.9-7ubuntu5.3 libmagick++-6.q16-5v5 - 8:6.8.9.9-7ubuntu5.3 perlmagick - 8:6.8.9.9-7ubuntu5.3 libmagickwand-6.q16-2 - 8:6.8.9.9-7ubuntu5.3 libmagickcore-6-arch-config - 8:6.8.9.9-7ubuntu5.3 libmagick++-6.q16-dev - 8:6.8.9.9-7ubuntu5.3 libmagickcore-6.q16-2-extra - 8:6.8.9.9-7ubuntu5.3 libmagickcore-6-headers - 8:6.8.9.9-7ubuntu5.3 libmagickwand-6-headers - 8:6.8.9.9-7ubuntu5.3 libmagickcore-6.q16-2 - 8:6.8.9.9-7ubuntu5.3 No subscription required Medium CVE-2016-7799 CVE-2016-7906 CVE-2016-8677 CVE-2016-8862 CVE-2016-9556 Ubuntu 16.04 LTS USN-3142-1 fixed vulnerabilities in ImageMagick. The security fixes introduced a regression with text labels and a regression with the text coder. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-3142-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.8.9.9-7ubuntu5.4 libmagickcore-6.q16-dev - 8:6.8.9.9-7ubuntu5.4 libmagickcore-dev - 8:6.8.9.9-7ubuntu5.4 imagemagick - 8:6.8.9.9-7ubuntu5.4 imagemagick-doc - 8:6.8.9.9-7ubuntu5.4 libmagickwand-dev - 8:6.8.9.9-7ubuntu5.4 libmagickwand-6.q16-dev - 8:6.8.9.9-7ubuntu5.4 libmagick++-6-headers - 8:6.8.9.9-7ubuntu5.4 libimage-magick-q16-perl - 8:6.8.9.9-7ubuntu5.4 libimage-magick-perl - 8:6.8.9.9-7ubuntu5.4 libmagick++-dev - 8:6.8.9.9-7ubuntu5.4 imagemagick-6.q16 - 8:6.8.9.9-7ubuntu5.4 libmagick++-6.q16-5v5 - 8:6.8.9.9-7ubuntu5.4 perlmagick - 8:6.8.9.9-7ubuntu5.4 libmagickwand-6.q16-2 - 8:6.8.9.9-7ubuntu5.4 libmagickcore-6-arch-config - 8:6.8.9.9-7ubuntu5.4 libmagick++-6.q16-dev - 8:6.8.9.9-7ubuntu5.4 libmagickcore-6.q16-2-extra - 8:6.8.9.9-7ubuntu5.4 libmagickcore-6-headers - 8:6.8.9.9-7ubuntu5.4 libmagickwand-6-headers - 8:6.8.9.9-7ubuntu5.4 libmagickcore-6.q16-2 - 8:6.8.9.9-7ubuntu5.4 No subscription required None https://launchpad.net/bugs/1589580 https://launchpad.net/bugs/1646485 Ubuntu 16.04 LTS Gzob Qq discovered that c-ares incorrectly handled certain hostnames. A remote attacker could use this issue to cause applications using c-ares to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3143-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc-ares2 - 1.10.0-3ubuntu0.1 libc-ares-dev - 1.10.0-3ubuntu0.1 No subscription required Medium CVE-2016-5180 Ubuntu 16.04 LTS It was discovered that the __get_user_asm_ex implementation in the Linux kernel for x86/x86_64 contained extended asm statements that were incompatible with the exception table. A local attacker could use this to gain administrative privileges. (CVE-2016-9644) Andreas Gruenbacher and Jan Kara discovered that the filesystem implementation in the Linux kernel did not clear the setgid bit during a setxattr call. A local attacker could use this to possibly elevate group privileges. (CVE-2016-7097) Marco Grassi discovered that the driver for Areca RAID Controllers in the Linux kernel did not properly validate control messages. A local attacker could use this to cause a denial of service (system crash) or possibly gain privileges. (CVE-2016-7425) Daxing Guo discovered a stack-based buffer overflow in the Broadcom IEEE802.11n FullMAC driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain privileges. (CVE-2016-8658) Update Instructions: Run `sudo pro fix USN-3146-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-51-powerpc64-smp - 4.4.0-51.72 linux-image-4.4.0-51-lowlatency - 4.4.0-51.72 linux-image-4.4.0-51-generic - 4.4.0-51.72 linux-image-4.4.0-51-powerpc-e500mc - 4.4.0-51.72 linux-image-4.4.0-51-powerpc64-emb - 4.4.0-51.72 linux-image-4.4.0-51-powerpc-smp - 4.4.0-51.72 linux-image-extra-4.4.0-51-generic - 4.4.0-51.72 linux-image-4.4.0-51-generic-lpae - 4.4.0-51.72 No subscription required Medium CVE-2016-7097 CVE-2016-7425 CVE-2016-8658 CVE-2016-9644 Ubuntu 16.04 LTS Tavis Ormandy discovered multiple vulnerabilities in the way that Ghostscript processes certain Postscript files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause a denial of service or possibly execute arbitrary code. (CVE-2016-7976, CVE-2016-7978, CVE-2016-7979, CVE-2016-8602) Multiple vulnerabilities were discovered in Ghostscript related to information disclosure. If a user or automated system were tricked into opening a specially crafted file, an attacker could expose sensitive data. (CVE-2013-5653, CVE-2016-7977) Update Instructions: Run `sudo pro fix USN-3148-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.18~dfsg~0-0ubuntu2.2 ghostscript-x - 9.18~dfsg~0-0ubuntu2.2 libgs-dev - 9.18~dfsg~0-0ubuntu2.2 ghostscript-doc - 9.18~dfsg~0-0ubuntu2.2 libgs9 - 9.18~dfsg~0-0ubuntu2.2 libgs9-common - 9.18~dfsg~0-0ubuntu2.2 No subscription required Medium CVE-2013-5653 CVE-2016-7976 CVE-2016-7977 CVE-2016-7978 CVE-2016-7979 CVE-2016-8602 Ubuntu 16.04 LTS Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges. Update Instructions: Run `sudo pro fix USN-3151-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-53-generic - 4.4.0-53.74 linux-image-4.4.0-53-generic-lpae - 4.4.0-53.74 linux-image-extra-4.4.0-53-generic - 4.4.0-53.74 linux-image-4.4.0-53-lowlatency - 4.4.0-53.74 linux-image-4.4.0-53-powerpc-smp - 4.4.0-53.74 linux-image-4.4.0-53-powerpc64-emb - 4.4.0-53.74 linux-image-4.4.0-53-powerpc64-smp - 4.4.0-53.74 linux-image-4.4.0-53-powerpc-e500mc - 4.4.0-53.74 No subscription required High CVE-2016-8655 Ubuntu 16.04 LTS Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges. Update Instructions: Run `sudo pro fix USN-3151-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1039-snapdragon - 4.4.0-1039.43 No subscription required High CVE-2016-8655 Ubuntu 16.04 LTS Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges. Update Instructions: Run `sudo pro fix USN-3151-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1034-raspi2 - 4.4.0-1034.41 No subscription required High CVE-2016-8655 Ubuntu 16.04 LTS Multiple vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting (XSS) attacks, read uninitialized memory, obtain sensitive information, spoof the webview URL, bypass same origin restrictions, cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5204, CVE-2016-5205, CVE-2016-5207, CVE-2016-5208, CVE-2016-5209, CVE-2016-5212, CVE-2016-5215, CVE-2016-5222, CVE-2016-5224, CVE-2016-5225, CVE-2016-5226, CVE-2016-9650, CVE-2016-9652) Multiple vulnerabilities were discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5213, CVE-2016-5219, CVE-2016-9651) An integer overflow was discovered in ANGLE. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5221) Update Instructions: Run `sudo pro fix USN-3153-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.19.4-0ubuntu0.16.04.1 liboxideqt-qmlplugin - 1.19.4-0ubuntu0.16.04.1 liboxideqtquick-dev - 1.19.4-0ubuntu0.16.04.1 oxideqt-codecs-extra - 1.19.4-0ubuntu0.16.04.1 liboxideqtcore-dev - 1.19.4-0ubuntu0.16.04.1 oxideqt-doc - 1.19.4-0ubuntu0.16.04.1 oxideqt-codecs - 1.19.4-0ubuntu0.16.04.1 liboxideqtquick0 - 1.19.4-0ubuntu0.16.04.1 No subscription required Medium CVE-2016-5204 CVE-2016-5205 CVE-2016-5207 CVE-2016-5208 CVE-2016-5209 CVE-2016-5212 CVE-2016-5213 CVE-2016-5215 CVE-2016-5219 CVE-2016-5221 CVE-2016-5222 CVE-2016-5224 CVE-2016-5225 CVE-2016-5226 CVE-2016-9650 CVE-2016-9651 CVE-2016-9652 Ubuntu 16.04 LTS Multiple security vulnerabilities were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting (XSS) attacks, obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9080, CVE-2016-9893, CVE-2016-9894, CVE-2016-9895, CVE-2016-9896, CVE-2016-9897, CVE-2016-9898, CVE-2016-9899, CVE-2016-9900, CVE-2016-9901, CVE-2016-9902, CVE-2016-9903, CVE-2016-9904) Update Instructions: Run `sudo pro fix USN-3155-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-nn - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-nb - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-fa - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-fi - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-fr - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-fy - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-or - 50.1.0+build2-0ubuntu0.16.04.1 firefox-testsuite - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-oc - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-cs - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-ga - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-gd - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-gn - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-gl - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-gu - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-pa - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-pl - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-cy - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-pt - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-hi - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-ms - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-he - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-hy - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-hr - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-hu - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-it - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-as - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-ar - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-az - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-id - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-mai - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-af - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-is - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-vi - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-an - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-bs - 50.1.0+build2-0ubuntu0.16.04.1 firefox - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-ro - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-ja - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-ru - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-br - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-zh-hant - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-zh-hans - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-bn - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-be - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-bg - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-sl - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-sk - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-si - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-sw - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-sv - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-sr - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-sq - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-ko - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-kn - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-km - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-kk - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-ka - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-xh - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-ca - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-ku - 50.1.0+build2-0ubuntu0.16.04.1 firefox-mozsymbols - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-lv - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-lt - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-th - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-hsb - 50.1.0+build2-0ubuntu0.16.04.1 firefox-dev - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-te - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-cak - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-ta - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-lg - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-tr - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-nso - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-de - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-da - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-uk - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-mr - 50.1.0+build2-0ubuntu0.16.04.1 firefox-globalmenu - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-uz - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-ml - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-mn - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-mk - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-eu - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-et - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-es - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-csb - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-el - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-eo - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-en - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-zu - 50.1.0+build2-0ubuntu0.16.04.1 firefox-locale-ast - 50.1.0+build2-0ubuntu0.16.04.1 No subscription required Medium CVE-2016-9080 CVE-2016-9893 CVE-2016-9894 CVE-2016-9895 CVE-2016-9896 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9901 CVE-2016-9902 CVE-2016-9903 CVE-2016-9904 Ubuntu 16.04 LTS Jann Horn discovered that APT incorrectly handled InRelease files. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be used to install altered packages. Update Instructions: Run `sudo pro fix USN-3156-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apt-doc - 1.2.15ubuntu0.2 apt-transport-https - 1.2.15ubuntu0.2 libapt-pkg5.0 - 1.2.15ubuntu0.2 libapt-pkg-doc - 1.2.15ubuntu0.2 apt - 1.2.15ubuntu0.2 apt-utils - 1.2.15ubuntu0.2 libapt-inst2.0 - 1.2.15ubuntu0.2 libapt-pkg-dev - 1.2.15ubuntu0.2 No subscription required High CVE-2016-1252 Ubuntu 16.04 LTS Donncha O Cearbhaill discovered that the crash file parser in Apport improperly treated the CrashDB field as python code. An attacker could use this to convince a user to open a maliciously crafted crash file and execute arbitrary code with the privileges of that user. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-9949) Donncha O Cearbhaill discovered that Apport did not properly sanitize the Package and SourcePackage fields in crash files before processing package specific hooks. An attacker could use this to convince a user to open a maliciously crafted crash file and execute arbitrary code with the privileges of that user. (CVE-2016-9950) Donncha O Cearbhaill discovered that Apport would offer to restart an application based on the contents of the RespawnCommand or ProcCmdline fields in a crash file. An attacker could use this to convince a user to open a maliciously crafted crash file and execute arbitrary code with the privileges of that user. (CVE-2016-9951) Update Instructions: Run `sudo pro fix USN-3157-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.20.1-0ubuntu2.4 python3-problem-report - 2.20.1-0ubuntu2.4 apport-kde - 2.20.1-0ubuntu2.4 apport-retrace - 2.20.1-0ubuntu2.4 apport-valgrind - 2.20.1-0ubuntu2.4 python3-apport - 2.20.1-0ubuntu2.4 dh-apport - 2.20.1-0ubuntu2.4 apport-gtk - 2.20.1-0ubuntu2.4 apport - 2.20.1-0ubuntu2.4 python-problem-report - 2.20.1-0ubuntu2.4 apport-noui - 2.20.1-0ubuntu2.4 No subscription required Medium CVE-2016-9949 CVE-2016-9950 CVE-2016-9951 Ubuntu 16.04 LTS Frederic Besler and others discovered that the ndr_pull_dnsp_nam function in Samba contained an integer overflow. An authenticated attacker could use this to gain administrative privileges. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-2123) Simo Sorce discovered that that Samba clients always requested a forwardable ticket when using Kerberos authentication. An attacker could use this to impersonate an authenticated user or service. (CVE-2016-2125) Volker Lendecke discovered that Kerberos PAC validation implementation in Samba contained multiple vulnerabilities. An authenticated attacker could use this to cause a denial of service or gain administrative privileges. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-2126) Update Instructions: Run `sudo pro fix USN-3158-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.16.04.3 samba - 2:4.3.11+dfsg-0ubuntu0.16.04.3 libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.3 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.3 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.3 smbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.3 python-samba - 2:4.3.11+dfsg-0ubuntu0.16.04.3 winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.3 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.16.04.3 samba-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.3 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.16.04.3 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.16.04.3 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.3 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.3 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.3 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.3 samba-common - 2:4.3.11+dfsg-0ubuntu0.16.04.3 registry-tools - 2:4.3.11+dfsg-0ubuntu0.16.04.3 samba-libs - 2:4.3.11+dfsg-0ubuntu0.16.04.3 ctdb - 2:4.3.11+dfsg-0ubuntu0.16.04.3 No subscription required High CVE-2016-2123 CVE-2016-2125 CVE-2016-2126 Ubuntu 16.04 LTS Tilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2015-8964) It was discovered that the Video For Linux Two (v4l2) implementation in the Linux kernel did not properly handle multiple planes when processing a VIDIOC_DQBUF ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-4568) CAI Qian discovered that shared bind mounts in a mount namespace exponentially added entries without restriction to the Linux kernel's mount table. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6213) It was discovered that the KVM implementation for x86/x86_64 in the Linux kernel could dereference a null pointer. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the KVM host. (CVE-2016-8630) Eyal Itkin discovered that the IP over IEEE 1394 (FireWire) implementation in the Linux kernel contained a buffer overflow when handling fragmented packets. A remote attacker could use this to possibly execute arbitrary code with administrative privileges. (CVE-2016-8633) Marco Grassi discovered that the TCP implementation in the Linux kernel mishandles socket buffer (skb) truncation. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-8645) Andrey Konovalov discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. A remote attacker could use this to cause a denial of service (system crash). (CVE-2016-9555) Update Instructions: Run `sudo pro fix USN-3161-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-57-powerpc64-emb - 4.4.0-57.78 linux-image-4.4.0-57-powerpc-e500mc - 4.4.0-57.78 linux-image-4.4.0-57-generic - 4.4.0-57.78 linux-image-4.4.0-57-powerpc64-smp - 4.4.0-57.78 linux-image-4.4.0-57-generic-lpae - 4.4.0-57.78 linux-image-extra-4.4.0-57-generic - 4.4.0-57.78 linux-image-4.4.0-57-lowlatency - 4.4.0-57.78 linux-image-4.4.0-57-powerpc-smp - 4.4.0-57.78 No subscription required Medium CVE-2015-8964 CVE-2016-4568 CVE-2016-6213 CVE-2016-8630 CVE-2016-8633 CVE-2016-8645 CVE-2016-9555 Ubuntu 16.04 LTS Tilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2015-8964) It was discovered that the Video For Linux Two (v4l2) implementation in the Linux kernel did not properly handle multiple planes when processing a VIDIOC_DQBUF ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-4568) CAI Qian discovered that shared bind mounts in a mount namespace exponentially added entries without restriction to the Linux kernel's mount table. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6213) Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-7042) Andreas Gruenbacher and Jan Kara discovered that the filesystem implementation in the Linux kernel did not clear the setgid bit during a setxattr call. A local attacker could use this to possibly elevate group privileges. (CVE-2016-7097) Marco Grassi discovered that the driver for Areca RAID Controllers in the Linux kernel did not properly validate control messages. A local attacker could use this to cause a denial of service (system crash) or possibly gain privileges. (CVE-2016-7425) It was discovered that the KVM implementation for x86/x86_64 in the Linux kernel could dereference a null pointer. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the KVM host. (CVE-2016-8630) Eyal Itkin discovered that the IP over IEEE 1394 (FireWire) implementation in the Linux kernel contained a buffer overflow when handling fragmented packets. A remote attacker could use this to possibly execute arbitrary code with administrative privileges. (CVE-2016-8633) Marco Grassi discovered that the TCP implementation in the Linux kernel mishandles socket buffer (skb) truncation. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-8645) Daxing Guo discovered a stack-based buffer overflow in the Broadcom IEEE802.11n FullMAC driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain privileges. (CVE-2016-8658) It was discovered that an information leak existed in __get_user_asm_ex() in the Linux kernel. A local attacker could use this to expose sensitive information. (CVE-2016-9178) Andrey Konovalov discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. A remote attacker could use this to cause a denial of service (system crash). (CVE-2016-9555) Update Instructions: Run `sudo pro fix USN-3161-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1038-raspi2 - 4.4.0-1038.45 No subscription required Medium CVE-2015-8964 CVE-2016-4568 CVE-2016-6213 CVE-2016-7042 CVE-2016-7097 CVE-2016-7425 CVE-2016-8630 CVE-2016-8633 CVE-2016-8645 CVE-2016-8658 CVE-2016-9178 CVE-2016-9555 Ubuntu 16.04 LTS Tilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2015-8964) It was discovered that the Video For Linux Two (v4l2) implementation in the Linux kernel did not properly handle multiple planes when processing a VIDIOC_DQBUF ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-4568) CAI Qian discovered that shared bind mounts in a mount namespace exponentially added entries without restriction to the Linux kernel's mount table. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6213) Andreas Gruenbacher and Jan Kara discovered that the filesystem implementation in the Linux kernel did not clear the setgid bit during a setxattr call. A local attacker could use this to possibly elevate group privileges. (CVE-2016-7097) Marco Grassi discovered that the driver for Areca RAID Controllers in the Linux kernel did not properly validate control messages. A local attacker could use this to cause a denial of service (system crash) or possibly gain privileges. (CVE-2016-7425) It was discovered that the KVM implementation for x86/x86_64 in the Linux kernel could dereference a null pointer. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the KVM host. (CVE-2016-8630) Eyal Itkin discovered that the IP over IEEE 1394 (FireWire) implementation in the Linux kernel contained a buffer overflow when handling fragmented packets. A remote attacker could use this to possibly execute arbitrary code with administrative privileges. (CVE-2016-8633) Marco Grassi discovered that the TCP implementation in the Linux kernel mishandles socket buffer (skb) truncation. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-8645) Daxing Guo discovered a stack-based buffer overflow in the Broadcom IEEE802.11n FullMAC driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain privileges. (CVE-2016-8658) Andrey Konovalov discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. A remote attacker could use this to cause a denial of service (system crash). (CVE-2016-9555) It was discovered that the __get_user_asm_ex implementation in the Linux kernel for x86/x86_64 contained extended asm statements that were incompatible with the exception table. A local attacker could use this to gain administrative privileges. (CVE-2016-9644) Update Instructions: Run `sudo pro fix USN-3161-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1042-snapdragon - 4.4.0-1042.46 No subscription required Medium CVE-2015-8964 CVE-2016-4568 CVE-2016-6213 CVE-2016-7097 CVE-2016-7425 CVE-2016-8630 CVE-2016-8633 CVE-2016-8645 CVE-2016-8658 CVE-2016-9555 CVE-2016-9644 Ubuntu 16.04 LTS It was discovered that NSS incorrectly handled certain invalid Diffie-Hellman keys. A remote attacker could possibly use this flaw to cause NSS to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5285) Hubert Kario discovered that NSS incorrectly handled Diffie Hellman client key exchanges. A remote attacker could possibly use this flaw to perform a small subgroup confinement attack and recover private keys. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-8635) Franziskus Kiefer discovered that NSS incorrectly mitigated certain timing side-channel attacks. A remote attacker could possibly use this flaw to recover private keys. (CVE-2016-9074) This update refreshes the NSS package to version 3.26.2 which includes the latest CA certificate bundle. Update Instructions: Run `sudo pro fix USN-3163-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.26.2-0ubuntu0.16.04.2 libnss3-dev - 2:3.26.2-0ubuntu0.16.04.2 libnss3 - 2:3.26.2-0ubuntu0.16.04.2 libnss3-1d - 2:3.26.2-0ubuntu0.16.04.2 libnss3-tools - 2:3.26.2-0ubuntu0.16.04.2 No subscription required Medium CVE-2016-5285 CVE-2016-8635 CVE-2016-9074 Ubuntu 16.04 LTS Bjoern Jacke discovered that Exim incorrectly handled DKIM keys. In certain configurations, private DKIM signing keys could be leaked to the log files. Update Instructions: Run `sudo pro fix USN-3164-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exim4-dev - 4.86.2-2ubuntu2.1 eximon4 - 4.86.2-2ubuntu2.1 exim4 - 4.86.2-2ubuntu2.1 exim4-daemon-light - 4.86.2-2ubuntu2.1 exim4-config - 4.86.2-2ubuntu2.1 exim4-daemon-heavy - 4.86.2-2ubuntu2.1 exim4-base - 4.86.2-2ubuntu2.1 No subscription required Medium CVE-2016-9963 Ubuntu 16.04 LTS Multiple memory safety issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9893, CVE-2017-5373) Andrew Krasichkov discovered that event handlers on <marquee> elements were executed despite a Content Security Policy (CSP) that disallowed inline JavaScript. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2016-9895) A memory corruption issue was discovered in WebGL in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9897) A use-after-free was discovered when manipulating DOM subtrees in the Editor. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9898) A use-after-free was discovered when manipulating DOM events and audio elements. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9899) It was discovered that external resources that should be blocked when loading SVG images can bypass security restrictions using data: URLs. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-9900) Jann Horn discovered that JavaScript Map/Set were vulnerable to timing attacks. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to obtain sensitive information across domains. (CVE-2016-9904) A crash was discovered in EnumerateSubDocuments while adding or removing sub-documents. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to execute arbitrary code. (CVE-2016-9905) JIT code allocation can allow a bypass of ASLR protections in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5375) Nicolas Grégoire discovered a use-after-free when manipulating XSL in XSLT documents in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5376) Jann Horn discovered that an object's address could be discovered through hashed codes of JavaScript objects shared between pages. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5378) A use-after-free was discovered during DOM manipulation of SVG content in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5380) Armin Razmjou discovered that certain unicode glyphs do not trigger punycode display. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to spoof the URL bar contents. (CVE-2017-5383) Jerri Rice discovered insecure communication methods in the Dev Tools JSON Viewer. An attacker could potentially exploit this to gain additional privileges. (CVE-2017-5390) Filipe Gomes discovered a use-after-free in the media decoder in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5396) Update Instructions: Run `sudo pro fix USN-3165-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-bn - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fr - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-en-us - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-es-es - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nb-no - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-br - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-dsb - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fy - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-vi - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-mk - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-bn-bd - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hu - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-es-ar - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-be - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-bg - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ja - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-lt - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sl - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-en-gb - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-cy - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-si - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-gnome-support - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hr - 1:45.7.0+build1-0ubuntu0.16.04.1 xul-ext-calendar-timezones - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-de - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-en - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-da - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nl - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nn - 1:45.7.0+build1-0ubuntu0.16.04.1 xul-ext-lightning - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ga-ie - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fy-nl - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sv - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pa-in - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sr - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sq - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-he - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hsb - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ar - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-uk - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-globalmenu - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-cn - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ta-lk - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ru - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-cs - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-mozsymbols - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fi - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-testsuite - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ro - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-af - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pt-pt - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sk - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-dev - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hy - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ca - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sv-se - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pt-br - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-el - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pa - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-rm - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ka - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nn-no - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ko - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ga - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ast - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-tr - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-it - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pl - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-gd - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-tw - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-id - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-gl - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nb - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pt - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-eu - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-et - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-hant - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-hans - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-is - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-es - 1:45.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ta - 1:45.7.0+build1-0ubuntu0.16.04.1 No subscription required Medium CVE-2016-9893 CVE-2016-9895 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9904 CVE-2016-9905 CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378 CVE-2017-5380 CVE-2017-5383 CVE-2017-5390 CVE-2017-5396 Ubuntu 16.04 LTS A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-3166-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.14.2-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.14.2-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-dev - 2.14.2-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 - 2.14.2-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-18 - 2.14.2-0ubuntu0.16.04.1 libwebkit2gtk-4.0-doc - 2.14.2-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-bin - 2.14.2-0ubuntu0.16.04.1 gir1.2-webkit2-4.0 - 2.14.2-0ubuntu0.16.04.1 libwebkit2gtk-4.0-dev - 2.14.2-0ubuntu0.16.04.1 No subscription required Medium CVE-2016-4613 CVE-2016-4657 CVE-2016-4666 CVE-2016-4707 CVE-2016-4728 CVE-2016-4733 CVE-2016-4734 CVE-2016-4735 CVE-2016-4759 CVE-2016-4760 CVE-2016-4761 CVE-2016-4762 CVE-2016-4764 CVE-2016-4765 CVE-2016-4767 CVE-2016-4768 CVE-2016-4769 CVE-2016-7578 Ubuntu 16.04 LTS Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment (CS) in certain error cases. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2016-9756) Andrey Konovalov discovered that signed integer overflows existed in the setsockopt() system call when handling the SO_SNDBUFFORCE and SO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service (system crash or memory corruption). (CVE-2016-9793) Baozeng Ding discovered a race condition that could lead to a use-after- free in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-9794) Update Instructions: Run `sudo pro fix USN-3169-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-59-powerpc64-smp - 4.4.0-59.80 linux-image-extra-4.4.0-59-generic - 4.4.0-59.80 linux-image-4.4.0-59-lowlatency - 4.4.0-59.80 linux-image-4.4.0-59-generic - 4.4.0-59.80 linux-image-4.4.0-59-powerpc-smp - 4.4.0-59.80 linux-image-4.4.0-59-powerpc64-emb - 4.4.0-59.80 linux-image-4.4.0-59-generic-lpae - 4.4.0-59.80 linux-image-4.4.0-59-powerpc-e500mc - 4.4.0-59.80 No subscription required Medium CVE-2016-9756 CVE-2016-9793 CVE-2016-9794 Ubuntu 16.04 LTS Baozeng Ding discovered a race condition that could lead to a use-after- free in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-9794) Andrey Konovalov discovered that signed integer overflows existed in the setsockopt() system call when handling the SO_SNDBUFFORCE and SO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service (system crash or memory corruption). (CVE-2016-9793) Update Instructions: Run `sudo pro fix USN-3169-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1040-raspi2 - 4.4.0-1040.47 No subscription required Low CVE-2016-9793 CVE-2016-9794 Ubuntu 16.04 LTS Baozeng Ding discovered a race condition that could lead to a use-after- free in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-9794) Andrey Konovalov discovered that signed integer overflows existed in the setsockopt() system call when handling the SO_SNDBUFFORCE and SO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service (system crash or memory corruption). (CVE-2016-9793) Update Instructions: Run `sudo pro fix USN-3169-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1044-snapdragon - 4.4.0-1044.48 No subscription required Low CVE-2016-9793 CVE-2016-9794 Ubuntu 16.04 LTS Josef Gajdusek discovered that the LibVNCServer client library incorrectly handled certain FrameBufferUpdate messages. If a user were tricked into connecting to a malicious server, an attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2016-9941, CVE-2016-9942) Update Instructions: Run `sudo pro fix USN-3171-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvncserver-config - 0.9.10+dfsg-3ubuntu0.16.04.1 libvncserver-dev - 0.9.10+dfsg-3ubuntu0.16.04.1 libvncserver1 - 0.9.10+dfsg-3ubuntu0.16.04.1 libvncclient1 - 0.9.10+dfsg-3ubuntu0.16.04.1 No subscription required Medium CVE-2016-9941 CVE-2016-9942 Ubuntu 16.04 LTS It was discovered that Bind incorrectly handled certain malformed responses to an ANY query. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2016-9131) It was discovered that Bind incorrectly handled certain malformed responses to an ANY query. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2016-9147) It was discovered that Bind incorrectly handled certain malformed DS record responses. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9444) Update Instructions: Run `sudo pro fix USN-3172-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libisccfg-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.4 libisc160 - 1:9.10.3.dfsg.P4-8ubuntu1.4 libisccc-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.4 libdns162 - 1:9.10.3.dfsg.P4-8ubuntu1.4 libbind-dev - 1:9.10.3.dfsg.P4-8ubuntu1.4 libisc-export160-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.4 liblwres141 - 1:9.10.3.dfsg.P4-8ubuntu1.4 libisccc-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.4 libisccfg-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.4 bind9 - 1:9.10.3.dfsg.P4-8ubuntu1.4 libisc-export160 - 1:9.10.3.dfsg.P4-8ubuntu1.4 libdns-export162-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.4 bind9-doc - 1:9.10.3.dfsg.P4-8ubuntu1.4 libbind-export-dev - 1:9.10.3.dfsg.P4-8ubuntu1.4 libisccc140 - 1:9.10.3.dfsg.P4-8ubuntu1.4 host - 1:9.10.3.dfsg.P4-8ubuntu1.4 libisccfg140 - 1:9.10.3.dfsg.P4-8ubuntu1.4 bind9-host - 1:9.10.3.dfsg.P4-8ubuntu1.4 dnsutils - 1:9.10.3.dfsg.P4-8ubuntu1.4 libdns-export162 - 1:9.10.3.dfsg.P4-8ubuntu1.4 bind9utils - 1:9.10.3.dfsg.P4-8ubuntu1.4 libirs-export141-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.4 libbind9-140 - 1:9.10.3.dfsg.P4-8ubuntu1.4 libirs141 - 1:9.10.3.dfsg.P4-8ubuntu1.4 libirs-export141 - 1:9.10.3.dfsg.P4-8ubuntu1.4 lwresd - 1:9.10.3.dfsg.P4-8ubuntu1.4 No subscription required Medium CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 Ubuntu 16.04 LTS It was discovered that the NVIDIA graphics drivers contained a flaw in the kernel mode layer. A local attacker could use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3173-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nvidia-current-dev - 304.134-0ubuntu0.16.04.1 libcuda1-304 - 304.134-0ubuntu0.16.04.1 nvidia-libopencl1-304-updates - 304.134-0ubuntu0.16.04.1 nvidia-304-updates - 304.134-0ubuntu0.16.04.1 nvidia-304 - 304.134-0ubuntu0.16.04.1 nvidia-current - 304.134-0ubuntu0.16.04.1 nvidia-304-updates-dev - 304.134-0ubuntu0.16.04.1 nvidia-304-dev - 304.134-0ubuntu0.16.04.1 libcuda1-304-updates - 304.134-0ubuntu0.16.04.1 nvidia-libopencl1-304 - 304.134-0ubuntu0.16.04.1 nvidia-opencl-icd-304-updates - 304.134-0ubuntu0.16.04.1 nvidia-opencl-icd-304 - 304.134-0ubuntu0.16.04.1 No subscription required nvidia-331 - 340.101-0ubuntu0.16.04.1 nvidia-opencl-icd-331 - 340.101-0ubuntu0.16.04.1 nvidia-libopencl1-331-updates - 340.101-0ubuntu0.16.04.1 libcuda1-340 - 340.101-0ubuntu0.16.04.1 nvidia-340-updates - 340.101-0ubuntu0.16.04.1 nvidia-331-updates - 340.101-0ubuntu0.16.04.1 nvidia-opencl-icd-340-updates - 340.101-0ubuntu0.16.04.1 libcuda1-331-updates - 340.101-0ubuntu0.16.04.1 nvidia-opencl-icd-331-updates - 340.101-0ubuntu0.16.04.1 nvidia-340-dev - 340.101-0ubuntu0.16.04.1 nvidia-340-updates-dev - 340.101-0ubuntu0.16.04.1 nvidia-libopencl1-331 - 340.101-0ubuntu0.16.04.1 nvidia-340 - 340.101-0ubuntu0.16.04.1 nvidia-opencl-icd-340 - 340.101-0ubuntu0.16.04.1 libcuda1-340-updates - 340.101-0ubuntu0.16.04.1 libcuda1-331 - 340.101-0ubuntu0.16.04.1 nvidia-331-updates-dev - 340.101-0ubuntu0.16.04.1 nvidia-331-dev - 340.101-0ubuntu0.16.04.1 nvidia-331-updates-uvm - 340.101-0ubuntu0.16.04.1 nvidia-libopencl1-340 - 340.101-0ubuntu0.16.04.1 nvidia-libopencl1-340-updates - 340.101-0ubuntu0.16.04.1 nvidia-340-uvm - 340.101-0ubuntu0.16.04.1 nvidia-331-uvm - 340.101-0ubuntu0.16.04.1 No subscription required Low CVE-2016-8826 Ubuntu 16.04 LTS USN-3173-1 fixed a vulnerability in nvidia-graphics-drivers-304 and nvidia-graphics-drivers-340. This update provides the corresponding update for nvidia-graphics-drivers-375. Original advisory details: It was discovered that the NVIDIA graphics drivers contained a flaw in the kernel mode layer. A local attacker could use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3173-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nvidia-375-dev - 375.39-0ubuntu0.16.04.1 nvidia-libopencl1-375 - 375.39-0ubuntu0.16.04.1 nvidia-opencl-icd-367 - 375.39-0ubuntu0.16.04.1 nvidia-libopencl1-367 - 375.39-0ubuntu0.16.04.1 nvidia-367-dev - 375.39-0ubuntu0.16.04.1 nvidia-opencl-icd-375 - 375.39-0ubuntu0.16.04.1 libcuda1-367 - 375.39-0ubuntu0.16.04.1 libcuda1-375 - 375.39-0ubuntu0.16.04.1 nvidia-367 - 375.39-0ubuntu0.16.04.1 nvidia-375 - 375.39-0ubuntu0.16.04.1 No subscription required Low CVE-2016-8826 Ubuntu 16.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.54 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 16.10 have been updated to MySQL 5.7.17. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-54.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-17.html http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html Update Instructions: Run `sudo pro fix USN-3174-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.17-0ubuntu0.16.04.1 mysql-source-5.7 - 5.7.17-0ubuntu0.16.04.1 libmysqlclient-dev - 5.7.17-0ubuntu0.16.04.1 mysql-client-core-5.7 - 5.7.17-0ubuntu0.16.04.1 mysql-client-5.7 - 5.7.17-0ubuntu0.16.04.1 libmysqlclient20 - 5.7.17-0ubuntu0.16.04.1 mysql-server-5.7 - 5.7.17-0ubuntu0.16.04.1 mysql-common - 5.7.17-0ubuntu0.16.04.1 mysql-server - 5.7.17-0ubuntu0.16.04.1 mysql-server-core-5.7 - 5.7.17-0ubuntu0.16.04.1 mysql-testsuite - 5.7.17-0ubuntu0.16.04.1 libmysqld-dev - 5.7.17-0ubuntu0.16.04.1 mysql-testsuite-5.7 - 5.7.17-0ubuntu0.16.04.1 No subscription required Medium CVE-2016-8318 CVE-2016-8327 CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3251 CVE-2017-3256 CVE-2017-3258 CVE-2017-3265 CVE-2017-3273 CVE-2017-3291 CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 CVE-2017-3319 CVE-2017-3320 Ubuntu 16.04 LTS Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374) JIT code allocation can allow a bypass of ASLR protections in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5375) Nicolas Grégoire discovered a use-after-free when manipulating XSL in XSLT documents in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5376) Atte Kettunen discovered a memory corruption issue in Skia in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5377) Jann Horn discovered that an object's address could be discovered through hashed codes of JavaScript objects shared between pages. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5378) A use-after-free was discovered in Web Animations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5379) A use-after-free was discovered during DOM manipulation of SVG content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5380) Jann Horn discovered that the "export" function in the Certificate Viewer can force local filesystem navigation when the Common Name contains slashes. If a user were tricked in to exporting a specially crafted certificate, an attacker could potentially exploit this to save content with arbitrary filenames in unsafe locations. (CVE-2017-5381) Jerri Rice discovered that the Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5382) Armin Razmjou discovered that certain unicode glyphs do not trigger punycode display. An attacker could potentially exploit this to spoof the URL bar contents. (CVE-2017-5383) Paul Stone and Alex Chapman discovered that the full URL path is exposed to JavaScript functions specified by Proxy Auto-Config (PAC) files. If a user has enabled Web Proxy Auto Detect (WPAD), an attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5384) Muneaki Nishimura discovered that data sent in multipart channels will ignore the Referrer-Policy response headers. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5385) Muneaki Nishimura discovered that WebExtensions can affect other extensions using the data: protocol. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this to obtain sensitive information or gain additional privileges. (CVE-2017-5386) Mustafa Hasan discovered that the existence of local files can be determined using the <track> element. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5387) Cullen Jennings discovered that WebRTC can be used to generate large amounts of UDP traffic. An attacker could potentially exploit this to conduct Distributed Denial-of-Service (DDOS) attacks. (CVE-2017-5388) Kris Maglione discovered that WebExtensions can use the mozAddonManager API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this to install additional addons without user permission. (CVE-2017-5389) Jerri Rice discovered insecure communication methods in the Dev Tools JSON Viewer. An attacker could potentially exploit this to gain additional privileges. (CVE-2017-5390) Jerri Rice discovered that about: pages used by content can load privileged about: pages in iframes. An attacker could potentially exploit this to gain additional privileges, in combination with a content-injection bug in one of those about: pages. (CVE-2017-5391) Stuart Colville discovered that mozAddonManager allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this, in combination with a cross-site scripting (XSS) attack on Mozilla's AMO sites, to install additional addons. (CVE-2017-5393) Filipe Gomes discovered a use-after-free in the media decoder in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5396) Update Instructions: Run `sudo pro fix USN-3175-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-nn - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-nb - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-fa - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-fi - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-fr - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-fy - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-or - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-kab - 51.0.1+build2-0ubuntu0.16.04.1 firefox-testsuite - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-oc - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-cs - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ga - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-gd - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-gn - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-gl - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-gu - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-pa - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-pl - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-cy - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-pt - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-hi - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ms - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-he - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-hy - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-hr - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-hu - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-it - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-as - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ar - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-az - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-id - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-mai - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-af - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-is - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-vi - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-an - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-bs - 51.0.1+build2-0ubuntu0.16.04.1 firefox - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ro - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ja - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ru - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-br - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-zh-hant - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-zh-hans - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-bn - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-be - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-bg - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-sl - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-sk - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-si - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-sw - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-sv - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-sr - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-sq - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ko - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-kn - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-km - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-kk - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ka - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-xh - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ca - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ku - 51.0.1+build2-0ubuntu0.16.04.1 firefox-mozsymbols - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-lv - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-lt - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-th - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-hsb - 51.0.1+build2-0ubuntu0.16.04.1 firefox-dev - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-te - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-cak - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ta - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-lg - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-tr - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-nso - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-de - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-da - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-uk - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-mr - 51.0.1+build2-0ubuntu0.16.04.1 firefox-globalmenu - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-uz - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ml - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-mn - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-mk - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-eu - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-et - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-es - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-csb - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-el - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-eo - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-en - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-zu - 51.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ast - 51.0.1+build2-0ubuntu0.16.04.1 No subscription required Medium CVE-2017-5373 CVE-2017-5374 CVE-2017-5375 CVE-2017-5376 CVE-2017-5377 CVE-2017-5378 CVE-2017-5379 CVE-2017-5380 CVE-2017-5381 CVE-2017-5382 CVE-2017-5383 CVE-2017-5384 CVE-2017-5385 CVE-2017-5386 CVE-2017-5387 CVE-2017-5388 CVE-2017-5389 CVE-2017-5390 CVE-2017-5391 CVE-2017-5393 CVE-2017-5396 Ubuntu 16.04 LTS USN-3175-1 fixed vulnerabilities in Firefox. The update caused a regression on systems where the AppArmor profile for Firefox is set to enforce mode. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374) JIT code allocation can allow a bypass of ASLR protections in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5375) Nicolas Grégoire discovered a use-after-free when manipulating XSL in XSLT documents in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5376) Atte Kettunen discovered a memory corruption issue in Skia in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5377) Jann Horn discovered that an object's address could be discovered through hashed codes of JavaScript objects shared between pages. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5378) A use-after-free was discovered in Web Animations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5379) A use-after-free was discovered during DOM manipulation of SVG content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5380) Jann Horn discovered that the "export" function in the Certificate Viewer can force local filesystem navigation when the Common Name contains slashes. If a user were tricked in to exporting a specially crafted certificate, an attacker could potentially exploit this to save content with arbitrary filenames in unsafe locations. (CVE-2017-5381) Jerri Rice discovered that the Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5382) Armin Razmjou discovered that certain unicode glyphs do not trigger punycode display. An attacker could potentially exploit this to spoof the URL bar contents. (CVE-2017-5383) Paul Stone and Alex Chapman discovered that the full URL path is exposed to JavaScript functions specified by Proxy Auto-Config (PAC) files. If a user has enabled Web Proxy Auto Detect (WPAD), an attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5384) Muneaki Nishimura discovered that data sent in multipart channels will ignore the Referrer-Policy response headers. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5385) Muneaki Nishimura discovered that WebExtensions can affect other extensions using the data: protocol. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this to obtain sensitive information or gain additional privileges. (CVE-2017-5386) Mustafa Hasan discovered that the existence of local files can be determined using the <track> element. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5387) Cullen Jennings discovered that WebRTC can be used to generate large amounts of UDP traffic. An attacker could potentially exploit this to conduct Distributed Denial-of-Service (DDOS) attacks. (CVE-2017-5388) Kris Maglione discovered that WebExtensions can use the mozAddonManager API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this to install additional addons without user permission. (CVE-2017-5389) Jerri Rice discovered insecure communication methods in the Dev Tools JSON Viewer. An attacker could potentially exploit this to gain additional privileges. (CVE-2017-5390) Jerri Rice discovered that about: pages used by content can load privileged about: pages in iframes. An attacker could potentially exploit this to gain additional privileges, in combination with a content-injection bug in one of those about: pages. (CVE-2017-5391) Stuart Colville discovered that mozAddonManager allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this, in combination with a cross-site scripting (XSS) attack on Mozilla's AMO sites, to install additional addons. (CVE-2017-5393) Filipe Gomes discovered a use-after-free in the media decoder in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5396) Update Instructions: Run `sudo pro fix USN-3175-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-nn - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-nb - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-fa - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-fi - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-fr - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-fy - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-or - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-kab - 51.0.1+build2-0ubuntu0.16.04.2 firefox-testsuite - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-oc - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-cs - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-ga - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-gd - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-gn - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-gl - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-gu - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-pa - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-pl - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-cy - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-pt - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-hi - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-ms - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-he - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-hy - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-hr - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-hu - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-it - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-as - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-ar - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-az - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-id - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-mai - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-af - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-is - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-vi - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-an - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-bs - 51.0.1+build2-0ubuntu0.16.04.2 firefox - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-ro - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-ja - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-ru - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-br - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-zh-hant - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-zh-hans - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-bn - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-be - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-bg - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-sl - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-sk - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-si - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-sw - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-sv - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-sr - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-sq - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-ko - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-kn - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-km - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-kk - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-ka - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-xh - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-ca - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-ku - 51.0.1+build2-0ubuntu0.16.04.2 firefox-mozsymbols - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-lv - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-lt - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-th - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-hsb - 51.0.1+build2-0ubuntu0.16.04.2 firefox-dev - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-te - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-cak - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-ta - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-lg - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-tr - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-nso - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-de - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-da - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-uk - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-mr - 51.0.1+build2-0ubuntu0.16.04.2 firefox-globalmenu - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-uz - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-ml - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-mn - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-mk - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-eu - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-et - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-es - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-csb - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-el - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-eo - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-en - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-zu - 51.0.1+build2-0ubuntu0.16.04.2 firefox-locale-ast - 51.0.1+build2-0ubuntu0.16.04.2 No subscription required None https://launchpad.net/bugs/1659922 Ubuntu 16.04 LTS Peter Wu discovered that the PC/SC service did not correctly handle certain resources. A local attacker could use this issue to cause PC/SC to crash, resulting in a denial of service, or possibly execute arbitrary code with root privileges. Update Instructions: Run `sudo pro fix USN-3176-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpcsclite-dev - 1.8.14-1ubuntu1.16.04.1 pcscd - 1.8.14-1ubuntu1.16.04.1 libpcsclite1 - 1.8.14-1ubuntu1.16.04.1 No subscription required Medium CVE-2016-10109 Ubuntu 16.04 LTS It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn't exist. A remote attacker could possibly use this issue to enumerate usernames. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-0762) Alvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly limited use of a certain utility method. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5018) It was discovered that Tomcat did not protect applications from untrusted data in the HTTP_PROXY environment variable. A remote attacker could possibly use this issue to redirect outbound traffic to an arbitrary proxy server. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5388) It was discovered that Tomcat incorrectly controlled reading system properties. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6794) It was discovered that Tomcat incorrectly controlled certain configuration parameters. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6796) It was discovered that Tomcat incorrectly limited access to global JNDI resources. A malicious application could use this to access any global JNDI resource without an explicit ResourceLink. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6797) Regis Leroy discovered that Tomcat incorrectly filtered certain invalid characters from the HTTP request line. A remote attacker could possibly use this issue to inject data into HTTP responses. (CVE-2016-6816) Pierre Ernst discovered that the Tomcat JmxRemoteLifecycleListener did not implement a recommended fix. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2016-8735) It was discovered that Tomcat incorrectly handled error handling in the send file code. A remote attacker could possibly use this issue to access information from other requests. (CVE-2016-8745) Paul Szabo discovered that the Tomcat package incorrectly handled upgrades and removals. A local attacker could possibly use this issue to obtain root privileges. (CVE-2016-9774, CVE-2016-9775) Update Instructions: Run `sudo pro fix USN-3177-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tomcat8-docs - 8.0.32-1ubuntu1.3 tomcat8-user - 8.0.32-1ubuntu1.3 libservlet3.1-java - 8.0.32-1ubuntu1.3 libservlet3.1-java-doc - 8.0.32-1ubuntu1.3 tomcat8-examples - 8.0.32-1ubuntu1.3 tomcat8-admin - 8.0.32-1ubuntu1.3 libtomcat8-java - 8.0.32-1ubuntu1.3 tomcat8-common - 8.0.32-1ubuntu1.3 tomcat8 - 8.0.32-1ubuntu1.3 No subscription required Medium CVE-2016-0762 CVE-2016-5018 CVE-2016-5388 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 CVE-2016-8735 CVE-2016-8745 CVE-2016-9774 CVE-2016-9775 Ubuntu 16.04 LTS Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes them to be used only if no non-legacy algorithms can be negotiated. (CVE-2016-2183) It was discovered that OpenJDK accepted ECSDA signatures using non-canonical DER encoding. An attacker could use this to modify or expose sensitive data. (CVE-2016-5546) It was discovered that OpenJDK did not properly verify object identifier (OID) length when reading Distinguished Encoding Rules (DER) records, as used in x.509 certificates and elsewhere. An attacker could use this to cause a denial of service (memory consumption). (CVE-2016-5547) It was discovered that covert timing channel vulnerabilities existed in the DSA and ECDSA implementations in OpenJDK. A remote attacker could use this to expose sensitive information. (CVE-2016-5548, CVE-2016-5549) It was discovered that the URLStreamHandler class in OpenJDK did not properly parse user information from a URL. A remote attacker could use this to expose sensitive information. (CVE-2016-5552) It was discovered that the URLClassLoader class in OpenJDK did not properly check access control context when downloading class files. A remote attacker could use this to expose sensitive information. (CVE-2017-3231) It was discovered that the Remote Method Invocation (RMI) implementation in OpenJDK performed deserialization of untrusted inputs. A remote attacker could use this to execute arbitrary code. (CVE-2017-3241) It was discovered that the Java Authentication and Authorization Service (JAAS) component of OpenJDK did not properly perform user search LDAP queries. An attacker could use a specially constructed LDAP entry to expose or modify sensitive information. (CVE-2017-3252) It was discovered that the PNGImageReader class in OpenJDK did not properly handle iTXt and zTXt chunks. An attacker could use this to cause a denial of service (memory consumption). (CVE-2017-3253) It was discovered that integer overflows existed in the SocketInputStream and SocketOutputStream classes of OpenJDK. An attacker could use this to expose sensitive information. (CVE-2017-3261) It was discovered that the atomic field updaters in the java.util.concurrent.atomic package in OpenJDK did not properly restrict access to protected field members. An attacker could use this to specially craft a Java application or applet that could bypass Java sandbox restrictions. (CVE-2017-3272) It was discovered that a vulnerability existed in the class construction implementation in OpenJDK. An attacker could use this to specially craft a Java application or applet that could bypass Java sandbox restrictions. (CVE-2017-3289) Update Instructions: Run `sudo pro fix USN-3179-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-8-doc - 8u121-b13-0ubuntu1.16.04.2 openjdk-8-jdk - 8u121-b13-0ubuntu1.16.04.2 openjdk-8-jre-headless - 8u121-b13-0ubuntu1.16.04.2 openjdk-8-jre - 8u121-b13-0ubuntu1.16.04.2 openjdk-8-jdk-headless - 8u121-b13-0ubuntu1.16.04.2 openjdk-8-source - 8u121-b13-0ubuntu1.16.04.2 openjdk-8-jre-zero - 8u121-b13-0ubuntu1.16.04.2 openjdk-8-demo - 8u121-b13-0ubuntu1.16.04.2 openjdk-8-jre-jamvm - 8u121-b13-0ubuntu1.16.04.2 No subscription required Medium CVE-2016-2183 CVE-2016-5546 CVE-2016-5547 CVE-2016-5548 CVE-2016-5549 CVE-2016-5552 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289 Ubuntu 16.04 LTS Multiple vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting (XSS) attacks, read uninitialized memory, obtain sensitive information, spoof the webview URL or other UI components, bypass same origin restrictions or other security restrictions, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010, CVE-2017-5011, CVE-2017-5012, CVE-2017-5014, CVE-2017-5017, CVE-2017-5019, CVE-2017-5022, CVE-2017-5023, CVE-2017-5024, CVE-2017-5025, CVE-2017-5026) Update Instructions: Run `sudo pro fix USN-3180-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.20.4-0ubuntu0.16.04.1 liboxideqt-qmlplugin - 1.20.4-0ubuntu0.16.04.1 liboxideqtquick-dev - 1.20.4-0ubuntu0.16.04.1 oxideqt-codecs-extra - 1.20.4-0ubuntu0.16.04.1 liboxideqtcore-dev - 1.20.4-0ubuntu0.16.04.1 oxideqt-doc - 1.20.4-0ubuntu0.16.04.1 oxideqt-codecs - 1.20.4-0ubuntu0.16.04.1 liboxideqtquick0 - 1.20.4-0ubuntu0.16.04.1 No subscription required Medium CVE-2017-5006 CVE-2017-5007 CVE-2017-5008 CVE-2017-5009 CVE-2017-5010 CVE-2017-5011 CVE-2017-5012 CVE-2017-5014 CVE-2017-5017 CVE-2017-5019 CVE-2017-5022 CVE-2017-5023 CVE-2017-5024 CVE-2017-5025 CVE-2017-5026 Ubuntu 16.04 LTS Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS as other releases were fixed in a previous security update. (CVE-2016-2177) It was discovered that OpenSSL did not properly handle Montgomery multiplication, resulting in incorrect results leading to transient failures. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7055) It was discovered that OpenSSL did not properly use constant-time operations when performing ECDSA P-256 signing. A remote attacker could possibly use this issue to perform a timing attack and recover private ECDSA keys. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-7056) Shi Lei discovered that OpenSSL incorrectly handled certain warning alerts. A remote attacker could possibly use this issue to cause OpenSSL to stop responding, resulting in a denial of service. (CVE-2016-8610) Robert Święcki discovered that OpenSSL incorrectly handled certain truncated packets. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2017-3731) It was discovered that OpenSSL incorrectly performed the x86_64 Montgomery squaring procedure. While unlikely, a remote attacker could possibly use this issue to recover private keys. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2017-3732) Update Instructions: Run `sudo pro fix USN-3181-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.2g-1ubuntu4.6 libssl-dev - 1.0.2g-1ubuntu4.6 openssl - 1.0.2g-1ubuntu4.6 libssl-doc - 1.0.2g-1ubuntu4.6 libcrypto1.0.0-udeb - 1.0.2g-1ubuntu4.6 libssl1.0.0-udeb - 1.0.2g-1ubuntu4.6 No subscription required Medium CVE-2016-2177 CVE-2016-7055 CVE-2016-7056 CVE-2016-8610 CVE-2017-3731 CVE-2017-3732 Ubuntu 16.04 LTS Jann Horn discovered that NTFS-3G incorrectly filtered environment variables when using the modprobe utility. A local attacker could possibly use this issue to load arbitrary kernel modules. Update Instructions: Run `sudo pro fix USN-3182-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ntfs-3g - 1:2015.3.14AR.1-1ubuntu0.1 ntfs-3g-udeb - 1:2015.3.14AR.1-1ubuntu0.1 ntfs-3g-dev - 1:2015.3.14AR.1-1ubuntu0.1 No subscription required Medium CVE-2017-0358 Ubuntu 16.04 LTS Stefan Buehler discovered that GnuTLS incorrectly verified the serial length of OCSP responses. A remote attacker could possibly use this issue to bypass certain certificate validation measures. This issue only applied to Ubuntu 16.04 LTS. (CVE-2016-7444) Shi Lei discovered that GnuTLS incorrectly handled certain warning alerts. A remote attacker could possibly use this issue to cause GnuTLS to hang, resulting in a denial of service. This issue has only been addressed in Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-8610) It was discovered that GnuTLS incorrectly decoded X.509 certificates with a Proxy Certificate Information extension. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2017-5334) It was discovered that GnuTLS incorrectly handled certain OpenPGP certificates. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337) Update Instructions: Run `sudo pro fix USN-3183-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgnutls30 - 3.4.10-4ubuntu1.2 libgnutls28-dev - 3.4.10-4ubuntu1.2 libgnutlsxx28 - 3.4.10-4ubuntu1.2 gnutls-doc - 3.4.10-4ubuntu1.2 libgnutls-dev - 3.4.10-4ubuntu1.2 gnutls-bin - 3.4.10-4ubuntu1.2 guile-gnutls - 3.4.10-4ubuntu1.2 libgnutls-openssl27 - 3.4.10-4ubuntu1.2 No subscription required Medium CVE-2016-7444 CVE-2016-8610 CVE-2017-5334 CVE-2017-5335 CVE-2017-5336 CVE-2017-5337 Ubuntu 16.04 LTS It was discovered that the Irssi buf.pl script set incorrect permissions. A local attacker could use this issue to retrieve another user's window contents. (CVE-2016-7553) Joseph Bisch discovered that Irssi incorrectly handled comparing nicks. A remote attacker could use this issue to cause Irssi to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-5193) It was discovered that Irssi incorrectly handled invalid nick messages. A remote attacker could use this issue to cause Irssi to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-5194) Joseph Bisch discovered that Irssi incorrectly handled certain incomplete control codes. A remote attacker could use this issue to cause Irssi to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2017-5195) Hanno Böck and Joseph Bisch discovered that Irssi incorrectly handled certain incomplete character sequences. A remote attacker could use this issue to cause Irssi to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2017-5196) Hanno Böck discovered that Irssi incorrectly handled certain format strings. A remote attacker could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-5356) Update Instructions: Run `sudo pro fix USN-3184-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: irssi-dev - 0.8.19-1ubuntu1.3 irssi - 0.8.19-1ubuntu1.3 No subscription required Medium CVE-2016-7553 CVE-2017-5193 CVE-2017-5194 CVE-2017-5195 CVE-2017-5196 CVE-2017-5356 Ubuntu 16.04 LTS It was discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could use this issue to cause libXpm to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3185-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xpmutils - 1:3.5.11-1ubuntu0.16.04.1 libxpm-dev - 1:3.5.11-1ubuntu0.16.04.1 libxpm4 - 1:3.5.11-1ubuntu0.16.04.1 No subscription required Medium CVE-2016-10164 Ubuntu 16.04 LTS It was discovered that iucode-tool incorrectly handled certain microcodes when using the -tr loader. If a user were tricked into processing a specially crafted microcode, a remote attacker could use this issue to cause iucode-tool to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3186-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: iucode-tool - 1.5.1-1ubuntu0.1 No subscription required Medium CVE-2017-0357 Ubuntu 16.04 LTS Mikulas Patocka discovered that the asynchronous multibuffer cryptographic daemon (mcryptd) in the Linux kernel did not properly handle being invoked with incompatible algorithms. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-10147) Qidan He discovered that the ICMP implementation in the Linux kernel did not properly check the size of an ICMP header. A local attacker with CAP_NET_ADMIN could use this to expose sensitive information. (CVE-2016-8399) Update Instructions: Run `sudo pro fix USN-3189-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1042-raspi2 - 4.4.0-1042.49 No subscription required linux-image-4.4.0-1046-snapdragon - 4.4.0-1046.50 No subscription required linux-image-4.4.0-62-powerpc-e500mc - 4.4.0-62.83 linux-image-4.4.0-62-lowlatency - 4.4.0-62.83 linux-image-4.4.0-62-powerpc-smp - 4.4.0-62.83 linux-image-4.4.0-62-powerpc64-smp - 4.4.0-62.83 linux-image-4.4.0-62-powerpc64-emb - 4.4.0-62.83 linux-image-extra-4.4.0-62-generic - 4.4.0-62.83 linux-image-4.4.0-62-generic-lpae - 4.4.0-62.83 linux-image-4.4.0-62-generic - 4.4.0-62.83 No subscription required Medium CVE-2016-10147 CVE-2016-8399 Ubuntu 16.04 LTS A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-3191-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.14.3-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.14.3-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-dev - 2.14.3-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 - 2.14.3-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-18 - 2.14.3-0ubuntu0.16.04.1 libwebkit2gtk-4.0-doc - 2.14.3-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-bin - 2.14.3-0ubuntu0.16.04.1 gir1.2-webkit2-4.0 - 2.14.3-0ubuntu0.16.04.1 libwebkit2gtk-4.0-dev - 2.14.3-0ubuntu0.16.04.1 No subscription required Medium CVE-2016-7586 CVE-2016-7589 CVE-2016-7592 CVE-2016-7599 CVE-2016-7623 CVE-2016-7632 CVE-2016-7635 CVE-2016-7639 CVE-2016-7641 CVE-2016-7645 CVE-2016-7652 CVE-2016-7654 CVE-2016-7656 Ubuntu 16.04 LTS Saulius Lapinskas discovered that Squid incorrectly handled processing HTTP conditional requests. A remote attacker could possibly use this issue to obtain sensitive information related to other clients' browsing sessions. (CVE-2016-10002) Felix Hassert discovered that Squid incorrectly handled certain HTTP Request headers when using the Collapsed Forwarding feature. A remote attacker could possibly use this issue to obtain sensitive information related to other clients' browsing sessions. This issue only applied to Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-10003) Update Instructions: Run `sudo pro fix USN-3192-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squid-common - 3.5.12-1ubuntu7.3 squid - 3.5.12-1ubuntu7.3 squid-cgi - 3.5.12-1ubuntu7.3 squid-purge - 3.5.12-1ubuntu7.3 squidclient - 3.5.12-1ubuntu7.3 squid3 - 3.5.12-1ubuntu7.3 No subscription required Medium CVE-2016-10002 CVE-2016-10003 Ubuntu 16.04 LTS It was discovered that Nettle incorrectly mitigated certain timing side-channel attacks. A remote attacker could possibly use this flaw to recover private keys. Update Instructions: Run `sudo pro fix USN-3193-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nettle-bin - 3.2-1ubuntu0.16.04.1 libnettle6 - 3.2-1ubuntu0.16.04.1 libhogweed4 - 3.2-1ubuntu0.16.04.1 nettle-dev - 3.2-1ubuntu0.16.04.1 No subscription required Medium CVE-2016-6489 Ubuntu 16.04 LTS James Page discovered that Nova-LXD incorrectly set up virtual network devices when creating LXD instances. This could result in an unintended firewall configuration. Update Instructions: Run `sudo pro fix USN-3195-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nova-compute-lxd - 13.2.0-0ubuntu1.16.04.1 python-nova.lxd - 13.2.0-0ubuntu1.16.04.1 python-nova-lxd - 13.2.0-0ubuntu1.16.04.1 No subscription required Medium CVE-2017-5936 https://launchpad.net/bugs/1656847 Ubuntu 16.04 LTS Kuang-che Wu discovered that multiple integer overflow vulnerabilities existed in libgc. An attacker could use these to cause a denial of service (application crash) or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3197-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgc-dev - 1:7.4.2-7.3ubuntu0.1 libgc1c2 - 1:7.4.2-7.3ubuntu0.1 No subscription required Medium CVE-2016-9427 Ubuntu 16.04 LTS It was discovered that the ALGnew function in block_templace.c in the Python Cryptography Toolkit contained a heap-based buffer overflow vulnerability. A remote attacker could use this flaw to execute arbitrary code by using a crafted initialization vector parameter. Update Instructions: Run `sudo pro fix USN-3199-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-crypto-doc - 2.6.1-6ubuntu0.16.04.1 python3-crypto - 2.6.1-6ubuntu0.16.04.1 python-crypto - 2.6.1-6ubuntu0.16.04.1 No subscription required Medium CVE-2013-7459 Ubuntu 16.04 LTS USN-3199-1 fixed a vulnerability in the Python Cryptography Toolkit. Unfortunately, various programs depended on the original behavior of the Python Cryptography Toolkit which was altered when fixing the vulnerability. This update retains the fix for the vulnerability but issues a warning rather than throwing an exception. Code which produces this warning should be updated because future versions of the Python Cryptography Toolkit re-introduce the exception. We apologize for the inconvenience. Original advisory details: It was discovered that the ALGnew function in block_template.c in the Python Cryptography Toolkit contained a heap-based buffer overflow vulnerability. A remote attacker could use this flaw to execute arbitrary code by using a crafted initialization vector parameter. Update Instructions: Run `sudo pro fix USN-3199-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-crypto-doc - 2.6.1-6ubuntu0.16.04.2 python3-crypto - 2.6.1-6ubuntu0.16.04.2 python-crypto - 2.6.1-6ubuntu0.16.04.2 No subscription required Medium CVE-2013-7459 Ubuntu 16.04 LTS A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-3200-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.14.5-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.14.5-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-dev - 2.14.5-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 - 2.14.5-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-18 - 2.14.5-0ubuntu0.16.04.1 libwebkit2gtk-4.0-doc - 2.14.5-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-bin - 2.14.5-0ubuntu0.16.04.1 gir1.2-webkit2-4.0 - 2.14.5-0ubuntu0.16.04.1 libwebkit2gtk-4.0-dev - 2.14.5-0ubuntu0.16.04.1 No subscription required Medium CVE-2017-2350 CVE-2017-2354 CVE-2017-2355 CVE-2017-2356 CVE-2017-2362 CVE-2017-2363 CVE-2017-2364 CVE-2017-2365 CVE-2017-2366 CVE-2017-2369 CVE-2017-2371 CVE-2017-2373 Ubuntu 16.04 LTS It was discovered that Bind incorrectly handled rewriting certain query responses when using both DNS64 and RPZ. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3201-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libisccfg-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.5 libisc160 - 1:9.10.3.dfsg.P4-8ubuntu1.5 libisccc-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.5 libdns162 - 1:9.10.3.dfsg.P4-8ubuntu1.5 libbind-dev - 1:9.10.3.dfsg.P4-8ubuntu1.5 libisc-export160-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.5 liblwres141 - 1:9.10.3.dfsg.P4-8ubuntu1.5 libisccc-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.5 libisccfg-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.5 bind9 - 1:9.10.3.dfsg.P4-8ubuntu1.5 libisc-export160 - 1:9.10.3.dfsg.P4-8ubuntu1.5 libdns-export162-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.5 bind9-doc - 1:9.10.3.dfsg.P4-8ubuntu1.5 libbind-export-dev - 1:9.10.3.dfsg.P4-8ubuntu1.5 libisccc140 - 1:9.10.3.dfsg.P4-8ubuntu1.5 host - 1:9.10.3.dfsg.P4-8ubuntu1.5 libisccfg140 - 1:9.10.3.dfsg.P4-8ubuntu1.5 bind9-host - 1:9.10.3.dfsg.P4-8ubuntu1.5 dnsutils - 1:9.10.3.dfsg.P4-8ubuntu1.5 libdns-export162 - 1:9.10.3.dfsg.P4-8ubuntu1.5 bind9utils - 1:9.10.3.dfsg.P4-8ubuntu1.5 libirs-export141-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.5 libbind9-140 - 1:9.10.3.dfsg.P4-8ubuntu1.5 libirs141 - 1:9.10.3.dfsg.P4-8ubuntu1.5 libirs-export141 - 1:9.10.3.dfsg.P4-8ubuntu1.5 lwresd - 1:9.10.3.dfsg.P4-8ubuntu1.5 No subscription required Medium CVE-2017-3135 Ubuntu 16.04 LTS Frediano Ziglio discovered that Spice incorrectly handled certain client messages. A remote attacker could use this issue to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3202-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libspice-server1 - 0.12.6-4ubuntu0.2 libspice-server-dev - 0.12.6-4ubuntu0.2 No subscription required Medium CVE-2016-9577 CVE-2016-9578 Ubuntu 16.04 LTS It was discovered that tcpdump incorrectly handled certain packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the tcpdump AppArmor profile. Update Instructions: Run `sudo pro fix USN-3205-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tcpdump - 4.9.0-1ubuntu1~ubuntu16.04.1 No subscription required Medium CVE-2016-7922 CVE-2016-7923 CVE-2016-7924 CVE-2016-7925 CVE-2016-7926 CVE-2016-7927 CVE-2016-7928 CVE-2016-7929 CVE-2016-7930 CVE-2016-7931 CVE-2016-7932 CVE-2016-7933 CVE-2016-7934 CVE-2016-7935 CVE-2016-7936 CVE-2016-7937 CVE-2016-7938 CVE-2016-7939 CVE-2016-7940 CVE-2016-7973 CVE-2016-7974 CVE-2016-7975 CVE-2016-7983 CVE-2016-7984 CVE-2016-7985 CVE-2016-7986 CVE-2016-7992 CVE-2016-7993 CVE-2016-8574 CVE-2016-8575 CVE-2017-5202 CVE-2017-5203 CVE-2017-5204 CVE-2017-5205 CVE-2017-5341 CVE-2017-5342 CVE-2017-5482 CVE-2017-5483 CVE-2017-5484 CVE-2017-5485 CVE-2017-5486 Ubuntu 16.04 LTS It was discovered that the generic SCSI block layer in the Linux kernel did not properly restrict write operations in certain situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2016-10088) CAI Qian discovered that the sysctl implementation in the Linux kernel did not properly perform reference counting in some situations. An unprivileged attacker could use this to cause a denial of service (system hang). (CVE-2016-9191) Jim Mattson discovered that the KVM implementation in the Linux kernel mismanages the #BP and #OF exceptions. A local attacker in a guest virtual machine could use this to cause a denial of service (guest OS crash). (CVE-2016-9588) Andy Lutomirski and Willy Tarreau discovered that the KVM implementation in the Linux kernel did not properly emulate instructions on the SS segment register. A local attacker in a guest virtual machine could use this to cause a denial of service (guest OS crash) or possibly gain administrative privileges in the guest OS. (CVE-2017-2583) Dmitry Vyukov discovered that the KVM implementation in the Linux kernel improperly emulated certain instructions. A local attacker could use this to obtain sensitive information (kernel memory). (CVE-2017-2584) It was discovered that the KLSI KL5KUSB105 serial-to-USB device driver in the Linux kernel did not properly initialize memory related to logging. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-5549) Andrey Konovalov discovered a use-after-free vulnerability in the DCCP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2017-6074) Update Instructions: Run `sudo pro fix USN-3208-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1048-snapdragon - 4.4.0-1048.52 No subscription required linux-image-4.4.0-64-powerpc64-emb - 4.4.0-64.85 linux-image-4.4.0-64-powerpc64-smp - 4.4.0-64.85 linux-image-4.4.0-64-generic - 4.4.0-64.85 linux-image-4.4.0-64-powerpc-e500mc - 4.4.0-64.85 linux-image-4.4.0-64-lowlatency - 4.4.0-64.85 linux-image-4.4.0-64-powerpc-smp - 4.4.0-64.85 linux-image-4.4.0-64-generic-lpae - 4.4.0-64.85 linux-image-extra-4.4.0-64-generic - 4.4.0-64.85 No subscription required High CVE-2016-10088 CVE-2016-9191 CVE-2016-9588 CVE-2017-2583 CVE-2017-2584 CVE-2017-5549 CVE-2017-6074 Ubuntu 16.04 LTS Ben Hayak discovered that it was possible to make LibreOffice Calc and Writer disclose arbitrary files to an attacker if a user opened a specially crafted file with embedded links. Update Instructions: Run `sudo pro fix USN-3210-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libreoffice-mysql-connector - 1.0.2+LibO5.1.6~rc2-0ubuntu1~xenial1 No subscription required libreoffice-wiki-publisher - 1.2.0+LibO5.1.6~rc2-0ubuntu1~xenial1 No subscription required libreoffice-impress - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-officebean - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-base - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-librelogo - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-java-common - 1:5.1.6~rc2-0ubuntu1~xenial1 gir1.2-lokdocview-0.1 - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-subsequentcheckbase - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-style-elementary - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-kde - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-style-galaxy - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-style-hicontrast - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-core - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-script-provider-bsh - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-avmedia-backend-gstreamer - 1:5.1.6~rc2-0ubuntu1~xenial1 libreofficekit-dev - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-script-provider-python - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-common - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-gnome - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-dev - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-gtk3 - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-report-builder - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-pdfimport - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-base-core - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-ogltrans - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-sdbc-hsqldb - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-gtk - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-calc - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-base-drivers - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-style-oxygen - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-style-tango - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-style-human - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-sdbc-firebird - 1:5.1.6~rc2-0ubuntu1~xenial1 python3-uno - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-math - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-writer - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-report-builder-bin - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-style-breeze - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-script-provider-js - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-draw - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-style-sifr - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-dev-doc - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-l10n-in - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-l10n-za - 1:5.1.6~rc2-0ubuntu1~xenial1 libreoffice-sdbc-postgresql - 1:5.1.6~rc2-0ubuntu1~xenial1 No subscription required fonts-opensymbol - 2:102.7+LibO5.1.6~rc2-0ubuntu1~xenial1 No subscription required uno-libs3 - 5.1.6~rc2-0ubuntu1~xenial1 ure - 5.1.6~rc2-0ubuntu1~xenial1 No subscription required Medium CVE-2017-3157 Ubuntu 16.04 LTS It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7479) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9137) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9935) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9936) It was discovered that PHP incorrectly handled certain EXIF data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10158) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash or consume resources, resulting in a denial of service. (CVE-2016-10159) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-10160) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10161) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10162) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-5340) Update Instructions: Run `sudo pro fix USN-3211-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.0-cgi - 7.0.15-0ubuntu0.16.04.2 php7.0-mcrypt - 7.0.15-0ubuntu0.16.04.2 php7.0-xsl - 7.0.15-0ubuntu0.16.04.2 php7.0-fpm - 7.0.15-0ubuntu0.16.04.2 libphp7.0-embed - 7.0.15-0ubuntu0.16.04.2 php7.0-phpdbg - 7.0.15-0ubuntu0.16.04.2 php7.0-curl - 7.0.15-0ubuntu0.16.04.2 php7.0-ldap - 7.0.15-0ubuntu0.16.04.2 php7.0-mbstring - 7.0.15-0ubuntu0.16.04.2 php7.0-gmp - 7.0.15-0ubuntu0.16.04.2 php7.0-sqlite3 - 7.0.15-0ubuntu0.16.04.2 php7.0-gd - 7.0.15-0ubuntu0.16.04.2 php7.0-common - 7.0.15-0ubuntu0.16.04.2 php7.0-enchant - 7.0.15-0ubuntu0.16.04.2 php7.0-odbc - 7.0.15-0ubuntu0.16.04.2 php7.0-cli - 7.0.15-0ubuntu0.16.04.2 php7.0-json - 7.0.15-0ubuntu0.16.04.2 php7.0-pgsql - 7.0.15-0ubuntu0.16.04.2 libapache2-mod-php7.0 - 7.0.15-0ubuntu0.16.04.2 php7.0-zip - 7.0.15-0ubuntu0.16.04.2 php7.0-mysql - 7.0.15-0ubuntu0.16.04.2 php7.0-dba - 7.0.15-0ubuntu0.16.04.2 php7.0-sybase - 7.0.15-0ubuntu0.16.04.2 php7.0-pspell - 7.0.15-0ubuntu0.16.04.2 php7.0-xml - 7.0.15-0ubuntu0.16.04.2 php7.0-bz2 - 7.0.15-0ubuntu0.16.04.2 php7.0-recode - 7.0.15-0ubuntu0.16.04.2 php7.0-soap - 7.0.15-0ubuntu0.16.04.2 php7.0 - 7.0.15-0ubuntu0.16.04.2 php7.0-tidy - 7.0.15-0ubuntu0.16.04.2 php7.0-interbase - 7.0.15-0ubuntu0.16.04.2 php7.0-opcache - 7.0.15-0ubuntu0.16.04.2 php7.0-readline - 7.0.15-0ubuntu0.16.04.2 php7.0-intl - 7.0.15-0ubuntu0.16.04.2 php7.0-imap - 7.0.15-0ubuntu0.16.04.2 php7.0-xmlrpc - 7.0.15-0ubuntu0.16.04.2 php7.0-bcmath - 7.0.15-0ubuntu0.16.04.2 php7.0-dev - 7.0.15-0ubuntu0.16.04.2 php7.0-snmp - 7.0.15-0ubuntu0.16.04.2 No subscription required Medium CVE-2016-7479 CVE-2016-9137 CVE-2016-9935 CVE-2016-9936 CVE-2016-10158 CVE-2016-10159 CVE-2016-10160 CVE-2016-10161 CVE-2016-10162 CVE-2017-5340 Ubuntu 16.04 LTS USN-3211-1 fixed vulnerabilities in PHP by updating to the new 7.0.15 upstream release. PHP 7.0.15 introduced a regression when using MySQL with large blobs. This update fixes the problem with a backported fix. Original advisory details: It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7479) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9137) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9935) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9936) It was discovered that PHP incorrectly handled certain EXIF data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10158) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash or consume resources, resulting in a denial of service. (CVE-2016-10159) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-10160) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10161) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10162) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-5340) Update Instructions: Run `sudo pro fix USN-3211-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.0-cgi - 7.0.15-0ubuntu0.16.04.4 php7.0-mcrypt - 7.0.15-0ubuntu0.16.04.4 php7.0-xsl - 7.0.15-0ubuntu0.16.04.4 php7.0-fpm - 7.0.15-0ubuntu0.16.04.4 libphp7.0-embed - 7.0.15-0ubuntu0.16.04.4 php7.0-phpdbg - 7.0.15-0ubuntu0.16.04.4 php7.0-curl - 7.0.15-0ubuntu0.16.04.4 php7.0-ldap - 7.0.15-0ubuntu0.16.04.4 php7.0-mbstring - 7.0.15-0ubuntu0.16.04.4 php7.0-gmp - 7.0.15-0ubuntu0.16.04.4 php7.0-sqlite3 - 7.0.15-0ubuntu0.16.04.4 php7.0-gd - 7.0.15-0ubuntu0.16.04.4 php7.0-common - 7.0.15-0ubuntu0.16.04.4 php7.0-enchant - 7.0.15-0ubuntu0.16.04.4 php7.0-odbc - 7.0.15-0ubuntu0.16.04.4 php7.0-cli - 7.0.15-0ubuntu0.16.04.4 php7.0-json - 7.0.15-0ubuntu0.16.04.4 php7.0-pgsql - 7.0.15-0ubuntu0.16.04.4 libapache2-mod-php7.0 - 7.0.15-0ubuntu0.16.04.4 php7.0-zip - 7.0.15-0ubuntu0.16.04.4 php7.0-mysql - 7.0.15-0ubuntu0.16.04.4 php7.0-dba - 7.0.15-0ubuntu0.16.04.4 php7.0-sybase - 7.0.15-0ubuntu0.16.04.4 php7.0-pspell - 7.0.15-0ubuntu0.16.04.4 php7.0-xml - 7.0.15-0ubuntu0.16.04.4 php7.0-bz2 - 7.0.15-0ubuntu0.16.04.4 php7.0-recode - 7.0.15-0ubuntu0.16.04.4 php7.0-soap - 7.0.15-0ubuntu0.16.04.4 php7.0 - 7.0.15-0ubuntu0.16.04.4 php7.0-tidy - 7.0.15-0ubuntu0.16.04.4 php7.0-interbase - 7.0.15-0ubuntu0.16.04.4 php7.0-opcache - 7.0.15-0ubuntu0.16.04.4 php7.0-readline - 7.0.15-0ubuntu0.16.04.4 php7.0-intl - 7.0.15-0ubuntu0.16.04.4 php7.0-imap - 7.0.15-0ubuntu0.16.04.4 php7.0-xmlrpc - 7.0.15-0ubuntu0.16.04.4 php7.0-bcmath - 7.0.15-0ubuntu0.16.04.4 php7.0-dev - 7.0.15-0ubuntu0.16.04.4 php7.0-snmp - 7.0.15-0ubuntu0.16.04.4 No subscription required None https://launchpad.net/bugs/1668017 Ubuntu 16.04 LTS It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Update Instructions: Run `sudo pro fix USN-3212-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.6-1ubuntu0.1 libtiffxx5 - 4.0.6-1ubuntu0.1 libtiff5-dev - 4.0.6-1ubuntu0.1 libtiff5 - 4.0.6-1ubuntu0.1 libtiff-tools - 4.0.6-1ubuntu0.1 libtiff-doc - 4.0.6-1ubuntu0.1 No subscription required Medium CVE-2015-7554 CVE-2015-8668 CVE-2016-10092 CVE-2016-10093 CVE-2016-10094 CVE-2016-3622 CVE-2016-3623 CVE-2016-3624 CVE-2016-3632 CVE-2016-3658 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5314 CVE-2016-5315 CVE-2016-5316 CVE-2016-5317 CVE-2016-5321 CVE-2016-5322 CVE-2016-5323 CVE-2016-5652 CVE-2016-6223 CVE-2016-8331 CVE-2016-9273 CVE-2016-9297 CVE-2016-9448 CVE-2016-9453 CVE-2016-9532 CVE-2016-9533 CVE-2016-9534 CVE-2016-9535 CVE-2016-9536 CVE-2016-9537 CVE-2016-9538 CVE-2016-9539 CVE-2016-9540 CVE-2017-5225 Ubuntu 16.04 LTS USN-3212-1 fixed vulnerabilities in LibTIFF. Unfortunately, some of the security patches were misapplied, which caused a regression when processing certain images. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Update Instructions: Run `sudo pro fix USN-3212-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.6-1ubuntu0.2 libtiffxx5 - 4.0.6-1ubuntu0.2 libtiff5-dev - 4.0.6-1ubuntu0.2 libtiff5 - 4.0.6-1ubuntu0.2 libtiff-tools - 4.0.6-1ubuntu0.2 libtiff-doc - 4.0.6-1ubuntu0.2 No subscription required None https://launchpad.net/bugs/1670036 Ubuntu 16.04 LTS Stefan Esser discovered that the GD library incorrectly handled memory when processing certain images. If a user or automated system were tricked into processing a specially crafted image, an attacker could cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-10166) It was discovered that the GD library incorrectly handled certain malformed images. If a user or automated system were tricked into processing a specially crafted image, an attacker could cause a denial of service. (CVE-2016-10167) It was discovered that the GD library incorrectly handled certain malformed images. If a user or automated system were tricked into processing a specially crafted image, an attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2016-10168) Ibrahim El-Sayed discovered that the GD library incorrectly handled certain malformed TGA images. If a user or automated system were tricked into processing a specially crafted TGA image, an attacker could cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-6906) Ibrahim El-Sayed discovered that the GD library incorrectly handled certain malformed WebP images. If a user or automated system were tricked into processing a specially crafted WebP image, an attacker could cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-6912) It was discovered that the GD library incorrectly handled creating oversized images. If a user or automated system were tricked into creating a specially crafted image, an attacker could cause a denial of service. (CVE-2016-9317) It was discovered that the GD library incorrectly handled filling certain images. If a user or automated system were tricked into filling an image, an attacker could cause a denial of service. (CVE-2016-9933) Update Instructions: Run `sudo pro fix USN-3213-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgd3 - 2.1.1-4ubuntu0.16.04.6 libgd-tools - 2.1.1-4ubuntu0.16.04.6 libgd-dev - 2.1.1-4ubuntu0.16.04.6 No subscription required Medium CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-6906 CVE-2016-6912 CVE-2016-9317 CVE-2016-9933 Ubuntu 16.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass same origin restrictions, obtain sensitive information, spoof the addressbar, spoof the print dialog, cause a denial of service via application crash or hang, or execute arbitrary code. (CVE-2017-5398, CVE-2017-5399, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5403, CVE-2017-5404, CVE-2017-5405, CVE-2017-5406, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5412, CVE-2017-5413, CVE-2017-5414, CVE-2017-5415, CVE-2017-5416, CVE-2017-5417, CVE-2017-5418, CVE-2017-5419, CVE-2017-5420, CVE-2017-5421, CVE-2017-5422, CVE-2017-5426, CVE-2017-5427) Update Instructions: Run `sudo pro fix USN-3216-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-nn - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-nb - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-fa - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-fi - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-fr - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-fy - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-or - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-kab - 52.0+build2-0ubuntu0.16.04.1 firefox-testsuite - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-oc - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-cs - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-ga - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-gd - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-gn - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-gl - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-gu - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-pa - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-pl - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-cy - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-pt - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-hi - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-ms - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-he - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-hy - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-hr - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-hu - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-it - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-as - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-ar - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-az - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-id - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-mai - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-af - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-is - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-vi - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-an - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-bs - 52.0+build2-0ubuntu0.16.04.1 firefox - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-ro - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-ja - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-ru - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-br - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-zh-hant - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-zh-hans - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-bn - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-be - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-bg - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-sl - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-sk - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-si - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-sw - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-sv - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-sr - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-sq - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-ko - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-kn - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-km - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-kk - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-ka - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-xh - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-ca - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-ku - 52.0+build2-0ubuntu0.16.04.1 firefox-mozsymbols - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-lv - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-lt - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-th - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-hsb - 52.0+build2-0ubuntu0.16.04.1 firefox-dev - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-te - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-cak - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-ta - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-lg - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-tr - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-nso - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-de - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-da - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-uk - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-mr - 52.0+build2-0ubuntu0.16.04.1 firefox-globalmenu - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-uz - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-ml - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-mn - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-mk - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-eu - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-et - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-es - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-csb - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-el - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-eo - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-en - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-zu - 52.0+build2-0ubuntu0.16.04.1 firefox-locale-ast - 52.0+build2-0ubuntu0.16.04.1 No subscription required Medium CVE-2017-5398 CVE-2017-5399 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5403 CVE-2017-5404 CVE-2017-5405 CVE-2017-5406 CVE-2017-5407 CVE-2017-5408 CVE-2017-5410 CVE-2017-5412 CVE-2017-5413 CVE-2017-5414 CVE-2017-5415 CVE-2017-5416 CVE-2017-5417 CVE-2017-5418 CVE-2017-5419 CVE-2017-5420 CVE-2017-5421 CVE-2017-5422 CVE-2017-5426 CVE-2017-5427 Ubuntu 16.04 LTS USN-3216-1 fixed vulnerabilities in Firefox. The update resulted in a startup crash when Firefox is used with XRDP. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass same origin restrictions, obtain sensitive information, spoof the addressbar, spoof the print dialog, cause a denial of service via application crash or hang, or execute arbitrary code. (CVE-2017-5398, CVE-2017-5399, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5403, CVE-2017-5404, CVE-2017-5405, CVE-2017-5406, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5412, CVE-2017-5413, CVE-2017-5414, CVE-2017-5415, CVE-2017-5416, CVE-2017-5417, CVE-2017-5418, CVE-2017-5419, CVE-2017-5420, CVE-2017-5421, CVE-2017-5422, CVE-2017-5426, CVE-2017-5427) Update Instructions: Run `sudo pro fix USN-3216-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nn - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nb - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fa - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fi - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fr - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fy - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-or - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kab - 52.0.2+build1-0ubuntu0.16.04.1 firefox-testsuite - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-oc - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cs - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ga - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gd - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gn - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gl - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gu - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pa - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pl - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cy - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pt - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hi - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ms - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-he - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hy - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hr - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hu - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-it - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-as - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ar - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-az - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-id - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mai - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-af - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-is - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-vi - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-an - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bs - 52.0.2+build1-0ubuntu0.16.04.1 firefox - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ro - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ja - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ru - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-br - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zh-hant - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zh-hans - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bn - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-be - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bg - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sl - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sk - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-si - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sw - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sv - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sr - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sq - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ko - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kn - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-km - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kk - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ka - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-xh - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ca - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ku - 52.0.2+build1-0ubuntu0.16.04.1 firefox-mozsymbols - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lv - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lt - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-th - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hsb - 52.0.2+build1-0ubuntu0.16.04.1 firefox-dev - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-te - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cak - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ta - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lg - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-tr - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nso - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-de - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-da - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-uk - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mr - 52.0.2+build1-0ubuntu0.16.04.1 firefox-globalmenu - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-uz - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ml - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mn - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mk - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-eu - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-et - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-es - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-csb - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-el - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-eo - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-en - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zu - 52.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ast - 52.0.2+build1-0ubuntu0.16.04.1 No subscription required None https://launchpad.net/bugs/1671079 Ubuntu 16.04 LTS Frederic Bardy and Quentin Biguenet discovered that network-manager-applet incorrectly checked permissions when connecting to certain wireless networks. A local attacker could use this issue at the login screen to access local files. Update Instructions: Run `sudo pro fix USN-3217-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-nmgtk-1.0 - 1.2.6-0ubuntu0.16.04.2 libnm-gtk-common - 1.2.6-0ubuntu0.16.04.2 libnma-common - 1.2.6-0ubuntu0.16.04.2 network-manager-gnome - 1.2.6-0ubuntu0.16.04.2 libnma-dev - 1.2.6-0ubuntu0.16.04.2 libnma0 - 1.2.6-0ubuntu0.16.04.2 libnm-gtk-dev - 1.2.6-0ubuntu0.16.04.2 libnm-gtk0 - 1.2.6-0ubuntu0.16.04.2 gir1.2-nma-1.0 - 1.2.6-0ubuntu0.16.04.2 No subscription required None https://launchpad.net/bugs/1668321 Ubuntu 16.04 LTS Alexander Popov discovered that the N_HDLC line discipline implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. Update Instructions: Run `sudo pro fix USN-3220-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1005-gke - 4.4.0-1005.6 linux-image-extra-4.4.0-1005-gke - 4.4.0-1005.6 No subscription required linux-image-4.4.0-1046-raspi2 - 4.4.0-1046.53 No subscription required linux-image-4.4.0-1050-snapdragon - 4.4.0-1050.54 No subscription required linux-image-4.4.0-66-powerpc64-emb - 4.4.0-66.87 linux-image-4.4.0-66-generic - 4.4.0-66.87 linux-image-extra-4.4.0-66-generic - 4.4.0-66.87 linux-image-4.4.0-66-powerpc64-smp - 4.4.0-66.87 linux-image-4.4.0-66-generic-lpae - 4.4.0-66.87 linux-image-4.4.0-66-lowlatency - 4.4.0-66.87 linux-image-4.4.0-66-powerpc-smp - 4.4.0-66.87 linux-image-4.4.0-66-powerpc-e500mc - 4.4.0-66.87 No subscription required High CVE-2017-2636 Ubuntu 16.04 LTS USN-3220-1 fixed a vulnerability in the Linux kernel. This update provides the corresponding updates for the Linux kernel for Amazon Web Services (AWS). Alexander Popov discovered that the N_HDLC line discipline implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. Update Instructions: Run `sudo pro fix USN-3220-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1007-aws - 4.4.0-1007.16 No subscription required High CVE-2017-2636 Ubuntu 16.04 LTS USN-3221-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. Alexander Popov discovered that the N_HDLC line discipline implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2017-2636) Update Instructions: Run `sudo pro fix USN-3221-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.8.0-41-generic - 4.8.0-41.44~16.04.1 linux-image-4.8.0-41-generic-lpae - 4.8.0-41.44~16.04.1 linux-image-extra-4.8.0-41-generic - 4.8.0-41.44~16.04.1 linux-image-4.8.0-41-lowlatency - 4.8.0-41.44~16.04.1 No subscription required High CVE-2017-2636 Ubuntu 16.04 LTS It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-3222-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.8.9.9-7ubuntu5.5 libmagickcore-6.q16-dev - 8:6.8.9.9-7ubuntu5.5 libmagickcore-dev - 8:6.8.9.9-7ubuntu5.5 imagemagick - 8:6.8.9.9-7ubuntu5.5 imagemagick-doc - 8:6.8.9.9-7ubuntu5.5 libmagickwand-dev - 8:6.8.9.9-7ubuntu5.5 libmagickwand-6.q16-dev - 8:6.8.9.9-7ubuntu5.5 libmagick++-6-headers - 8:6.8.9.9-7ubuntu5.5 libimage-magick-q16-perl - 8:6.8.9.9-7ubuntu5.5 libimage-magick-perl - 8:6.8.9.9-7ubuntu5.5 libmagick++-dev - 8:6.8.9.9-7ubuntu5.5 imagemagick-6.q16 - 8:6.8.9.9-7ubuntu5.5 libmagick++-6.q16-5v5 - 8:6.8.9.9-7ubuntu5.5 perlmagick - 8:6.8.9.9-7ubuntu5.5 libmagickwand-6.q16-2 - 8:6.8.9.9-7ubuntu5.5 libmagickcore-6-arch-config - 8:6.8.9.9-7ubuntu5.5 libmagick++-6.q16-dev - 8:6.8.9.9-7ubuntu5.5 libmagickcore-6.q16-2-extra - 8:6.8.9.9-7ubuntu5.5 libmagickcore-6-headers - 8:6.8.9.9-7ubuntu5.5 libmagickwand-6-headers - 8:6.8.9.9-7ubuntu5.5 libmagickcore-6.q16-2 - 8:6.8.9.9-7ubuntu5.5 No subscription required Medium CVE-2016-10062 CVE-2016-10144 CVE-2016-10145 CVE-2016-10146 CVE-2016-8707 CVE-2017-5506 CVE-2017-5507 CVE-2017-5508 CVE-2017-5510 CVE-2017-5511 Ubuntu 16.04 LTS Jann Horn discovered that LXC incorrectly verified permissions when creating virtual network interfaces. A local attacker could possibly use this issue to create virtual network interfaces in network namespaces that they do not own. Update Instructions: Run `sudo pro fix USN-3224-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lxc-common - 2.0.7-0ubuntu1~16.04.2 lxc-dev - 2.0.7-0ubuntu1~16.04.2 liblxc1 - 2.0.7-0ubuntu1~16.04.2 lua-lxc - 2.0.7-0ubuntu1~16.04.2 lxc-templates - 2.0.7-0ubuntu1~16.04.2 python3-lxc - 2.0.7-0ubuntu1~16.04.2 lxc1 - 2.0.7-0ubuntu1~16.04.2 lxc - 2.0.7-0ubuntu1~16.04.2 lxc-tests - 2.0.7-0ubuntu1~16.04.2 No subscription required Medium CVE-2017-5985 Ubuntu 16.04 LTS It was discovered that libarchive incorrectly handled hardlink entries when extracting archives. A remote attacker could possibly use this issue to overwrite arbitrary files. (CVE-2016-5418) Christian Wressnegger, Alwin Maier, and Fabian Yamaguchi discovered that libarchive incorrectly handled filename lengths when writing ISO9660 archives. A remote attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6250) Alexander Cherepanov discovered that libarchive incorrectly handled recursive decompressions. A remote attacker could possibly use this issue to cause libarchive to hang, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-7166) It was discovered that libarchive incorrectly handled non-printable multibyte characters in filenames. A remote attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service. (CVE-2016-8687) It was discovered that libarchive incorrectly handled line sizes when extracting certain archives. A remote attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service. (CVE-2016-8688) It was discovered that libarchive incorrectly handled multiple EmptyStream attributes when extracting certain 7zip archives. A remote attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service. (CVE-2016-8689) Jakub Jirasek discovered that libarchive incorrectly handled memory when extracting certain archives. A remote attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service. (CVE-2017-5601) Update Instructions: Run `sudo pro fix USN-3225-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bsdcpio - 3.1.2-11ubuntu0.16.04.3 libarchive13 - 3.1.2-11ubuntu0.16.04.3 bsdtar - 3.1.2-11ubuntu0.16.04.3 libarchive-dev - 3.1.2-11ubuntu0.16.04.3 No subscription required Medium CVE-2016-5418 CVE-2016-6250 CVE-2016-7166 CVE-2016-8687 CVE-2016-8688 CVE-2016-8689 CVE-2017-5601 Ubuntu 16.04 LTS It was discovered that ICU incorrectly handled certain memory operations when processing data. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-3227-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: icu-devtools - 55.1-7ubuntu0.1 libicu55 - 55.1-7ubuntu0.1 libicu-dev - 55.1-7ubuntu0.1 icu-doc - 55.1-7ubuntu0.1 No subscription required Medium CVE-2014-9911 CVE-2015-4844 CVE-2016-0494 CVE-2016-6293 CVE-2016-7415 Ubuntu 16.04 LTS Guido Vranken discovered that libevent incorrectly handled memory when processing certain data. A remote attacker could possibly use this issue with an application that uses libevent to cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3228-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libevent-2.0-5 - 2.0.21-stable-2ubuntu0.16.04.1 libevent-extra-2.0-5 - 2.0.21-stable-2ubuntu0.16.04.1 libevent-pthreads-2.0-5 - 2.0.21-stable-2ubuntu0.16.04.1 libevent-core-2.0-5 - 2.0.21-stable-2ubuntu0.16.04.1 libevent-dev - 2.0.21-stable-2ubuntu0.16.04.1 libevent-openssl-2.0-5 - 2.0.21-stable-2ubuntu0.16.04.1 No subscription required Medium CVE-2016-10195 CVE-2016-10196 CVE-2016-10197 Ubuntu 16.04 LTS It was discovered that Pillow incorrectly handled certain compressed text chunks in PNG images. A remote attacker could possibly use this issue to cause Pillow to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9601) Cris Neckar discovered that Pillow incorrectly handled certain malformed images. A remote attacker could use this issue to cause Pillow to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2016-9189) Cris Neckar discovered that Pillow incorrectly handled certain malformed images. A remote attacker could use this issue to cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9190) Update Instructions: Run `sudo pro fix USN-3230-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-pil.imagetk - 3.1.2-0ubuntu1.1 python-pil-doc - 3.1.2-0ubuntu1.1 python3-pil - 3.1.2-0ubuntu1.1 python-pil.imagetk - 3.1.2-0ubuntu1.1 python-imaging - 3.1.2-0ubuntu1.1 python-pil - 3.1.2-0ubuntu1.1 No subscription required Medium CVE-2014-9601 CVE-2016-9189 CVE-2016-9190 Ubuntu 16.04 LTS It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-3232-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.8.9.9-7ubuntu5.6 libmagickcore-6.q16-dev - 8:6.8.9.9-7ubuntu5.6 libmagickcore-dev - 8:6.8.9.9-7ubuntu5.6 imagemagick - 8:6.8.9.9-7ubuntu5.6 imagemagick-doc - 8:6.8.9.9-7ubuntu5.6 libmagickwand-dev - 8:6.8.9.9-7ubuntu5.6 libmagickwand-6.q16-dev - 8:6.8.9.9-7ubuntu5.6 libmagick++-6-headers - 8:6.8.9.9-7ubuntu5.6 libimage-magick-q16-perl - 8:6.8.9.9-7ubuntu5.6 libimage-magick-perl - 8:6.8.9.9-7ubuntu5.6 libmagick++-dev - 8:6.8.9.9-7ubuntu5.6 imagemagick-6.q16 - 8:6.8.9.9-7ubuntu5.6 libmagick++-6.q16-5v5 - 8:6.8.9.9-7ubuntu5.6 perlmagick - 8:6.8.9.9-7ubuntu5.6 libmagickwand-6.q16-2 - 8:6.8.9.9-7ubuntu5.6 libmagickcore-6-arch-config - 8:6.8.9.9-7ubuntu5.6 libmagick++-6.q16-dev - 8:6.8.9.9-7ubuntu5.6 libmagickcore-6.q16-2-extra - 8:6.8.9.9-7ubuntu5.6 libmagickcore-6-headers - 8:6.8.9.9-7ubuntu5.6 libmagickwand-6-headers - 8:6.8.9.9-7ubuntu5.6 libmagickcore-6.q16-2 - 8:6.8.9.9-7ubuntu5.6 No subscription required Medium CVE-2017-6498 CVE-2017-6499 CVE-2017-6500 Ubuntu 16.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to bypass same origin restrictions, obtain sensitive information, cause a denial of service via application crash or hang, or execute arbitrary code. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5405, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410) Update Instructions: Run `sudo pro fix USN-3233-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-bn - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fr - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-en-us - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-es-es - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nb-no - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-br - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-dsb - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fy - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-vi - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-mk - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-bn-bd - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hu - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-es-ar - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-be - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-bg - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ja - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-lt - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sl - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-en-gb - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-cy - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-si - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-gnome-support - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hr - 1:45.8.0+build1-0ubuntu0.16.04.1 xul-ext-calendar-timezones - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-de - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-en - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-da - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nl - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nn - 1:45.8.0+build1-0ubuntu0.16.04.1 xul-ext-lightning - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ga-ie - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fy-nl - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sv - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pa-in - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sr - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sq - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-he - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hsb - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ar - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-uk - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-globalmenu - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-cn - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ta-lk - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ru - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-cs - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-mozsymbols - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fi - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-testsuite - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ro - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-af - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pt-pt - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sk - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-dev - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hy - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ca - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sv-se - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pt-br - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-el - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pa - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-rm - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ka - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nn-no - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ko - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ga - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ast - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-tr - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-it - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pl - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-gd - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-tw - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-id - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-gl - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nb - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pt - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-eu - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-et - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-hant - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-hans - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-is - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-es - 1:45.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ta - 1:45.8.0+build1-0ubuntu0.16.04.1 No subscription required Medium CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408 CVE-2017-5410 Ubuntu 16.04 LTS Ralf Spenneberg discovered that the ext4 implementation in the Linux kernel did not properly validate meta block groups. An attacker with physical access could use this to specially craft an ext4 image that causes a denial of service (system crash). (CVE-2016-10208) It was discovered that the Linux kernel did not clear the setgid bit during a setxattr call on a tmpfs filesystem. A local attacker could use this to gain elevated group privileges. (CVE-2017-5551) Update Instructions: Run `sudo pro fix USN-3234-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1006-gke - 4.4.0-1006.6 linux-image-extra-4.4.0-1006-gke - 4.4.0-1006.6 No subscription required linux-image-4.4.0-1009-aws - 4.4.0-1009.18 No subscription required linux-image-4.4.0-1048-raspi2 - 4.4.0-1048.55 No subscription required linux-image-4.4.0-1051-snapdragon - 4.4.0-1051.55 No subscription required linux-image-4.4.0-67-lowlatency - 4.4.0-67.88 linux-image-4.4.0-67-generic-lpae - 4.4.0-67.88 linux-image-4.4.0-67-powerpc64-emb - 4.4.0-67.88 linux-image-4.4.0-67-powerpc64-smp - 4.4.0-67.88 linux-image-4.4.0-67-generic - 4.4.0-67.88 linux-image-4.4.0-67-powerpc-e500mc - 4.4.0-67.88 linux-image-extra-4.4.0-67-generic - 4.4.0-67.88 linux-image-4.4.0-67-powerpc-smp - 4.4.0-67.88 No subscription required Medium CVE-2016-10208 CVE-2017-5551 Ubuntu 16.04 LTS It was discovered that libxml2 incorrectly handled format strings. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 16.04 LTS. (CVE-2016-4448) It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-4658) Nick Wellnhofer discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-5131) Update Instructions: Run `sudo pro fix USN-3235-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxml2 - 2.9.3+dfsg1-1ubuntu0.2 libxml2-utils - 2.9.3+dfsg1-1ubuntu0.2 libxml2 - 2.9.3+dfsg1-1ubuntu0.2 libxml2-udeb - 2.9.3+dfsg1-1ubuntu0.2 libxml2-doc - 2.9.3+dfsg1-1ubuntu0.2 libxml2-dev - 2.9.3+dfsg1-1ubuntu0.2 No subscription required Medium CVE-2016-4448 CVE-2016-4658 CVE-2016-5131 Ubuntu 16.04 LTS Multiple vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, spoof application UI by causing the security status API or webview URL to indicate the wrong values, bypass security restrictions, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5029, CVE-2017-5030, CVE-2017-5031, CVE-2017-5033, CVE-2017-5035, CVE-2017-5037, CVE-2017-5040, CVE-2017-5041, CVE-2017-5044, CVE-2017-5045, CVE-2017-5046) Update Instructions: Run `sudo pro fix USN-3236-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liboxideqtcore0 - 1.21.5-0ubuntu0.16.04.1 liboxideqt-qmlplugin - 1.21.5-0ubuntu0.16.04.1 liboxideqtquick-dev - 1.21.5-0ubuntu0.16.04.1 oxideqt-codecs-extra - 1.21.5-0ubuntu0.16.04.1 liboxideqtcore-dev - 1.21.5-0ubuntu0.16.04.1 oxideqt-doc - 1.21.5-0ubuntu0.16.04.1 oxideqt-codecs - 1.21.5-0ubuntu0.16.04.1 liboxideqtquick0 - 1.21.5-0ubuntu0.16.04.1 No subscription required Medium CVE-2017-5029 CVE-2017-5030 CVE-2017-5031 CVE-2017-5033 CVE-2017-5035 CVE-2017-5037 CVE-2017-5040 CVE-2017-5041 CVE-2017-5044 CVE-2017-5045 CVE-2017-5046 Ubuntu 16.04 LTS It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3237-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfreetype6-dev - 2.6.1-0.1ubuntu2.1 libfreetype6-udeb - 2.6.1-0.1ubuntu2.1 freetype2-demos - 2.6.1-0.1ubuntu2.1 libfreetype6 - 2.6.1-0.1ubuntu2.1 No subscription required Medium CVE-2016-10244 Ubuntu 16.04 LTS An integer overflow was discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service via application crash or execute arbitrary code. (CVE-2017-5428) Update Instructions: Run `sudo pro fix USN-3238-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-nn - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-nb - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-fa - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-fi - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-fr - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-fy - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-or - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-kab - 52.0.1+build2-0ubuntu0.16.04.1 firefox-testsuite - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-oc - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-cs - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ga - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-gd - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-gn - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-gl - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-gu - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-pa - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-pl - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-cy - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-pt - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-hi - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ms - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-he - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-hy - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-hr - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-hu - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-it - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-as - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ar - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-az - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-id - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-mai - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-af - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-is - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-vi - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-an - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-bs - 52.0.1+build2-0ubuntu0.16.04.1 firefox - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ro - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ja - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ru - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-br - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-zh-hant - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-zh-hans - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-bn - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-be - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-bg - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-sl - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-sk - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-si - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-sw - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-sv - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-sr - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-sq - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ko - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-kn - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-km - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-kk - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ka - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-xh - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ca - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ku - 52.0.1+build2-0ubuntu0.16.04.1 firefox-mozsymbols - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-lv - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-lt - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-th - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-hsb - 52.0.1+build2-0ubuntu0.16.04.1 firefox-dev - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-te - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-cak - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ta - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-lg - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-tr - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-nso - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-de - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-da - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-uk - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-mr - 52.0.1+build2-0ubuntu0.16.04.1 firefox-globalmenu - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-uz - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ml - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-mn - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-mk - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-eu - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-et - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-es - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-csb - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-el - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-eo - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-en - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-zu - 52.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ast - 52.0.1+build2-0ubuntu0.16.04.1 No subscription required Medium CVE-2017-5428 Ubuntu 16.04 LTS It was discovered that the GNU C Library incorrectly handled the strxfrm() function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982) It was discovered that an integer overflow existed in the _IO_wstr_overflow() function of the GNU C Library. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8983) It was discovered that the fnmatch() function in the GNU C Library did not properly handle certain malformed patterns. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984) Alexander Cherepanov discovered a stack-based buffer overflow in the glob implementation of the GNU C Library. An attacker could use this to specially craft a directory layout and cause a denial of service. (CVE-2016-1234) Florian Weimer discovered a NULL pointer dereference in the DNS resolver of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2015-5180) Michael Petlan discovered an unbounded stack allocation in the getaddrinfo() function of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-3706) Aldy Hernandez discovered an unbounded stack allocation in the sunrpc implementation in the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-4429) Tim Ruehsen discovered that the getaddrinfo() implementation in the GNU C Library did not properly track memory allocations. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-5417) Andreas Schwab discovered that the GNU C Library on ARM 32-bit platforms did not properly set up execution contexts. An attacker could use this to cause a denial of service. (CVE-2016-6323) Update Instructions: Run `sudo pro fix USN-3239-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc6-i386 - 2.23-0ubuntu6 libc6-ppc64 - 2.23-0ubuntu6 libc6-dev-s390 - 2.23-0ubuntu6 glibc-source - 2.23-0ubuntu6 libc-bin - 2.23-0ubuntu6 libc6-x32 - 2.23-0ubuntu6 libc6-s390 - 2.23-0ubuntu6 libc6-armel - 2.23-0ubuntu6 libc6-pic - 2.23-0ubuntu6 libc6-dev-ppc64 - 2.23-0ubuntu6 libc6-dev-armel - 2.23-0ubuntu6 glibc-doc - 2.23-0ubuntu6 multiarch-support - 2.23-0ubuntu6 libc6-dev - 2.23-0ubuntu6 libc6-amd64 - 2.23-0ubuntu6 libc6-dev-amd64 - 2.23-0ubuntu6 libc6 - 2.23-0ubuntu6 locales-all - 2.23-0ubuntu6 libc6-dev-x32 - 2.23-0ubuntu6 locales - 2.23-0ubuntu6 libc6-udeb - 2.23-0ubuntu6 libc6-dev-i386 - 2.23-0ubuntu6 libc-dev-bin - 2.23-0ubuntu6 nscd - 2.23-0ubuntu6 No subscription required Medium CVE-2015-5180 CVE-2015-8982 CVE-2015-8983 CVE-2015-8984 CVE-2016-1234 CVE-2016-3706 CVE-2016-4429 CVE-2016-5417 CVE-2016-6323 Ubuntu 16.04 LTS USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately, the fix for CVE-2015-5180 introduced an internal ABI change within the resolver library. This update reverts the change. We apologize for the inconvenience. Please note that long-running services that were restarted to compensate for the USN-3239-1 update may need to be restarted again. Original advisory details: It was discovered that the GNU C Library incorrectly handled the strxfrm() function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982) It was discovered that an integer overflow existed in the _IO_wstr_overflow() function of the GNU C Library. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8983) It was discovered that the fnmatch() function in the GNU C Library did not properly handle certain malformed patterns. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984) Alexander Cherepanov discovered a stack-based buffer overflow in the glob implementation of the GNU C Library. An attacker could use this to specially craft a directory layout and cause a denial of service. (CVE-2016-1234) Florian Weimer discovered a NULL pointer dereference in the DNS resolver of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2015-5180) Michael Petlan discovered an unbounded stack allocation in the getaddrinfo() function of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-3706) Aldy Hernandez discovered an unbounded stack allocation in the sunrpc implementation in the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-4429) Tim Ruehsen discovered that the getaddrinfo() implementation in the GNU C Library did not properly track memory allocations. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-5417) Andreas Schwab discovered that the GNU C Library on ARM 32-bit platforms did not properly set up execution contexts. An attacker could use this to cause a denial of service. (CVE-2016-6323) Update Instructions: Run `sudo pro fix USN-3239-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc6-i386 - 2.23-0ubuntu7 libc6-ppc64 - 2.23-0ubuntu7 libc6-dev-s390 - 2.23-0ubuntu7 glibc-source - 2.23-0ubuntu7 libc-bin - 2.23-0ubuntu7 libc6-x32 - 2.23-0ubuntu7 libc6-s390 - 2.23-0ubuntu7 libc6-armel - 2.23-0ubuntu7 libc6-pic - 2.23-0ubuntu7 libc6-dev-ppc64 - 2.23-0ubuntu7 libc6-dev-armel - 2.23-0ubuntu7 glibc-doc - 2.23-0ubuntu7 multiarch-support - 2.23-0ubuntu7 libc6-dev - 2.23-0ubuntu7 libc6-amd64 - 2.23-0ubuntu7 libc6-dev-amd64 - 2.23-0ubuntu7 libc6 - 2.23-0ubuntu7 locales-all - 2.23-0ubuntu7 libc6-dev-x32 - 2.23-0ubuntu7 locales - 2.23-0ubuntu7 libc6-udeb - 2.23-0ubuntu7 libc6-dev-i386 - 2.23-0ubuntu7 libc-dev-bin - 2.23-0ubuntu7 nscd - 2.23-0ubuntu7 No subscription required None https://bugs.launchpad.net/bugs/1674532 Ubuntu 16.04 LTS It was discovered that the NVIDIA graphics drivers contained a flaw in the kernel mode layer. A local attacker could use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3240-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nvidia-current-dev - 304.135-0ubuntu0.16.04.1 libcuda1-304 - 304.135-0ubuntu0.16.04.1 nvidia-libopencl1-304-updates - 304.135-0ubuntu0.16.04.1 nvidia-304-updates - 304.135-0ubuntu0.16.04.1 nvidia-304 - 304.135-0ubuntu0.16.04.1 nvidia-current - 304.135-0ubuntu0.16.04.1 nvidia-304-updates-dev - 304.135-0ubuntu0.16.04.1 nvidia-304-dev - 304.135-0ubuntu0.16.04.1 libcuda1-304-updates - 304.135-0ubuntu0.16.04.1 nvidia-libopencl1-304 - 304.135-0ubuntu0.16.04.1 nvidia-opencl-icd-304-updates - 304.135-0ubuntu0.16.04.1 nvidia-opencl-icd-304 - 304.135-0ubuntu0.16.04.1 No subscription required nvidia-331 - 340.102-0ubuntu0.16.04.1 nvidia-opencl-icd-331 - 340.102-0ubuntu0.16.04.1 nvidia-libopencl1-331-updates - 340.102-0ubuntu0.16.04.1 libcuda1-340 - 340.102-0ubuntu0.16.04.1 nvidia-340-updates - 340.102-0ubuntu0.16.04.1 nvidia-331-updates - 340.102-0ubuntu0.16.04.1 nvidia-opencl-icd-340-updates - 340.102-0ubuntu0.16.04.1 libcuda1-331-updates - 340.102-0ubuntu0.16.04.1 nvidia-opencl-icd-331-updates - 340.102-0ubuntu0.16.04.1 nvidia-340-dev - 340.102-0ubuntu0.16.04.1 nvidia-340-updates-dev - 340.102-0ubuntu0.16.04.1 nvidia-libopencl1-331 - 340.102-0ubuntu0.16.04.1 nvidia-340 - 340.102-0ubuntu0.16.04.1 nvidia-opencl-icd-340 - 340.102-0ubuntu0.16.04.1 libcuda1-340-updates - 340.102-0ubuntu0.16.04.1 libcuda1-331 - 340.102-0ubuntu0.16.04.1 nvidia-331-updates-dev - 340.102-0ubuntu0.16.04.1 nvidia-331-dev - 340.102-0ubuntu0.16.04.1 nvidia-331-updates-uvm - 340.102-0ubuntu0.16.04.1 nvidia-libopencl1-340 - 340.102-0ubuntu0.16.04.1 nvidia-libopencl1-340-updates - 340.102-0ubuntu0.16.04.1 nvidia-340-uvm - 340.102-0ubuntu0.16.04.1 nvidia-331-uvm - 340.102-0ubuntu0.16.04.1 No subscription required libcuda1-367 - 375.39-0ubuntu0.16.04.1 nvidia-libopencl1-375 - 375.39-0ubuntu0.16.04.1 nvidia-367-dev - 375.39-0ubuntu0.16.04.1 nvidia-opencl-icd-367 - 375.39-0ubuntu0.16.04.1 nvidia-367 - 375.39-0ubuntu0.16.04.1 nvidia-375-dev - 375.39-0ubuntu0.16.04.1 nvidia-opencl-icd-375 - 375.39-0ubuntu0.16.04.1 libcuda1-375 - 375.39-0ubuntu0.16.04.1 nvidia-libopencl1-367 - 375.39-0ubuntu0.16.04.1 nvidia-375 - 375.39-0ubuntu0.16.04.1 No subscription required Medium CVE-2017-0318 Ubuntu 16.04 LTS Jann Horn discovered that Samba incorrectly handled symlinks. An authenticated remote attacker could use this issue to access files on the server outside of the exported directories. Update Instructions: Run `sudo pro fix USN-3242-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.16.04.5 samba - 2:4.3.11+dfsg-0ubuntu0.16.04.5 libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.5 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.5 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.5 smbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.5 python-samba - 2:4.3.11+dfsg-0ubuntu0.16.04.5 winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.5 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.16.04.5 samba-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.5 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.16.04.5 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.16.04.5 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.5 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.5 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.5 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.5 samba-common - 2:4.3.11+dfsg-0ubuntu0.16.04.5 registry-tools - 2:4.3.11+dfsg-0ubuntu0.16.04.5 samba-libs - 2:4.3.11+dfsg-0ubuntu0.16.04.5 ctdb - 2:4.3.11+dfsg-0ubuntu0.16.04.5 No subscription required Medium CVE-2017-2619 Ubuntu 16.04 LTS USN-3242-1 fixed a vulnerability in Samba. The upstream fix introduced a regression when Samba is configured to disable following symbolic links. This update fixes the problem. Original advisory details: Jann Horn discovered that Samba incorrectly handled symlinks. An authenticated remote attacker could use this issue to access files on the server outside of the exported directories. Update Instructions: Run `sudo pro fix USN-3242-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.16.04.6 samba - 2:4.3.11+dfsg-0ubuntu0.16.04.6 libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.6 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.6 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.6 smbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.6 python-samba - 2:4.3.11+dfsg-0ubuntu0.16.04.6 winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.6 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.16.04.6 samba-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.6 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.16.04.6 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.16.04.6 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.6 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.6 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.6 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.6 samba-common - 2:4.3.11+dfsg-0ubuntu0.16.04.6 registry-tools - 2:4.3.11+dfsg-0ubuntu0.16.04.6 samba-libs - 2:4.3.11+dfsg-0ubuntu0.16.04.6 ctdb - 2:4.3.11+dfsg-0ubuntu0.16.04.6 No subscription required None https://launchpad.net/bugs/1675698 Ubuntu 16.04 LTS Hanno Böck discovered that GStreamer Base Plugins did not correctly handle certain malformed media files. If a user were tricked into opening a crafted media file with a GStreamer application, an attacker could cause a denial of service via application crash. Update Instructions: Run `sudo pro fix USN-3244-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gstreamer1.0-plugins-base - 1.8.3-1ubuntu0.2 libgstreamer-plugins-base1.0-0 - 1.8.3-1ubuntu0.2 gstreamer1.0-x - 1.8.3-1ubuntu0.2 gstreamer1.0-alsa - 1.8.3-1ubuntu0.2 libgstreamer-plugins-base1.0-dev - 1.8.3-1ubuntu0.2 gir1.2-gst-plugins-base-1.0 - 1.8.3-1ubuntu0.2 gstreamer1.0-plugins-base-doc - 1.8.3-1ubuntu0.2 gstreamer1.0-plugins-base-apps - 1.8.3-1ubuntu0.2 No subscription required Medium CVE-2016-9811 CVE-2017-5837 CVE-2017-5839 CVE-2017-5842 CVE-2017-5844 Ubuntu 16.04 LTS Hanno Böck discovered that GStreamer Good Plugins did not correctly handle certain malformed media files. If a user were tricked into opening a crafted media file with a GStreamer application, an attacker could cause a denial of service via application crash. Update Instructions: Run `sudo pro fix USN-3245-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gstreamer1.0-plugins-good - 1.8.3-1ubuntu0.4 gstreamer1.0-pulseaudio - 1.8.3-1ubuntu0.4 gstreamer1.0-plugins-good-doc - 1.8.3-1ubuntu0.4 libgstreamer-plugins-good1.0-0 - 1.8.3-1ubuntu0.4 libgstreamer-plugins-good1.0-dev - 1.8.3-1ubuntu0.4 No subscription required Medium CVE-2016-10198 CVE-2016-10199 CVE-2017-5840 CVE-2017-5841 CVE-2017-5845 Ubuntu 16.04 LTS Ilja Van Sprundel discovered that dmcrypt-get-device incorrectly checked setuid and setgid return values. A local attacker could use this issue to execute code as an administrator. Update Instructions: Run `sudo pro fix USN-3246-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: eject-udeb - 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.04.1 eject - 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.04.1 No subscription required Medium CVE-2017-6964 Ubuntu 16.04 LTS Stéphane Graber discovered that AppArmor incorrectly unloaded some profiles when restarted or upgraded, contrary to expected behavior. Update Instructions: Run `sudo pro fix USN-3247-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apparmor-docs - 2.10.95-0ubuntu2.6 python-apparmor - 2.10.95-0ubuntu2.6 libapparmor-dev - 2.10.95-0ubuntu2.6 libapparmor-perl - 2.10.95-0ubuntu2.6 libapparmor1 - 2.10.95-0ubuntu2.6 apparmor-notify - 2.10.95-0ubuntu2.6 apparmor-profiles - 2.10.95-0ubuntu2.6 python3-libapparmor - 2.10.95-0ubuntu2.6 python-libapparmor - 2.10.95-0ubuntu2.6 libpam-apparmor - 2.10.95-0ubuntu2.6 apparmor-easyprof - 2.10.95-0ubuntu2.6 apparmor - 2.10.95-0ubuntu2.6 python3-apparmor - 2.10.95-0ubuntu2.6 apparmor-utils - 2.10.95-0ubuntu2.6 libapache2-mod-apparmor - 2.10.95-0ubuntu2.6 dh-apparmor - 2.10.95-0ubuntu2.6 No subscription required Medium CVE-2017-6507 Ubuntu 16.04 LTS It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Update Instructions: Run `sudo pro fix USN-3249-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-4.4.0-1009-gke - 4.4.0-1009.9 linux-image-4.4.0-1009-gke - 4.4.0-1009.9 No subscription required linux-image-4.4.0-1012-aws - 4.4.0-1012.21 No subscription required linux-image-4.4.0-1051-raspi2 - 4.4.0-1051.58 No subscription required linux-image-4.4.0-1054-snapdragon - 4.4.0-1054.58 No subscription required linux-image-4.4.0-71-powerpc-e500mc - 4.4.0-71.92 linux-image-4.4.0-71-lowlatency - 4.4.0-71.92 linux-image-4.4.0-71-powerpc-smp - 4.4.0-71.92 linux-image-4.4.0-71-powerpc64-smp - 4.4.0-71.92 linux-image-4.4.0-71-powerpc64-emb - 4.4.0-71.92 linux-image-4.4.0-71-generic - 4.4.0-71.92 linux-image-extra-4.4.0-71-generic - 4.4.0-71.92 linux-image-4.4.0-71-generic-lpae - 4.4.0-71.92 No subscription required High CVE-2017-7184 Ubuntu 16.04 LTS USN-3251-1 fixed a vulnerability in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Update Instructions: Run `sudo pro fix USN-3251-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-4.8.0-45-generic - 4.8.0-45.48~16.04.1 linux-image-4.8.0-45-lowlatency - 4.8.0-45.48~16.04.1 linux-image-4.8.0-45-generic-lpae - 4.8.0-45.48~16.04.1 linux-image-4.8.0-45-generic - 4.8.0-45.48~16.04.1 No subscription required High CVE-2017-7184 Ubuntu 16.04 LTS It was discovered that Nagios incorrectly handled certain long strings. A remote authenticated attacker could use this issue to cause Nagios to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2013-7108, CVE-2013-7205) It was discovered that Nagios incorrectly handled certain long messages to cmd.cgi. A remote attacker could possibly use this issue to cause Nagios to crash, resulting in a denial of service. (CVE-2014-1878) Dawid Golunski discovered that Nagios incorrectly handled symlinks when accessing log files. A local attacker could possibly use this issue to elevate privileges. In the default installation of Ubuntu, this should be prevented by the Yama link restrictions. (CVE-2016-9566) Update Instructions: Run `sudo pro fix USN-3253-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nagios3-core - 3.5.1.dfsg-2.1ubuntu1.1 nagios3-doc - 3.5.1.dfsg-2.1ubuntu1.1 nagios3-cgi - 3.5.1.dfsg-2.1ubuntu1.1 nagios3-common - 3.5.1.dfsg-2.1ubuntu1.1 nagios3 - 3.5.1.dfsg-2.1ubuntu1.1 No subscription required Medium CVE-2013-7108 CVE-2013-7205 CVE-2014-1878 CVE-2016-9566 Ubuntu 16.04 LTS USN-3253-1 fixed vulnerabilities in Nagios. The update prevented log files from being displayed in the web interface. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Nagios incorrectly handled certain long strings. A remote authenticated attacker could use this issue to cause Nagios to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2013-7108, CVE-2013-7205) It was discovered that Nagios incorrectly handled certain long messages to cmd.cgi. A remote attacker could possibly use this issue to cause Nagios to crash, resulting in a denial of service. (CVE-2014-1878) Dawid Golunski discovered that Nagios incorrectly handled symlinks when accessing log files. A local attacker could possibly use this issue to elevate privileges. In the default installation of Ubuntu, this should be prevented by the Yama link restrictions. (CVE-2016-9566) Update Instructions: Run `sudo pro fix USN-3253-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nagios3-core - 3.5.1.dfsg-2.1ubuntu1.3 nagios3-doc - 3.5.1.dfsg-2.1ubuntu1.3 nagios3-cgi - 3.5.1.dfsg-2.1ubuntu1.3 nagios3-common - 3.5.1.dfsg-2.1ubuntu1.3 nagios3 - 3.5.1.dfsg-2.1ubuntu1.3 No subscription required None https://launchpad.net/bugs/1690380 Ubuntu 16.04 LTS It was discovered that Django incorrectly handled numeric redirect URLs. A remote attacker could possibly use this issue to perform XSS attacks, and to use a Django server as an open redirect. (CVE-2017-7233) Phithon Gong discovered that Django incorrectly handled certain URLs when the jango.views.static.serve() view is being used. A remote attacker could possibly use a Django server as an open redirect. (CVE-2017-7234) Update Instructions: Run `sudo pro fix USN-3254-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1.8.7-1ubuntu5.5 python-django-doc - 1.8.7-1ubuntu5.5 python-django-common - 1.8.7-1ubuntu5.5 python-django - 1.8.7-1ubuntu5.5 No subscription required Medium CVE-2017-7233 CVE-2017-7234 Ubuntu 16.04 LTS It was discovered that LightDM incorrectly handled home directory creation for guest users. A local attacker could use this issue to gain ownership of arbitrary directory paths and possibly gain administrative privileges. Update Instructions: Run `sudo pro fix USN-3255-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblightdm-qt5-3-0 - 1.18.3-0ubuntu1.1 liblightdm-gobject-1-doc - 1.18.3-0ubuntu1.1 liblightdm-qt5-3-dev - 1.18.3-0ubuntu1.1 lightdm - 1.18.3-0ubuntu1.1 gir1.2-lightdm-1 - 1.18.3-0ubuntu1.1 liblightdm-qt-dev - 1.18.3-0ubuntu1.1 liblightdm-gobject-1-0 - 1.18.3-0ubuntu1.1 liblightdm-gobject-1-dev - 1.18.3-0ubuntu1.1 liblightdm-qt-3-0 - 1.18.3-0ubuntu1.1 No subscription required High CVE-2017-7358 Ubuntu 16.04 LTS Andrey Konovalov discovered that the AF_PACKET implementation in the Linux kernel did not properly validate certain block-size data. A local attacker could use this to cause a denial of service (system crash). Update Instructions: Run `sudo pro fix USN-3256-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1010-gke - 4.4.0-1010.10 linux-image-extra-4.4.0-1010-gke - 4.4.0-1010.10 No subscription required linux-image-4.4.0-1013-aws - 4.4.0-1013.22 No subscription required linux-image-4.4.0-1052-raspi2 - 4.4.0-1052.59 No subscription required linux-image-4.4.0-1055-snapdragon - 4.4.0-1055.59 No subscription required linux-image-extra-4.4.0-72-generic - 4.4.0-72.93 linux-image-4.4.0-72-generic - 4.4.0-72.93 linux-image-4.4.0-72-powerpc-smp - 4.4.0-72.93 linux-image-4.4.0-72-powerpc-e500mc - 4.4.0-72.93 linux-image-4.4.0-72-generic-lpae - 4.4.0-72.93 linux-image-4.4.0-72-powerpc64-smp - 4.4.0-72.93 linux-image-4.4.0-72-powerpc64-emb - 4.4.0-72.93 linux-image-4.4.0-72-lowlatency - 4.4.0-72.93 No subscription required High CVE-2017-7308 Ubuntu 16.04 LTS USN-3256-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel for each of the respective prior Ubuntu LTS releases. Andrey Konovalov discovered that the AF_PACKET implementation in the Linux kernel did not properly validate certain block-size data. A local attacker could use this to cause a denial of service (system crash). Update Instructions: Run `sudo pro fix USN-3256-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-4.8.0-46-generic - 4.8.0-46.49~16.04.1 linux-image-4.8.0-46-generic-lpae - 4.8.0-46.49~16.04.1 linux-image-4.8.0-46-generic - 4.8.0-46.49~16.04.1 linux-image-4.8.0-46-lowlatency - 4.8.0-46.49~16.04.1 No subscription required High CVE-2017-7308 Ubuntu 16.04 LTS A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-3257-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.16.1-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.16.1-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-dev - 2.16.1-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 - 2.16.1-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-18 - 2.16.1-0ubuntu0.16.04.1 libwebkit2gtk-4.0-doc - 2.16.1-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-bin - 2.16.1-0ubuntu0.16.04.1 gir1.2-webkit2-4.0 - 2.16.1-0ubuntu0.16.04.1 libwebkit2gtk-4.0-dev - 2.16.1-0ubuntu0.16.04.1 No subscription required Medium CVE-2016-9642 CVE-2016-9643 CVE-2017-2364 CVE-2017-2367 CVE-2017-2376 CVE-2017-2377 CVE-2017-2386 CVE-2017-2392 CVE-2017-2394 CVE-2017-2395 CVE-2017-2396 CVE-2017-2405 CVE-2017-2415 CVE-2017-2419 CVE-2017-2433 CVE-2017-2442 CVE-2017-2445 CVE-2017-2446 CVE-2017-2447 CVE-2017-2454 CVE-2017-2455 CVE-2017-2457 CVE-2017-2459 CVE-2017-2460 CVE-2017-2464 CVE-2017-2465 CVE-2017-2466 CVE-2017-2468 CVE-2017-2469 CVE-2017-2470 CVE-2017-2471 CVE-2017-2475 CVE-2017-2476 CVE-2017-2481 Ubuntu 16.04 LTS It was discovered that Dovecot incorrectly handled some usernames. An attacker could possibly use this issue to cause Dovecot to hang or crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3258-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dovecot-pgsql - 1:2.2.22-1ubuntu2.3 dovecot-mysql - 1:2.2.22-1ubuntu2.3 dovecot-sieve - 1:2.2.22-1ubuntu2.3 dovecot-core - 1:2.2.22-1ubuntu2.3 dovecot-ldap - 1:2.2.22-1ubuntu2.3 dovecot-sqlite - 1:2.2.22-1ubuntu2.3 dovecot-dev - 1:2.2.22-1ubuntu2.3 dovecot-pop3d - 1:2.2.22-1ubuntu2.3 dovecot-imapd - 1:2.2.22-1ubuntu2.3 dovecot-managesieved - 1:2.2.22-1ubuntu2.3 dovecot-lucene - 1:2.2.22-1ubuntu2.3 mail-stack-delivery - 1:2.2.22-1ubuntu2.3 dovecot-gssapi - 1:2.2.22-1ubuntu2.3 dovecot-solr - 1:2.2.22-1ubuntu2.3 dovecot-lmtpd - 1:2.2.22-1ubuntu2.3 No subscription required Medium CVE-2017-2669 Ubuntu 16.04 LTS USN-3258-1 intended to fix a vulnerability in Dovecot. Further investigation revealed that only Dovecot versions 2.2.26 and newer were affected by the vulnerability. Additionally, the change introduced a regression when Dovecot was configured to use the "dict" authentication database. This update reverts the change. We apologize for the inconvenience. Original advisory details: It was discovered that Dovecot incorrectly handled some usernames. An attacker could possibly use this issue to cause Dovecot to hang or crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3258-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dovecot-pgsql - 1:2.2.22-1ubuntu2.4 dovecot-mysql - 1:2.2.22-1ubuntu2.4 dovecot-sieve - 1:2.2.22-1ubuntu2.4 dovecot-core - 1:2.2.22-1ubuntu2.4 dovecot-ldap - 1:2.2.22-1ubuntu2.4 dovecot-sqlite - 1:2.2.22-1ubuntu2.4 dovecot-dev - 1:2.2.22-1ubuntu2.4 dovecot-pop3d - 1:2.2.22-1ubuntu2.4 dovecot-imapd - 1:2.2.22-1ubuntu2.4 dovecot-managesieved - 1:2.2.22-1ubuntu2.4 dovecot-lucene - 1:2.2.22-1ubuntu2.4 mail-stack-delivery - 1:2.2.22-1ubuntu2.4 dovecot-gssapi - 1:2.2.22-1ubuntu2.4 dovecot-solr - 1:2.2.22-1ubuntu2.4 dovecot-lmtpd - 1:2.2.22-1ubuntu2.4 No subscription required Medium CVE-2017-2669 Ubuntu 16.04 LTS It was discovered that the resolver in Bind made incorrect assumptions about ordering when processing responses containing a CNAME or DNAME. An attacker could use this cause a denial of service. (CVE-2017-3137) Oleg Gorokhov discovered that in some situations, Bind did not properly handle DNS64 queries. An attacker could use this to cause a denial of service. (CVE-2017-3136) Mike Lalumiere discovered that in some situations, Bind did not properly handle invalid operations requested via its control channel. An attacker with access to the control channel could cause a denial of service. (CVE-2017-3138) Update Instructions: Run `sudo pro fix USN-3259-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libisccfg-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.6 libisc160 - 1:9.10.3.dfsg.P4-8ubuntu1.6 libisccc-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.6 libdns162 - 1:9.10.3.dfsg.P4-8ubuntu1.6 libbind-dev - 1:9.10.3.dfsg.P4-8ubuntu1.6 libisc-export160-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.6 liblwres141 - 1:9.10.3.dfsg.P4-8ubuntu1.6 libisccc-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.6 libisccfg-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.6 bind9 - 1:9.10.3.dfsg.P4-8ubuntu1.6 libisc-export160 - 1:9.10.3.dfsg.P4-8ubuntu1.6 libdns-export162-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.6 bind9-doc - 1:9.10.3.dfsg.P4-8ubuntu1.6 libbind-export-dev - 1:9.10.3.dfsg.P4-8ubuntu1.6 libisccc140 - 1:9.10.3.dfsg.P4-8ubuntu1.6 host - 1:9.10.3.dfsg.P4-8ubuntu1.6 libisccfg140 - 1:9.10.3.dfsg.P4-8ubuntu1.6 bind9-host - 1:9.10.3.dfsg.P4-8ubuntu1.6 dnsutils - 1:9.10.3.dfsg.P4-8ubuntu1.6 libdns-export162 - 1:9.10.3.dfsg.P4-8ubuntu1.6 bind9utils - 1:9.10.3.dfsg.P4-8ubuntu1.6 libirs-export141-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.6 libbind9-140 - 1:9.10.3.dfsg.P4-8ubuntu1.6 libirs141 - 1:9.10.3.dfsg.P4-8ubuntu1.6 libirs-export141 - 1:9.10.3.dfsg.P4-8ubuntu1.6 lwresd - 1:9.10.3.dfsg.P4-8ubuntu1.6 No subscription required Medium CVE-2017-3136 CVE-2017-3137 CVE-2017-3138 Ubuntu 16.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, spoof the addressbar contents or other UI elements, escape the sandbox to read local files, conduct cross-site scripting (XSS) attacks, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5453, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5458, CVE-2017-5459, CVE-2017-5460, CVE-2017-5461, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5468, CVE-2017-5469) A flaw was discovered in the DRBG number generation in NSS. If an attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be exploited to view sensitive information. (CVE-2017-5462) Update Instructions: Run `sudo pro fix USN-3260-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-nn - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-nb - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-fa - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-fi - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-fr - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-fy - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-or - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-kab - 53.0+build6-0ubuntu0.16.04.1 firefox-testsuite - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-oc - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-cs - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-ga - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-gd - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-gn - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-gl - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-gu - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-pa - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-pl - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-cy - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-pt - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-hi - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-ms - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-he - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-hy - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-hr - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-hu - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-it - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-as - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-ar - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-az - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-id - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-mai - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-af - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-is - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-vi - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-an - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-bs - 53.0+build6-0ubuntu0.16.04.1 firefox - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-ro - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-ja - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-ru - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-br - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-zh-hant - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-zh-hans - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-bn - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-be - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-bg - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-sl - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-sk - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-si - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-sw - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-sv - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-sr - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-sq - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-ko - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-kn - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-km - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-kk - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-ka - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-xh - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-ca - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-ku - 53.0+build6-0ubuntu0.16.04.1 firefox-mozsymbols - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-lv - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-lt - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-th - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-hsb - 53.0+build6-0ubuntu0.16.04.1 firefox-dev - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-te - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-cak - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-ta - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-lg - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-tr - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-nso - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-de - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-da - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-uk - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-mr - 53.0+build6-0ubuntu0.16.04.1 firefox-globalmenu - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-uz - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-ml - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-mn - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-mk - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-ur - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-eu - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-et - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-es - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-csb - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-el - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-eo - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-en - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-zu - 53.0+build6-0ubuntu0.16.04.1 firefox-locale-ast - 53.0+build6-0ubuntu0.16.04.1 No subscription required Medium CVE-2017-5429 CVE-2017-5430 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5449 CVE-2017-5451 CVE-2017-5453 CVE-2017-5454 CVE-2017-5455 CVE-2017-5456 CVE-2017-5458 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5466 CVE-2017-5467 CVE-2017-5468 CVE-2017-5469 Ubuntu 16.04 LTS USN-3260-1 fixed vulnerabilities in Firefox. The update caused the date picker panel and form validation errors to close immediately on opening. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, spoof the addressbar contents or other UI elements, escape the sandbox to read local files, conduct cross-site scripting (XSS) attacks, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5453, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5458, CVE-2017-5459, CVE-2017-5460, CVE-2017-5461, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5468, CVE-2017-5469) A flaw was discovered in the DRBG number generation in NSS. If an attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be exploited to view sensitive information. (CVE-2017-5462) Update Instructions: Run `sudo pro fix USN-3260-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-nn - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-nb - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-fa - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-fi - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-fr - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-fy - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-or - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-kab - 53.0.2+build1-0ubuntu0.16.04.2 firefox-testsuite - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-oc - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-cs - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-ga - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-gd - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-gn - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-gl - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-gu - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-pa - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-pl - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-cy - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-pt - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-hi - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-ms - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-he - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-hy - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-hr - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-hu - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-it - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-as - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-ar - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-az - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-id - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-mai - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-af - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-is - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-vi - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-an - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-bs - 53.0.2+build1-0ubuntu0.16.04.2 firefox - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-ro - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-ja - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-ru - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-br - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-zh-hant - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-zh-hans - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-bn - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-be - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-bg - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-sl - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-sk - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-si - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-sw - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-sv - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-sr - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-sq - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-ko - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-kn - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-km - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-kk - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-ka - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-xh - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-ca - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-ku - 53.0.2+build1-0ubuntu0.16.04.2 firefox-mozsymbols - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-lv - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-lt - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-th - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-hsb - 53.0.2+build1-0ubuntu0.16.04.2 firefox-dev - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-te - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-cak - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-ta - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-lg - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-tr - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-nso - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-de - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-da - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-uk - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-mr - 53.0.2+build1-0ubuntu0.16.04.2 firefox-globalmenu - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-uz - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-ml - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-mn - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-mk - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-ur - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-eu - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-et - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-es - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-csb - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-el - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-eo - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-en - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-zu - 53.0.2+build1-0ubuntu0.16.04.2 firefox-locale-ast - 53.0.2+build1-0ubuntu0.16.04.2 No subscription required None https://launchpad.net/bugs/1690195 Ubuntu 16.04 LTS Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-10028, CVE-2016-10029) Li Qiang discovered that QEMU incorrectly handled the 6300esb watchdog. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-10155) Li Qiang discovered that QEMU incorrectly handled the i.MX Fast Ethernet Controller. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7907) It was discovered that QEMU incorrectly handled the JAZZ RC4030 device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-8667) It was discovered that QEMU incorrectly handled the 16550A UART device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-8669) It was discovered that QEMU incorrectly handled the shared rings when used with Xen. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. (CVE-2016-9381) Jann Horn discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to access files on the host file system outside of the shared directory and possibly escalate their privileges. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2016-9602) Gerd Hoffmann discovered that QEMU incorrectly handled the Cirrus VGA device when being used with a VNC connection. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2016-9603) It was discovered that QEMU incorrectly handled the ColdFire Fast Ethernet Controller. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-9776) Li Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to leak contents of host memory. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9845, CVE-2016-9908) Li Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9846, CVE-2016-9912, CVE-2017-5552, CVE-2017-5578, CVE-2017-5857) Li Qiang discovered that QEMU incorrectly handled the USB redirector. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9907) Li Qiang discovered that QEMU incorrectly handled USB EHCI emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-9911) Li Qiang discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-9913, CVE-2016-9914, CVE-2016-9915, CVE-2016-9916) Qinghao Tang, Li Qiang, and Jiangxin discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-9921, CVE-2016-9922) Wjjzhang and Li Qiang discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2017-2615) It was discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2017-2620) It was discovered that QEMU incorrectly handled VNC connections. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-2633) Li Qiang discovered that QEMU incorrectly handled the ac97 audio device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-5525) Li Qiang discovered that QEMU incorrectly handled the es1370 audio device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-5526) Li Qiang discovered that QEMU incorrectly handled the 16550A UART device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-5579) Jiang Xin discovered that QEMU incorrectly handled SDHCI device emulation. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2017-5667) Li Qiang discovered that QEMU incorrectly handled the MegaRAID SAS device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-5856) Li Qiang discovered that QEMU incorrectly handled the CCID Card device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-5898) Li Qiang discovered that QEMU incorrectly handled USB xHCI controller emulation. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-5973) Jiang Xin and Wjjzhang discovered that QEMU incorrectly handled SDHCI device emulation. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-5987) Li Qiang discovered that QEMU incorrectly handled USB OHCI controller emulation. A privileged attacker inside the guest could use this issue to cause QEMU to hang, resulting in a denial of service. (CVE-2017-6505) Update Instructions: Run `sudo pro fix USN-3261-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.5+dfsg-5ubuntu10.11 qemu-user-static - 1:2.5+dfsg-5ubuntu10.11 qemu-system-s390x - 1:2.5+dfsg-5ubuntu10.11 qemu-block-extra - 1:2.5+dfsg-5ubuntu10.11 qemu-kvm - 1:2.5+dfsg-5ubuntu10.11 qemu-user - 1:2.5+dfsg-5ubuntu10.11 qemu-guest-agent - 1:2.5+dfsg-5ubuntu10.11 qemu-system - 1:2.5+dfsg-5ubuntu10.11 qemu-utils - 1:2.5+dfsg-5ubuntu10.11 qemu-system-aarch64 - 1:2.5+dfsg-5ubuntu10.11 qemu-system-mips - 1:2.5+dfsg-5ubuntu10.11 qemu-user-binfmt - 1:2.5+dfsg-5ubuntu10.11 qemu-system-x86 - 1:2.5+dfsg-5ubuntu10.11 qemu-system-arm - 1:2.5+dfsg-5ubuntu10.11 qemu-system-sparc - 1:2.5+dfsg-5ubuntu10.11 qemu - 1:2.5+dfsg-5ubuntu10.11 qemu-system-ppc - 1:2.5+dfsg-5ubuntu10.11 qemu-system-misc - 1:2.5+dfsg-5ubuntu10.11 No subscription required Medium CVE-2016-10028 CVE-2016-10029 CVE-2016-10155 CVE-2016-7907 CVE-2016-8667 CVE-2016-8669 CVE-2016-9381 CVE-2016-9602 CVE-2016-9603 CVE-2016-9776 CVE-2016-9845 CVE-2016-9846 CVE-2016-9907 CVE-2016-9908 CVE-2016-9911 CVE-2016-9912 CVE-2016-9913 CVE-2016-9914 CVE-2016-9915 CVE-2016-9916 CVE-2016-9921 CVE-2016-9922 CVE-2017-2615 CVE-2017-2620 CVE-2017-2633 CVE-2017-5525 CVE-2017-5526 CVE-2017-5552 CVE-2017-5578 CVE-2017-5579 CVE-2017-5667 CVE-2017-5856 CVE-2017-5857 CVE-2017-5898 CVE-2017-5973 CVE-2017-5987 CVE-2017-6505 Ubuntu 16.04 LTS It was discovered that a heap-based buffer overflow existed in the FreeType library. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3263-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfreetype6-dev - 2.6.1-0.1ubuntu2.2 libfreetype6-udeb - 2.6.1-0.1ubuntu2.2 freetype2-demos - 2.6.1-0.1ubuntu2.2 libfreetype6 - 2.6.1-0.1ubuntu2.2 No subscription required Medium CVE-2016-10328 Ubuntu 16.04 LTS It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7374) Andrey Konovalov discovered an out-of-bounds access in the IPv6 Generic Routing Encapsulation (GRE) tunneling implementation in the Linux kernel. An attacker could use this to possibly expose sensitive information. (CVE-2017-5897) Andrey Konovalov discovered that the IPv4 implementation in the Linux kernel did not properly handle invalid IP options in some situations. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2017-5970) Gareth Evans discovered that the shm IPC subsystem in the Linux kernel did not properly restrict mapping page zero. A local privileged attacker could use this to execute arbitrary code. (CVE-2017-5669) Alexander Popov discovered that a race condition existed in the Stream Control Transmission Protocol (SCTP) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-5986) Dmitry Vyukov discovered that the Linux kernel did not properly handle TCP packets with the URG flag. A remote attacker could use this to cause a denial of service. (CVE-2017-6214) Andrey Konovalov discovered that the LLC subsytem in the Linux kernel did not properly set up a destructor in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-6345) It was discovered that a race condition existed in the AF_PACKET handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-6346) Andrey Konovalov discovered that the IP layer in the Linux kernel made improper assumptions about internal data layout when performing checksums. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-6347) Dmitry Vyukov discovered race conditions in the Infrared (IrDA) subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (deadlock). (CVE-2017-6348) Update Instructions: Run `sudo pro fix USN-3265-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1012-gke - 4.4.0-1012.12 linux-image-extra-4.4.0-1012-gke - 4.4.0-1012.12 No subscription required linux-image-4.4.0-1016-aws - 4.4.0-1016.25 No subscription required linux-image-4.4.0-1054-raspi2 - 4.4.0-1054.61 No subscription required linux-image-4.4.0-1057-snapdragon - 4.4.0-1057.61 No subscription required linux-image-4.4.0-75-powerpc64-emb - 4.4.0-75.96 linux-image-extra-4.4.0-75-generic - 4.4.0-75.96 linux-image-4.4.0-75-powerpc64-smp - 4.4.0-75.96 linux-image-4.4.0-75-generic-lpae - 4.4.0-75.96 linux-image-4.4.0-75-lowlatency - 4.4.0-75.96 linux-image-4.4.0-75-powerpc-smp - 4.4.0-75.96 linux-image-4.4.0-75-generic - 4.4.0-75.96 linux-image-4.4.0-75-powerpc-e500mc - 4.4.0-75.96 No subscription required High CVE-2017-5669 CVE-2017-5897 CVE-2017-5970 CVE-2017-5986 CVE-2017-6214 CVE-2017-6345 CVE-2017-6346 CVE-2017-6347 CVE-2017-6348 CVE-2017-7374 Ubuntu 16.04 LTS USN-3266-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. Alexander Popov discovered that a race condition existed in the Stream Control Transmission Protocol (SCTP) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). Update Instructions: Run `sudo pro fix USN-3266-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.8.0-49-generic-lpae - 4.8.0-49.52~16.04.1 linux-image-4.8.0-49-generic - 4.8.0-49.52~16.04.1 linux-image-extra-4.8.0-49-generic - 4.8.0-49.52~16.04.1 linux-image-4.8.0-49-lowlatency - 4.8.0-49.52~16.04.1 No subscription required Medium CVE-2017-5986 Ubuntu 16.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.55 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04 have been updated to MySQL 5.7.18. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-55.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-18.html http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html Update Instructions: Run `sudo pro fix USN-3269-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.18-0ubuntu0.16.04.1 mysql-source-5.7 - 5.7.18-0ubuntu0.16.04.1 libmysqlclient-dev - 5.7.18-0ubuntu0.16.04.1 mysql-client-core-5.7 - 5.7.18-0ubuntu0.16.04.1 mysql-client-5.7 - 5.7.18-0ubuntu0.16.04.1 libmysqlclient20 - 5.7.18-0ubuntu0.16.04.1 mysql-server-5.7 - 5.7.18-0ubuntu0.16.04.1 mysql-common - 5.7.18-0ubuntu0.16.04.1 mysql-server - 5.7.18-0ubuntu0.16.04.1 mysql-server-core-5.7 - 5.7.18-0ubuntu0.16.04.1 mysql-testsuite - 5.7.18-0ubuntu0.16.04.1 libmysqld-dev - 5.7.18-0ubuntu0.16.04.1 mysql-testsuite-5.7 - 5.7.18-0ubuntu0.16.04.1 No subscription required Medium CVE-2017-3302 CVE-2017-3305 CVE-2017-3308 CVE-2017-3309 CVE-2017-3329 CVE-2017-3331 CVE-2017-3450 CVE-2017-3453 CVE-2017-3454 CVE-2017-3455 CVE-2017-3456 CVE-2017-3457 CVE-2017-3458 CVE-2017-3459 CVE-2017-3460 CVE-2017-3461 CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3465 CVE-2017-3467 CVE-2017-3468 CVE-2017-3599 CVE-2017-3600 Ubuntu 16.04 LTS Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update causes NSS to limit use of the same symmetric key. (CVE-2016-2183) It was discovered that NSS incorrectly handled Base64 decoding. A remote attacker could use this flaw to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-5461) This update refreshes the NSS package to version 3.28.4 which includes the latest CA certificate bundle. Update Instructions: Run `sudo pro fix USN-3270-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.28.4-0ubuntu0.16.04.1 libnss3-dev - 2:3.28.4-0ubuntu0.16.04.1 libnss3 - 2:3.28.4-0ubuntu0.16.04.1 libnss3-1d - 2:3.28.4-0ubuntu0.16.04.1 libnss3-tools - 2:3.28.4-0ubuntu0.16.04.1 No subscription required Medium CVE-2016-2183 CVE-2017-5461 Ubuntu 16.04 LTS Holger Fuhrmannek discovered an integer overflow in the xsltAddTextString() function in Libxslt. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service (application crash) or possible execute arbitrary code. (CVE-2017-5029) Nicolas Gregoire discovered that Libxslt mishandled namespace nodes. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service (application crash) or possibly execute arbtrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1683) Sebastian Apelt discovered that a use-after-error existed in the xsltDocumentFunctionLoadDocument() function in Libxslt. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service (application crash) or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1841) It was discovered that a type confusion error existed in the xsltStylePreCompute() function in Libxslt. An attacker could use this to craft a malicious XML file that, when opened, caused a denial of service (application crash). This issue only affected Ubuntu 14.04 LTS and Ubuntu 12.04 LTS. (CVE-2015-7995) Nicolas Gregoire discovered the Libxslt mishandled the 'i' and 'a' format tokens for xsl:number data. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service (application crash). This issue only affected Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1684) It was discovered that the xsltFormatNumberConversion() function in Libxslt did not properly handle empty decimal separators. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service (application crash). This issue only affected Ubuntu 16.10, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-4738) Update Instructions: Run `sudo pro fix USN-3271-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxslt1 - 1.1.28-2.1ubuntu0.1 libxslt1-dev - 1.1.28-2.1ubuntu0.1 libxslt1.1 - 1.1.28-2.1ubuntu0.1 xsltproc - 1.1.28-2.1ubuntu0.1 No subscription required Medium CVE-2015-7995 CVE-2016-1683 CVE-2016-1684 CVE-2016-1841 CVE-2016-4738 CVE-2017-5029 Ubuntu 16.04 LTS It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands. An attacker could use these to craft a malicious document that could disable -dSAFER protections, thereby allowing the execution of arbitrary code, or cause a denial of service (application crash). (CVE-2017-8291) Kamil Frankowicz discovered a use-after-free vulnerability in the color management module of Ghostscript. An attacker could use this to cause a denial of service (application crash). (CVE-2016-10217) Kamil Frankowicz discovered a divide-by-zero error in the scan conversion code in Ghostscript. An attacker could use this to cause a denial of service (application crash). (CVE-2016-10219) Kamil Frankowicz discovered multiple NULL pointer dereference errors in Ghostscript. An attacker could use these to cause a denial of service (application crash). (CVE-2016-10220, CVE-2017-5951, CVE-2017-7207) Update Instructions: Run `sudo pro fix USN-3272-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.18~dfsg~0-0ubuntu2.4 ghostscript-x - 9.18~dfsg~0-0ubuntu2.4 libgs-dev - 9.18~dfsg~0-0ubuntu2.4 ghostscript-doc - 9.18~dfsg~0-0ubuntu2.4 libgs9 - 9.18~dfsg~0-0ubuntu2.4 libgs9-common - 9.18~dfsg~0-0ubuntu2.4 No subscription required High CVE-2016-10217 CVE-2016-10219 CVE-2016-10220 CVE-2017-5951 CVE-2017-7207 CVE-2017-8291 Ubuntu 16.04 LTS USN-3272-1 fixed vulnerabilities in Ghostscript. This change introduced a regression when the DELAYBIND feature is used with the eqproc command. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands. An attacker could use these to craft a malicious document that could disable -dSAFER protections, thereby allowing the execution of arbitrary code, or cause a denial of service (application crash). (CVE-2017-8291) Kamil Frankowicz discovered a use-after-free vulnerability in the color management module of Ghostscript. An attacker could use this to cause a denial of service (application crash). (CVE-2016-10217) Kamil Frankowicz discovered a divide-by-zero error in the scan conversion code in Ghostscript. An attacker could use this to cause a denial of service (application crash). (CVE-2016-10219) Kamil Frankowicz discovered multiple NULL pointer dereference errors in Ghostscript. An attacker could use these to cause a denial of service (application crash). (CVE-2016-10220, CVE-2017-5951, CVE-2017-7207) Update Instructions: Run `sudo pro fix USN-3272-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.18~dfsg~0-0ubuntu2.6 ghostscript-x - 9.18~dfsg~0-0ubuntu2.6 libgs-dev - 9.18~dfsg~0-0ubuntu2.6 ghostscript-doc - 9.18~dfsg~0-0ubuntu2.6 libgs9 - 9.18~dfsg~0-0ubuntu2.6 libgs9-common - 9.18~dfsg~0-0ubuntu2.6 No subscription required None https://launchpad.net/bugs/1687614 Ubuntu 16.04 LTS It was discovered that LibreOffice incorrectly handled EMF image files. If a user were tricked into opening a specially crafted EMF image file, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3273-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libreoffice-mysql-connector - 1.0.2+LibO5.1.6~rc2-0ubuntu1~xenial2 No subscription required libreoffice-wiki-publisher - 1.2.0+LibO5.1.6~rc2-0ubuntu1~xenial2 No subscription required libreoffice-impress - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-officebean - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-base - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-librelogo - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-java-common - 1:5.1.6~rc2-0ubuntu1~xenial2 gir1.2-lokdocview-0.1 - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-subsequentcheckbase - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-style-elementary - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-kde - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-style-galaxy - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-style-hicontrast - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-core - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-script-provider-bsh - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-avmedia-backend-gstreamer - 1:5.1.6~rc2-0ubuntu1~xenial2 libreofficekit-dev - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-script-provider-python - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-common - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-gnome - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-dev - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-gtk3 - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-report-builder - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-pdfimport - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-base-core - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-ogltrans - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-sdbc-hsqldb - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-gtk - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-calc - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-base-drivers - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-style-oxygen - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-style-tango - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-style-human - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-sdbc-firebird - 1:5.1.6~rc2-0ubuntu1~xenial2 python3-uno - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-math - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-writer - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-report-builder-bin - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-style-breeze - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-script-provider-js - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-draw - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-style-sifr - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-dev-doc - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-l10n-in - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-l10n-za - 1:5.1.6~rc2-0ubuntu1~xenial2 libreoffice-sdbc-postgresql - 1:5.1.6~rc2-0ubuntu1~xenial2 No subscription required fonts-opensymbol - 2:102.7+LibO5.1.6~rc2-0ubuntu1~xenial2 No subscription required uno-libs3 - 5.1.6~rc2-0ubuntu1~xenial2 ure - 5.1.6~rc2-0ubuntu1~xenial2 No subscription required Medium CVE-2016-10327 CVE-2017-7870 Ubuntu 16.04 LTS It was discovered that ICU incorrectly handled certain memory operations when processing data. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-3274-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: icu-devtools - 55.1-7ubuntu0.2 libicu55 - 55.1-7ubuntu0.2 libicu-dev - 55.1-7ubuntu0.2 icu-doc - 55.1-7ubuntu0.2 No subscription required Medium CVE-2017-7867 CVE-2017-7868 Ubuntu 16.04 LTS It was discovered that OpenJDK improperly re-used cached NTLM connections in some situations. A remote attacker could possibly use this to cause a Java application to perform actions with the credentials of a different user. (CVE-2017-3509) It was discovered that an untrusted library search path flaw existed in the Java Cryptography Extension (JCE) component of OpenJDK. A local attacker could possibly use this to gain the privileges of a Java application. (CVE-2017-3511) It was discovered that the Java API for XML Processing (JAXP) component in OpenJDK did not properly enforce size limits when parsing XML documents. An attacker could use this to cause a denial of service (processor and memory consumption). (CVE-2017-3526) It was discovered that the FTP client implementation in OpenJDK did not properly sanitize user inputs. If a user was tricked into opening a specially crafted FTP URL, a remote attacker could use this to manipulate the FTP connection. (CVE-2017-3533) It was discovered that OpenJDK allowed MD5 to be used as an algorithm for JAR integrity verification. An attacker could possibly use this to modify the contents of a JAR file without detection. (CVE-2017-3539) It was discovered that the SMTP client implementation in OpenJDK did not properly sanitize sender and recipient addresses. A remote attacker could use this to specially craft email addresses and gain control of a Java application's SMTP connections. (CVE-2017-3544) Update Instructions: Run `sudo pro fix USN-3275-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-8-doc - 8u131-b11-0ubuntu1.16.04.2 openjdk-8-jdk - 8u131-b11-0ubuntu1.16.04.2 openjdk-8-jre-headless - 8u131-b11-0ubuntu1.16.04.2 openjdk-8-jre - 8u131-b11-0ubuntu1.16.04.2 openjdk-8-jdk-headless - 8u131-b11-0ubuntu1.16.04.2 openjdk-8-source - 8u131-b11-0ubuntu1.16.04.2 openjdk-8-jre-zero - 8u131-b11-0ubuntu1.16.04.2 openjdk-8-demo - 8u131-b11-0ubuntu1.16.04.2 openjdk-8-jre-jamvm - 8u131-b11-0ubuntu1.16.04.2 No subscription required Medium CVE-2017-3509 CVE-2017-3511 CVE-2017-3526 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 Ubuntu 16.04 LTS Sebastian Krahmer discovered integer overflows in shadow utilities. A local attacker could possibly cause them to crash or potentially gain privileges via crafted input. (CVE-2016-6252) Tobias Stöckmann discovered a race condition in su. A local attacker could cause su to send SIGKILL to other processes with root privileges. (CVE-2017-2616) Update Instructions: Run `sudo pro fix USN-3276-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: passwd - 1:4.2-3.1ubuntu5.2 login - 1:4.2-3.1ubuntu5.2 uidmap - 1:4.2-3.1ubuntu5.2 No subscription required Medium CVE-2016-6252 CVE-2017-2616 Ubuntu 16.04 LTS USN-3276-1 intended to fix a vulnerability in su. The solution introduced a regression in su signal handling. This update modifies the security fix. We apologize for the inconvenience. Original advisory details: Sebastian Krahmer discovered integer overflows in shadow utilities. A local attacker could possibly cause them to crash or potentially gain privileges via crafted input. (CVE-2016-6252) Tobias Stöckmann discovered a race condition in su. A local attacker could cause su to send SIGKILL to other processes with root privileges. (CVE-2017-2616) Update Instructions: Run `sudo pro fix USN-3276-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: passwd - 1:4.2-3.1ubuntu5.3 login - 1:4.2-3.1ubuntu5.3 uidmap - 1:4.2-3.1ubuntu5.3 No subscription required None https://launchpad.net/bugs/1690820 Ubuntu 16.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5436, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5461, CVE-2017-5467) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to spoof the addressbar contents, conduct cross-site scripting (XSS) attacks, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5449, CVE-2017-5451, CVE-2017-5454, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5469, CVE-2016-10195, CVE-2016-10196, CVE-2016-10197) A flaw was discovered in the DRBG number generation in NSS. If an attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be exploited to view sensitive information. (CVE-2017-5462) Update Instructions: Run `sudo pro fix USN-3278-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-bn - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-fr - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-en-us - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-es-es - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-nb-no - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-br - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-dsb - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-fy - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-kab - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-mk - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-bn-bd - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-hu - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-es-ar - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-be - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-bg - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ja - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-lt - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-sl - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-en-gb - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-cy - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-si - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-gnome-support - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-hr - 1:52.1.1+build1-0ubuntu0.16.04.1 xul-ext-calendar-timezones - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-de - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-en - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-da - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-nl - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-nn - 1:52.1.1+build1-0ubuntu0.16.04.1 xul-ext-lightning - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ga-ie - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-fy-nl - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-sv - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-pa-in - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-it - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-sr - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-sq - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-he - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-hsb - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ar - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-uk - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-globalmenu - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-cn - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ta-lk - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ru - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-cs - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-mozsymbols - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-fi - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-testsuite - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ro - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-af - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-pt-pt - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-sk - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-dev - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-hy - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ca - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-sv-se - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-pt-br - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-el - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-pa - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-rm - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ka - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-nn-no - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ko - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ga - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ast - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-tr - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-vi - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-pl - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-gd - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-tw - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-id - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-gl - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-nb - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-pt - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-eu - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-et - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-hant - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-hans - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-is - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-es - 1:52.1.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ta - 1:52.1.1+build1-0ubuntu0.16.04.1 No subscription required Medium CVE-2017-5429 CVE-2017-5430 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5449 CVE-2017-5451 CVE-2017-5454 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5466 CVE-2017-5467 CVE-2017-5469 CVE-2016-10195 CVE-2016-10196 CVE-2016-10197 Ubuntu 16.04 LTS It was discovered that the Apache mod_session_crypto module was encrypting data and cookies using either CBC or ECB modes. A remote attacker could possibly use this issue to perform padding oracle attacks. (CVE-2016-0736) Maksim Malyutin discovered that the Apache mod_auth_digest module incorrectly handled malicious input. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. (CVE-2016-2161) David Dennerline and Régis Leroy discovered that the Apache HTTP Server incorrectly handled unusual whitespace when parsing requests, contrary to specifications. When being used in combination with a proxy or backend server, a remote attacker could possibly use this issue to perform an injection attack and pollute cache. This update may introduce compatibility issues with clients that do not strictly follow HTTP protocol specifications. A new configuration option "HttpProtocolOptions Unsafe" can be used to revert to the previous unsafe behaviour in problematic environments. (CVE-2016-8743) Update Instructions: Run `sudo pro fix USN-3279-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2-data - 2.4.18-2ubuntu3.2 apache2-utils - 2.4.18-2ubuntu3.2 apache2-dev - 2.4.18-2ubuntu3.2 apache2-suexec-pristine - 2.4.18-2ubuntu3.2 apache2-suexec-custom - 2.4.18-2ubuntu3.2 apache2 - 2.4.18-2ubuntu3.2 apache2-doc - 2.4.18-2ubuntu3.2 apache2-bin - 2.4.18-2ubuntu3.2 No subscription required Medium CVE-2016-0736 CVE-2016-2161 CVE-2016-8743 Ubuntu 16.04 LTS It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3282-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfreetype6-dev - 2.6.1-0.1ubuntu2.3 libfreetype6-udeb - 2.6.1-0.1ubuntu2.3 freetype2-demos - 2.6.1-0.1ubuntu2.3 libfreetype6 - 2.6.1-0.1ubuntu2.3 No subscription required Medium CVE-2017-8105 CVE-2017-8287 Ubuntu 16.04 LTS Dave McDaniel discovered that rtmpdump incorrectly handled certain malformed streams. If a user were tricked into processing a specially crafted stream, a remote attacker could cause rtmpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3283-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rtmpdump - 2.4+20151223.gitfa8646d-1ubuntu0.1 librtmp1 - 2.4+20151223.gitfa8646d-1ubuntu0.1 librtmp-dev - 2.4+20151223.gitfa8646d-1ubuntu0.1 No subscription required Medium CVE-2015-8270 CVE-2015-8271 CVE-2015-8272 Ubuntu 16.04 LTS Timo Schmid discovered that the Git restricted shell incorrectly filtered allowed commands. A remote attacker could possibly use this issue to run an interactive pager and access sensitive information. Update Instructions: Run `sudo pro fix USN-3287-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:2.7.4-0ubuntu1.1 gitweb - 1:2.7.4-0ubuntu1.1 git-gui - 1:2.7.4-0ubuntu1.1 git-daemon-sysvinit - 1:2.7.4-0ubuntu1.1 git-arch - 1:2.7.4-0ubuntu1.1 git-el - 1:2.7.4-0ubuntu1.1 gitk - 1:2.7.4-0ubuntu1.1 git-all - 1:2.7.4-0ubuntu1.1 git-mediawiki - 1:2.7.4-0ubuntu1.1 git-daemon-run - 1:2.7.4-0ubuntu1.1 git-man - 1:2.7.4-0ubuntu1.1 git-doc - 1:2.7.4-0ubuntu1.1 git-svn - 1:2.7.4-0ubuntu1.1 git-cvs - 1:2.7.4-0ubuntu1.1 git-core - 1:2.7.4-0ubuntu1.1 git-email - 1:2.7.4-0ubuntu1.1 No subscription required Medium CVE-2017-8386 Ubuntu 16.04 LTS Li Qiang discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-7377, CVE-2017-8086) Jiangxin discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-7718) Li Qiang and Jiangxin discovered that QEMU incorrectly handled the Cirrus VGA device when being used with a VNC connection. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2017-7980) Jiang Xin discovered that QEMU incorrectly handled the audio subsystem. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-8309) Jiang Xin discovered that QEMU incorrectly handled the input subsystem. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-8379) Update Instructions: Run `sudo pro fix USN-3289-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.5+dfsg-5ubuntu10.14 qemu-user-static - 1:2.5+dfsg-5ubuntu10.14 qemu-system-s390x - 1:2.5+dfsg-5ubuntu10.14 qemu-block-extra - 1:2.5+dfsg-5ubuntu10.14 qemu-kvm - 1:2.5+dfsg-5ubuntu10.14 qemu-user - 1:2.5+dfsg-5ubuntu10.14 qemu-guest-agent - 1:2.5+dfsg-5ubuntu10.14 qemu-system - 1:2.5+dfsg-5ubuntu10.14 qemu-utils - 1:2.5+dfsg-5ubuntu10.14 qemu-system-aarch64 - 1:2.5+dfsg-5ubuntu10.14 qemu-system-mips - 1:2.5+dfsg-5ubuntu10.14 qemu-user-binfmt - 1:2.5+dfsg-5ubuntu10.14 qemu-system-x86 - 1:2.5+dfsg-5ubuntu10.14 qemu-system-arm - 1:2.5+dfsg-5ubuntu10.14 qemu-system-sparc - 1:2.5+dfsg-5ubuntu10.14 qemu - 1:2.5+dfsg-5ubuntu10.14 qemu-system-ppc - 1:2.5+dfsg-5ubuntu10.14 qemu-system-misc - 1:2.5+dfsg-5ubuntu10.14 No subscription required Medium CVE-2017-7377 CVE-2017-7718 CVE-2017-7980 CVE-2017-8086 CVE-2017-8309 CVE-2017-8379 Ubuntu 16.04 LTS Dmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux kernel contained a stack-based buffer overflow. A local attacker with access to an sg device could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7187) It was discovered that a NULL pointer dereference existed in the Direct Rendering Manager (DRM) driver for VMWare devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7261) Li Qiang discovered that an integer overflow vulnerability existed in the Direct Rendering Manager (DRM) driver for VMWare devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7294) It was discovered that an information leak existed in the set_mempolicy and mbind compat syscalls in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-7616) Update Instructions: Run `sudo pro fix USN-3291-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-78-powerpc64-emb - 4.4.0-78.99 linux-image-extra-4.4.0-78-generic - 4.4.0-78.99 linux-image-4.4.0-78-powerpc-smp - 4.4.0-78.99 linux-image-4.4.0-78-generic - 4.4.0-78.99 linux-image-4.4.0-78-lowlatency - 4.4.0-78.99 linux-image-4.4.0-78-generic-lpae - 4.4.0-78.99 linux-image-4.4.0-78-powerpc-e500mc - 4.4.0-78.99 linux-image-4.4.0-78-powerpc64-smp - 4.4.0-78.99 No subscription required Medium CVE-2017-7187 CVE-2017-7261 CVE-2017-7294 CVE-2017-7616 Ubuntu 16.04 LTS USN-3291-1 fixed vulnerabilities in the generic Linux kernel. This update provides the corresponding updates for the Linux kernel built for specific processors and cloud environments. Dmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux kernel contained a stack-based buffer overflow. A local attacker with access to an sg device could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7187) It was discovered that a NULL pointer dereference existed in the Direct Rendering Manager (DRM) driver for VMWare devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7261) Li Qiang discovered that an integer overflow vulnerability existed in the Direct Rendering Manager (DRM) driver for VMWare devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7294) It was discovered that an information leak existed in the set_mempolicy and mbind compat syscalls in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-7616) Update Instructions: Run `sudo pro fix USN-3291-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-4.4.0-1013-gke - 4.4.0-1013.13 linux-image-4.4.0-1013-gke - 4.4.0-1013.13 No subscription required linux-image-4.4.0-1017-aws - 4.4.0-1017.26 No subscription required linux-image-4.4.0-1055-raspi2 - 4.4.0-1055.62 No subscription required linux-image-4.4.0-1058-snapdragon - 4.4.0-1058.62 No subscription required Medium CVE-2017-7187 CVE-2017-7261 CVE-2017-7294 CVE-2017-7616 Ubuntu 16.04 LTS USN-3292-1 fixed a vulnerability in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. Jason Donenfeld discovered a heap overflow in the MACsec module in the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3292-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.8.0-52-generic-lpae - 4.8.0-52.55~16.04.1 linux-image-extra-4.8.0-52-generic - 4.8.0-52.55~16.04.1 linux-image-4.8.0-52-lowlatency - 4.8.0-52.55~16.04.1 linux-image-4.8.0-52-generic - 4.8.0-52.55~16.04.1 No subscription required Medium CVE-2017-7477 Ubuntu 16.04 LTS Bernd Dietzel discovered that Bash incorrectly expanded the hostname when displaying the prompt. If a remote attacker were able to modify a hostname, this flaw could be exploited to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-0634) It was discovered that Bash incorrectly handled the SHELLOPTS and PS4 environment variables. A local attacker could use this issue to execute arbitrary code with root privileges. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7543) It was discovered that Bash incorrectly handled the popd command. A remote attacker could possibly use this issue to bypass restricted shells. (CVE-2016-9401) It was discovered that Bash incorrectly handled path autocompletion. A local attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 17.04. (CVE-2017-5932) Update Instructions: Run `sudo pro fix USN-3294-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bash-builtins - 4.3-14ubuntu1.2 bash-doc - 4.3-14ubuntu1.2 bash-static - 4.3-14ubuntu1.2 bash - 4.3-14ubuntu1.2 No subscription required Medium CVE-2016-0634 CVE-2016-7543 CVE-2016-9401 CVE-2017-5932 Ubuntu 16.04 LTS It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user or automated system using JasPer were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-3295-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjasper-runtime - 1.900.1-debian1-2.4ubuntu1.1 libjasper-dev - 1.900.1-debian1-2.4ubuntu1.1 libjasper1 - 1.900.1-debian1-2.4ubuntu1.1 No subscription required Medium CVE-2016-10249 CVE-2016-10251 CVE-2016-1867 CVE-2016-2089 CVE-2016-8654 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 CVE-2016-8882 CVE-2016-9560 CVE-2016-9591 Ubuntu 16.04 LTS It was discovered that Samba incorrectly handled shared libraries. A remote attacker could use this flaw to upload a shared library to a writable share and execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3296-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.16.04.7 samba - 2:4.3.11+dfsg-0ubuntu0.16.04.7 libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.7 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.7 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.7 smbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.7 python-samba - 2:4.3.11+dfsg-0ubuntu0.16.04.7 winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.7 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.16.04.7 samba-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.7 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.16.04.7 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.16.04.7 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.7 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.7 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.7 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.7 samba-common - 2:4.3.11+dfsg-0ubuntu0.16.04.7 registry-tools - 2:4.3.11+dfsg-0ubuntu0.16.04.7 samba-libs - 2:4.3.11+dfsg-0ubuntu0.16.04.7 ctdb - 2:4.3.11+dfsg-0ubuntu0.16.04.7 No subscription required High CVE-2017-7494 Ubuntu 16.04 LTS Bingchang Liu discovered that jbig2dec incorrectly handled memory when decoding malformed image files. If a user or automated system were tricked into processing a specially crafted JBIG2 image file, a remote attacker could cause jbig2dec to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9601) It was discovered that jbig2dec incorrectly handled memory when decoding malformed image files. If a user or automated system were tricked into processing a specially crafted JBIG2 image file, a remote attacker could cause jbig2dec to crash, resulting in a denial of service, or possibly disclose sensitive information. (CVE-2017-7885) Jiaqi Peng discovered that jbig2dec incorrectly handled memory when decoding malformed image files. If a user or automated system were tricked into processing a specially crafted JBIG2 image file, a remote attacker could cause jbig2dec to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-7975) Dai Ge discovered that jbig2dec incorrectly handled memory when decoding malformed image files. If a user or automated system were tricked into processing a specially crafted JBIG2 image file, a remote attacker could cause jbig2dec to crash, resulting in a denial of service, or possibly disclose sensitive information. (CVE-2017-7976) Update Instructions: Run `sudo pro fix USN-3297-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjbig2dec0 - 0.12+20150918-1ubuntu0.1 jbig2dec - 0.12+20150918-1ubuntu0.1 libjbig2dec0-dev - 0.12+20150918-1ubuntu0.1 No subscription required Medium CVE-2016-9601 CVE-2017-7885 CVE-2017-7975 CVE-2017-7976 Ubuntu 16.04 LTS It was discovered that MiniUPnP incorrectly handled memory. A remote attacker could use this issue to cause a denial of service or possibly execute arbitrary code with privileges of the user running an application that uses the MiniUPnP library. Update Instructions: Run `sudo pro fix USN-3298-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libminiupnpc-dev - 1.9.20140610-2ubuntu2.16.04.1 python-miniupnpc - 1.9.20140610-2ubuntu2.16.04.1 miniupnpc - 1.9.20140610-2ubuntu2.16.04.1 libminiupnpc10 - 1.9.20140610-2ubuntu2.16.04.1 No subscription required Medium CVE-2017-8798 Ubuntu 16.04 LTS Some security information preloaded in Firefox was due to expire before the next scheduled release. This update bumps the expiration times. Update Instructions: Run `sudo pro fix USN-3299-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-nn - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-nb - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-fa - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-fi - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-fr - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-fy - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-or - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-kab - 53.0.3+build1-0ubuntu0.16.04.2 firefox-testsuite - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-oc - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-cs - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-ga - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-gd - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-gn - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-gl - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-gu - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-pa - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-pl - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-cy - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-pt - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-hi - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-ms - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-he - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-hy - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-hr - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-hu - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-it - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-as - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-ar - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-az - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-id - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-mai - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-af - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-is - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-vi - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-an - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-bs - 53.0.3+build1-0ubuntu0.16.04.2 firefox - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-ro - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-ja - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-ru - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-br - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-zh-hant - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-zh-hans - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-bn - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-be - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-bg - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-sl - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-sk - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-si - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-sw - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-sv - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-sr - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-sq - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-ko - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-kn - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-km - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-kk - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-ka - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-xh - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-ca - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-ku - 53.0.3+build1-0ubuntu0.16.04.2 firefox-mozsymbols - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-lv - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-lt - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-th - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-hsb - 53.0.3+build1-0ubuntu0.16.04.2 firefox-dev - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-te - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-cak - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-ta - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-lg - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-tr - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-nso - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-de - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-da - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-uk - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-mr - 53.0.3+build1-0ubuntu0.16.04.2 firefox-globalmenu - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-uz - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-ml - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-mn - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-mk - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-ur - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-eu - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-et - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-es - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-csb - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-el - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-eo - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-en - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-zu - 53.0.3+build1-0ubuntu0.16.04.2 firefox-locale-ast - 53.0.3+build1-0ubuntu0.16.04.2 No subscription required None https://launchpad.net/bugs/1693502 Ubuntu 16.04 LTS Ryan Beisner discovered juju did not set permissions on a Unix domain socket. A local attacker could use this flaw to gain administrative privileges. Update Instructions: Run `sudo pro fix USN-3300-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: juju - 2.0.2-0ubuntu0.16.04.2 juju-2.0 - 2.0.2-0ubuntu0.16.04.2 No subscription required High CVE-2017-9232 Ubuntu 16.04 LTS It was discovered that the strongSwan gmp plugin incorrectly validated RSA public keys. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service. (CVE-2017-9022) It was discovered that strongSwan incorrectly parsed ASN.1 CHOICE types. A remote attacker could use this issue to cause strongSwan to hang, resulting in a denial of service. (CVE-2017-9023) Update Instructions: Run `sudo pro fix USN-3301-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: strongswan-plugin-xauth-noauth - 5.3.5-1ubuntu3.3 libcharon-extra-plugins - 5.3.5-1ubuntu3.3 strongswan-plugin-eap-simaka-pseudonym - 5.3.5-1ubuntu3.3 libstrongswan-extra-plugins - 5.3.5-1ubuntu3.3 strongswan-plugin-unbound - 5.3.5-1ubuntu3.3 strongswan-plugin-farp - 5.3.5-1ubuntu3.3 strongswan-charon - 5.3.5-1ubuntu3.3 strongswan-ikev1 - 5.3.5-1ubuntu3.3 strongswan-plugin-pkcs11 - 5.3.5-1ubuntu3.3 strongswan-plugin-xauth-eap - 5.3.5-1ubuntu3.3 strongswan-plugin-sshkey - 5.3.5-1ubuntu3.3 strongswan-plugin-error-notify - 5.3.5-1ubuntu3.3 strongswan-plugin-gcrypt - 5.3.5-1ubuntu3.3 strongswan-plugin-sql - 5.3.5-1ubuntu3.3 strongswan-plugin-coupling - 5.3.5-1ubuntu3.3 strongswan-plugin-xauth-generic - 5.3.5-1ubuntu3.3 strongswan-plugin-lookip - 5.3.5-1ubuntu3.3 strongswan-plugin-eap-ttls - 5.3.5-1ubuntu3.3 strongswan-plugin-af-alg - 5.3.5-1ubuntu3.3 strongswan-plugin-eap-aka-3gpp2 - 5.3.5-1ubuntu3.3 strongswan-ike - 5.3.5-1ubuntu3.3 strongswan-plugin-dnskey - 5.3.5-1ubuntu3.3 strongswan-plugin-eap-aka - 5.3.5-1ubuntu3.3 libstrongswan - 5.3.5-1ubuntu3.3 strongswan-plugin-eap-simaka-sql - 5.3.5-1ubuntu3.3 libstrongswan-standard-plugins - 5.3.5-1ubuntu3.3 strongswan-plugin-sqlite - 5.3.5-1ubuntu3.3 strongswan-plugin-duplicheck - 5.3.5-1ubuntu3.3 strongswan - 5.3.5-1ubuntu3.3 strongswan-tnc-server - 5.3.5-1ubuntu3.3 strongswan-plugin-attr-sql - 5.3.5-1ubuntu3.3 strongswan-tnc-base - 5.3.5-1ubuntu3.3 strongswan-plugin-eap-peap - 5.3.5-1ubuntu3.3 strongswan-starter - 5.3.5-1ubuntu3.3 strongswan-plugin-curl - 5.3.5-1ubuntu3.3 strongswan-plugin-radattr - 5.3.5-1ubuntu3.3 strongswan-plugin-soup - 5.3.5-1ubuntu3.3 strongswan-plugin-eap-dynamic - 5.3.5-1ubuntu3.3 strongswan-plugin-eap-gtc - 5.3.5-1ubuntu3.3 strongswan-plugin-eap-tls - 5.3.5-1ubuntu3.3 strongswan-tnc-ifmap - 5.3.5-1ubuntu3.3 strongswan-plugin-eap-tnc - 5.3.5-1ubuntu3.3 strongswan-plugin-eap-radius - 5.3.5-1ubuntu3.3 strongswan-ikev2 - 5.3.5-1ubuntu3.3 strongswan-plugin-mysql - 5.3.5-1ubuntu3.3 strongswan-plugin-eap-simaka-reauth - 5.3.5-1ubuntu3.3 strongswan-plugin-openssl - 5.3.5-1ubuntu3.3 strongswan-plugin-dnscert - 5.3.5-1ubuntu3.3 strongswan-plugin-xauth-pam - 5.3.5-1ubuntu3.3 strongswan-plugin-pubkey - 5.3.5-1ubuntu3.3 strongswan-plugin-eap-md5 - 5.3.5-1ubuntu3.3 charon-cmd - 5.3.5-1ubuntu3.3 strongswan-plugin-whitelist - 5.3.5-1ubuntu3.3 strongswan-plugin-fips-prf - 5.3.5-1ubuntu3.3 strongswan-libcharon - 5.3.5-1ubuntu3.3 strongswan-plugin-eap-mschapv2 - 5.3.5-1ubuntu3.3 strongswan-nm - 5.3.5-1ubuntu3.3 strongswan-plugin-ldap - 5.3.5-1ubuntu3.3 strongswan-plugin-certexpire - 5.3.5-1ubuntu3.3 strongswan-tnc-pdp - 5.3.5-1ubuntu3.3 strongswan-plugin-eap-sim - 5.3.5-1ubuntu3.3 strongswan-plugin-kernel-libipsec - 5.3.5-1ubuntu3.3 strongswan-plugin-ipseckey - 5.3.5-1ubuntu3.3 strongswan-plugin-dhcp - 5.3.5-1ubuntu3.3 strongswan-plugin-eap-sim-pcsc - 5.3.5-1ubuntu3.3 strongswan-plugin-ntru - 5.3.5-1ubuntu3.3 strongswan-plugin-gmp - 5.3.5-1ubuntu3.3 strongswan-plugin-agent - 5.3.5-1ubuntu3.3 strongswan-plugin-pgp - 5.3.5-1ubuntu3.3 strongswan-tnc-client - 5.3.5-1ubuntu3.3 strongswan-plugin-load-tester - 5.3.5-1ubuntu3.3 strongswan-plugin-unity - 5.3.5-1ubuntu3.3 strongswan-plugin-led - 5.3.5-1ubuntu3.3 strongswan-plugin-eap-sim-file - 5.3.5-1ubuntu3.3 strongswan-plugin-systime-fix - 5.3.5-1ubuntu3.3 No subscription required Medium CVE-2017-9022 CVE-2017-9023 Ubuntu 16.04 LTS It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-3302-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.8.9.9-7ubuntu5.7 libmagickcore-6.q16-dev - 8:6.8.9.9-7ubuntu5.7 libmagickcore-dev - 8:6.8.9.9-7ubuntu5.7 imagemagick - 8:6.8.9.9-7ubuntu5.7 imagemagick-doc - 8:6.8.9.9-7ubuntu5.7 libmagickwand-dev - 8:6.8.9.9-7ubuntu5.7 libmagickwand-6.q16-dev - 8:6.8.9.9-7ubuntu5.7 libmagick++-6-headers - 8:6.8.9.9-7ubuntu5.7 libimage-magick-q16-perl - 8:6.8.9.9-7ubuntu5.7 libimage-magick-perl - 8:6.8.9.9-7ubuntu5.7 libmagick++-dev - 8:6.8.9.9-7ubuntu5.7 imagemagick-6.q16 - 8:6.8.9.9-7ubuntu5.7 libmagick++-6.q16-5v5 - 8:6.8.9.9-7ubuntu5.7 perlmagick - 8:6.8.9.9-7ubuntu5.7 libmagickwand-6.q16-2 - 8:6.8.9.9-7ubuntu5.7 libmagickcore-6-arch-config - 8:6.8.9.9-7ubuntu5.7 libmagick++-6.q16-dev - 8:6.8.9.9-7ubuntu5.7 libmagickcore-6.q16-2-extra - 8:6.8.9.9-7ubuntu5.7 libmagickcore-6-headers - 8:6.8.9.9-7ubuntu5.7 libmagickwand-6-headers - 8:6.8.9.9-7ubuntu5.7 libmagickcore-6.q16-2 - 8:6.8.9.9-7ubuntu5.7 No subscription required Medium CVE-2017-7606 CVE-2017-7619 CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 CVE-2017-8343 CVE-2017-8344 CVE-2017-8345 CVE-2017-8346 CVE-2017-8347 CVE-2017-8348 CVE-2017-8349 CVE-2017-8350 CVE-2017-8351 CVE-2017-8352 CVE-2017-8353 CVE-2017-8354 CVE-2017-8355 CVE-2017-8356 CVE-2017-8357 CVE-2017-8765 CVE-2017-8830 CVE-2017-9098 CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144 Ubuntu 16.04 LTS A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-3303-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.16.3-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.16.3-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-dev - 2.16.3-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 - 2.16.3-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-18 - 2.16.3-0ubuntu0.16.04.1 libwebkit2gtk-4.0-doc - 2.16.3-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-bin - 2.16.3-0ubuntu0.16.04.1 gir1.2-webkit2-4.0 - 2.16.3-0ubuntu0.16.04.1 libwebkit2gtk-4.0-dev - 2.16.3-0ubuntu0.16.04.1 No subscription required Medium CVE-2017-2496 CVE-2017-2510 CVE-2017-2539 Ubuntu 16.04 LTS It was discovered that Sudo did not properly parse the contents of /proc/[pid]/stat when attempting to determine its controlling tty. A local attacker in some configurations could possibly use this to overwrite any file on the filesystem, bypassing intended permissions. Update Instructions: Run `sudo pro fix USN-3304-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sudo-ldap - 1.8.16-0ubuntu1.4 sudo - 1.8.16-0ubuntu1.4 No subscription required High CVE-2017-1000367 Ubuntu 16.04 LTS It was discovered that the NVIDIA graphics drivers contained flaws in the kernel mode layer. A local attacker could use these issues to cause a denial of service or potentially escalate their privileges on the system. Update Instructions: Run `sudo pro fix USN-3305-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nvidia-375-dev - 375.66-0ubuntu0.16.04.1 nvidia-libopencl1-375 - 375.66-0ubuntu0.16.04.1 nvidia-opencl-icd-367 - 375.66-0ubuntu0.16.04.1 nvidia-libopencl1-367 - 375.66-0ubuntu0.16.04.1 nvidia-367-dev - 375.66-0ubuntu0.16.04.1 nvidia-opencl-icd-375 - 375.66-0ubuntu0.16.04.1 libcuda1-367 - 375.66-0ubuntu0.16.04.1 libcuda1-375 - 375.66-0ubuntu0.16.04.1 nvidia-367 - 375.66-0ubuntu0.16.04.1 nvidia-375 - 375.66-0ubuntu0.16.04.1 No subscription required Medium CVE-2017-0350 CVE-2017-0351 CVE-2017-0352 Ubuntu 16.04 LTS Agostino Sarubbo and Jakub Jirasek discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3306-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsndfile1 - 1.0.25-10ubuntu0.16.04.1 libsndfile1-dev - 1.0.25-10ubuntu0.16.04.1 sndfile-programs - 1.0.25-10ubuntu0.16.04.1 No subscription required Medium CVE-2017-7585 CVE-2017-7586 CVE-2017-7741 CVE-2017-7742 CVE-2017-8361 CVE-2017-8362 CVE-2017-8363 CVE-2017-8365 Ubuntu 16.04 LTS Karsten Heymann discovered that OpenLDAP incorrectly handled certain search requests. A remote attacker could use this issue to cause slapd to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3307-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ldap-utils - 2.4.42+dfsg-2ubuntu3.2 libldap2-dev - 2.4.42+dfsg-2ubuntu3.2 libldap-2.4-2 - 2.4.42+dfsg-2ubuntu3.2 slapd-smbk5pwd - 2.4.42+dfsg-2ubuntu3.2 slapd - 2.4.42+dfsg-2ubuntu3.2 No subscription required Medium CVE-2017-9287 Ubuntu 16.04 LTS Jakub Jirasek discovered that GnuTLS incorrectly handled certain assignments files. If a user were tricked into processing a specially crafted assignments file, a remote attacker could possibly execute arbirary code. Update Instructions: Run `sudo pro fix USN-3309-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtasn1-6-dev - 4.7-3ubuntu0.16.04.2 libtasn1-3-bin - 4.7-3ubuntu0.16.04.2 libtasn1-doc - 4.7-3ubuntu0.16.04.2 libtasn1-bin - 4.7-3ubuntu0.16.04.2 libtasn1-6 - 4.7-3ubuntu0.16.04.2 No subscription required Medium CVE-2017-6891 Ubuntu 16.04 LTS Jakub Wilk discovered that lintian incorrectly handled deserializing certain YAML files. If a user or automated system were tricked into running lintian on a specially crafted package, a remote attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3310-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lintian - 2.5.43ubuntu0.1 No subscription required Medium CVE-2017-8829 Ubuntu 16.04 LTS It was discovered that libnl incorrectly handled memory when performing certain operations. A local attacker could possibly use this issue to cause libnl to crash, resulting in a denial of service, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3311-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnl-route-3-dev - 3.2.27-1ubuntu0.16.04.1 libnl-nf-3-200 - 3.2.27-1ubuntu0.16.04.1 libnl-utils - 3.2.27-1ubuntu0.16.04.1 libnl-idiag-3-200 - 3.2.27-1ubuntu0.16.04.1 libnl-nf-3-dev - 3.2.27-1ubuntu0.16.04.1 libnl-genl-3-200-udeb - 3.2.27-1ubuntu0.16.04.1 libnl-xfrm-3-dev - 3.2.27-1ubuntu0.16.04.1 libnl-route-3-200 - 3.2.27-1ubuntu0.16.04.1 libnl-cli-3-200 - 3.2.27-1ubuntu0.16.04.1 libnl-genl-3-dev - 3.2.27-1ubuntu0.16.04.1 libnl-3-200 - 3.2.27-1ubuntu0.16.04.1 libnl-idiag-3-dev - 3.2.27-1ubuntu0.16.04.1 libnl-3-200-udeb - 3.2.27-1ubuntu0.16.04.1 libnl-xfrm-3-200 - 3.2.27-1ubuntu0.16.04.1 libnl-3-dev - 3.2.27-1ubuntu0.16.04.1 libnl-cli-3-dev - 3.2.27-1ubuntu0.16.04.1 libnl-genl-3-200 - 3.2.27-1ubuntu0.16.04.1 No subscription required Medium CVE-2017-0553 Ubuntu 16.04 LTS It was discovered that the netfilter netlink implementation in the Linux kernel did not properly validate batch messages. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information or cause a denial of service. (CVE-2016-7917) Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build() function in the Linux kernel. A local attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-8632) It was discovered that the keyring implementation in the Linux kernel in some situations did not prevent special internal keyrings from being joined by userspace keyrings. A privileged local attacker could use this to bypass module verification. (CVE-2016-9604) It was discovered that a buffer overflow existed in the trace subsystem in the Linux kernel. A privileged local attacker could use this to execute arbitrary code. (CVE-2017-0605) Dmitry Vyukov discovered that KVM implementation in the Linux kernel improperly emulated the VMXON instruction. A local attacker in a guest OS could use this to cause a denial of service (memory consumption) in the host OS. (CVE-2017-2596) Daniel Jiang discovered that a race condition existed in the ipv4 ping socket implementation in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2017-2671) Di Shen discovered that a race condition existed in the perf subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. (CVE-2017-6001) Eric Biggers discovered a memory leak in the keyring implementation in the Linux kernel. A local attacker could use this to cause a denial of service (memory consumption). (CVE-2017-7472) Sabrina Dubroca discovered that the asynchronous cryptographic hash (ahash) implementation in the Linux kernel did not properly handle a full request queue. A local attacker could use this to cause a denial of service (infinite recursion). (CVE-2017-7618) Tuomas Haanpää and Ari Kauppi discovered that the NFSv2 and NFSv3 server implementations in the Linux kernel did not properly handle certain long RPC replies. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-7645) Tommi Rantala and Brad Spengler discovered that the memory manager in the Linux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism. A local attacker with access to /dev/mem could use this to expose sensitive information or possibly execute arbitrary code. (CVE-2017-7889) Tuomas Haanpää and Ari Kauppi discovered that the NFSv2 and NFSv3 server implementations in the Linux kernel did not properly check for the end of buffer. A remote attacker could use this to craft requests that cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7895) It was discovered that a use-after-free vulnerability existed in the device driver for XCeive xc2028/xc3028 tuners in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-7913) Vlad Tsyrklevich discovered an integer overflow vulnerability in the VFIO PCI driver for the Linux kernel. A local attacker with access to a vfio PCI device file could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-9083, CVE-2016-9084) Update Instructions: Run `sudo pro fix USN-3312-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1014-gke - 4.4.0-1014.14 linux-image-extra-4.4.0-1014-gke - 4.4.0-1014.14 No subscription required linux-image-4.4.0-1018-aws - 4.4.0-1018.27 No subscription required linux-image-4.4.0-1057-raspi2 - 4.4.0-1057.64 No subscription required linux-image-4.4.0-1059-snapdragon - 4.4.0-1059.63 No subscription required linux-image-4.4.0-79-generic - 4.4.0-79.100 linux-image-extra-4.4.0-79-generic - 4.4.0-79.100 linux-image-4.4.0-79-generic-lpae - 4.4.0-79.100 linux-image-4.4.0-79-lowlatency - 4.4.0-79.100 linux-image-4.4.0-79-powerpc-smp - 4.4.0-79.100 linux-image-4.4.0-79-powerpc64-emb - 4.4.0-79.100 linux-image-4.4.0-79-powerpc64-smp - 4.4.0-79.100 linux-image-4.4.0-79-powerpc-e500mc - 4.4.0-79.100 No subscription required Medium CVE-2016-7913 CVE-2016-7917 CVE-2016-8632 CVE-2016-9083 CVE-2016-9084 CVE-2016-9604 CVE-2017-2596 CVE-2017-2671 CVE-2017-6001 CVE-2017-7472 CVE-2017-7618 CVE-2017-7645 CVE-2017-7889 CVE-2017-7895 Ubuntu 16.04 LTS USN-3313-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. It was discovered that a buffer overflow existed in the trace subsystem in the Linux kernel. A privileged local attacker could use this to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3313-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.8.0-54-generic - 4.8.0-54.57~16.04.1 linux-image-extra-4.8.0-54-generic - 4.8.0-54.57~16.04.1 linux-image-4.8.0-54-generic-lpae - 4.8.0-54.57~16.04.1 linux-image-4.8.0-54-lowlatency - 4.8.0-54.57~16.04.1 No subscription required None Ubuntu 16.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information, spoof the addressbar contents, or execute arbitrary code. (CVE-2017-5470, CVE-2017-5471, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7752, CVE-2017-7754, CVE-2017-7756, CVE-2017-7757, CVE-2017-7758, CVE-2017-7762, CVE-2017-7764) Multiple security issues were discovered in the Graphite 2 library used by Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, or execute arbitrary code. (CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778) Update Instructions: Run `sudo pro fix USN-3315-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-nn - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-nb - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-fa - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-fi - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-fr - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-fy - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-or - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-kab - 54.0+build3-0ubuntu0.16.04.1 firefox-testsuite - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-oc - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-cs - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-ga - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-gd - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-gn - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-gl - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-gu - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-pa - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-pl - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-cy - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-pt - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-hi - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-ms - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-he - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-hy - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-hr - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-hu - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-it - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-as - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-ar - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-az - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-id - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-mai - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-af - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-is - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-vi - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-an - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-bs - 54.0+build3-0ubuntu0.16.04.1 firefox - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-ro - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-ja - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-ru - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-br - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-zh-hant - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-zh-hans - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-bn - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-be - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-bg - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-sl - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-sk - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-si - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-sw - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-sv - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-sr - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-sq - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-ko - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-kn - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-km - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-kk - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-ka - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-xh - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-ca - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-ku - 54.0+build3-0ubuntu0.16.04.1 firefox-mozsymbols - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-lv - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-lt - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-th - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-hsb - 54.0+build3-0ubuntu0.16.04.1 firefox-dev - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-te - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-cak - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-ta - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-lg - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-tr - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-nso - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-de - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-da - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-uk - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-mr - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-my - 54.0+build3-0ubuntu0.16.04.1 firefox-globalmenu - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-uz - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-ml - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-mn - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-mk - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-ur - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-eu - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-et - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-es - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-csb - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-el - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-eo - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-en - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-zu - 54.0+build3-0ubuntu0.16.04.1 firefox-locale-ast - 54.0+build3-0ubuntu0.16.04.1 No subscription required Medium CVE-2017-5470 CVE-2017-5471 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7762 CVE-2017-7764 CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778 Ubuntu 16.04 LTS It was discovered that Irssi incorrectly handled certain DCC messages. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-9468) Joseph Bisch discovered that Irssi incorrectly handled receiving incorrectly quoted DCC files. A remote attacker could possibly use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-9469) Update Instructions: Run `sudo pro fix USN-3317-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: irssi-dev - 0.8.19-1ubuntu1.4 irssi - 0.8.19-1ubuntu1.4 No subscription required Medium CVE-2017-9468 CVE-2017-9469 Ubuntu 16.04 LTS Hubert Kario discovered that GnuTLS incorrectly handled decoding a status response TLS extension. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-7507) It was discovered that GnuTLS incorrectly handled decoding certain OpenPGP certificates. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-7869) Update Instructions: Run `sudo pro fix USN-3318-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgnutls30 - 3.4.10-4ubuntu1.3 libgnutls28-dev - 3.4.10-4ubuntu1.3 libgnutlsxx28 - 3.4.10-4ubuntu1.3 gnutls-doc - 3.4.10-4ubuntu1.3 libgnutls-dev - 3.4.10-4ubuntu1.3 gnutls-bin - 3.4.10-4ubuntu1.3 guile-gnutls - 3.4.10-4ubuntu1.3 libgnutls-openssl27 - 3.4.10-4ubuntu1.3 No subscription required Medium CVE-2017-7507 CVE-2017-7869 Ubuntu 16.04 LTS It was discovered that libmwaw incorrectly handled certain malformed document files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could cause libmwaw to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3319-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmwaw-dev - 0.3.7-1ubuntu2.1 libmwaw-0.3-3 - 0.3.7-1ubuntu2.1 libmwaw-tools - 0.3.7-1ubuntu2.1 libmwaw-doc - 0.3.7-1ubuntu2.1 No subscription required Medium CVE-2017-9433 Ubuntu 16.04 LTS Agostino Sarubbo discovered that zziplib incorrectly handled certain malformed ZIP files. If a user or automated system were tricked into opening a specially crafted ZIP file, a remote attacker could cause zziplib to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3320-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: zziplib-bin - 0.13.62-3ubuntu0.16.04.1 libzzip-dev - 0.13.62-3ubuntu0.16.04.1 libzzip-0-13 - 0.13.62-3ubuntu0.16.04.1 No subscription required Medium CVE-2017-5974 CVE-2017-5975 CVE-2017-5976 CVE-2017-5978 CVE-2017-5979 CVE-2017-5980 CVE-2017-5981 Ubuntu 16.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information or execute arbitrary code. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7752, CVE-2017-7754, CVE-2017-7756, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764) Multiple security issues were discovered in the Graphite 2 library used by Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, or execute arbitrary code. (CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778) Update Instructions: Run `sudo pro fix USN-3321-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-bn - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-fr - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-en-us - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-es-es - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-nb-no - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-br - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-dsb - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-fy - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-vi - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-mk - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-bn-bd - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-hu - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-es-ar - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-be - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-bg - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ja - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-lt - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-sl - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-en-gb - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-cy - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-si - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-gnome-support - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-hr - 1:52.2.1+build1-0ubuntu0.16.04.1 xul-ext-calendar-timezones - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-de - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-en - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-da - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-nl - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-nn - 1:52.2.1+build1-0ubuntu0.16.04.1 xul-ext-lightning - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ga-ie - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-fy-nl - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-sv - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-pa-in - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-sr - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-sq - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-he - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-hsb - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-kab - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ar - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-uk - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-globalmenu - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-cn - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ta-lk - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ru - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-cs - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-mozsymbols - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-fi - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-testsuite - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ro - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-af - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-pt-pt - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-sk - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-dev - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-hy - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ca - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-sv-se - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-pt-br - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-el - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-pa - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-rm - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ka - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-nn-no - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ko - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ga - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ast - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-tr - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-it - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-pl - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-gd - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-tw - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-id - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-gl - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-nb - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-pt - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-eu - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-et - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-hant - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-hans - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-is - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-es - 1:52.2.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ta - 1:52.2.1+build1-0ubuntu0.16.04.1 No subscription required Medium CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7764 CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778 Ubuntu 16.04 LTS It was discovered that Exim did not properly deallocate memory when processing certain command line arguments. A local attacker could use this in conjunction with a vulnerability in the underlying kernel to possibly execute arbitrary code and gain administrative privileges. Update Instructions: Run `sudo pro fix USN-3322-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exim4-dev - 4.86.2-2ubuntu2.2 eximon4 - 4.86.2-2ubuntu2.2 exim4 - 4.86.2-2ubuntu2.2 exim4-daemon-light - 4.86.2-2ubuntu2.2 exim4-config - 4.86.2-2ubuntu2.2 exim4-daemon-heavy - 4.86.2-2ubuntu2.2 exim4-base - 4.86.2-2ubuntu2.2 No subscription required Medium CVE-2017-1000369 Ubuntu 16.04 LTS It was discovered that the GNU C library did not properly handle memory when processing environment variables for setuid programs. A local attacker could use this in combination with another vulnerability to gain administrative privileges. Update Instructions: Run `sudo pro fix USN-3323-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc6-i386 - 2.23-0ubuntu9 libc6-ppc64 - 2.23-0ubuntu9 libc6-dev-s390 - 2.23-0ubuntu9 glibc-source - 2.23-0ubuntu9 libc-bin - 2.23-0ubuntu9 libc6-x32 - 2.23-0ubuntu9 libc6-s390 - 2.23-0ubuntu9 libc6-armel - 2.23-0ubuntu9 libc6-pic - 2.23-0ubuntu9 libc6-dev-ppc64 - 2.23-0ubuntu9 libc6-dev-armel - 2.23-0ubuntu9 glibc-doc - 2.23-0ubuntu9 multiarch-support - 2.23-0ubuntu9 libc6-dev - 2.23-0ubuntu9 libc6-amd64 - 2.23-0ubuntu9 libc6-dev-amd64 - 2.23-0ubuntu9 libc6 - 2.23-0ubuntu9 locales-all - 2.23-0ubuntu9 libc6-dev-x32 - 2.23-0ubuntu9 locales - 2.23-0ubuntu9 libc6-udeb - 2.23-0ubuntu9 libc6-dev-i386 - 2.23-0ubuntu9 libc-dev-bin - 2.23-0ubuntu9 nscd - 2.23-0ubuntu9 No subscription required Medium CVE-2017-1000366 Ubuntu 16.04 LTS It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Update Instructions: Run `sudo pro fix USN-3328-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-81-powerpc-smp - 4.4.0-81.104 linux-image-4.4.0-81-generic - 4.4.0-81.104 linux-image-extra-4.4.0-81-generic - 4.4.0-81.104 linux-image-4.4.0-81-lowlatency - 4.4.0-81.104 linux-image-4.4.0-81-generic-lpae - 4.4.0-81.104 linux-image-4.4.0-81-powerpc64-smp - 4.4.0-81.104 linux-image-4.4.0-81-powerpc-e500mc - 4.4.0-81.104 linux-image-4.4.0-81-powerpc64-emb - 4.4.0-81.104 No subscription required High CVE-2017-1000364 Ubuntu 16.04 LTS It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Update Instructions: Run `sudo pro fix USN-3329-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-4.4.0-1016-gke - 4.4.0-1016.16 linux-image-4.4.0-1016-gke - 4.4.0-1016.16 No subscription required High CVE-2017-1000364 Ubuntu 16.04 LTS It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Update Instructions: Run `sudo pro fix USN-3330-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1061-snapdragon - 4.4.0-1061.66 No subscription required High CVE-2017-1000364 Ubuntu 16.04 LTS It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Update Instructions: Run `sudo pro fix USN-3331-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1020-aws - 4.4.0-1020.29 No subscription required High CVE-2017-1000364 Ubuntu 16.04 LTS It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Update Instructions: Run `sudo pro fix USN-3332-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1059-raspi2 - 4.4.0-1059.67 No subscription required High CVE-2017-1000364 Ubuntu 16.04 LTS USN-3326-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Update Instructions: Run `sudo pro fix USN-3333-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.8.0-56-generic-lpae - 4.8.0-56.61~16.04.1 linux-image-extra-4.8.0-56-generic - 4.8.0-56.61~16.04.1 linux-image-4.8.0-56-generic - 4.8.0-56.61~16.04.1 linux-image-4.8.0-56-lowlatency - 4.8.0-56.61~16.04.1 No subscription required High CVE-2017-1000364 Ubuntu 16.04 LTS It was discovered that NSS incorrectly handled certain empty SSLv2 messages. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3336-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.28.4-0ubuntu0.16.04.2 libnss3-dev - 2:3.28.4-0ubuntu0.16.04.2 libnss3 - 2:3.28.4-0ubuntu0.16.04.2 libnss3-1d - 2:3.28.4-0ubuntu0.16.04.2 libnss3-tools - 2:3.28.4-0ubuntu0.16.04.2 No subscription required Medium CVE-2017-7502 Ubuntu 16.04 LTS It was discovered that Valgrind incorrectly handled certain string operations. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-2226) It was discovered that Valgrind incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause Valgrind to crash, resulting in a denial of service. (CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4491, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131) Update Instructions: Run `sudo pro fix USN-3337-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: valgrind - 1:3.11.0-1ubuntu4.2 No subscription required Medium CVE-2016-2226 CVE-2016-4487 CVE-2016-4488 CVE-2016-4489 CVE-2016-4490 CVE-2016-4491 CVE-2016-4492 CVE-2016-4493 CVE-2016-6131 Ubuntu 16.04 LTS Karthikeyan Bhargavan and Gaëtan Leurent discovered that 64-bit block ciphers are vulnerable to a birthday attack. A remote attacker could possibly use this issue to recover cleartext data. Fixing this issue requires a configuration change to switch to a different cipher. This update adds a warning to the log file when a 64-bit block cipher is in use. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-6329) It was discovered that OpenVPN incorrectly handled rollover of packet ids. An authenticated remote attacker could use this issue to cause OpenVPN to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2017-7479) Guido Vranken discovered that OpenVPN incorrectly handled certain malformed IPv6 packets. A remote attacker could use this issue to cause OpenVPN to crash, resulting in a denial of service. (CVE-2017-7508) Guido Vranken discovered that OpenVPN incorrectly handled an HTTP proxy with NTLM authentication. A remote attacker could use this issue to cause OpenVPN clients to crash, resulting in a denial of service, or possibly expose sensitive memory contents. (CVE-2017-7520) Guido Vranken discovered that OpenVPN incorrectly handled certain x509 extensions. A remote attacker could use this issue to cause OpenVPN to crash, resulting in a denial of service. (CVE-2017-7521) Update Instructions: Run `sudo pro fix USN-3339-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openvpn - 2.3.10-1ubuntu2.1 No subscription required Medium CVE-2016-6329 CVE-2017-7479 CVE-2017-7508 CVE-2017-7520 CVE-2017-7521 Ubuntu 16.04 LTS Emmanuel Dreyfus discovered that third-party modules using the ap_get_basic_auth_pw() function outside of the authentication phase may lead to authentication requirements being bypassed. This update adds a new ap_get_basic_auth_components() function for use by third-party modules. (CVE-2017-3167) Vasileios Panopoulos discovered that the Apache mod_ssl module may crash when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port. (CVE-2017-3169) Javier Jiménez discovered that the Apache HTTP Server incorrectly handled parsing certain requests. A remote attacker could possibly use this issue to cause the Apache HTTP Server to crash, resulting in a denial of service. (CVE-2017-7668) ChenQin and Hanno Böck discovered that the Apache mod_mime module incorrectly handled certain Content-Type response headers. A remote attacker could possibly use this issue to cause the Apache HTTP Server to crash, resulting in a denial of service. (CVE-2017-7679) Update Instructions: Run `sudo pro fix USN-3340-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2-data - 2.4.18-2ubuntu3.3 apache2-utils - 2.4.18-2ubuntu3.3 apache2-dev - 2.4.18-2ubuntu3.3 apache2-suexec-pristine - 2.4.18-2ubuntu3.3 apache2-suexec-custom - 2.4.18-2ubuntu3.3 apache2 - 2.4.18-2ubuntu3.3 apache2-doc - 2.4.18-2ubuntu3.3 apache2-bin - 2.4.18-2ubuntu3.3 No subscription required Medium CVE-2017-3167 CVE-2017-3169 CVE-2017-7668 CVE-2017-7679 Ubuntu 16.04 LTS USN-3342-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. USN-3333-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience. It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7374) Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363) Ingo Molnar discovered that the VideoCore DRM driver in the Linux kernel did not return an error after detecting certain overflows. A local attacker could exploit this issue to cause a denial of service (OOPS). (CVE-2017-5577) Li Qiang discovered that an integer overflow vulnerability existed in the Direct Rendering Manager (DRM) driver for VMWare devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7294) It was discovered that a double-free vulnerability existed in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890) Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074) Andrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems. (CVE-2017-9075) It was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9076) It was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077) It was discovered that the IPv6 stack in the Linux kernel was performing its over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242) Update Instructions: Run `sudo pro fix USN-3342-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-4.8.0-58-generic - 4.8.0-58.63~16.04.1 linux-image-4.8.0-58-generic-lpae - 4.8.0-58.63~16.04.1 linux-image-4.8.0-58-generic - 4.8.0-58.63~16.04.1 linux-image-4.8.0-58-lowlatency - 4.8.0-58.63~16.04.1 No subscription required High CVE-2017-1000363 CVE-2017-5577 CVE-2017-7294 CVE-2017-7374 CVE-2017-8890 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9242 https://launchpad.net/bugs/1699772 https://www.ubuntu.com/usn/usn-3333-1 Ubuntu 16.04 LTS USN 3328-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience. Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363) A reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487) It was discovered that a double-free vulnerability existed in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890) Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074) Andrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems. (CVE-2017-9075) It was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9076) It was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077) It was discovered that the IPv6 stack in the Linux kernel was performing its over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242) Update Instructions: Run `sudo pro fix USN-3344-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1018-gke - 4.4.0-1018.18 linux-image-extra-4.4.0-1018-gke - 4.4.0-1018.18 No subscription required linux-image-4.4.0-1022-aws - 4.4.0-1022.31 No subscription required linux-image-4.4.0-1061-raspi2 - 4.4.0-1061.69 No subscription required linux-image-4.4.0-1063-snapdragon - 4.4.0-1063.68 No subscription required linux-image-4.4.0-83-generic - 4.4.0-83.106 linux-image-4.4.0-83-powerpc-smp - 4.4.0-83.106 linux-image-4.4.0-83-powerpc-e500mc - 4.4.0-83.106 linux-image-4.4.0-83-generic-lpae - 4.4.0-83.106 linux-image-extra-4.4.0-83-generic - 4.4.0-83.106 linux-image-4.4.0-83-powerpc64-smp - 4.4.0-83.106 linux-image-4.4.0-83-powerpc64-emb - 4.4.0-83.106 linux-image-4.4.0-83-lowlatency - 4.4.0-83.106 No subscription required Medium CVE-2017-1000363 CVE-2017-7487 CVE-2017-8890 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9242 https://launchpad.net/bugs/1699772 https://www.ubuntu.com/usn/usn-3328-1 Ubuntu 16.04 LTS Clément Berthaux discovered that Bind did not correctly check TSIG authentication for zone update requests. An attacker could use this to improperly perform zone updates. (CVE-2017-3143) Clément Berthaux discovered that Bind did not correctly check TSIG authentication for zone transfer requests. An attacker could use this to improperly transfer entire zones. (CVE-2017-3142) Update Instructions: Run `sudo pro fix USN-3346-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libisccfg-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.7 libisc160 - 1:9.10.3.dfsg.P4-8ubuntu1.7 libisccc-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.7 libdns162 - 1:9.10.3.dfsg.P4-8ubuntu1.7 libbind-dev - 1:9.10.3.dfsg.P4-8ubuntu1.7 libisc-export160-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.7 liblwres141 - 1:9.10.3.dfsg.P4-8ubuntu1.7 libisccc-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.7 libisccfg-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.7 bind9 - 1:9.10.3.dfsg.P4-8ubuntu1.7 libisc-export160 - 1:9.10.3.dfsg.P4-8ubuntu1.7 libdns-export162-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.7 bind9-doc - 1:9.10.3.dfsg.P4-8ubuntu1.7 libbind-export-dev - 1:9.10.3.dfsg.P4-8ubuntu1.7 libisccc140 - 1:9.10.3.dfsg.P4-8ubuntu1.7 host - 1:9.10.3.dfsg.P4-8ubuntu1.7 libisccfg140 - 1:9.10.3.dfsg.P4-8ubuntu1.7 bind9-host - 1:9.10.3.dfsg.P4-8ubuntu1.7 dnsutils - 1:9.10.3.dfsg.P4-8ubuntu1.7 libdns-export162 - 1:9.10.3.dfsg.P4-8ubuntu1.7 bind9utils - 1:9.10.3.dfsg.P4-8ubuntu1.7 libirs-export141-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.7 libbind9-140 - 1:9.10.3.dfsg.P4-8ubuntu1.7 libirs141 - 1:9.10.3.dfsg.P4-8ubuntu1.7 libirs-export141 - 1:9.10.3.dfsg.P4-8ubuntu1.7 lwresd - 1:9.10.3.dfsg.P4-8ubuntu1.7 No subscription required Medium CVE-2017-3142 CVE-2017-3143 Ubuntu 16.04 LTS USN-3346-1 fixed vulnerabilities in Bind. The fix for CVE-2017-3142 introduced a regression in the ability to receive an AXFR or IXFR in the case where TSIG is used and not every message is signed. This update fixes the problem. In addition, this update adds the new root zone key signing key (KSK). Original advisory details: Clément Berthaux discovered that Bind did not correctly check TSIG authentication for zone update requests. An attacker could use this to improperly perform zone updates. (CVE-2017-3143) Clément Berthaux discovered that Bind did not correctly check TSIG authentication for zone transfer requests. An attacker could use this to improperly transfer entire zones. (CVE-2017-3142) Update Instructions: Run `sudo pro fix USN-3346-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libisccfg-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.8 libisc160 - 1:9.10.3.dfsg.P4-8ubuntu1.8 libisccc-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.8 libdns162 - 1:9.10.3.dfsg.P4-8ubuntu1.8 libbind-dev - 1:9.10.3.dfsg.P4-8ubuntu1.8 libisc-export160-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.8 liblwres141 - 1:9.10.3.dfsg.P4-8ubuntu1.8 libisccc-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.8 libisccfg-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.8 bind9 - 1:9.10.3.dfsg.P4-8ubuntu1.8 libisc-export160 - 1:9.10.3.dfsg.P4-8ubuntu1.8 libdns-export162-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.8 bind9-doc - 1:9.10.3.dfsg.P4-8ubuntu1.8 libbind-export-dev - 1:9.10.3.dfsg.P4-8ubuntu1.8 libisccc140 - 1:9.10.3.dfsg.P4-8ubuntu1.8 host - 1:9.10.3.dfsg.P4-8ubuntu1.8 libisccfg140 - 1:9.10.3.dfsg.P4-8ubuntu1.8 bind9-host - 1:9.10.3.dfsg.P4-8ubuntu1.8 dnsutils - 1:9.10.3.dfsg.P4-8ubuntu1.8 libdns-export162 - 1:9.10.3.dfsg.P4-8ubuntu1.8 bind9utils - 1:9.10.3.dfsg.P4-8ubuntu1.8 libirs-export141-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.8 libbind9-140 - 1:9.10.3.dfsg.P4-8ubuntu1.8 libirs141 - 1:9.10.3.dfsg.P4-8ubuntu1.8 libirs-export141 - 1:9.10.3.dfsg.P4-8ubuntu1.8 lwresd - 1:9.10.3.dfsg.P4-8ubuntu1.8 No subscription required None https://launchpad.net/bugs/1717981 Ubuntu 16.04 LTS Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and Yuval Yarom discovered that Libgcrypt was susceptible to an attack via side channels. A local attacker could use this attack to recover RSA private keys. (CVE-2017-7526) It was discovered that Libgcrypt was susceptible to an attack via side channels. A local attacker could use this attack to possibly recover EdDSA private keys. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-9526) Update Instructions: Run `sudo pro fix USN-3347-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgcrypt11-dev - 1.5.4-3+really1.6.5-2ubuntu0.3 No subscription required libgcrypt20 - 1.6.5-2ubuntu0.3 libgcrypt20-doc - 1.6.5-2ubuntu0.3 libgcrypt20-udeb - 1.6.5-2ubuntu0.3 libgcrypt20-dev - 1.6.5-2ubuntu0.3 No subscription required Medium CVE-2017-7526 CVE-2017-9526 Ubuntu 16.04 LTS It was discovered that Samba incorrectly handled dangling symlinks. A remote attacker could possibly use this issue to cause Samba to hang, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-9461) In addition, this update fixes a regression introduced by USN-3267-1 that caused Samba to incorrectly handle non-wide symlinks to directories. Update Instructions: Run `sudo pro fix USN-3348-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.16.04.8 samba - 2:4.3.11+dfsg-0ubuntu0.16.04.8 libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.8 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.8 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.8 smbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.8 python-samba - 2:4.3.11+dfsg-0ubuntu0.16.04.8 winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.8 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.16.04.8 samba-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.8 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.16.04.8 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.16.04.8 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.8 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.8 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.8 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.8 samba-common - 2:4.3.11+dfsg-0ubuntu0.16.04.8 registry-tools - 2:4.3.11+dfsg-0ubuntu0.16.04.8 samba-libs - 2:4.3.11+dfsg-0ubuntu0.16.04.8 ctdb - 2:4.3.11+dfsg-0ubuntu0.16.04.8 No subscription required Medium CVE-2017-9461 Ubuntu 16.04 LTS Yihan Lian discovered that NTP incorrectly handled certain large request data values. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-2519) Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed addresses when performing rate limiting. A remote attacker could possibly use this issue to perform a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7426) Matthew Van Gundy discovered that NTP incorrectly handled certain crafted broadcast mode packets. A remote attacker could possibly use this issue to perform a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7427, CVE-2016-7428) Miroslav Lichvar discovered that NTP incorrectly handled certain responses. A remote attacker could possibly use this issue to perform a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7429) Sharon Goldberg and Aanchal Malhotra discovered that NTP incorrectly handled origin timestamps of zero. A remote attacker could possibly use this issue to bypass the origin timestamp protection mechanism. This issue only affected Ubuntu 16.10. (CVE-2016-7431) Brian Utterback, Sharon Goldberg and Aanchal Malhotra discovered that NTP incorrectly performed initial sync calculations. This issue only applied to Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7433) Magnus Stubman discovered that NTP incorrectly handled certain mrulist queries. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7434) Matthew Van Gund discovered that NTP incorrectly handled origin timestamp checks. A remote attacker could possibly use this issue to perform a denial of service. This issue only affected Ubuntu Ubuntu 16.10, and Ubuntu 17.04. (CVE-2016-9042) Matthew Van Gundy discovered that NTP incorrectly handled certain control mode packets. A remote attacker could use this issue to set or unset traps. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9310) Matthew Van Gundy discovered that NTP incorrectly handled the trap service. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9311) It was discovered that NTP incorrectly handled memory when processing long variables. A remote authenticated user could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2017-6458) It was discovered that NTP incorrectly handled memory when processing long variables. A remote authenticated user could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-6460) It was discovered that the NTP legacy DPTS refclock driver incorrectly handled the /dev/datum device. A local attacker could possibly use this issue to cause a denial of service. (CVE-2017-6462) It was discovered that NTP incorrectly handled certain invalid settings in a :config directive. A remote authenticated user could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2017-6463) It was discovered that NTP incorrectly handled certain invalid mode configuration directives. A remote authenticated user could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2017-6464) Update Instructions: Run `sudo pro fix USN-3349-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ntp - 1:4.2.8p4+dfsg-3ubuntu5.5 ntp-doc - 1:4.2.8p4+dfsg-3ubuntu5.5 ntpdate - 1:4.2.8p4+dfsg-3ubuntu5.5 No subscription required Medium CVE-2016-2519 CVE-2016-7426 CVE-2016-7427 CVE-2016-7428 CVE-2016-7429 CVE-2016-7431 CVE-2016-7433 CVE-2016-7434 CVE-2016-9042 CVE-2016-9310 CVE-2016-9311 CVE-2017-6458 CVE-2017-6460 CVE-2017-6462 CVE-2017-6463 CVE-2017-6464 Ubuntu 16.04 LTS Aleksandar Nikolic discovered that poppler incorrectly handled JPEG 2000 images. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. (CVE-2017-2820) Jiaqi Peng discovered that the poppler pdfunite tool incorrectly parsed certain malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause poppler to crash, resulting in a denial of service. (CVE-2017-7511) It was discovered that the poppler pdfunite tool incorrectly parsed certain malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause poppler to hang, resulting in a denial of service. (CVE-2017-7515) It was discovered that poppler incorrectly handled JPEG 2000 images. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause cause poppler to crash, resulting in a denial of service. (CVE-2017-9083) It was discovered that poppler incorrectly handled memory when processing PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause poppler to consume resources, resulting in a denial of service. (CVE-2017-9406, CVE-2017-9408) Alberto Garcia, Francisco Oca, and Suleman Ali discovered that the poppler pdftocairo tool incorrectly parsed certain malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause poppler to crash, resulting in a denial of service. (CVE-2017-9775) Update Instructions: Run `sudo pro fix USN-3350-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpoppler58 - 0.41.0-0ubuntu1.2 poppler-utils - 0.41.0-0ubuntu1.2 libpoppler-qt5-1 - 0.41.0-0ubuntu1.2 libpoppler-cpp-dev - 0.41.0-0ubuntu1.2 libpoppler-cpp0 - 0.41.0-0ubuntu1.2 gir1.2-poppler-0.18 - 0.41.0-0ubuntu1.2 libpoppler-dev - 0.41.0-0ubuntu1.2 libpoppler-glib8 - 0.41.0-0ubuntu1.2 libpoppler-private-dev - 0.41.0-0ubuntu1.2 libpoppler-qt4-dev - 0.41.0-0ubuntu1.2 libpoppler-glib-dev - 0.41.0-0ubuntu1.2 libpoppler-qt4-4 - 0.41.0-0ubuntu1.2 libpoppler-qt5-dev - 0.41.0-0ubuntu1.2 libpoppler-glib-doc - 0.41.0-0ubuntu1.2 No subscription required Medium CVE-2017-2820 CVE-2017-7511 CVE-2017-7515 CVE-2017-9083 CVE-2017-9406 CVE-2017-9408 CVE-2017-9775 Ubuntu 16.04 LTS Felix Wilhelm discovered that Evince did not safely invoke tar when handling tar comic book (cbt) files. An attacker could use this to construct a malicious cbt comic book format file that, when opened in Evince, executes arbitrary code. Please note that this update disables support for cbt files in Evince. Update Instructions: Run `sudo pro fix USN-3351-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-evince-3.0 - 3.18.2-1ubuntu4.1 libevview3-3 - 3.18.2-1ubuntu4.1 evince-common - 3.18.2-1ubuntu4.1 libevince-dev - 3.18.2-1ubuntu4.1 evince - 3.18.2-1ubuntu4.1 libevdocument3-4 - 3.18.2-1ubuntu4.1 evince-gtk - 3.18.2-1ubuntu4.1 No subscription required Medium CVE-2017-1000083 Ubuntu 16.04 LTS It was discovered that an integer overflow existed in the range filter feature of nginx. A remote attacker could use this to expose sensitive information. Update Instructions: Run `sudo pro fix USN-3352-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nginx-extras - 1.10.3-0ubuntu0.16.04.2 nginx-core - 1.10.3-0ubuntu0.16.04.2 nginx-common - 1.10.3-0ubuntu0.16.04.2 nginx-full - 1.10.3-0ubuntu0.16.04.2 nginx - 1.10.3-0ubuntu0.16.04.2 nginx-doc - 1.10.3-0ubuntu0.16.04.2 nginx-light - 1.10.3-0ubuntu0.16.04.2 No subscription required Medium CVE-2017-7529 Ubuntu 16.04 LTS Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Heimdal clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network services or perform other attacks. Update Instructions: Run `sudo pro fix USN-3353-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libhcrypto4-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1 libwind0-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1 libroken18-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1 libgssapi3-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1 heimdal-kcm - 1.7~git20150920+dfsg-4ubuntu1.16.04.1 libhdb9-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1 libasn1-8-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1 libsl0-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1 libkadm5clnt7-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1 heimdal-kdc - 1.7~git20150920+dfsg-4ubuntu1.16.04.1 libkdc2-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1 heimdal-servers - 1.7~git20150920+dfsg-4ubuntu1.16.04.1 libheimntlm0-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1 heimdal-docs - 1.7~git20150920+dfsg-4ubuntu1.16.04.1 libheimbase1-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1 libkrb5-26-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1 libotp0-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1 heimdal-dev - 1.7~git20150920+dfsg-4ubuntu1.16.04.1 libkafs0-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1 libhx509-5-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1 heimdal-multidev - 1.7~git20150920+dfsg-4ubuntu1.16.04.1 libkadm5srv8-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1 heimdal-clients - 1.7~git20150920+dfsg-4ubuntu1.16.04.1 No subscription required Medium CVE-2017-11103 Ubuntu 16.04 LTS USN-3353-1 fixed a vulnerability in Heimdal. This update provides the corresponding update for Samba. Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Samba clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network servers or perform other attacks. Update Instructions: Run `sudo pro fix USN-3353-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.16.04.9 samba - 2:4.3.11+dfsg-0ubuntu0.16.04.9 libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.9 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.9 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.9 smbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.9 python-samba - 2:4.3.11+dfsg-0ubuntu0.16.04.9 winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.9 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.16.04.9 samba-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.9 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.16.04.9 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.16.04.9 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.9 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.9 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.9 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.9 samba-common - 2:4.3.11+dfsg-0ubuntu0.16.04.9 registry-tools - 2:4.3.11+dfsg-0ubuntu0.16.04.9 samba-libs - 2:4.3.11+dfsg-0ubuntu0.16.04.9 ctdb - 2:4.3.11+dfsg-0ubuntu0.16.04.9 No subscription required Medium CVE-2017-11103 Ubuntu 16.04 LTS Felix Wilhelm discovered a path traversal vulnerability in Apport when handling the ExecutablePath field in crash files. An attacker could trick a user into opening a specially crafted crash file and execute arbitrary code with the user's privileges. Update Instructions: Run `sudo pro fix USN-3354-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.20.1-0ubuntu2.10 python3-problem-report - 2.20.1-0ubuntu2.10 apport-kde - 2.20.1-0ubuntu2.10 apport-retrace - 2.20.1-0ubuntu2.10 apport-valgrind - 2.20.1-0ubuntu2.10 python3-apport - 2.20.1-0ubuntu2.10 dh-apport - 2.20.1-0ubuntu2.10 apport-gtk - 2.20.1-0ubuntu2.10 apport - 2.20.1-0ubuntu2.10 python-problem-report - 2.20.1-0ubuntu2.10 apport-noui - 2.20.1-0ubuntu2.10 No subscription required Medium CVE-2017-10708 Ubuntu 16.04 LTS Frediano Ziglio discovered that Spice incorrectly handled certain invalid monitor configurations. A remote attacker could use this issue to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3355-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libspice-server1 - 0.12.6-4ubuntu0.3 libspice-server-dev - 0.12.6-4ubuntu0.3 No subscription required Medium CVE-2017-7506 Ubuntu 16.04 LTS It was discovered that Expat incorrectly handled certain external entities. A remote attacker could possibly use this issue to cause Expat to hang, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3356-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libexpat1 - 2.1.0-7ubuntu0.16.04.3 expat - 2.1.0-7ubuntu0.16.04.3 libexpat1-dev - 2.1.0-7ubuntu0.16.04.3 lib64expat1-dev - 2.1.0-7ubuntu0.16.04.3 libexpat1-udeb - 2.1.0-7ubuntu0.16.04.3 lib64expat1 - 2.1.0-7ubuntu0.16.04.3 No subscription required Medium CVE-2017-9233 Ubuntu 16.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.57 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 17.04 have been updated to MySQL 5.7.19. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-56.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-19.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html Update Instructions: Run `sudo pro fix USN-3357-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.19-0ubuntu0.16.04.1 mysql-source-5.7 - 5.7.19-0ubuntu0.16.04.1 libmysqlclient-dev - 5.7.19-0ubuntu0.16.04.1 mysql-client-core-5.7 - 5.7.19-0ubuntu0.16.04.1 mysql-client-5.7 - 5.7.19-0ubuntu0.16.04.1 libmysqlclient20 - 5.7.19-0ubuntu0.16.04.1 mysql-server-5.7 - 5.7.19-0ubuntu0.16.04.1 mysql-common - 5.7.19-0ubuntu0.16.04.1 mysql-server - 5.7.19-0ubuntu0.16.04.1 mysql-server-core-5.7 - 5.7.19-0ubuntu0.16.04.1 mysql-testsuite - 5.7.19-0ubuntu0.16.04.1 libmysqld-dev - 5.7.19-0ubuntu0.16.04.1 mysql-testsuite-5.7 - 5.7.19-0ubuntu0.16.04.1 No subscription required Medium CVE-2017-3529 CVE-2017-3633 CVE-2017-3634 CVE-2017-3635 CVE-2017-3636 CVE-2017-3637 CVE-2017-3638 CVE-2017-3639 CVE-2017-3640 CVE-2017-3641 CVE-2017-3642 CVE-2017-3643 CVE-2017-3644 CVE-2017-3645 CVE-2017-3647 CVE-2017-3648 CVE-2017-3649 CVE-2017-3650 CVE-2017-3651 CVE-2017-3652 CVE-2017-3653 Ubuntu 16.04 LTS USN-3358-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Please note that this update changes the Linux HWE kernel to the 4.10 based kernel from Ubuntu 17.04, superseding the 4.8 based HWE kernel from Ubuntu 16.10. Ben Harris discovered that the Linux kernel would strip extended privilege attributes of files when performing a failed unprivileged system call. A local attacker could use this to cause a denial of service. (CVE-2015-1350) Ralf Spenneberg discovered that the ext4 implementation in the Linux kernel did not properly validate meta block groups. An attacker with physical access could use this to specially craft an ext4 image that causes a denial of service (system crash). (CVE-2016-10208) Peter Pi discovered that the colormap handling for frame buffer devices in the Linux kernel contained an integer overflow. A local attacker could use this to disclose sensitive information (kernel memory). (CVE-2016-8405) It was discovered that an integer overflow existed in the InfiniBand RDMA over ethernet (RXE) transport implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-8636) Vlad Tsyrklevich discovered an integer overflow vulnerability in the VFIO PCI driver for the Linux kernel. A local attacker with access to a vfio PCI device file could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-9083, CVE-2016-9084) CAI Qian discovered that the sysctl implementation in the Linux kernel did not properly perform reference counting in some situations. An unprivileged attacker could use this to cause a denial of service (system hang). (CVE-2016-9191) It was discovered that the keyring implementation in the Linux kernel in some situations did not prevent special internal keyrings from being joined by userspace keyrings. A privileged local attacker could use this to bypass module verification. (CVE-2016-9604) Dmitry Vyukov, Andrey Konovalov, Florian Westphal, and Eric Dumazet discovered that the netfiler subsystem in the Linux kernel mishandled IPv6 packet reassembly. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-9755) Andy Lutomirski and Willy Tarreau discovered that the KVM implementation in the Linux kernel did not properly emulate instructions on the SS segment register. A local attacker in a guest virtual machine could use this to cause a denial of service (guest OS crash) or possibly gain administrative privileges in the guest OS. (CVE-2017-2583) Dmitry Vyukov discovered that the KVM implementation in the Linux kernel improperly emulated certain instructions. A local attacker could use this to obtain sensitive information (kernel memory). (CVE-2017-2584) Dmitry Vyukov discovered that KVM implementation in the Linux kernel improperly emulated the VMXON instruction. A local attacker in a guest OS could use this to cause a denial of service (memory consumption) in the host OS. (CVE-2017-2596) It was discovered that SELinux in the Linux kernel did not properly handle empty writes to /proc/pid/attr. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-2618) Daniel Jiang discovered that a race condition existed in the ipv4 ping socket implementation in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2017-2671) It was discovered that the freelist-randomization in the SLAB memory allocator allowed duplicate freelist entries. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-5546) It was discovered that the KLSI KL5KUSB105 serial-to-USB device driver in the Linux kernel did not properly initialize memory related to logging. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-5549) It was discovered that a fencepost error existed in the pipe_advance() function in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-5550) It was discovered that the Linux kernel did not clear the setgid bit during a setxattr call on a tmpfs filesystem. A local attacker could use this to gain elevated group privileges. (CVE-2017-5551) Murray McAllister discovered that an integer overflow existed in the VideoCore DRM driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-5576) Gareth Evans discovered that the shm IPC subsystem in the Linux kernel did not properly restrict mapping page zero. A local privileged attacker could use this to execute arbitrary code. (CVE-2017-5669) Andrey Konovalov discovered an out-of-bounds access in the IPv6 Generic Routing Encapsulation (GRE) tunneling implementation in the Linux kernel. An attacker could use this to possibly expose sensitive information. (CVE-2017-5897) Andrey Konovalov discovered that the IPv4 implementation in the Linux kernel did not properly handle invalid IP options in some situations. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2017-5970) Di Shen discovered that a race condition existed in the perf subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. (CVE-2017-6001) Dmitry Vyukov discovered that the Linux kernel did not properly handle TCP packets with the URG flag. A remote attacker could use this to cause a denial of service. (CVE-2017-6214) Andrey Konovalov discovered that the LLC subsytem in the Linux kernel did not properly set up a destructor in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-6345) It was discovered that a race condition existed in the AF_PACKET handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-6346) Andrey Konovalov discovered that the IP layer in the Linux kernel made improper assumptions about internal data layout when performing checksums. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-6347) Dmitry Vyukov discovered race conditions in the Infrared (IrDA) subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (deadlock). (CVE-2017-6348) Dmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux kernel contained a stack-based buffer overflow. A local attacker with access to an sg device could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7187) It was discovered that a NULL pointer dereference existed in the Direct Rendering Manager (DRM) driver for VMWare devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7261) It was discovered that the USB Cypress HID drivers for the Linux kernel did not properly validate reported information from the device. An attacker with physical access could use this to expose sensitive information (kernel memory). (CVE-2017-7273) Eric Biggers discovered a memory leak in the keyring implementation in the Linux kernel. A local attacker could use this to cause a denial of service (memory consumption). (CVE-2017-7472) It was discovered that an information leak existed in the set_mempolicy and mbind compat syscalls in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-7616) Sabrina Dubroca discovered that the asynchronous cryptographic hash (ahash) implementation in the Linux kernel did not properly handle a full request queue. A local attacker could use this to cause a denial of service (infinite recursion). (CVE-2017-7618) Tuomas Haanpää and Ari Kauppi discovered that the NFSv2 and NFSv3 server implementations in the Linux kernel did not properly handle certain long RPC replies. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-7645) Tommi Rantala and Brad Spengler discovered that the memory manager in the Linux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism. A local attacker with access to /dev/mem could use this to expose sensitive information or possibly execute arbitrary code. (CVE-2017-7889) Tuomas Haanpää and Ari Kauppi discovered that the NFSv2 and NFSv3 server implementations in the Linux kernel did not properly check for the end of buffer. A remote attacker could use this to craft requests that cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7895) It was discovered that an integer underflow existed in the Edgeport USB Serial Converter device driver of the Linux kernel. An attacker with physical access could use this to expose sensitive information (kernel memory). (CVE-2017-8924) It was discovered that the USB ZyXEL omni.net LCD PLUS driver in the Linux kernel did not properly perform reference counting. A local attacker could use this to cause a denial of service (tty exhaustion). (CVE-2017-8925) Jann Horn discovered that bpf in Linux kernel does not restrict the output of the print_bpf_insn function. A local attacker could use this to obtain sensitive address information. (CVE-2017-9150) Update Instructions: Run `sudo pro fix USN-3361-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.10.0-27-generic - 4.10.0-27.30~16.04.2 linux-image-4.10.0-27-generic-lpae - 4.10.0-27.30~16.04.2 linux-image-extra-4.10.0-27-generic - 4.10.0-27.30~16.04.2 linux-image-4.10.0-27-lowlatency - 4.10.0-27.30~16.04.2 No subscription required Medium CVE-2015-1350 CVE-2016-10208 CVE-2016-8405 CVE-2016-8636 CVE-2016-9083 CVE-2016-9084 CVE-2016-9191 CVE-2016-9604 CVE-2016-9755 CVE-2017-2583 CVE-2017-2584 CVE-2017-2596 CVE-2017-2618 CVE-2017-2671 CVE-2017-5546 CVE-2017-5549 CVE-2017-5550 CVE-2017-5551 CVE-2017-5576 CVE-2017-5669 CVE-2017-5897 CVE-2017-5970 CVE-2017-6001 CVE-2017-6214 CVE-2017-6345 CVE-2017-6346 CVE-2017-6347 CVE-2017-6348 CVE-2017-7187 CVE-2017-7261 CVE-2017-7273 CVE-2017-7472 CVE-2017-7616 CVE-2017-7618 CVE-2017-7645 CVE-2017-7889 CVE-2017-7895 CVE-2017-8924 CVE-2017-8925 CVE-2017-9150 Ubuntu 16.04 LTS It was discovered that the X.Org X server incorrectly handled endianness conversion of certain X events. An attacker able to connect to an X server, either locally or remotely, could use this issue to crash the server, or possibly execute arbitrary code as an administrator. (CVE-2017-10971) It was discovered that the X.Org X server incorrectly handled endianness conversion of certain X events. An attacker able to connect to an X server, either locally or remotely, could use this issue to possibly obtain sensitive information. (CVE-2017-10972) Eric Sesterhenn discovered that the X.Org X server incorrectly compared MIT cookies. An attacker could possibly use this issue to perform a timing attack and recover the MIT cookie. (CVE-2017-2624) Update Instructions: Run `sudo pro fix USN-3362-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xserver-xorg-core - 2:1.18.4-0ubuntu0.3 xmir - 2:1.18.4-0ubuntu0.3 xwayland - 2:1.18.4-0ubuntu0.3 xorg-server-source - 2:1.18.4-0ubuntu0.3 xdmx - 2:1.18.4-0ubuntu0.3 xserver-xorg-legacy - 2:1.18.4-0ubuntu0.3 xserver-xorg-xmir - 2:1.18.4-0ubuntu0.3 xvfb - 2:1.18.4-0ubuntu0.3 xserver-xorg-dev - 2:1.18.4-0ubuntu0.3 xserver-xorg-core-udeb - 2:1.18.4-0ubuntu0.3 xnest - 2:1.18.4-0ubuntu0.3 xserver-xephyr - 2:1.18.4-0ubuntu0.3 xserver-common - 2:1.18.4-0ubuntu0.3 xdmx-tools - 2:1.18.4-0ubuntu0.3 No subscription required xorg-server-source-hwe-16.04 - 2:1.18.4-1ubuntu6.1~16.04.2 xserver-xephyr-hwe-16.04 - 2:1.18.4-1ubuntu6.1~16.04.2 xserver-xorg-core-hwe-16.04 - 2:1.18.4-1ubuntu6.1~16.04.2 xmir-hwe-16.04 - 2:1.18.4-1ubuntu6.1~16.04.2 xserver-xorg-legacy-hwe-16.04 - 2:1.18.4-1ubuntu6.1~16.04.2 xwayland-hwe-16.04 - 2:1.18.4-1ubuntu6.1~16.04.2 xserver-xorg-dev-hwe-16.04 - 2:1.18.4-1ubuntu6.1~16.04.2 No subscription required Medium CVE-2017-10971 CVE-2017-10972 CVE-2017-2624 Ubuntu 16.04 LTS It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-3363-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.8.9.9-7ubuntu5.8 libmagickcore-6.q16-dev - 8:6.8.9.9-7ubuntu5.8 libmagickcore-dev - 8:6.8.9.9-7ubuntu5.8 imagemagick - 8:6.8.9.9-7ubuntu5.8 imagemagick-doc - 8:6.8.9.9-7ubuntu5.8 libmagickwand-dev - 8:6.8.9.9-7ubuntu5.8 libmagickwand-6.q16-dev - 8:6.8.9.9-7ubuntu5.8 libmagick++-6-headers - 8:6.8.9.9-7ubuntu5.8 libimage-magick-q16-perl - 8:6.8.9.9-7ubuntu5.8 libimage-magick-perl - 8:6.8.9.9-7ubuntu5.8 libmagick++-dev - 8:6.8.9.9-7ubuntu5.8 imagemagick-6.q16 - 8:6.8.9.9-7ubuntu5.8 libmagick++-6.q16-5v5 - 8:6.8.9.9-7ubuntu5.8 perlmagick - 8:6.8.9.9-7ubuntu5.8 libmagickwand-6.q16-2 - 8:6.8.9.9-7ubuntu5.8 libmagickcore-6-arch-config - 8:6.8.9.9-7ubuntu5.8 libmagick++-6.q16-dev - 8:6.8.9.9-7ubuntu5.8 libmagickcore-6.q16-2-extra - 8:6.8.9.9-7ubuntu5.8 libmagickcore-6-headers - 8:6.8.9.9-7ubuntu5.8 libmagickwand-6-headers - 8:6.8.9.9-7ubuntu5.8 libmagickcore-6.q16-2 - 8:6.8.9.9-7ubuntu5.8 No subscription required Medium CVE-2017-10928 CVE-2017-11141 CVE-2017-11170 CVE-2017-11188 CVE-2017-11352 CVE-2017-11360 CVE-2017-11447 CVE-2017-11448 CVE-2017-11449 CVE-2017-11450 CVE-2017-11478 CVE-2017-9261 CVE-2017-9262 CVE-2017-9405 CVE-2017-9407 CVE-2017-9409 CVE-2017-9439 CVE-2017-9440 CVE-2017-9501 Ubuntu 16.04 LTS USN-3363-1 fixed vulnerabilities in ImageMagick. The update caused a regression for certain users when processing images. The problematic patch has been reverted pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-3363-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.8.9.9-7ubuntu5.9 libmagickcore-6.q16-dev - 8:6.8.9.9-7ubuntu5.9 libmagickcore-dev - 8:6.8.9.9-7ubuntu5.9 imagemagick - 8:6.8.9.9-7ubuntu5.9 imagemagick-doc - 8:6.8.9.9-7ubuntu5.9 libmagickwand-dev - 8:6.8.9.9-7ubuntu5.9 libmagickwand-6.q16-dev - 8:6.8.9.9-7ubuntu5.9 libmagick++-6-headers - 8:6.8.9.9-7ubuntu5.9 libimage-magick-q16-perl - 8:6.8.9.9-7ubuntu5.9 libimage-magick-perl - 8:6.8.9.9-7ubuntu5.9 libmagick++-dev - 8:6.8.9.9-7ubuntu5.9 imagemagick-6.q16 - 8:6.8.9.9-7ubuntu5.9 libmagick++-6.q16-5v5 - 8:6.8.9.9-7ubuntu5.9 perlmagick - 8:6.8.9.9-7ubuntu5.9 libmagickwand-6.q16-2 - 8:6.8.9.9-7ubuntu5.9 libmagickcore-6-arch-config - 8:6.8.9.9-7ubuntu5.9 libmagick++-6.q16-dev - 8:6.8.9.9-7ubuntu5.9 libmagickcore-6.q16-2-extra - 8:6.8.9.9-7ubuntu5.9 libmagickcore-6-headers - 8:6.8.9.9-7ubuntu5.9 libmagickwand-6-headers - 8:6.8.9.9-7ubuntu5.9 libmagickcore-6.q16-2 - 8:6.8.9.9-7ubuntu5.9 No subscription required None https://launchpad.net/bugs/1707015 Ubuntu 16.04 LTS It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2014-9900) It was discovered that the Linux kernel did not properly restrict access to /proc/iomem. A local attacker could use this to expose sensitive information. (CVE-2015-8944) Alexander Potapenko discovered a race condition in the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-1000380) Li Qiang discovered that the DRM driver for VMware Virtual GPUs in the Linux kernel did not properly validate some ioctl arguments. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7346) Jann Horn discovered that bpf in Linux kernel does not restrict the output of the print_bpf_insn function. A local attacker could use this to obtain sensitive address information. (CVE-2017-9150) Murray McAllister discovered that the DRM driver for VMware Virtual GPUs in the Linux kernel did not properly initialize memory. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-9605) Update Instructions: Run `sudo pro fix USN-3364-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1065-raspi2 - 4.4.0-1065.73 No subscription required linux-image-4.4.0-1067-snapdragon - 4.4.0-1067.72 No subscription required linux-image-4.4.0-87-generic-lpae - 4.4.0-87.110 linux-image-4.4.0-87-powerpc-smp - 4.4.0-87.110 linux-image-extra-4.4.0-87-generic - 4.4.0-87.110 linux-image-4.4.0-87-generic - 4.4.0-87.110 linux-image-4.4.0-87-powerpc64-emb - 4.4.0-87.110 linux-image-4.4.0-87-powerpc64-smp - 4.4.0-87.110 linux-image-4.4.0-87-lowlatency - 4.4.0-87.110 linux-image-4.4.0-87-powerpc-e500mc - 4.4.0-87.110 No subscription required Medium CVE-2014-9900 CVE-2015-8944 CVE-2017-1000380 CVE-2017-7346 CVE-2017-9150 CVE-2017-9605 Ubuntu 16.04 LTS It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2014-9900) It was discovered that the Linux kernel did not properly restrict access to /proc/iomem. A local attacker could use this to expose sensitive information. (CVE-2015-8944) Alexander Potapenko discovered a race condition in the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-1000380) Li Qiang discovered that the DRM driver for VMware Virtual GPUs in the Linux kernel did not properly validate some ioctl arguments. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7346) Jann Horn discovered that bpf in Linux kernel does not restrict the output of the print_bpf_insn function. A local attacker could use this to obtain sensitive address information. (CVE-2017-9150) Murray McAllister discovered that the DRM driver for VMware Virtual GPUs in the Linux kernel did not properly initialize memory. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-9605) Update Instructions: Run `sudo pro fix USN-3364-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-4.4.0-1022-gke - 4.4.0-1022.22 linux-image-4.4.0-1022-gke - 4.4.0-1022.22 No subscription required linux-image-4.4.0-1026-aws - 4.4.0-1026.35 No subscription required Medium CVE-2014-9900 CVE-2015-8944 CVE-2017-1000380 CVE-2017-7346 CVE-2017-9150 CVE-2017-9605 Ubuntu 16.04 LTS It was discovered that Ruby DL::dlopen incorrectly handled opening libraries. An attacker could possibly use this issue to open libraries with tainted names. This issue only applied to Ubuntu 14.04 LTS. (CVE-2009-5147) Tony Arcieri, Jeffrey Walton, and Steffan Ullrich discovered that the Ruby OpenSSL extension incorrectly handled hostname wildcard matching. This issue only applied to Ubuntu 14.04 LTS. (CVE-2015-1855) Christian Hofstaedtler discovered that Ruby Fiddle::Handle incorrectly handled certain crafted strings. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. (CVE-2015-7551) It was discovered that Ruby Net::SMTP incorrectly handled CRLF sequences. A remote attacker could possibly use this issue to inject SMTP commands. (CVE-2015-9096) Marcin Noga discovered that Ruby incorrectly handled certain arguments in a TclTkIp class method. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-2337) It was discovered that Ruby Fiddle::Function.new incorrectly handled certain arguments. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-2339) It was discovered that Ruby incorrectly handled the initialization vector (IV) in GCM mode. An attacker could possibly use this issue to bypass encryption. (CVE-2016-7798) Update Instructions: Run `sudo pro fix USN-3365-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libruby2.3 - 2.3.1-2~16.04.2 ruby2.3-tcltk - 2.3.1-2~16.04.2 ruby2.3 - 2.3.1-2~16.04.2 ruby2.3-dev - 2.3.1-2~16.04.2 ruby2.3-doc - 2.3.1-2~16.04.2 No subscription required Medium CVE-2009-5147 CVE-2015-1855 CVE-2015-7551 CVE-2015-9096 CVE-2016-2337 CVE-2016-2339 CVE-2016-7798 Ubuntu 16.04 LTS It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. (CVE-2017-10053) It was discovered that the JAR verifier in OpenJDK did not properly handle archives containing files missing digests. An attacker could use this to modify the signed contents of a JAR file. (CVE-2017-10067) It was discovered that integer overflows existed in the Hotspot component of OpenJDK when generating range check loop predicates. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions and cause a denial of service or possibly execute arbitrary code. (CVE-2017-10074) It was discovered that the JavaScript Scripting component of OpenJDK incorrectly allowed access to Java APIs. An attacker could use this to specially craft JavaScript code to bypass access restrictions. (CVE-2017-10078) It was discovered that OpenJDK did not properly process parentheses in function signatures. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10081) It was discovered that the ThreadPoolExecutor class in OpenJDK did not properly perform access control checks when cleaning up threads. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions and possibly execute arbitrary code. (CVE-2017-10087) It was discovered that the ServiceRegistry implementation in OpenJDK did not perform access control checks in certain situations. An attacker could use this to specially construct an untrusted Java application or applet that escaped sandbox restrictions. (CVE-2017-10089) It was discovered that the channel groups implementation in OpenJDK did not properly perform access control checks in some situations. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10090) It was discovered that the DTM exception handling code in the JAXP component of OpenJDK did not properly perform access control checks. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10096) It was discovered that the JAXP component of OpenJDK incorrectly granted access to some internal resolvers. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10101) It was discovered that the Distributed Garbage Collector (DGC) in OpenJDK did not properly track references in some situations. A remote attacker could possibly use this to execute arbitrary code. (CVE-2017-10102) It was discovered that the Activation ID implementation in the RMI component of OpenJDK did not properly check access control permissions in some situations. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10107) It was discovered that the BasicAttribute class in OpenJDK did not properly bound memory allocation when de-serializing objects. An attacker could use this to cause a denial of service (memory consumption). (CVE-2017-10108) It was discovered that the CodeSource class in OpenJDK did not properly bound memory allocations when de-serializing object instances. An attacker could use this to cause a denial of service (memory consumption). (CVE-2017-10109) It was discovered that the AWT ImageWatched class in OpenJDK did not properly perform access control checks, An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions (CVE-2017-10110) Jackson Davis discovered that the LambdaFormEditor class in the Libraries component of OpenJDK did not correctly perform bounds checks in the permuteArgumentsForm() function. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions and possibly execute arbitrary code. (CVE-2017-10111) It was discovered that a timing side-channel vulnerability existed in the DSA implementation in OpenJDK. An attacker could use this to expose sensitive information. (CVE-2017-10115) It was discovered that the LDAP implementation in OpenJDK incorrectly followed references to non-LDAP URLs. An attacker could use this to specially craft an LDAP referral URL that exposes sensitive information or bypass access restrictions. (CVE-2017-10116) It was discovered that a timing side-channel vulnerability existed in the ECDSA implementation in OpenJDK. An attacker could use this to expose sensitive information. (CVE-2017-10118) Ilya Maykov discovered that a timing side-channel vulnerability existed in the PKCS#8 implementation in OpenJDK. An attacker could use this to expose sensitive information. (CVE-2017-10135) It was discovered that the Elliptic Curve (EC) implementation in OpenJDK did not properly compute certain elliptic curve points. An attacker could use this to expose sensitive information. (CVE-2017-10176) It was discovered that OpenJDK did not properly restrict weak key sizes in some situations. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10193) It was discovered that OpenJDK did not properly enforce disabled algorithm restrictions on X.509 certificate chains. An attacker could use this to expose sensitive information or escape sandbox restrictions. (CVE-2017-10198) It was discovered that OpenJDK did not properly perform access control checks when handling Web Service Definition Language (WSDL) XML documents. An attacker could use this to expose sensitive information. (CVE-2017-10243) Update Instructions: Run `sudo pro fix USN-3366-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-8-doc - 8u131-b11-2ubuntu1.16.04.2 openjdk-8-jdk - 8u131-b11-2ubuntu1.16.04.2 openjdk-8-jre-headless - 8u131-b11-2ubuntu1.16.04.2 openjdk-8-jre - 8u131-b11-2ubuntu1.16.04.2 openjdk-8-jdk-headless - 8u131-b11-2ubuntu1.16.04.2 openjdk-8-source - 8u131-b11-2ubuntu1.16.04.2 openjdk-8-jre-zero - 8u131-b11-2ubuntu1.16.04.2 openjdk-8-demo - 8u131-b11-2ubuntu1.16.04.2 openjdk-8-jre-jamvm - 8u131-b11-2ubuntu1.16.04.2 No subscription required Medium CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10078 CVE-2017-10081 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10115 CVE-2017-10116 CVE-2017-10118 CVE-2017-10135 CVE-2017-10176 CVE-2017-10193 CVE-2017-10198 CVE-2017-10243 Ubuntu 16.04 LTS USN-3366-1 fixed vulnerabilities in OpenJDK 8. Unfortunately, that update introduced a regression that caused some valid JAR files to fail validation. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. (CVE-2017-10053) It was discovered that the JAR verifier in OpenJDK did not properly handle archives containing files missing digests. An attacker could use this to modify the signed contents of a JAR file. (CVE-2017-10067) It was discovered that integer overflows existed in the Hotspot component of OpenJDK when generating range check loop predicates. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions and cause a denial of service or possibly execute arbitrary code. (CVE-2017-10074) It was discovered that the JavaScript Scripting component of OpenJDK incorrectly allowed access to Java APIs. An attacker could use this to specially craft JavaScript code to bypass access restrictions. (CVE-2017-10078) It was discovered that OpenJDK did not properly process parentheses in function signatures. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10081) It was discovered that the ThreadPoolExecutor class in OpenJDK did not properly perform access control checks when cleaning up threads. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions and possibly execute arbitrary code. (CVE-2017-10087) It was discovered that the ServiceRegistry implementation in OpenJDK did not perform access control checks in certain situations. An attacker could use this to specially construct an untrusted Java application or applet that escaped sandbox restrictions. (CVE-2017-10089) It was discovered that the channel groups implementation in OpenJDK did not properly perform access control checks in some situations. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10090) It was discovered that the DTM exception handling code in the JAXP component of OpenJDK did not properly perform access control checks. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10096) It was discovered that the JAXP component of OpenJDK incorrectly granted access to some internal resolvers. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10101) It was discovered that the Distributed Garbage Collector (DGC) in OpenJDK did not properly track references in some situations. A remote attacker could possibly use this to execute arbitrary code. (CVE-2017-10102) It was discovered that the Activation ID implementation in the RMI component of OpenJDK did not properly check access control permissions in some situations. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10107) It was discovered that the BasicAttribute class in OpenJDK did not properly bound memory allocation when de-serializing objects. An attacker could use this to cause a denial of service (memory consumption). (CVE-2017-10108) It was discovered that the CodeSource class in OpenJDK did not properly bound memory allocations when de-serializing object instances. An attacker could use this to cause a denial of service (memory consumption). (CVE-2017-10109) It was discovered that the AWT ImageWatched class in OpenJDK did not properly perform access control checks, An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions (CVE-2017-10110) Jackson Davis discovered that the LambdaFormEditor class in the Libraries component of OpenJDK did not correctly perform bounds checks in the permuteArgumentsForm() function. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions and possibly execute arbitrary code. (CVE-2017-10111) It was discovered that a timing side-channel vulnerability existed in the DSA implementation in OpenJDK. An attacker could use this to expose sensitive information. (CVE-2017-10115) It was discovered that the LDAP implementation in OpenJDK incorrectly followed references to non-LDAP URLs. An attacker could use this to specially craft an LDAP referral URL that exposes sensitive information or bypass access restrictions. (CVE-2017-10116) It was discovered that a timing side-channel vulnerability existed in the ECDSA implementation in OpenJDK. An attacker could use this to expose sensitive information. (CVE-2017-10118) Ilya Maykov discovered that a timing side-channel vulnerability existed in the PKCS#8 implementation in OpenJDK. An attacker could use this to expose sensitive information. (CVE-2017-10135) It was discovered that the Elliptic Curve (EC) implementation in OpenJDK did not properly compute certain elliptic curve points. An attacker could use this to expose sensitive information. (CVE-2017-10176) It was discovered that OpenJDK did not properly restrict weak key sizes in some situations. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10193) It was discovered that OpenJDK did not properly enforce disabled algorithm restrictions on X.509 certificate chains. An attacker could use this to expose sensitive information or escape sandbox restrictions. (CVE-2017-10198) It was discovered that OpenJDK did not properly perform access control checks when handling Web Service Definition Language (WSDL) XML documents. An attacker could use this to expose sensitive information. (CVE-2017-10243) Update Instructions: Run `sudo pro fix USN-3366-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-8-doc - 8u131-b11-2ubuntu1.16.04.3 openjdk-8-jdk - 8u131-b11-2ubuntu1.16.04.3 openjdk-8-jre-headless - 8u131-b11-2ubuntu1.16.04.3 openjdk-8-jre - 8u131-b11-2ubuntu1.16.04.3 openjdk-8-jdk-headless - 8u131-b11-2ubuntu1.16.04.3 openjdk-8-source - 8u131-b11-2ubuntu1.16.04.3 openjdk-8-jre-zero - 8u131-b11-2ubuntu1.16.04.3 openjdk-8-demo - 8u131-b11-2ubuntu1.16.04.3 openjdk-8-jre-jamvm - 8u131-b11-2ubuntu1.16.04.3 No subscription required None https://launchpad.net/bugs/1707082 Ubuntu 16.04 LTS Hanno Böck discovered that gdb incorrectly handled certain malformed AOUT headers in PE executables. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. (CVE-2014-8501) It was discovered that gdb incorrectly handled printing bad bytes in Intel Hex objects. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS. (CVE-2014-9939) It was discovered that gdb incorrectly handled certain string operations. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-2226) It was discovered that gdb incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131) It was discovered that gdb incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service. (CVE-2016-4491) Update Instructions: Run `sudo pro fix USN-3367-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gdb-multiarch - 7.11.1-0ubuntu1~16.5 gdb-source - 7.11.1-0ubuntu1~16.5 gdbserver - 7.11.1-0ubuntu1~16.5 gdb - 7.11.1-0ubuntu1~16.5 gdb-doc - 7.11.1-0ubuntu1~16.5 gdb64 - 7.11.1-0ubuntu1~16.5 No subscription required Medium CVE-2014-8501 CVE-2014-9939 CVE-2016-2226 CVE-2016-4487 CVE-2016-4488 CVE-2016-4489 CVE-2016-4490 CVE-2016-4491 CVE-2016-4492 CVE-2016-4493 CVE-2016-6131 Ubuntu 16.04 LTS It was discovered that libiberty incorrectly handled certain string operations. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-2226) It was discovered that libiberty incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131) It was discovered that libiberty incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service. (CVE-2016-4491) Update Instructions: Run `sudo pro fix USN-3368-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libiberty-dev - 20160215-1ubuntu0.2 No subscription required Medium CVE-2016-2226 CVE-2016-4487 CVE-2016-4488 CVE-2016-4489 CVE-2016-4490 CVE-2016-4491 CVE-2016-4492 CVE-2016-4493 CVE-2016-6131 Ubuntu 16.04 LTS Guido Vranken discovered that FreeRADIUS incorrectly handled memory when decoding packets. A remote attacker could use this issue to cause FreeRADIUS to crash or hang, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3369-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: freeradius-mysql - 2.2.8+dfsg-0.1ubuntu0.1 freeradius-ldap - 2.2.8+dfsg-0.1ubuntu0.1 libfreeradius2 - 2.2.8+dfsg-0.1ubuntu0.1 libfreeradius-dev - 2.2.8+dfsg-0.1ubuntu0.1 freeradius-postgresql - 2.2.8+dfsg-0.1ubuntu0.1 freeradius-utils - 2.2.8+dfsg-0.1ubuntu0.1 freeradius - 2.2.8+dfsg-0.1ubuntu0.1 freeradius-iodbc - 2.2.8+dfsg-0.1ubuntu0.1 freeradius-common - 2.2.8+dfsg-0.1ubuntu0.1 freeradius-krb5 - 2.2.8+dfsg-0.1ubuntu0.1 No subscription required Medium CVE-2017-10978 CVE-2017-10979 CVE-2017-10980 CVE-2017-10981 CVE-2017-10982 CVE-2017-10983 CVE-2017-10984 CVE-2017-10985 CVE-2017-10986 CVE-2017-10987 Ubuntu 16.04 LTS Robert Święcki discovered that the Apache HTTP Server mod_auth_digest module incorrectly cleared values when processing certain requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial or service, or possibly obtain sensitive information. Update Instructions: Run `sudo pro fix USN-3370-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2-data - 2.4.18-2ubuntu3.4 apache2-utils - 2.4.18-2ubuntu3.4 apache2-dev - 2.4.18-2ubuntu3.4 apache2-suexec-pristine - 2.4.18-2ubuntu3.4 apache2-suexec-custom - 2.4.18-2ubuntu3.4 apache2 - 2.4.18-2ubuntu3.4 apache2-doc - 2.4.18-2ubuntu3.4 apache2-bin - 2.4.18-2ubuntu3.4 No subscription required Medium CVE-2017-9788 Ubuntu 16.04 LTS It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2014-9900) Alexander Potapenko discovered a race condition in the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-1000380) Li Qiang discovered that the DRM driver for VMware Virtual GPUs in the Linux kernel did not properly validate some ioctl arguments. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7346) Murray McAllister discovered that the DRM driver for VMware Virtual GPUs in the Linux kernel did not properly initialize memory. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-9605) Update Instructions: Run `sudo pro fix USN-3371-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.10.0-28-lowlatency - 4.10.0-28.32~16.04.2 linux-image-4.10.0-28-generic-lpae - 4.10.0-28.32~16.04.2 linux-image-4.10.0-28-generic - 4.10.0-28.32~16.04.2 linux-image-extra-4.10.0-28-generic - 4.10.0-28.32~16.04.2 No subscription required Medium CVE-2014-9900 CVE-2017-1000380 CVE-2017-7346 CVE-2017-9605 Ubuntu 16.04 LTS It was discovered that RabbitMQ incorrectly handled MQTT (MQ Telemetry Transport) authentication. A remote attacker could use this issue to authenticate successfully with an existing username by omitting the password. Update Instructions: Run `sudo pro fix USN-3374-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rabbitmq-server - 3.5.7-1ubuntu0.16.04.2 No subscription required High CVE-2016-9877 Ubuntu 16.04 LTS A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-3376-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.16.6-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.16.6-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-dev - 2.16.6-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 - 2.16.6-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-18 - 2.16.6-0ubuntu0.16.04.1 libwebkit2gtk-4.0-doc - 2.16.6-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-bin - 2.16.6-0ubuntu0.16.04.1 gir1.2-webkit2-4.0 - 2.16.6-0ubuntu0.16.04.1 libwebkit2gtk-4.0-dev - 2.16.6-0ubuntu0.16.04.1 No subscription required Medium CVE-2017-2538 CVE-2017-7018 CVE-2017-7030 CVE-2017-7034 CVE-2017-7037 CVE-2017-7039 CVE-2017-7046 CVE-2017-7048 CVE-2017-7052 CVE-2017-7055 CVE-2017-7056 CVE-2017-7061 CVE-2017-7064 Ubuntu 16.04 LTS USN-3377-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2017-7533) It was discovered that the Linux kernel did not properly restrict RLIMIT_STACK size. A local attacker could use this in conjunction with another vulnerability to possibly execute arbitrary code. (CVE-2017-1000365) 李强 discovered that the Virtio GPU driver in the Linux kernel did not properly free memory in some situations. A local attacker could use this to cause a denial of service (memory consumption). (CVE-2017-10810) 石磊 discovered that the RxRPC Kerberos 5 ticket handling code in the Linux kernel did not properly verify metadata. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7482) Update Instructions: Run `sudo pro fix USN-3377-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.10.0-30-generic-lpae - 4.10.0-30.34~16.04.1 linux-image-4.10.0-30-generic - 4.10.0-30.34~16.04.1 linux-image-extra-4.10.0-30-generic - 4.10.0-30.34~16.04.1 linux-image-4.10.0-30-lowlatency - 4.10.0-30.34~16.04.1 No subscription required High CVE-2017-1000365 CVE-2017-10810 CVE-2017-7482 CVE-2017-7533 Ubuntu 16.04 LTS Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2017-7533) It was discovered that the Linux kernel did not properly restrict RLIMIT_STACK size. A local attacker could use this in conjunction with another vulnerability to possibly execute arbitrary code. (CVE-2017-1000365) 李强 discovered that the Virtio GPU driver in the Linux kernel did not properly free memory in some situations. A local attacker could use this to cause a denial of service (memory consumption). (CVE-2017-10810) 石磊 discovered that the RxRPC Kerberos 5 ticket handling code in the Linux kernel did not properly verify metadata. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7482) Update Instructions: Run `sudo pro fix USN-3378-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1024-gke - 4.4.0-1024.24 linux-image-extra-4.4.0-1024-gke - 4.4.0-1024.24 No subscription required linux-image-4.4.0-1028-aws - 4.4.0-1028.37 No subscription required linux-image-4.4.0-1067-raspi2 - 4.4.0-1067.75 No subscription required linux-image-4.4.0-1069-snapdragon - 4.4.0-1069.74 No subscription required linux-image-4.4.0-89-powerpc64-emb - 4.4.0-89.112 linux-image-4.4.0-89-powerpc-smp - 4.4.0-89.112 linux-image-4.4.0-89-lowlatency - 4.4.0-89.112 linux-image-4.4.0-89-powerpc64-smp - 4.4.0-89.112 linux-image-4.4.0-89-generic - 4.4.0-89.112 linux-image-4.4.0-89-generic-lpae - 4.4.0-89.112 linux-image-4.4.0-89-powerpc-e500mc - 4.4.0-89.112 linux-image-extra-4.4.0-89-generic - 4.4.0-89.112 No subscription required High CVE-2017-1000365 CVE-2017-10810 CVE-2017-7482 CVE-2017-7533 Ubuntu 16.04 LTS It was discovered that Shotwell is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission. Update Instructions: Run `sudo pro fix USN-3379-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: shotwell - 0.22.0+git20160108.r1.f2fb1f7-0ubuntu1.1 shotwell-common - 0.22.0+git20160108.r1.f2fb1f7-0ubuntu1.1 No subscription required Medium CVE-2017-1000024 Ubuntu 16.04 LTS It was discovered that FreeRDP incorrectly handled certain width and height values. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. (CVE-2014-0250) It was discovered that FreeRDP incorrectly handled certain values in a Scope List. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-0791) Tyler Bohan discovered that FreeRDP incorrectly handled certain length values. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-2834, CVE-2017-2835) Tyler Bohan discovered that FreeRDP incorrectly handled certain packets. A malicious server could possibly use this issue to cause FreeRDP to crash, resulting in a denial of service. (CVE-2017-2836, CVE-2017-2837, CVE-2017-2838, CVE-2017-2839) Update Instructions: Run `sudo pro fix USN-3380-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfreerdp-common1.1.0 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libwinpr-dev - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libfreerdp-client1.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libwinpr-crt0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libfreerdp-primitives1.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libwinpr-pool0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libwinpr-library0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libwinpr-io0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libfreerdp-core1.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libfreerdp-locale1.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libfreerdp-gdi1.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libwinpr-winhttp0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libwinpr-synch0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libwinpr-sysinfo0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libfreerdp-codec1.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libwinpr-rpc0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libfreerdp-dev - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libwinpr-environment0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libfreerdp-cache1.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libwinpr-crypto0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libwinpr-sspi0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libfreerdp-utils1.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libwinpr-credui0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 freerdp-x11 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libwinpr-heap0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libfreerdp-rail1.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libwinpr-thread0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libwinpr-asn1-0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libwinpr-bcrypt0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libxfreerdp-client1.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libwinpr-file0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libwinpr-handle0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libwinpr-interlocked0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libwinpr-sspicli0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libwinpr-utils0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libwinpr-path0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libwinpr-error0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libwinpr-dsparse0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libfreerdp-plugins-standard - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libwinpr-timezone0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libfreerdp-crypto1.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libwinpr-winsock0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libwinpr-pipe0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libwinpr-credentials0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libwinpr-registry0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 libwinpr-input0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 No subscription required Medium CVE-2014-0250 CVE-2014-0791 CVE-2017-2834 CVE-2017-2835 CVE-2017-2836 CVE-2017-2837 CVE-2017-2838 CVE-2017-2839 Ubuntu 16.04 LTS It was discovered that the PHP opcache created keys for files it cached based on their filepath. A local attacker could possibly use this issue in a shared hosting environment to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-8994) It was discovered that the PHP URL parser incorrectly handled certain URI components. A remote attacker could possibly use this issue to bypass hostname-specific URL checks. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-10397) It was discovered that PHP incorrectly handled certain boolean parameters when unserializing data. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2017-11143) Sebastian Li, Wei Lei, Xie Xiaofei, and Liu Yang discovered that PHP incorrectly handled the OpenSSL sealing function. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2017-11144) Wei Lei and Liu Yang discovered that the PHP date extension incorrectly handled memory. A remote attacker could possibly use this issue to disclose sensitive information from the server. (CVE-2017-11145) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash or disclose sensitive information. This issue only affected Ubuntu 14.04 LTS. (CVE-2017-11147) It was discovered that PHP incorrectly handled locale length. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2017-11362) Wei Lei and Liu Yang discovered that PHP incorrectly handled parsing ini files. An attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2017-11628) It was discovered that PHP mbstring incorrectly handled certain regular expressions. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229) Update Instructions: Run `sudo pro fix USN-3382-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.0-cgi - 7.0.22-0ubuntu0.16.04.1 php7.0-mcrypt - 7.0.22-0ubuntu0.16.04.1 php7.0-xsl - 7.0.22-0ubuntu0.16.04.1 php7.0-fpm - 7.0.22-0ubuntu0.16.04.1 libphp7.0-embed - 7.0.22-0ubuntu0.16.04.1 php7.0-phpdbg - 7.0.22-0ubuntu0.16.04.1 php7.0-curl - 7.0.22-0ubuntu0.16.04.1 php7.0-ldap - 7.0.22-0ubuntu0.16.04.1 php7.0-mbstring - 7.0.22-0ubuntu0.16.04.1 php7.0-gmp - 7.0.22-0ubuntu0.16.04.1 php7.0-sqlite3 - 7.0.22-0ubuntu0.16.04.1 php7.0-gd - 7.0.22-0ubuntu0.16.04.1 php7.0-common - 7.0.22-0ubuntu0.16.04.1 php7.0-enchant - 7.0.22-0ubuntu0.16.04.1 php7.0-odbc - 7.0.22-0ubuntu0.16.04.1 php7.0-cli - 7.0.22-0ubuntu0.16.04.1 php7.0-json - 7.0.22-0ubuntu0.16.04.1 php7.0-pgsql - 7.0.22-0ubuntu0.16.04.1 libapache2-mod-php7.0 - 7.0.22-0ubuntu0.16.04.1 php7.0-zip - 7.0.22-0ubuntu0.16.04.1 php7.0-mysql - 7.0.22-0ubuntu0.16.04.1 php7.0-dba - 7.0.22-0ubuntu0.16.04.1 php7.0-sybase - 7.0.22-0ubuntu0.16.04.1 php7.0-pspell - 7.0.22-0ubuntu0.16.04.1 php7.0-xml - 7.0.22-0ubuntu0.16.04.1 php7.0-bz2 - 7.0.22-0ubuntu0.16.04.1 php7.0-recode - 7.0.22-0ubuntu0.16.04.1 php7.0-soap - 7.0.22-0ubuntu0.16.04.1 php7.0 - 7.0.22-0ubuntu0.16.04.1 php7.0-tidy - 7.0.22-0ubuntu0.16.04.1 php7.0-interbase - 7.0.22-0ubuntu0.16.04.1 php7.0-opcache - 7.0.22-0ubuntu0.16.04.1 php7.0-readline - 7.0.22-0ubuntu0.16.04.1 php7.0-intl - 7.0.22-0ubuntu0.16.04.1 php7.0-imap - 7.0.22-0ubuntu0.16.04.1 php7.0-xmlrpc - 7.0.22-0ubuntu0.16.04.1 php7.0-bcmath - 7.0.22-0ubuntu0.16.04.1 php7.0-dev - 7.0.22-0ubuntu0.16.04.1 php7.0-snmp - 7.0.22-0ubuntu0.16.04.1 No subscription required Medium CVE-2015-8994 CVE-2016-10397 CVE-2017-11143 CVE-2017-11144 CVE-2017-11145 CVE-2017-11147 CVE-2017-11362 CVE-2017-11628 CVE-2017-9224 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 Ubuntu 16.04 LTS Aleksandar Nikolic discovered a stack based buffer overflow when handling chunked encoding. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3383-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsoup-gnome2.4-1 - 2.52.2-1ubuntu0.2 libsoup-gnome2.4-dev - 2.52.2-1ubuntu0.2 gir1.2-soup-2.4 - 2.52.2-1ubuntu0.2 libsoup2.4-1 - 2.52.2-1ubuntu0.2 libsoup2.4-dev - 2.52.2-1ubuntu0.2 libsoup2.4-doc - 2.52.2-1ubuntu0.2 No subscription required High CVE-2017-2885 Ubuntu 16.04 LTS USN-3384-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload (UFO) code in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code. (CVE-2017-1000112) Andrey Konovalov discovered a race condition in AF_PACKET socket option handling code in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2017-1000111) Update Instructions: Run `sudo pro fix USN-3384-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.10.0-32-generic-lpae - 4.10.0-32.36~16.04.1 linux-image-extra-4.10.0-32-generic - 4.10.0-32.36~16.04.1 linux-image-4.10.0-32-lowlatency - 4.10.0-32.36~16.04.1 linux-image-4.10.0-32-generic - 4.10.0-32.36~16.04.1 No subscription required High CVE-2017-1000111 CVE-2017-1000112 Ubuntu 16.04 LTS Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload (UFO) code in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code. (CVE-2017-1000112) Andrey Konovalov discovered a race condition in AF_PACKET socket option handling code in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2017-1000111) Update Instructions: Run `sudo pro fix USN-3385-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1026-gke - 4.4.0-1026.26 linux-image-extra-4.4.0-1026-gke - 4.4.0-1026.26 No subscription required linux-image-4.4.0-1030-aws - 4.4.0-1030.39 No subscription required linux-image-4.4.0-1069-raspi2 - 4.4.0-1069.77 No subscription required linux-image-4.4.0-1071-snapdragon - 4.4.0-1071.76 No subscription required linux-image-4.4.0-91-powerpc-smp - 4.4.0-91.114 linux-image-4.4.0-91-generic-lpae - 4.4.0-91.114 linux-image-4.4.0-91-powerpc-e500mc - 4.4.0-91.114 linux-image-4.4.0-91-powerpc64-emb - 4.4.0-91.114 linux-image-4.4.0-91-generic - 4.4.0-91.114 linux-image-4.4.0-91-powerpc64-smp - 4.4.0-91.114 linux-image-extra-4.4.0-91-generic - 4.4.0-91.114 linux-image-4.4.0-91-lowlatency - 4.4.0-91.114 No subscription required High CVE-2017-1000111 CVE-2017-1000112 Ubuntu 16.04 LTS Brian Neel, Joern Schneeweisz, and Jeff King discovered that Git did not properly handle host names in 'ssh://' URLs. A remote attacker could use this to construct a git repository that when accessed could run arbitrary code with the privileges of the user. Update Instructions: Run `sudo pro fix USN-3387-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:2.7.4-0ubuntu1.2 gitweb - 1:2.7.4-0ubuntu1.2 git-gui - 1:2.7.4-0ubuntu1.2 git-daemon-sysvinit - 1:2.7.4-0ubuntu1.2 git-arch - 1:2.7.4-0ubuntu1.2 git-el - 1:2.7.4-0ubuntu1.2 gitk - 1:2.7.4-0ubuntu1.2 git-all - 1:2.7.4-0ubuntu1.2 git-mediawiki - 1:2.7.4-0ubuntu1.2 git-daemon-run - 1:2.7.4-0ubuntu1.2 git-man - 1:2.7.4-0ubuntu1.2 git-doc - 1:2.7.4-0ubuntu1.2 git-svn - 1:2.7.4-0ubuntu1.2 git-cvs - 1:2.7.4-0ubuntu1.2 git-core - 1:2.7.4-0ubuntu1.2 git-email - 1:2.7.4-0ubuntu1.2 No subscription required Medium CVE-2017-1000117 Ubuntu 16.04 LTS Joern Schneeweisz discovered that Subversion did not properly handle host names in 'svn+ssh://' URLs. A remote attacker could use this to construct a subversion repository that when accessed could run arbitrary code with the privileges of the user. (CVE-2017-9800) Daniel Shahaf and James McCoy discovered that Subversion did not properly verify realms when using Cyrus SASL authentication. A remote attacker could use this to possibly bypass intended access restrictions. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-2167) Florian Weimer discovered that Subversion clients did not properly restrict XML entity expansion when accessing http(s):// URLs. A remote attacker could use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-8734) Update Instructions: Run `sudo pro fix USN-3388-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsvn-dev - 1.9.3-2ubuntu1.1 ruby-svn - 1.9.3-2ubuntu1.1 subversion-tools - 1.9.3-2ubuntu1.1 libapache2-svn - 1.9.3-2ubuntu1.1 libapache2-mod-svn - 1.9.3-2ubuntu1.1 python-subversion - 1.9.3-2ubuntu1.1 libsvn-java - 1.9.3-2ubuntu1.1 subversion - 1.9.3-2ubuntu1.1 libsvn-doc - 1.9.3-2ubuntu1.1 libsvn1 - 1.9.3-2ubuntu1.1 libsvn-perl - 1.9.3-2ubuntu1.1 libsvn-ruby1.8 - 1.9.3-2ubuntu1.1 No subscription required Medium CVE-2016-2167 CVE-2016-8734 CVE-2017-9800 Ubuntu 16.04 LTS A vulnerability was discovered in GD Graphics Library (aka libgd), as used in PHP that does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read bytes from the top of the stack. Update Instructions: Run `sudo pro fix USN-3389-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgd3 - 2.1.1-4ubuntu0.16.04.7 libgd-tools - 2.1.1-4ubuntu0.16.04.7 libgd-dev - 2.1.1-4ubuntu0.16.04.7 No subscription required Medium CVE-2017-7890 Ubuntu 16.04 LTS Ben de Graaff, Jelte Fennema, and Jeroen van der Ham discovered that PostgreSQL allowed the use of empty passwords in some authentication methods, contrary to expected behaviour. A remote attacker could use an empty password to authenticate to servers that were believed to have password login disabled. (CVE-2017-7546) Jeff Janes discovered that PostgreSQL incorrectly handled the pg_user_mappings catalog view. A remote attacker without server privileges could possibly use this issue to obtain certain passwords. (CVE-2017-7547) Chapman Flack discovered that PostgreSQL incorrectly handled lo_put() permissions. A remote attacker could possibly use this issue to change the data in a large object. (CVE-2017-7548) Update Instructions: Run `sudo pro fix USN-3390-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-doc-9.5 - 9.5.8-0ubuntu0.16.04.1 postgresql-plperl-9.5 - 9.5.8-0ubuntu0.16.04.1 postgresql-server-dev-9.5 - 9.5.8-0ubuntu0.16.04.1 postgresql-9.5 - 9.5.8-0ubuntu0.16.04.1 postgresql-plpython-9.5 - 9.5.8-0ubuntu0.16.04.1 libecpg6 - 9.5.8-0ubuntu0.16.04.1 postgresql-client-9.5 - 9.5.8-0ubuntu0.16.04.1 libpq-dev - 9.5.8-0ubuntu0.16.04.1 postgresql-contrib-9.5 - 9.5.8-0ubuntu0.16.04.1 libpgtypes3 - 9.5.8-0ubuntu0.16.04.1 libecpg-dev - 9.5.8-0ubuntu0.16.04.1 postgresql-pltcl-9.5 - 9.5.8-0ubuntu0.16.04.1 libpq5 - 9.5.8-0ubuntu0.16.04.1 postgresql-plpython3-9.5 - 9.5.8-0ubuntu0.16.04.1 libecpg-compat3 - 9.5.8-0ubuntu0.16.04.1 No subscription required Medium CVE-2017-7546 CVE-2017-7547 CVE-2017-7548 Ubuntu 16.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting (XSS) attacks, bypass sandbox restrictions, obtain sensitive information, spoof the origin of modal alerts, bypass same origin restrictions, read uninitialized memory, cause a denial of service via program crash or hang, or execute arbitrary code. (CVE-2017-7753, CVE-2017-7779, CVE-2017-7780, CVE-2017-7781, CVE-2017-7783, CVE-2017-7784, CVE-2017-7785, CVE-2017-7786, CVE-2017-7787, CVE-2017-7788, CVE-2017-7789, CVE-2017-7791, CVE-2017-7792, CVE-2017-7794, CVE-2017-7797, CVE-2017-7798, CVE-2017-7799, CVE-2017-7800, CVE-2017-7801, CVE-2017-7802, CVE-2017-7803, CVE-2017-7806, CVE-2017-7807, CVE-2017-7808, CVE-2017-7809) Update Instructions: Run `sudo pro fix USN-3391-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-nn - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-nb - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-fa - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-fi - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-fr - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-fy - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-or - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-kab - 55.0.1+build2-0ubuntu0.16.04.2 firefox-testsuite - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-oc - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-cs - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-ga - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-gd - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-gn - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-gl - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-gu - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-pa - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-pl - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-cy - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-pt - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-hi - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-ms - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-he - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-hy - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-hr - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-hu - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-it - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-as - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-ar - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-az - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-id - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-mai - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-af - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-is - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-vi - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-an - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-bs - 55.0.1+build2-0ubuntu0.16.04.2 firefox - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-ro - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-ja - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-ru - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-br - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-zh-hant - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-zh-hans - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-bn - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-be - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-bg - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-sl - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-sk - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-si - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-sw - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-sv - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-sr - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-sq - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-ko - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-kn - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-km - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-kk - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-ka - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-xh - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-ca - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-ku - 55.0.1+build2-0ubuntu0.16.04.2 firefox-mozsymbols - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-lv - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-lt - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-th - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-hsb - 55.0.1+build2-0ubuntu0.16.04.2 firefox-dev - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-te - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-cak - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-ta - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-lg - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-tr - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-nso - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-de - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-da - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-uk - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-mr - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-my - 55.0.1+build2-0ubuntu0.16.04.2 firefox-globalmenu - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-uz - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-ml - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-mn - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-mk - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-ur - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-eu - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-et - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-es - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-csb - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-el - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-eo - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-en - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-zu - 55.0.1+build2-0ubuntu0.16.04.2 firefox-locale-ast - 55.0.1+build2-0ubuntu0.16.04.2 No subscription required Medium CVE-2017-7753 CVE-2017-7779 CVE-2017-7780 CVE-2017-7781 CVE-2017-7783 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7788 CVE-2017-7789 CVE-2017-7791 CVE-2017-7792 CVE-2017-7794 CVE-2017-7797 CVE-2017-7798 CVE-2017-7799 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7806 CVE-2017-7807 CVE-2017-7808 CVE-2017-7809 Ubuntu 16.04 LTS USN-3391-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubufox. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting (XSS) attacks, bypass sandbox restrictions, obtain sensitive information, spoof the origin of modal alerts, bypass same origin restrictions, read uninitialized memory, cause a denial of service via program crash or hang, or execute arbitrary code. (CVE-2017-7753, CVE-2017-7779, CVE-2017-7780, CVE-2017-7781, CVE-2017-7783, CVE-2017-7784, CVE-2017-7785, CVE-2017-7786, CVE-2017-7787, CVE-2017-7788, CVE-2017-7789, CVE-2017-7791, CVE-2017-7792, CVE-2017-7794, CVE-2017-7797, CVE-2017-7798, CVE-2017-7799, CVE-2017-7800, CVE-2017-7801, CVE-2017-7802, CVE-2017-7803, CVE-2017-7806, CVE-2017-7807, CVE-2017-7808, CVE-2017-7809) Update Instructions: Run `sudo pro fix USN-3391-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ubufox - 3.4-0ubuntu0.16.04.1 xul-ext-ubufox - 3.4-0ubuntu0.16.04.1 No subscription required None https://launchpad.net/bugs/1711137 Ubuntu 16.04 LTS USN-3391-1 fixed vulnerabilities in Firefox. The update introduced a performance regression with WebExtensions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting (XSS) attacks, bypass sandbox restrictions, obtain sensitive information, spoof the origin of modal alerts, bypass same origin restrictions, read uninitialized memory, cause a denial of service via program crash or hang, or execute arbitrary code. (CVE-2017-7753, CVE-2017-7779, CVE-2017-7780, CVE-2017-7781, CVE-2017-7783, CVE-2017-7784, CVE-2017-7785, CVE-2017-7786, CVE-2017-7787, CVE-2017-7788, CVE-2017-7789, CVE-2017-7791, CVE-2017-7792, CVE-2017-7794, CVE-2017-7797, CVE-2017-7798, CVE-2017-7799, CVE-2017-7800, CVE-2017-7801, CVE-2017-7802, CVE-2017-7803, CVE-2017-7806, CVE-2017-7807, CVE-2017-7808, CVE-2017-7809) Update Instructions: Run `sudo pro fix USN-3391-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nn - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nb - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fa - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fi - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fr - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fy - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-or - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kab - 55.0.2+build1-0ubuntu0.16.04.1 firefox-testsuite - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-oc - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cs - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ga - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gd - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gn - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gl - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gu - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pa - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pl - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cy - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pt - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hi - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ms - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-he - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hy - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hr - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hu - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-it - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-as - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ar - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-az - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-id - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mai - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-af - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-is - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-vi - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-an - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bs - 55.0.2+build1-0ubuntu0.16.04.1 firefox - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ro - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ja - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ru - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-br - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zh-hant - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zh-hans - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bn - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-be - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bg - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sl - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sk - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-si - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sw - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sv - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sr - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sq - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ko - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kn - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-km - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kk - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ka - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-xh - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ca - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ku - 55.0.2+build1-0ubuntu0.16.04.1 firefox-mozsymbols - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lv - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lt - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-th - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hsb - 55.0.2+build1-0ubuntu0.16.04.1 firefox-dev - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-te - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cak - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ta - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lg - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-tr - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nso - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-de - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-da - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-uk - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mr - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-my - 55.0.2+build1-0ubuntu0.16.04.1 firefox-globalmenu - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-uz - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ml - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mn - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mk - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ur - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-eu - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-et - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-es - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-csb - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-el - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-eo - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-en - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zu - 55.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ast - 55.0.2+build1-0ubuntu0.16.04.1 No subscription required None https://launchpad.net/bugs/1710987 Ubuntu 16.04 LTS USN-3378-1 fixed vulnerabilities in the Linux kernel. Unfortunately, a regression was introduced that prevented conntrack from working correctly in some situations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2017-7533) It was discovered that the Linux kernel did not properly restrict RLIMIT_STACK size. A local attacker could use this in conjunction with another vulnerability to possibly execute arbitrary code. (CVE-2017-1000365) 李强 discovered that the Virtio GPU driver in the Linux kernel did not properly free memory in some situations. A local attacker could use this to cause a denial of service (memory consumption). (CVE-2017-10810) 石磊 discovered that the RxRPC Kerberos 5 ticket handling code in the Linux kernel did not properly verify metadata. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7482) Update Instructions: Run `sudo pro fix USN-3392-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1027-gke - 4.4.0-1027.27 linux-image-extra-4.4.0-1027-gke - 4.4.0-1027.27 No subscription required linux-image-4.4.0-1031-aws - 4.4.0-1031.40 No subscription required linux-image-4.4.0-1070-raspi2 - 4.4.0-1070.78 No subscription required linux-image-4.4.0-1072-snapdragon - 4.4.0-1072.77 No subscription required linux-image-4.4.0-92-lowlatency - 4.4.0-92.115 linux-image-4.4.0-92-powerpc-smp - 4.4.0-92.115 linux-image-4.4.0-92-powerpc-e500mc - 4.4.0-92.115 linux-image-4.4.0-92-powerpc64-smp - 4.4.0-92.115 linux-image-4.4.0-92-generic-lpae - 4.4.0-92.115 linux-image-4.4.0-92-powerpc64-emb - 4.4.0-92.115 linux-image-extra-4.4.0-92-generic - 4.4.0-92.115 linux-image-4.4.0-92-generic - 4.4.0-92.115 No subscription required None https://bugs.launchpad.net/bugs/1709032 https://usn.ubuntu.com/usn/usn-3378-1 Ubuntu 16.04 LTS It was discovered that ClamAV incorrectly handled parsing certain e-mail messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2017-6418) It was discovered that ClamAV incorrectly handled certain malformed CHM files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. In the default installation, attackers would be isolated by the ClamAV AppArmor profile. (CVE-2017-6419) It was discovered that ClamAV incorrectly handled parsing certain PE files with WWPack compression. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2017-6420) Update Instructions: Run `sudo pro fix USN-3393-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.99.2+dfsg-0ubuntu0.16.04.2 clamav-testfiles - 0.99.2+dfsg-0ubuntu0.16.04.2 clamav-base - 0.99.2+dfsg-0ubuntu0.16.04.2 clamav - 0.99.2+dfsg-0ubuntu0.16.04.2 libclamav7 - 0.99.2+dfsg-0ubuntu0.16.04.2 clamav-daemon - 0.99.2+dfsg-0ubuntu0.16.04.2 clamav-milter - 0.99.2+dfsg-0ubuntu0.16.04.2 clamav-docs - 0.99.2+dfsg-0ubuntu0.16.04.2 clamav-freshclam - 0.99.2+dfsg-0ubuntu0.16.04.2 clamdscan - 0.99.2+dfsg-0ubuntu0.16.04.2 No subscription required Medium CVE-2017-6418 CVE-2017-6419 CVE-2017-6420 Ubuntu 16.04 LTS It was discovered that libmspack incorrectly handled certain malformed CHM files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-6419) It was discovered that libmspack incorrectly handled certain malformed CAB files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service. (CVE-2017-6419) Update Instructions: Run `sudo pro fix USN-3394-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmspack0 - 0.5-1ubuntu0.16.04.1 libmspack-dev - 0.5-1ubuntu0.16.04.1 libmspack-doc - 0.5-1ubuntu0.16.04.1 No subscription required Medium CVE-2017-11423 CVE-2017-6419 Ubuntu 16.04 LTS It was discovered that c-ares incorrectly handled certain NAPTR responses. A remote attacker could possibly use this issue to cause applications using c-ares to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3395-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc-ares2 - 1.10.0-3ubuntu0.2 libc-ares-dev - 1.10.0-3ubuntu0.2 No subscription required Medium CVE-2017-1000381 Ubuntu 16.04 LTS It was discovered that strongSwan incorrectly handled verifying specific RSA signatures. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3397-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: strongswan-plugin-xauth-noauth - 5.3.5-1ubuntu3.4 libcharon-extra-plugins - 5.3.5-1ubuntu3.4 strongswan-plugin-eap-simaka-pseudonym - 5.3.5-1ubuntu3.4 libstrongswan-extra-plugins - 5.3.5-1ubuntu3.4 strongswan-plugin-unbound - 5.3.5-1ubuntu3.4 strongswan-plugin-farp - 5.3.5-1ubuntu3.4 strongswan-charon - 5.3.5-1ubuntu3.4 strongswan-ikev1 - 5.3.5-1ubuntu3.4 strongswan-plugin-pkcs11 - 5.3.5-1ubuntu3.4 strongswan-plugin-xauth-eap - 5.3.5-1ubuntu3.4 strongswan-plugin-sshkey - 5.3.5-1ubuntu3.4 strongswan-plugin-error-notify - 5.3.5-1ubuntu3.4 strongswan-plugin-gcrypt - 5.3.5-1ubuntu3.4 strongswan-plugin-sql - 5.3.5-1ubuntu3.4 strongswan-plugin-coupling - 5.3.5-1ubuntu3.4 strongswan-plugin-xauth-generic - 5.3.5-1ubuntu3.4 strongswan-plugin-lookip - 5.3.5-1ubuntu3.4 strongswan-plugin-eap-ttls - 5.3.5-1ubuntu3.4 strongswan-plugin-af-alg - 5.3.5-1ubuntu3.4 strongswan-plugin-eap-aka-3gpp2 - 5.3.5-1ubuntu3.4 strongswan-ike - 5.3.5-1ubuntu3.4 strongswan-plugin-dnskey - 5.3.5-1ubuntu3.4 strongswan-plugin-eap-aka - 5.3.5-1ubuntu3.4 libstrongswan - 5.3.5-1ubuntu3.4 strongswan-plugin-eap-simaka-sql - 5.3.5-1ubuntu3.4 libstrongswan-standard-plugins - 5.3.5-1ubuntu3.4 strongswan-plugin-sqlite - 5.3.5-1ubuntu3.4 strongswan-plugin-duplicheck - 5.3.5-1ubuntu3.4 strongswan - 5.3.5-1ubuntu3.4 strongswan-tnc-server - 5.3.5-1ubuntu3.4 strongswan-plugin-attr-sql - 5.3.5-1ubuntu3.4 strongswan-tnc-base - 5.3.5-1ubuntu3.4 strongswan-plugin-eap-peap - 5.3.5-1ubuntu3.4 strongswan-starter - 5.3.5-1ubuntu3.4 strongswan-plugin-curl - 5.3.5-1ubuntu3.4 strongswan-plugin-radattr - 5.3.5-1ubuntu3.4 strongswan-plugin-soup - 5.3.5-1ubuntu3.4 strongswan-plugin-eap-dynamic - 5.3.5-1ubuntu3.4 strongswan-plugin-eap-gtc - 5.3.5-1ubuntu3.4 strongswan-plugin-eap-tls - 5.3.5-1ubuntu3.4 strongswan-tnc-ifmap - 5.3.5-1ubuntu3.4 strongswan-plugin-eap-tnc - 5.3.5-1ubuntu3.4 strongswan-plugin-eap-radius - 5.3.5-1ubuntu3.4 strongswan-ikev2 - 5.3.5-1ubuntu3.4 strongswan-plugin-mysql - 5.3.5-1ubuntu3.4 strongswan-plugin-eap-simaka-reauth - 5.3.5-1ubuntu3.4 strongswan-plugin-openssl - 5.3.5-1ubuntu3.4 strongswan-plugin-dnscert - 5.3.5-1ubuntu3.4 strongswan-plugin-xauth-pam - 5.3.5-1ubuntu3.4 strongswan-plugin-pubkey - 5.3.5-1ubuntu3.4 strongswan-plugin-eap-md5 - 5.3.5-1ubuntu3.4 charon-cmd - 5.3.5-1ubuntu3.4 strongswan-plugin-whitelist - 5.3.5-1ubuntu3.4 strongswan-plugin-fips-prf - 5.3.5-1ubuntu3.4 strongswan-libcharon - 5.3.5-1ubuntu3.4 strongswan-plugin-eap-mschapv2 - 5.3.5-1ubuntu3.4 strongswan-nm - 5.3.5-1ubuntu3.4 strongswan-plugin-ldap - 5.3.5-1ubuntu3.4 strongswan-plugin-certexpire - 5.3.5-1ubuntu3.4 strongswan-tnc-pdp - 5.3.5-1ubuntu3.4 strongswan-plugin-eap-sim - 5.3.5-1ubuntu3.4 strongswan-plugin-kernel-libipsec - 5.3.5-1ubuntu3.4 strongswan-plugin-ipseckey - 5.3.5-1ubuntu3.4 strongswan-plugin-dhcp - 5.3.5-1ubuntu3.4 strongswan-plugin-eap-sim-pcsc - 5.3.5-1ubuntu3.4 strongswan-plugin-ntru - 5.3.5-1ubuntu3.4 strongswan-plugin-gmp - 5.3.5-1ubuntu3.4 strongswan-plugin-agent - 5.3.5-1ubuntu3.4 strongswan-plugin-pgp - 5.3.5-1ubuntu3.4 strongswan-tnc-client - 5.3.5-1ubuntu3.4 strongswan-plugin-load-tester - 5.3.5-1ubuntu3.4 strongswan-plugin-unity - 5.3.5-1ubuntu3.4 strongswan-plugin-led - 5.3.5-1ubuntu3.4 strongswan-plugin-eap-sim-file - 5.3.5-1ubuntu3.4 strongswan-plugin-systime-fix - 5.3.5-1ubuntu3.4 No subscription required Medium CVE-2017-11185 Ubuntu 16.04 LTS Holger Fuhrmannek and Tyson Smith discovered that graphite2 incorrectly handled certain malformed fonts. If a user or automated system were tricked into opening a specially-crafted font file, a remote attacker could use this issue to cause graphite2 to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3398-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgraphite2-doc - 1.3.10-0ubuntu0.16.04.1 libgraphite2-3 - 1.3.10-0ubuntu0.16.04.1 libgraphite2-dev - 1.3.10-0ubuntu0.16.04.1 No subscription required Medium CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778 Ubuntu 16.04 LTS Hank Leininger discovered that cvs did not properly handle SSH for remote repositories. A remote attacker could use this to construct a cvs repository that when accessed could run arbitrary code with the privileges of the user. Update Instructions: Run `sudo pro fix USN-3399-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cvs - 2:1.12.13+real-15ubuntu0.1 No subscription required Medium CVE-2017-12836 Ubuntu 16.04 LTS It was discovered that Augeas incorrectly handled certain strings. An attacker could use this issue to cause Augeas to crash, leading to a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3400-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: augeas-tools - 1.4.0-0ubuntu1.1 libaugeas0 - 1.4.0-0ubuntu1.1 libaugeas-dev - 1.4.0-0ubuntu1.1 augeas-doc - 1.4.0-0ubuntu1.1 augeas-lenses - 1.4.0-0ubuntu1.1 No subscription required Medium CVE-2017-7555 Ubuntu 16.04 LTS It was discovered that TeX Live incorrectly handled certain system commands. If a user were tricked into processing a specially crafted TeX file, a remote attacker could execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3401-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: texlive-fonts-recommended-doc - 2015.20160320-1ubuntu0.1 texlive-pictures - 2015.20160320-1ubuntu0.1 texlive-full - 2015.20160320-1ubuntu0.1 texlive-luatex - 2015.20160320-1ubuntu0.1 texlive-pictures-doc - 2015.20160320-1ubuntu0.1 texlive-xetex - 2015.20160320-1ubuntu0.1 texlive-metapost - 2015.20160320-1ubuntu0.1 texlive-latex-base - 2015.20160320-1ubuntu0.1 texlive-fonts-recommended - 2015.20160320-1ubuntu0.1 texlive-latex-recommended-doc - 2015.20160320-1ubuntu0.1 texlive-omega - 2015.20160320-1ubuntu0.1 texlive-base - 2015.20160320-1ubuntu0.1 texlive-generic-recommended - 2015.20160320-1ubuntu0.1 texlive-metapost-doc - 2015.20160320-1ubuntu0.1 texlive-latex-base-doc - 2015.20160320-1ubuntu0.1 texlive-latex-recommended - 2015.20160320-1ubuntu0.1 texlive - 2015.20160320-1ubuntu0.1 luasseq - 2015.20160320-1ubuntu0.1 No subscription required Medium CVE-2016-10243 Ubuntu 16.04 LTS It was discovered that PySAML2 incorrectly handled certain SAML XML requests and responses. A remote attacker could use this issue to read arbitrary files. Update Instructions: Run `sudo pro fix USN-3402-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-pysaml2-doc - 3.0.0-3ubuntu1.16.04.1 python-pysaml2 - 3.0.0-3ubuntu1.16.04.1 python3-pysaml2 - 3.0.0-3ubuntu1.16.04.1 No subscription required Medium CVE-2016-10149 Ubuntu 16.04 LTS Kamil Frankowicz discovered that Ghostscript mishandles references. A remote attacker could use this to cause a denial of service. (CVE-2017-11714) Kim Gwan Yeong discovered that Ghostscript could allow a heap-based buffer over-read and application crash. A remote attacker could use a crafted document to cause a denial of service. (CVE-2017-9611, CVE-2017-9726, CVE-2017-9727, CVE-2017-9739) Kim Gwan Yeong discovered an use-after-free vulnerability in Ghostscript. A remote attacker could use a crafted file to cause a denial of service. (CVE-2017-9612) Kim Gwan Yeong discovered a lack of integer overflow check in Ghostscript. A remote attacker could use crafted PostScript document to cause a denial of service. (CVE-2017-9835) Update Instructions: Run `sudo pro fix USN-3403-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.18~dfsg~0-0ubuntu2.7 ghostscript-x - 9.18~dfsg~0-0ubuntu2.7 libgs-dev - 9.18~dfsg~0-0ubuntu2.7 ghostscript-doc - 9.18~dfsg~0-0ubuntu2.7 libgs9 - 9.18~dfsg~0-0ubuntu2.7 libgs9-common - 9.18~dfsg~0-0ubuntu2.7 No subscription required Medium CVE-2017-11714 CVE-2017-9611 CVE-2017-9612 CVE-2017-9726 CVE-2017-9727 CVE-2017-9739 CVE-2017-9835 Ubuntu 16.04 LTS USN-3404-1 fixed a vulnerability in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. A reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. Update Instructions: Run `sudo pro fix USN-3404-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.10.0-33-lowlatency - 4.10.0-33.37~16.04.1 linux-image-4.10.0-33-generic-lpae - 4.10.0-33.37~16.04.1 linux-image-extra-4.10.0-33-generic - 4.10.0-33.37~16.04.1 linux-image-4.10.0-33-generic - 4.10.0-33.37~16.04.1 No subscription required Medium CVE-2017-7487 Ubuntu 16.04 LTS It was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-11176) Huang Weller discovered that the ext4 filesystem implementation in the Linux kernel mishandled a needs-flushing-before-commit list. A local attacker could use this to expose sensitive information. (CVE-2017-7495) It was discovered that a buffer overflow existed in the Broadcom FullMAC WLAN driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7541) It was discovered that the Linux kernel did not honor the UEFI secure boot mode when performing a kexec operation. A local attacker could use this to bypass secure boot restrictions. (CVE-2015-7837) Update Instructions: Run `sudo pro fix USN-3405-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-4.4.0-1028-gke - 4.4.0-1028.28 linux-image-4.4.0-1028-gke - 4.4.0-1028.28 No subscription required linux-image-4.4.0-1032-aws - 4.4.0-1032.41 No subscription required linux-image-4.4.0-1071-raspi2 - 4.4.0-1071.79 No subscription required linux-image-4.4.0-1073-snapdragon - 4.4.0-1073.78 No subscription required linux-image-extra-4.4.0-93-generic - 4.4.0-93.116 linux-image-4.4.0-93-generic - 4.4.0-93.116 linux-image-4.4.0-93-powerpc-e500mc - 4.4.0-93.116 linux-image-4.4.0-93-powerpc64-emb - 4.4.0-93.116 linux-image-4.4.0-93-powerpc64-smp - 4.4.0-93.116 linux-image-4.4.0-93-generic-lpae - 4.4.0-93.116 linux-image-4.4.0-93-lowlatency - 4.4.0-93.116 linux-image-4.4.0-93-powerpc-smp - 4.4.0-93.116 No subscription required Medium CVE-2015-7837 CVE-2017-11176 CVE-2017-7495 CVE-2017-7541 Ubuntu 16.04 LTS It was discovered that a vulnerability in PyJWT doesn't check invalid_strings properly for some public keys. A remote attacker could take advantage of a key confusion to craft JWTs from scratch. Update Instructions: Run `sudo pro fix USN-3407-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-jwt - 1.3.0-1ubuntu0.1 python3-jwt - 1.3.0-1ubuntu0.1 No subscription required Medium CVE-2017-11424 Ubuntu 16.04 LTS It was discovered that an illegal address access can be made in Liblouis. A remote attacker can take advantange of this to access sensitive information. (CVE-2017-13738, CVE-2017-13744) It was discovered a heap-based buffer overflow that causes bytes out-of-bounds write in Liblouis. A remote attacker can use this to denial of service or remote code execution. (CVE-2017-13739) It was discovered a stack-based buffer overflow in Liblouis. A remote attacker can use this to denial of service or possibly unspecified other impact. (CVE-2017-13740, CVE-2017-13742) Update Instructions: Run `sudo pro fix USN-3408-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblouis9 - 2.6.4-2ubuntu0.1 liblouis-bin - 2.6.4-2ubuntu0.1 python-louis - 2.6.4-2ubuntu0.1 liblouis-dev - 2.6.4-2ubuntu0.1 python3-louis - 2.6.4-2ubuntu0.1 liblouis-data - 2.6.4-2ubuntu0.1 No subscription required Medium CVE-2017-13738 CVE-2017-13739 CVE-2017-13740 CVE-2017-13742 CVE-2017-13744 Ubuntu 16.04 LTS It was discovered that the GD Graphics Library (aka libgd) incorrectly handled certain malformed PNG images. A remote attacker could use this issue to cause the GD Graphics Library to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3410-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgd3 - 2.1.1-4ubuntu0.16.04.8 libgd-tools - 2.1.1-4ubuntu0.16.04.8 libgd-dev - 2.1.1-4ubuntu0.16.04.8 No subscription required Medium CVE-2017-6362 Ubuntu 16.04 LTS Adam Collard discovered that Bazaar did not properly handle host names in 'bzr+ssh://' URLs. A remote attacker could use this to construct a bazaar repository URL that when accessed could run arbitrary code with the privileges of the user. Update Instructions: Run `sudo pro fix USN-3411-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bzr-doc - 2.7.0-2ubuntu3.1 python-bzrlib - 2.7.0-2ubuntu3.1 bzr - 2.7.0-2ubuntu3.1 python-bzrlib.tests - 2.7.0-2ubuntu3.1 No subscription required None https://launchpad.net/bugs/1710979 Ubuntu 16.04 LTS It was discovered that an information disclosure vulnerability existed in the Service Discovery Protocol (SDP) implementation in BlueZ. A physically proximate unauthenticated attacker could use this to disclose sensitive information. (CVE-2017-1000250) Update Instructions: Run `sudo pro fix USN-3413-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libbluetooth3 - 5.37-0ubuntu5.1 bluez-tests - 5.37-0ubuntu5.1 bluez-obexd - 5.37-0ubuntu5.1 bluetooth - 5.37-0ubuntu5.1 bluez - 5.37-0ubuntu5.1 bluez-hcidump - 5.37-0ubuntu5.1 bluez-cups - 5.37-0ubuntu5.1 libbluetooth-dev - 5.37-0ubuntu5.1 No subscription required High CVE-2017-1000250 Ubuntu 16.04 LTS Leo Gaspard discovered that QEMU incorrectly handled VirtFS access control. A guest attacker could use this issue to elevate privileges inside the guest. (CVE-2017-7493) Li Qiang discovered that QEMU incorrectly handled VMWare PVSCSI emulation. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources or crash, resulting in a denial of service. (CVE-2017-8112) It was discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 Host Bus Adapter emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly to obtain sensitive host memory. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.04. (CVE-2017-8380) Li Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to consume resources and crash, resulting in a denial of service. This issue only affected Ubuntu 17.04. (CVE-2017-9060) Li Qiang discovered that QEMU incorrectly handled the e1000e device. A privileged attacker inside the guest could use this issue to cause QEMU to hang, resulting in a denial of service. This issue only affected Ubuntu 17.04. (CVE-2017-9310) Li Qiang discovered that QEMU incorrectly handled USB OHCI emulation support. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-9330) Li Qiang discovered that QEMU incorrectly handled IDE AHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources and crash, resulting in a denial of service. (CVE-2017-9373) Li Qiang discovered that QEMU incorrectly handled USB EHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources and crash, resulting in a denial of service. (CVE-2017-9374) Li Qiang discovered that QEMU incorrectly handled USB xHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to hang, resulting in a denial of service. (CVE-2017-9375) Zhangyanyu discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 Host Bus Adapter emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-9503) It was discovered that the QEMU qemu-nbd server incorrectly handled initialization. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. (CVE-2017-9524) It was discovered that the QEMU qemu-nbd server incorrectly handled signals. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. (CVE-2017-10664) Li Qiang discovered that the QEMU USB redirector incorrectly handled logging debug messages. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-10806) Anthony Perard discovered that QEMU incorrectly handled Xen block-interface responses. An attacker inside the guest could use this issue to cause QEMU to leak contents of host memory. (CVE-2017-10911) Reno Robert discovered that QEMU incorrectly handled certain DHCP options strings. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-11434) Ryan Salsamendi discovered that QEMU incorrectly handled empty CDROM device drives. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.04. (CVE-2017-12809) Update Instructions: Run `sudo pro fix USN-3414-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.5+dfsg-5ubuntu10.15 qemu-user-static - 1:2.5+dfsg-5ubuntu10.15 qemu-system-s390x - 1:2.5+dfsg-5ubuntu10.15 qemu-block-extra - 1:2.5+dfsg-5ubuntu10.15 qemu-kvm - 1:2.5+dfsg-5ubuntu10.15 qemu-user - 1:2.5+dfsg-5ubuntu10.15 qemu-guest-agent - 1:2.5+dfsg-5ubuntu10.15 qemu-system - 1:2.5+dfsg-5ubuntu10.15 qemu-utils - 1:2.5+dfsg-5ubuntu10.15 qemu-system-aarch64 - 1:2.5+dfsg-5ubuntu10.15 qemu-system-mips - 1:2.5+dfsg-5ubuntu10.15 qemu-user-binfmt - 1:2.5+dfsg-5ubuntu10.15 qemu-system-x86 - 1:2.5+dfsg-5ubuntu10.15 qemu-system-arm - 1:2.5+dfsg-5ubuntu10.15 qemu-system-sparc - 1:2.5+dfsg-5ubuntu10.15 qemu - 1:2.5+dfsg-5ubuntu10.15 qemu-system-ppc - 1:2.5+dfsg-5ubuntu10.15 qemu-system-misc - 1:2.5+dfsg-5ubuntu10.15 No subscription required Medium CVE-2017-10664 CVE-2017-10806 CVE-2017-10911 CVE-2017-11434 CVE-2017-12809 CVE-2017-7493 CVE-2017-8112 CVE-2017-8380 CVE-2017-9060 CVE-2017-9310 CVE-2017-9330 CVE-2017-9373 CVE-2017-9374 CVE-2017-9375 CVE-2017-9503 CVE-2017-9524 Ubuntu 16.04 LTS USN-3414-1 fixed vulnerabilities in QEMU. The patch backport for CVE-2017-9375 was incomplete and caused a regression in the USB xHCI controller emulation support. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Leo Gaspard discovered that QEMU incorrectly handled VirtFS access control. A guest attacker could use this issue to elevate privileges inside the guest. (CVE-2017-7493) Li Qiang discovered that QEMU incorrectly handled VMWare PVSCSI emulation. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources or crash, resulting in a denial of service. (CVE-2017-8112) It was discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 Host Bus Adapter emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly to obtain sensitive host memory. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.04. (CVE-2017-8380) Li Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to consume resources and crash, resulting in a denial of service. This issue only affected Ubuntu 17.04. (CVE-2017-9060) Li Qiang discovered that QEMU incorrectly handled the e1000e device. A privileged attacker inside the guest could use this issue to cause QEMU to hang, resulting in a denial of service. This issue only affected Ubuntu 17.04. (CVE-2017-9310) Li Qiang discovered that QEMU incorrectly handled USB OHCI emulation support. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-9330) Li Qiang discovered that QEMU incorrectly handled IDE AHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources and crash, resulting in a denial of service. (CVE-2017-9373) Li Qiang discovered that QEMU incorrectly handled USB EHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources and crash, resulting in a denial of service. (CVE-2017-9374) Li Qiang discovered that QEMU incorrectly handled USB xHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to hang, resulting in a denial of service. (CVE-2017-9375) Zhangyanyu discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 Host Bus Adapter emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-9503) It was discovered that the QEMU qemu-nbd server incorrectly handled initialization. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. (CVE-2017-9524) It was discovered that the QEMU qemu-nbd server incorrectly handled signals. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. (CVE-2017-10664) Li Qiang discovered that the QEMU USB redirector incorrectly handled logging debug messages. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-10806) Anthony Perard discovered that QEMU incorrectly handled Xen block-interface responses. An attacker inside the guest could use this issue to cause QEMU to leak contents of host memory. (CVE-2017-10911) Reno Robert discovered that QEMU incorrectly handled certain DHCP options strings. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-11434) Ryan Salsamendi discovered that QEMU incorrectly handled empty CDROM device drives. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.04. (CVE-2017-12809) Update Instructions: Run `sudo pro fix USN-3414-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.5+dfsg-5ubuntu10.16 qemu-user-static - 1:2.5+dfsg-5ubuntu10.16 qemu-system-s390x - 1:2.5+dfsg-5ubuntu10.16 qemu-block-extra - 1:2.5+dfsg-5ubuntu10.16 qemu-kvm - 1:2.5+dfsg-5ubuntu10.16 qemu-user - 1:2.5+dfsg-5ubuntu10.16 qemu-guest-agent - 1:2.5+dfsg-5ubuntu10.16 qemu-system - 1:2.5+dfsg-5ubuntu10.16 qemu-utils - 1:2.5+dfsg-5ubuntu10.16 qemu-system-aarch64 - 1:2.5+dfsg-5ubuntu10.16 qemu-system-mips - 1:2.5+dfsg-5ubuntu10.16 qemu-user-binfmt - 1:2.5+dfsg-5ubuntu10.16 qemu-system-x86 - 1:2.5+dfsg-5ubuntu10.16 qemu-system-arm - 1:2.5+dfsg-5ubuntu10.16 qemu-system-sparc - 1:2.5+dfsg-5ubuntu10.16 qemu - 1:2.5+dfsg-5ubuntu10.16 qemu-system-ppc - 1:2.5+dfsg-5ubuntu10.16 qemu-system-misc - 1:2.5+dfsg-5ubuntu10.16 No subscription required None https://launchpad.net/bugs/1718222 Ubuntu 16.04 LTS Wilfried Kirsch discovered a buffer overflow in the SLIP decoder in tcpdump. A remote attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2017-11543) Bhargava Shastry discovered a buffer overflow in the bitfield converter utility function bittok2str_internal() in tcpdump. A remote attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2017-13011) Otto Airamo and Antti Levomäki discovered logic errors in different protocol parsers in tcpdump that could lead to an infinite loop. A remote attacker could use these to cause a denial of service (application hang). CVE-2017-12989, CVE-2017-12990, CVE-2017-12995, CVE-2017-12997) Otto Airamo, Brian Carpenter, Yannick Formaggio, Kamil Frankowicz, Katie Holly, Kim Gwan Yeong, Antti Levomäki, Henri Salo, and Bhargava Shastry discovered out-of-bounds reads in muliptle protocol parsers in tcpdump. A remote attacker could use these to cause a denial of service (application crash). (CVE-2017-11108, CVE-2017-11541, CVE-2017-11542, CVE-2017-12893, CVE-2017-12894, CVE-2017-12895, CVE-2017-12896, CVE-2017-12897, CVE-2017-12898, CVE-2017-12899, CVE-2017-12900, CVE-2017-12901, CVE-2017-12902, CVE-2017-12985, CVE-2017-12986, CVE-2017-12987, CVE-2017-12988, CVE-2017-12991, CVE-2017-12992, CVE-2017-12993, CVE-2017-12994, CVE-2017-12996, CVE-2017-12998, CVE-2017-12999, CVE-2017-13000, CVE-2017-13001, CVE-2017-13002, CVE-2017-13003, CVE-2017-13004, CVE-2017-13005, CVE-2017-13006, CVE-2017-13007, CVE-2017-13008, CVE-2017-13009, CVE-2017-13010, CVE-2017-13012, CVE-2017-13013, CVE-2017-13014, CVE-2017-13015, CVE-2017-13016, CVE-2017-13017, CVE-2017-13018, CVE-2017-13019, CVE-2017-13020, CVE-2017-13021, CVE-2017-13022, CVE-2017-13023, CVE-2017-13024, CVE-2017-13025, CVE-2017-13026, CVE-2017-13027, CVE-2017-13028, CVE-2017-13029, CVE-2017-13030, CVE-2017-13031, CVE-2017-13032, CVE-2017-13033, CVE-2017-13034, CVE-2017-13035, CVE-2017-13036, CVE-2017-13037, CVE-2017-13038, CVE-2017-13039, CVE-2017-13040, CVE-2017-13041, CVE-2017-13042, CVE-2017-13043, CVE-2017-13044, CVE-2017-13045, CVE-2017-13046, CVE-2017-13047, CVE-2017-13048, CVE-2017-13049, CVE-2017-13050, CVE-2017-13051, CVE-2017-13052, CVE-2017-13053, CVE-2017-13054, CVE-2017-13055, CVE-2017-13687, CVE-2017-13688, CVE-2017-13689, CVE-2017-13690, CVE-2017-13725) Update Instructions: Run `sudo pro fix USN-3415-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tcpdump - 4.9.2-0ubuntu0.16.04.1 No subscription required Medium CVE-2017-11108 CVE-2017-11541 CVE-2017-11542 CVE-2017-11543 CVE-2017-12893 CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901 CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987 CVE-2017-12988 CVE-2017-12989 CVE-2017-12990 CVE-2017-12991 CVE-2017-12992 CVE-2017-12993 CVE-2017-12994 CVE-2017-12995 CVE-2017-12996 CVE-2017-12997 CVE-2017-12998 CVE-2017-12999 CVE-2017-13000 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003 CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13007 CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13011 CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13015 CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019 CVE-2017-13020 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023 CVE-2017-13024 CVE-2017-13025 CVE-2017-13026 CVE-2017-13027 CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031 CVE-2017-13032 CVE-2017-13033 CVE-2017-13034 CVE-2017-13035 CVE-2017-13036 CVE-2017-13037 CVE-2017-13038 CVE-2017-13039 CVE-2017-13040 CVE-2017-13041 CVE-2017-13042 CVE-2017-13043 CVE-2017-13044 CVE-2017-13045 CVE-2017-13046 CVE-2017-13047 CVE-2017-13048 CVE-2017-13049 CVE-2017-13050 CVE-2017-13051 CVE-2017-13052 CVE-2017-13053 CVE-2017-13054 CVE-2017-13055 CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13690 CVE-2017-13725 Ubuntu 16.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to bypass same-origin restrictions, bypass CSP restrictions, obtain sensitive information, spoof the origin of modal alerts, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-7753, CVE-2017-7779, CVE-2017-7784, CVE-2017-7785, CVE-2017-7787, CVE-2017-7791, CVE-2017-7792, CVE-2017-7800, CVE-2017-7801, CVE-2017-7802, CVE-2017-7803, CVE-2017-7807, CVE-2017-7809) A buffer overflow was discovered when displaying SVG content in some circumstances. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-7786) Update Instructions: Run `sudo pro fix USN-3416-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-bn - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fr - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-en-us - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-es-es - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nb-no - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-br - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-dsb - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fy - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-vi - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-mk - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-bn-bd - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hu - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-es-ar - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-be - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-bg - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ja - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-lt - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sl - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-en-gb - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-cy - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-si - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-gnome-support - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hr - 1:52.3.0+build1-0ubuntu0.16.04.1 xul-ext-calendar-timezones - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-de - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-en - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-da - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nl - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nn - 1:52.3.0+build1-0ubuntu0.16.04.1 xul-ext-lightning - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ga-ie - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fy-nl - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sv - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pa-in - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sr - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sq - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-he - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hsb - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-kab - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ar - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-uk - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-globalmenu - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-cn - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ta-lk - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ru - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-cs - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-mozsymbols - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fi - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-testsuite - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ro - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-af - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pt-pt - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sk - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-dev - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hy - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ca - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sv-se - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pt-br - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-el - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pa - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-rm - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ka - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nn-no - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ko - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ga - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ast - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-tr - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-it - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pl - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-gd - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-tw - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-id - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-gl - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nb - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pt - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-eu - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-et - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-hant - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-hans - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-is - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-es - 1:52.3.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ta - 1:52.3.0+build1-0ubuntu0.16.04.1 No subscription required Medium CVE-2017-7753 CVE-2017-7779 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7807 CVE-2017-7809 Ubuntu 16.04 LTS It was discovered that the GDK-PixBuf library did not properly handle certain jpeg images. If an user or automated system were tricked into opening a specially crafted jpeg file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-2862) It was discovered that the GDK-PixBuf library did not properly handle certain tiff images. If an user or automated system were tricked into opening a specially crafted tiff file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-2870) Ariel Zelivansky discovered that the GDK-PixBuf library did not properly handle printing certain error messages. If an user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service. (CVE-2017-6311) Update Instructions: Run `sudo pro fix USN-3418-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgdk-pixbuf2.0-0 - 2.32.2-1ubuntu1.3 libgdk-pixbuf2.0-common - 2.32.2-1ubuntu1.3 libgdk-pixbuf2.0-dev - 2.32.2-1ubuntu1.3 libgdk-pixbuf2.0-0-udeb - 2.32.2-1ubuntu1.3 libgdk-pixbuf2.0-doc - 2.32.2-1ubuntu1.3 gir1.2-gdkpixbuf-2.0 - 2.32.2-1ubuntu1.3 No subscription required Medium CVE-2017-2862 CVE-2017-2870 CVE-2017-6311 Ubuntu 16.04 LTS USN-3419-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-1000251) It was discovered that a buffer overflow existed in the Broadcom FullMAC WLAN driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7541) Update Instructions: Run `sudo pro fix USN-3419-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.10.0-35-generic - 4.10.0-35.39~16.04.1 linux-image-4.10.0-35-lowlatency - 4.10.0-35.39~16.04.1 linux-image-extra-4.10.0-35-generic - 4.10.0-35.39~16.04.1 linux-image-4.10.0-35-generic-lpae - 4.10.0-35.39~16.04.1 No subscription required High CVE-2017-1000251 CVE-2017-7541 Ubuntu 16.04 LTS It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-1000251) It was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-10663) It was discovered that a buffer overflow existed in the ioctl handling code in the ISDN subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-12762) Pengfei Wang discovered that a race condition existed in the NXP SAA7164 TV Decoder driver for the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-8831) Update Instructions: Run `sudo pro fix USN-3420-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1007-kvm - 4.4.0-1007.12 No subscription required linux-image-4.4.0-1031-gke - 4.4.0-1031.31 linux-image-extra-4.4.0-1031-gke - 4.4.0-1031.31 No subscription required linux-image-4.4.0-1035-aws - 4.4.0-1035.44 No subscription required linux-image-4.4.0-1074-raspi2 - 4.4.0-1074.82 No subscription required linux-image-4.4.0-1076-snapdragon - 4.4.0-1076.81 No subscription required linux-image-4.4.0-96-lowlatency - 4.4.0-96.119 linux-image-extra-4.4.0-96-generic - 4.4.0-96.119 linux-image-4.4.0-96-powerpc64-emb - 4.4.0-96.119 linux-image-4.4.0-96-powerpc-smp - 4.4.0-96.119 linux-image-4.4.0-96-generic-lpae - 4.4.0-96.119 linux-image-4.4.0-96-powerpc64-smp - 4.4.0-96.119 linux-image-4.4.0-96-generic - 4.4.0-96.119 linux-image-4.4.0-96-powerpc-e500mc - 4.4.0-96.119 No subscription required High CVE-2017-1000251 CVE-2017-10663 CVE-2017-12762 CVE-2017-8831 Ubuntu 16.04 LTS USN-3421-1 fixed a vulnerability in Libidn2. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Update Instructions: Run `sudo pro fix USN-3421-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libidn2-0-dev - 0.10-3ubuntu0.1~esm1 libidn2-0 - 0.10-3ubuntu0.1~esm1 idn2 - 0.10-3ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-14062 Ubuntu 16.04 LTS It was discovered that a type confusion error existed in libxml2. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. (CVE-2017-0663) It was discovered that libxml2 did not properly validate parsed entity references. An attacker could use this to specially construct XML data that could expose sensitive information. (CVE-2017-7375) It was discovered that a buffer overflow existed in libxml2 when handling HTTP redirects. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. (CVE-2017-7376) Marcel Böhme and Van-Thuan Pham discovered a buffer overflow in libxml2 when handling elements. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. (CVE-2017-9047) Marcel Böhme and Van-Thuan Pham discovered a buffer overread in libxml2 when handling elements. An attacker could use this to specially construct XML data that could cause a denial of service. (CVE-2017-9048) Marcel Böhme and Van-Thuan Pham discovered multiple buffer overreads in libxml2 when handling parameter-entity references. An attacker could use these to specially construct XML data that could cause a denial of service. (CVE-2017-9049, CVE-2017-9050) Update Instructions: Run `sudo pro fix USN-3424-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxml2 - 2.9.3+dfsg1-1ubuntu0.3 libxml2-utils - 2.9.3+dfsg1-1ubuntu0.3 libxml2 - 2.9.3+dfsg1-1ubuntu0.3 libxml2-udeb - 2.9.3+dfsg1-1ubuntu0.3 libxml2-doc - 2.9.3+dfsg1-1ubuntu0.3 libxml2-dev - 2.9.3+dfsg1-1ubuntu0.3 No subscription required Medium CVE-2017-0663 CVE-2017-7375 CVE-2017-7376 CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050 Ubuntu 16.04 LTS Hanno Böck discovered that the Apache HTTP Server incorrectly handled Limit directives in .htaccess files. In certain configurations, a remote attacker could possibly use this issue to read arbitrary server memory, including sensitive information. This issue is known as Optionsbleed. Update Instructions: Run `sudo pro fix USN-3425-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2-data - 2.4.18-2ubuntu3.5 apache2-utils - 2.4.18-2ubuntu3.5 apache2-dev - 2.4.18-2ubuntu3.5 apache2-suexec-pristine - 2.4.18-2ubuntu3.5 apache2-suexec-custom - 2.4.18-2ubuntu3.5 apache2 - 2.4.18-2ubuntu3.5 apache2-doc - 2.4.18-2ubuntu3.5 apache2-bin - 2.4.18-2ubuntu3.5 No subscription required Medium CVE-2017-9798 Ubuntu 16.04 LTS Stefan Metzmacher discovered that Samba incorrectly enforced SMB signing in certain situations. A remote attacker could use this issue to perform a machine-in-the-middle attack. (CVE-2017-12150) Stefan Metzmacher discovered that Samba incorrectly handled encryption across DFS redirects. A remote attacker could use this issue to perform a machine-in-the-middle attack. (CVE-2017-12151) Yihan Lian and Zhibin Hu discovered that Samba incorrectly handled memory when SMB1 is being used. A remote attacker could possibly use this issue to obtain server memory contents. (CVE-2017-12163) Update Instructions: Run `sudo pro fix USN-3426-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.16.04.11 samba - 2:4.3.11+dfsg-0ubuntu0.16.04.11 libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.11 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.11 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.11 smbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.11 python-samba - 2:4.3.11+dfsg-0ubuntu0.16.04.11 winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.11 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.16.04.11 samba-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.11 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.16.04.11 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.16.04.11 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.11 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.11 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.11 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.11 samba-common - 2:4.3.11+dfsg-0ubuntu0.16.04.11 registry-tools - 2:4.3.11+dfsg-0ubuntu0.16.04.11 samba-libs - 2:4.3.11+dfsg-0ubuntu0.16.04.11 ctdb - 2:4.3.11+dfsg-0ubuntu0.16.04.11 No subscription required Medium CVE-2017-12150 CVE-2017-12151 CVE-2017-12163 Ubuntu 16.04 LTS Charles A. Roelli discovered that Emacs incorrectly handled certain files. If a user were tricked into opening a specially crafted file (e.g., email messages in gnus), an attacker could possibly use this to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3427-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: emacs24-bin-common - 24.5+1-6ubuntu1.1 emacs24-lucid - 24.5+1-6ubuntu1.1 emacs24 - 24.5+1-6ubuntu1.1 emacs24-el - 24.5+1-6ubuntu1.1 emacs24-nox - 24.5+1-6ubuntu1.1 emacs24-common - 24.5+1-6ubuntu1.1 No subscription required Medium CVE-2017-14482 Ubuntu 16.04 LTS Wang Junjie discovered that Libplist incorrectly handled certain files. If a user were tricked into opening a crafted file, an attacker could possibly use this to cause a crash or denial or service. Update Instructions: Run `sudo pro fix USN-3429-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-plist - 1.12-3.1ubuntu0.16.04.1 libplist++3v5 - 1.12-3.1ubuntu0.16.04.1 libplist-doc - 1.12-3.1ubuntu0.16.04.1 libplist-dev - 1.12-3.1ubuntu0.16.04.1 libplist-utils - 1.12-3.1ubuntu0.16.04.1 libplist3 - 1.12-3.1ubuntu0.16.04.1 libplist++-dev - 1.12-3.1ubuntu0.16.04.1 No subscription required Medium CVE-2017-7982 Ubuntu 16.04 LTS Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-14491) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled IPv6 router advertisements. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-14492) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DHCPv6 requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-14493) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DHCPv6 packets. A remote attacker could use this issue to possibly obtain sensitive memory contents. (CVE-2017-14494) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to consume memory, resulting in a denial of service. (CVE-2017-14495) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service. (CVE-2017-14496) Update Instructions: Run `sudo pro fix USN-3430-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsmasq - 2.75-1ubuntu0.16.04.3 dnsmasq-utils - 2.75-1ubuntu0.16.04.3 dnsmasq-base - 2.75-1ubuntu0.16.04.3 No subscription required High CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 Ubuntu 16.04 LTS Martin Thomson discovered that NSS incorrectly generated handshake hashes. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3431-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.28.4-0ubuntu0.16.04.3 libnss3-dev - 2:3.28.4-0ubuntu0.16.04.3 libnss3 - 2:3.28.4-0ubuntu0.16.04.3 libnss3-1d - 2:3.28.4-0ubuntu0.16.04.3 libnss3-tools - 2:3.28.4-0ubuntu0.16.04.3 No subscription required Medium CVE-2017-7805 Ubuntu 16.04 LTS The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20170717 package. Update Instructions: Run `sudo pro fix USN-3432-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ca-certificates - 20170717~16.04.1 No subscription required None https://launchpad.net/bugs/1719851 Ubuntu 16.04 LTS It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial service. This issue only affected Ubuntu 17.04. (CVE-2017-14517) It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service. (CVE-2017-14519) Update Instructions: Run `sudo pro fix USN-3433-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpoppler58 - 0.41.0-0ubuntu1.3 poppler-utils - 0.41.0-0ubuntu1.3 libpoppler-qt5-1 - 0.41.0-0ubuntu1.3 libpoppler-cpp-dev - 0.41.0-0ubuntu1.3 libpoppler-cpp0 - 0.41.0-0ubuntu1.3 gir1.2-poppler-0.18 - 0.41.0-0ubuntu1.3 libpoppler-dev - 0.41.0-0ubuntu1.3 libpoppler-glib8 - 0.41.0-0ubuntu1.3 libpoppler-private-dev - 0.41.0-0ubuntu1.3 libpoppler-qt4-dev - 0.41.0-0ubuntu1.3 libpoppler-glib-dev - 0.41.0-0ubuntu1.3 libpoppler-qt4-4 - 0.41.0-0ubuntu1.3 libpoppler-qt5-dev - 0.41.0-0ubuntu1.3 libpoppler-glib-doc - 0.41.0-0ubuntu1.3 No subscription required Medium CVE-2017-14517 CVE-2017-14519 Ubuntu 16.04 LTS It was discovered that Libidn incorrectly handled decoding certain digits. A remote attacker could use this issue to cause Libidn to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3434-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: idn - 1.32-3ubuntu1.2 libidn11-dev - 1.32-3ubuntu1.2 libidn11-java - 1.32-3ubuntu1.2 libidn11 - 1.32-3ubuntu1.2 No subscription required Medium CVE-2017-14062 Ubuntu 16.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, bypass phishing and malware protection, spoof the origin in modal dialogs, conduct cross-site scripting (XSS) attacks, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-7793, CVE-2017-7810, CVE-2017-7811, CVE-2017-7812, CVE-2017-7813, CVE-2017-7814, CVE-2017-7815, CVE-2017-7818, CVE-2017-7819, CVE-2017-7820, CVE-2017-7822, CVE-2017-7823, CVE-2017-7824) Martin Thomson discovered that NSS incorrectly generated handshake hashes. A remote attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-7805) Multiple security issues were discovered in WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to download and open non-executable files without interaction, or obtain elevated privileges. (CVE-2017-7816, CVE-2017-7821) Update Instructions: Run `sudo pro fix USN-3435-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-nn - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-nb - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-fa - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-fi - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-fr - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-fy - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-or - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-kab - 56.0+build6-0ubuntu0.16.04.1 firefox-testsuite - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-oc - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-cs - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-ga - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-gd - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-gn - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-gl - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-gu - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-pa - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-pl - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-cy - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-pt - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-hi - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-ms - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-he - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-hy - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-hr - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-hu - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-it - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-as - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-ar - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-az - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-id - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-mai - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-af - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-is - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-vi - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-an - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-bs - 56.0+build6-0ubuntu0.16.04.1 firefox - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-ro - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-ja - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-ru - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-br - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-zh-hant - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-zh-hans - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-bn - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-be - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-bg - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-sl - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-sk - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-si - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-sw - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-sv - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-sr - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-sq - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-ko - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-kn - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-km - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-kk - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-ka - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-xh - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-ca - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-ku - 56.0+build6-0ubuntu0.16.04.1 firefox-mozsymbols - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-lv - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-lt - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-th - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-hsb - 56.0+build6-0ubuntu0.16.04.1 firefox-dev - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-te - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-cak - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-ta - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-lg - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-tr - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-nso - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-de - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-da - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-uk - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-mr - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-my - 56.0+build6-0ubuntu0.16.04.1 firefox-globalmenu - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-uz - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-ml - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-mn - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-mk - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-ur - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-eu - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-et - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-es - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-csb - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-el - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-eo - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-en - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-zu - 56.0+build6-0ubuntu0.16.04.1 firefox-locale-ast - 56.0+build6-0ubuntu0.16.04.1 No subscription required Medium CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7811 CVE-2017-7812 CVE-2017-7813 CVE-2017-7814 CVE-2017-7815 CVE-2017-7816 CVE-2017-7818 CVE-2017-7819 CVE-2017-7820 CVE-2017-7821 CVE-2017-7822 CVE-2017-7823 CVE-2017-7824 Ubuntu 16.04 LTS USN-3435-1 fixed vulnerabilities in Firefox. The update caused the Flash plugin to crash in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, bypass phishing and malware protection, spoof the origin in modal dialogs, conduct cross-site scripting (XSS) attacks, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-7793, CVE-2017-7810, CVE-2017-7811, CVE-2017-7812, CVE-2017-7813, CVE-2017-7814, CVE-2017-7815, CVE-2017-7818, CVE-2017-7819, CVE-2017-7820, CVE-2017-7822, CVE-2017-7823, CVE-2017-7824) Martin Thomson discovered that NSS incorrectly generated handshake hashes. A remote attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-7805) Multiple security issues were discovered in WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to download and open non-executable files without interaction, or obtain elevated privileges. (CVE-2017-7816, CVE-2017-7821) Update Instructions: Run `sudo pro fix USN-3435-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-nn - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-nb - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-fa - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-fi - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-fr - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-fy - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-or - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-kab - 56.0+build6-0ubuntu0.16.04.2 firefox-testsuite - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-oc - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-cs - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-ga - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-gd - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-gn - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-gl - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-gu - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-pa - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-pl - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-cy - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-pt - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-hi - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-ms - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-he - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-hy - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-hr - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-hu - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-it - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-as - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-ar - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-az - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-id - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-mai - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-af - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-is - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-vi - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-an - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-bs - 56.0+build6-0ubuntu0.16.04.2 firefox - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-ro - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-ja - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-ru - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-br - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-zh-hant - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-zh-hans - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-bn - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-be - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-bg - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-sl - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-sk - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-si - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-sw - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-sv - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-sr - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-sq - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-ko - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-kn - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-km - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-kk - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-ka - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-xh - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-ca - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-ku - 56.0+build6-0ubuntu0.16.04.2 firefox-mozsymbols - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-lv - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-lt - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-th - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-hsb - 56.0+build6-0ubuntu0.16.04.2 firefox-dev - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-te - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-cak - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-ta - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-lg - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-tr - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-nso - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-de - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-da - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-uk - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-mr - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-my - 56.0+build6-0ubuntu0.16.04.2 firefox-globalmenu - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-uz - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-ml - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-mn - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-mk - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-ur - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-eu - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-et - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-es - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-csb - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-el - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-eo - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-en - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-zu - 56.0+build6-0ubuntu0.16.04.2 firefox-locale-ast - 56.0+build6-0ubuntu0.16.04.2 No subscription required None https://launchpad.net/bugs/1720908 Ubuntu 16.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing-like context, an attacker could potentially exploit these to read uninitialized memory, bypass phishing and malware protection, conduct cross-site scripting (XSS) attacks, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-7793, CVE-2017-7810, CVE-2017-7814, CVE-2017-7818, CVE-2017-7819, CVE-2017-7823, CVE-2017-7824) Martin Thomson discovered that NSS incorrectly generated handshake hashes. A remote attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-7805) Update Instructions: Run `sudo pro fix USN-3436-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-bn - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-fr - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-en-us - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-es-es - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-nb-no - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-br - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-dsb - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-fy - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-vi - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-mk - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-bn-bd - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-hu - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-es-ar - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-be - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-bg - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ja - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-lt - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-sl - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-en-gb - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-cy - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-si - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-gnome-support - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-hr - 1:52.4.0+build1-0ubuntu0.16.04.2 xul-ext-calendar-timezones - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-de - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-en - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-da - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-nl - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-nn - 1:52.4.0+build1-0ubuntu0.16.04.2 xul-ext-lightning - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ga-ie - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-fy-nl - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-sv - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-pa-in - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-sr - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-sq - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-he - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-hsb - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-kab - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ar - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-uk - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-globalmenu - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-zh-cn - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ta-lk - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ru - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-cs - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-mozsymbols - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-fi - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-testsuite - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ro - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-af - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-pt-pt - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-sk - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-dev - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-hy - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ca - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-sv-se - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-pt-br - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-el - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-pa - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-rm - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ka - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-nn-no - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ko - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ga - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ast - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-tr - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-it - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-pl - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-gd - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-zh-tw - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-id - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-gl - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-nb - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-pt - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-eu - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-et - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-zh-hant - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-zh-hans - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-is - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-es - 1:52.4.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ta - 1:52.4.0+build1-0ubuntu0.16.04.2 No subscription required Medium CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 Ubuntu 16.04 LTS It was discovered that Git incorrectly handled certain subcommands such as cvsserver. A remote attacker could possibly use this issue via shell metacharacters in modules names to execute arbitrary code. This update also removes the cvsserver subcommand from git-shell by default. Update Instructions: Run `sudo pro fix USN-3438-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:2.7.4-0ubuntu1.3 gitweb - 1:2.7.4-0ubuntu1.3 git-gui - 1:2.7.4-0ubuntu1.3 git-daemon-sysvinit - 1:2.7.4-0ubuntu1.3 git-arch - 1:2.7.4-0ubuntu1.3 git-el - 1:2.7.4-0ubuntu1.3 gitk - 1:2.7.4-0ubuntu1.3 git-all - 1:2.7.4-0ubuntu1.3 git-mediawiki - 1:2.7.4-0ubuntu1.3 git-daemon-run - 1:2.7.4-0ubuntu1.3 git-man - 1:2.7.4-0ubuntu1.3 git-doc - 1:2.7.4-0ubuntu1.3 git-svn - 1:2.7.4-0ubuntu1.3 git-cvs - 1:2.7.4-0ubuntu1.3 git-core - 1:2.7.4-0ubuntu1.3 git-email - 1:2.7.4-0ubuntu1.3 No subscription required Medium CVE-2017-14867 Ubuntu 16.04 LTS It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service. (CVE-2017-14518, CVE-2017-14520, CVE-2017-14617, CVE-2017-14929, CVE-2017-14975, CVE-2017-14977) It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service. This issue only affected Ubuntu 17.04 and 16.04. (CVE-2017-14926, CVE-2017-14928) Alberto Garcia, Francisco Oca and Suleman Ali discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service. (CVE-2017-9776) Update Instructions: Run `sudo pro fix USN-3440-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpoppler58 - 0.41.0-0ubuntu1.4 poppler-utils - 0.41.0-0ubuntu1.4 libpoppler-qt5-1 - 0.41.0-0ubuntu1.4 libpoppler-cpp-dev - 0.41.0-0ubuntu1.4 libpoppler-cpp0 - 0.41.0-0ubuntu1.4 gir1.2-poppler-0.18 - 0.41.0-0ubuntu1.4 libpoppler-dev - 0.41.0-0ubuntu1.4 libpoppler-glib8 - 0.41.0-0ubuntu1.4 libpoppler-private-dev - 0.41.0-0ubuntu1.4 libpoppler-qt4-dev - 0.41.0-0ubuntu1.4 libpoppler-glib-dev - 0.41.0-0ubuntu1.4 libpoppler-qt4-4 - 0.41.0-0ubuntu1.4 libpoppler-qt5-dev - 0.41.0-0ubuntu1.4 libpoppler-glib-doc - 0.41.0-0ubuntu1.4 No subscription required Medium CVE-2017-14518 CVE-2017-14520 CVE-2017-14617 CVE-2017-14926 CVE-2017-14928 CVE-2017-14929 CVE-2017-14975 CVE-2017-14977 CVE-2017-9776 Ubuntu 16.04 LTS Daniel Stenberg discovered that curl incorrectly handled large floating point output. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-9586) Even Rouault discovered that curl incorrectly handled large file names when doing TFTP transfers. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive memory contents. (CVE-2017-1000100) Brian Carpenter and Yongji Ouyang discovered that curl incorrectly handled numerical range globbing. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive memory contents. (CVE-2017-1000101) Max Dymond discovered that curl incorrectly handled FTP PWD responses. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service. (CVE-2017-1000254) Brian Carpenter discovered that curl incorrectly handled the --write-out command line option. A local attacker could possibly use this issue to obtain sensitive memory contents. (CVE-2017-7407) Update Instructions: Run `sudo pro fix USN-3441-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.47.0-1ubuntu2.3 libcurl4-openssl-dev - 7.47.0-1ubuntu2.3 libcurl3-gnutls - 7.47.0-1ubuntu2.3 libcurl4-doc - 7.47.0-1ubuntu2.3 libcurl3-nss - 7.47.0-1ubuntu2.3 libcurl4-nss-dev - 7.47.0-1ubuntu2.3 libcurl3 - 7.47.0-1ubuntu2.3 curl - 7.47.0-1ubuntu2.3 No subscription required Medium CVE-2016-9586 CVE-2017-1000100 CVE-2017-1000101 CVE-2017-1000254 CVE-2017-7407 Ubuntu 16.04 LTS It was discovered that libXfont incorrectly handled certain patterns in PatternMatch. A local attacker could use this issue to cause libXfont to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2017-13720) It was discovered that libXfont incorrectly handled certain malformed PCF files. A local attacker could use this issue to cause libXfont to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2017-13722) Update Instructions: Run `sudo pro fix USN-3442-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxfont1-dev - 1:1.5.1-1ubuntu0.16.04.3 libxfont1-udeb - 1:1.5.1-1ubuntu0.16.04.3 libxfont1 - 1:1.5.1-1ubuntu0.16.04.3 No subscription required libxfont2-udeb - 1:2.0.1-3~ubuntu16.04.2 libxfont2 - 1:2.0.1-3~ubuntu16.04.2 libxfont-dev - 1:2.0.1-3~ubuntu16.04.2 No subscription required Medium CVE-2017-13720 CVE-2017-13722 Ubuntu 16.04 LTS USN-3443-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. It was discovered that on the PowerPC architecture, the kernel did not properly sanitize the signal stack when handling sigreturn(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-1000255) Andrey Konovalov discovered that a divide-by-zero error existed in the TCP stack implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14106) Update Instructions: Run `sudo pro fix USN-3443-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.10.0-37-generic-lpae - 4.10.0-37.41~16.04.1 linux-image-4.10.0-37-lowlatency - 4.10.0-37.41~16.04.1 linux-image-4.10.0-37-generic - 4.10.0-37.41~16.04.1 linux-image-extra-4.10.0-37-generic - 4.10.0-37.41~16.04.1 No subscription required High CVE-2017-1000255 CVE-2017-14106 Ubuntu 16.04 LTS Andrey Konovalov discovered that a divide-by-zero error existed in the TCP stack implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14106) Update Instructions: Run `sudo pro fix USN-3443-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-4.10.0-1007-gcp - 4.10.0-1007.7 linux-image-4.10.0-1007-gcp - 4.10.0-1007.7 No subscription required Medium CVE-2017-14106 Ubuntu 16.04 LTS Jan H. Schönherr discovered that the Xen subsystem did not properly handle block IO merges correctly in some situations. An attacker in a guest vm could use this to cause a denial of service (host crash) or possibly gain administrative privileges in the host. (CVE-2017-12134) Andrey Konovalov discovered that a divide-by-zero error existed in the TCP stack implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14106) Otto Ebeling discovered that the memory manager in the Linux kernel did not properly check the effective UID in some situations. A local attacker could use this to expose sensitive information. (CVE-2017-14140) Update Instructions: Run `sudo pro fix USN-3444-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1008-kvm - 4.4.0-1008.13 No subscription required linux-image-extra-4.4.0-1032-gke - 4.4.0-1032.32 linux-image-4.4.0-1032-gke - 4.4.0-1032.32 No subscription required linux-image-4.4.0-1038-aws - 4.4.0-1038.47 No subscription required linux-image-4.4.0-1075-raspi2 - 4.4.0-1075.83 No subscription required linux-image-4.4.0-1077-snapdragon - 4.4.0-1077.82 No subscription required linux-image-4.4.0-97-generic - 4.4.0-97.120 linux-image-extra-4.4.0-97-generic - 4.4.0-97.120 linux-image-4.4.0-97-lowlatency - 4.4.0-97.120 linux-image-4.4.0-97-powerpc-smp - 4.4.0-97.120 linux-image-4.4.0-97-generic-lpae - 4.4.0-97.120 linux-image-4.4.0-97-powerpc64-emb - 4.4.0-97.120 linux-image-4.4.0-97-powerpc64-smp - 4.4.0-97.120 linux-image-4.4.0-97-powerpc-e500mc - 4.4.0-97.120 No subscription required Medium CVE-2017-12134 CVE-2017-14106 CVE-2017-14140 Ubuntu 16.04 LTS Boris Bobrov discovered that OpenStack Keystone incorrectly handled federation mapping when there are rules in which group-based assignments are not used. A remote authenticated user may receive all the roles assigned to a project regardless of the federation mapping, contrary to expectations. Update Instructions: Run `sudo pro fix USN-3448-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-keystone - 2:9.3.0-0ubuntu3.1 keystone-doc - 2:9.3.0-0ubuntu3.1 keystone - 2:9.3.0-0ubuntu3.1 No subscription required Medium CVE-2017-2673 Ubuntu 16.04 LTS Bhargava Shastry discovered that Open vSwitch incorrectly handled certain OFP messages. A remote attacker could possibly use this issue to cause Open vSwitch to crash, resulting in a denial of service. (CVE-2017-9214) It was discovered that Open vSwitch incorrectly handled certain OpenFlow role messages. A remote attacker could possibly use this issue to cause Open vSwitch to crash, resulting in a denial of service. (CVE-2017-9263) It was discovered that Open vSwitch incorrectly handled certain malformed packets. A remote attacker could possibly use this issue to cause Open vSwitch to crash, resulting in a denial of service. This issue only affected Ubuntu 17.04. (CVE-2017-9264) It was discovered that Open vSwitch incorrectly handled group mod OpenFlow messages. A remote attacker could possibly use this issue to cause Open vSwitch to crash, resulting in a denial of service. (CVE-2017-9265) Update Instructions: Run `sudo pro fix USN-3450-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openvswitch-switch - 2.5.2-0ubuntu0.16.04.2 openvswitch-pki - 2.5.2-0ubuntu0.16.04.2 ovn-docker - 2.5.2-0ubuntu0.16.04.2 openvswitch-common - 2.5.2-0ubuntu0.16.04.2 openvswitch-testcontroller - 2.5.2-0ubuntu0.16.04.2 openvswitch-vtep - 2.5.2-0ubuntu0.16.04.2 python-openvswitch - 2.5.2-0ubuntu0.16.04.2 openvswitch-ipsec - 2.5.2-0ubuntu0.16.04.2 ovn-host - 2.5.2-0ubuntu0.16.04.2 ovn-common - 2.5.2-0ubuntu0.16.04.2 ovn-central - 2.5.2-0ubuntu0.16.04.2 openvswitch-switch-dpdk - 2.5.2-0ubuntu0.16.04.2 openvswitch-test - 2.5.2-0ubuntu0.16.04.2 No subscription required Medium CVE-2017-9214 CVE-2017-9263 CVE-2017-9264 CVE-2017-9265 Ubuntu 16.04 LTS Michal Srb discovered that the X.Org X server incorrectly handled shared memory segments. An attacker able to connect to an X server, either locally or remotely, could use this issue to crash the server, or possibly replace shared memory segments of other X clients in the same session. (CVE-2017-13721) Michal Srb discovered that the X.Org X server incorrectly handled XKB buffers. An attacker able to connect to an X server, either locally or remotely, could use this issue to crash the server, or possibly execute arbitrary code. (CVE-2017-13723) Update Instructions: Run `sudo pro fix USN-3453-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xserver-xorg-core - 2:1.18.4-0ubuntu0.6 xmir - 2:1.18.4-0ubuntu0.6 xwayland - 2:1.18.4-0ubuntu0.6 xorg-server-source - 2:1.18.4-0ubuntu0.6 xdmx - 2:1.18.4-0ubuntu0.6 xserver-xorg-legacy - 2:1.18.4-0ubuntu0.6 xserver-xorg-xmir - 2:1.18.4-0ubuntu0.6 xvfb - 2:1.18.4-0ubuntu0.6 xserver-xorg-dev - 2:1.18.4-0ubuntu0.6 xserver-xorg-core-udeb - 2:1.18.4-0ubuntu0.6 xnest - 2:1.18.4-0ubuntu0.6 xserver-xephyr - 2:1.18.4-0ubuntu0.6 xserver-common - 2:1.18.4-0ubuntu0.6 xdmx-tools - 2:1.18.4-0ubuntu0.6 No subscription required xorg-server-source-hwe-16.04 - 2:1.19.3-1ubuntu1~16.04.3 xserver-xephyr-hwe-16.04 - 2:1.19.3-1ubuntu1~16.04.3 xserver-xorg-core-hwe-16.04 - 2:1.19.3-1ubuntu1~16.04.3 xmir-hwe-16.04 - 2:1.19.3-1ubuntu1~16.04.3 xserver-xorg-legacy-hwe-16.04 - 2:1.19.3-1ubuntu1~16.04.3 xwayland-hwe-16.04 - 2:1.19.3-1ubuntu1~16.04.3 xserver-xorg-dev-hwe-16.04 - 2:1.19.3-1ubuntu1~16.04.3 No subscription required Medium CVE-2017-13721 CVE-2017-13723 Ubuntu 16.04 LTS Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly handled WPA2. A remote attacker could use this issue with key reinstallation attacks to obtain sensitive information. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) Imre Rad discovered that wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters. A remote attacker could use this issue to cause a denial of service. (CVE-2016-4476) Imre Rad discovered that wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters. A local attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2016-4477) Update Instructions: Run `sudo pro fix USN-3455-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: hostapd - 1:2.4-0ubuntu6.2 No subscription required wpagui - 2.4-0ubuntu6.2 wpasupplicant-udeb - 2.4-0ubuntu6.2 wpasupplicant - 2.4-0ubuntu6.2 No subscription required High CVE-2016-4476 CVE-2016-4477 CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 Ubuntu 16.04 LTS It was discovered that the X.Org X server incorrectly handled certain lengths. An attacker able to connect to an X server, either locally or remotely, could use these issues to crash the server, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3456-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xserver-xorg-core - 2:1.18.4-0ubuntu0.7 xmir - 2:1.18.4-0ubuntu0.7 xwayland - 2:1.18.4-0ubuntu0.7 xorg-server-source - 2:1.18.4-0ubuntu0.7 xdmx - 2:1.18.4-0ubuntu0.7 xserver-xorg-legacy - 2:1.18.4-0ubuntu0.7 xserver-xorg-xmir - 2:1.18.4-0ubuntu0.7 xvfb - 2:1.18.4-0ubuntu0.7 xserver-xorg-dev - 2:1.18.4-0ubuntu0.7 xserver-xorg-core-udeb - 2:1.18.4-0ubuntu0.7 xnest - 2:1.18.4-0ubuntu0.7 xserver-xephyr - 2:1.18.4-0ubuntu0.7 xserver-common - 2:1.18.4-0ubuntu0.7 xdmx-tools - 2:1.18.4-0ubuntu0.7 No subscription required xorg-server-source-hwe-16.04 - 2:1.19.3-1ubuntu1~16.04.4 xserver-xephyr-hwe-16.04 - 2:1.19.3-1ubuntu1~16.04.4 xserver-xorg-core-hwe-16.04 - 2:1.19.3-1ubuntu1~16.04.4 xmir-hwe-16.04 - 2:1.19.3-1ubuntu1~16.04.4 xserver-xorg-legacy-hwe-16.04 - 2:1.19.3-1ubuntu1~16.04.4 xwayland-hwe-16.04 - 2:1.19.3-1ubuntu1~16.04.4 xserver-xorg-dev-hwe-16.04 - 2:1.19.3-1ubuntu1~16.04.4 No subscription required Medium CVE-2017-12176 CVE-2017-12177 CVE-2017-12178 CVE-2017-12179 CVE-2017-12180 CVE-2017-12181 CVE-2017-12182 CVE-2017-12183 CVE-2017-12184 CVE-2017-12185 CVE-2017-12186 CVE-2017-12187 Ubuntu 16.04 LTS Brian Carpenter discovered that curl incorrectly handled IMAP FETCH response lines. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3457-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.47.0-1ubuntu2.4 libcurl4-openssl-dev - 7.47.0-1ubuntu2.4 libcurl3-gnutls - 7.47.0-1ubuntu2.4 libcurl4-doc - 7.47.0-1ubuntu2.4 libcurl3-nss - 7.47.0-1ubuntu2.4 libcurl4-nss-dev - 7.47.0-1ubuntu2.4 libcurl3 - 7.47.0-1ubuntu2.4 curl - 7.47.0-1ubuntu2.4 No subscription required Medium CVE-2017-1000257 Ubuntu 16.04 LTS It was discovered that ICU incorrectly handled certain inputs. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-3458-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: icu-devtools - 55.1-7ubuntu0.3 libicu55 - 55.1-7ubuntu0.3 libicu-dev - 55.1-7ubuntu0.3 icu-doc - 55.1-7ubuntu0.3 No subscription required Medium CVE-2017-14952 Ubuntu 16.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.58 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, Ubuntu 17.04 and Ubuntu 17.10 have been updated to MySQL 5.7.20. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-58.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-20.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html Update Instructions: Run `sudo pro fix USN-3459-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.20-0ubuntu0.16.04.1 mysql-source-5.7 - 5.7.20-0ubuntu0.16.04.1 libmysqlclient-dev - 5.7.20-0ubuntu0.16.04.1 mysql-client-core-5.7 - 5.7.20-0ubuntu0.16.04.1 mysql-client-5.7 - 5.7.20-0ubuntu0.16.04.1 libmysqlclient20 - 5.7.20-0ubuntu0.16.04.1 mysql-server-5.7 - 5.7.20-0ubuntu0.16.04.1 mysql-common - 5.7.20-0ubuntu0.16.04.1 mysql-server - 5.7.20-0ubuntu0.16.04.1 mysql-server-core-5.7 - 5.7.20-0ubuntu0.16.04.1 mysql-testsuite - 5.7.20-0ubuntu0.16.04.1 libmysqld-dev - 5.7.20-0ubuntu0.16.04.1 mysql-testsuite-5.7 - 5.7.20-0ubuntu0.16.04.1 No subscription required Medium CVE-2017-10155 CVE-2017-10165 CVE-2017-10167 CVE-2017-10227 CVE-2017-10268 CVE-2017-10276 CVE-2017-10283 CVE-2017-10286 CVE-2017-10294 CVE-2017-10311 CVE-2017-10313 CVE-2017-10314 CVE-2017-10320 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384 Ubuntu 16.04 LTS A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-3460-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.18.0-0ubuntu0.16.04.2 libwebkit2gtk-4.0-37-gtk2 - 2.18.0-0ubuntu0.16.04.2 libjavascriptcoregtk-4.0-dev - 2.18.0-0ubuntu0.16.04.2 libwebkit2gtk-4.0-37 - 2.18.0-0ubuntu0.16.04.2 libjavascriptcoregtk-4.0-18 - 2.18.0-0ubuntu0.16.04.2 libwebkit2gtk-4.0-doc - 2.18.0-0ubuntu0.16.04.2 libjavascriptcoregtk-4.0-bin - 2.18.0-0ubuntu0.16.04.2 gir1.2-webkit2-4.0 - 2.18.0-0ubuntu0.16.04.2 libwebkit2gtk-4.0-dev - 2.18.0-0ubuntu0.16.04.2 No subscription required Medium CVE-2017-7087 CVE-2017-7089 CVE-2017-7090 CVE-2017-7091 CVE-2017-7092 CVE-2017-7093 CVE-2017-7095 CVE-2017-7096 CVE-2017-7098 CVE-2017-7100 CVE-2017-7102 CVE-2017-7104 CVE-2017-7107 CVE-2017-7109 CVE-2017-7111 CVE-2017-7117 CVE-2017-7120 Ubuntu 16.04 LTS It was discovered that the NVIDIA graphics drivers contained flaws in the kernel mode layer. A local attacker could use these issues to cause a denial of service or potentially escalate their privileges on the system. Update Instructions: Run `sudo pro fix USN-3461-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nvidia-opencl-icd-384 - 384.90-0ubuntu0.16.04.1 nvidia-libopencl1-375 - 384.90-0ubuntu0.16.04.1 nvidia-375-dev - 384.90-0ubuntu0.16.04.1 nvidia-libopencl1-384 - 384.90-0ubuntu0.16.04.1 nvidia-384-dev - 384.90-0ubuntu0.16.04.1 nvidia-opencl-icd-375 - 384.90-0ubuntu0.16.04.1 libcuda1-384 - 384.90-0ubuntu0.16.04.1 nvidia-384 - 384.90-0ubuntu0.16.04.1 libcuda1-375 - 384.90-0ubuntu0.16.04.1 nvidia-375 - 384.90-0ubuntu0.16.04.1 No subscription required Medium CVE-2017-6257 CVE-2017-6259 CVE-2017-6266 CVE-2017-6267 CVE-2017-6272 Ubuntu 16.04 LTS Jan Pokorný and Alain Moulle discovered that Pacemaker incorrectly handled the IPC interface. A local attacker could possibly use this issue to execute arbitrary code with root privileges. (CVE-2016-7035) Alain Moulle discovered that Pacemaker incorrectly handled authentication. A remote attacker could possibly use this issue to shut down connections, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-7797) Update Instructions: Run `sudo pro fix USN-3462-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: pacemaker-remote - 1.1.14-2ubuntu1.2 libcrmcommon-dev - 1.1.14-2ubuntu1.2 pacemaker-resource-agents - 1.1.14-2ubuntu1.2 pacemaker-cli-utils - 1.1.14-2ubuntu1.2 pacemaker-common - 1.1.14-2ubuntu1.2 liblrmd1 - 1.1.14-2ubuntu1.2 libcrmcluster-dev - 1.1.14-2ubuntu1.2 libstonithd-dev - 1.1.14-2ubuntu1.2 libpe-status10 - 1.1.14-2ubuntu1.2 libtransitioner2 - 1.1.14-2ubuntu1.2 libstonithd2 - 1.1.14-2ubuntu1.2 libcrmservice3 - 1.1.14-2ubuntu1.2 libcrmcommon3 - 1.1.14-2ubuntu1.2 libcib-dev - 1.1.14-2ubuntu1.2 pacemaker - 1.1.14-2ubuntu1.2 libcrmservice-dev - 1.1.14-2ubuntu1.2 libpe-rules2 - 1.1.14-2ubuntu1.2 liblrmd-dev - 1.1.14-2ubuntu1.2 libpengine10 - 1.1.14-2ubuntu1.2 libpengine-dev - 1.1.14-2ubuntu1.2 pacemaker-doc - 1.1.14-2ubuntu1.2 libcrmcluster4 - 1.1.14-2ubuntu1.2 libcib4 - 1.1.14-2ubuntu1.2 No subscription required Medium CVE-2016-7035 CVE-2016-7797 Ubuntu 16.04 LTS It was discovered that Werkzeug did not properly handle certain web scripts. A remote attacker could use this to inject arbitrary code via a field that contains an exception message. Update Instructions: Run `sudo pro fix USN-3463-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-werkzeug - 0.10.4+dfsg1-1ubuntu1.1 python-werkzeug - 0.10.4+dfsg1-1ubuntu1.1 python-werkzeug-doc - 0.10.4+dfsg1-1ubuntu1.1 No subscription required Medium CVE-2016-10516 Ubuntu 16.04 LTS Antti Levomäki, Christian Jalio, and Joonas Pihlaja discovered that Wget incorrectly handled certain HTTP responses. A remote attacker could use this issue to cause Wget to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-13089, CVE-2017-13090) Dawid Golunski discovered that Wget incorrectly handled recursive or mirroring mode. A remote attacker could possibly use this issue to bypass intended access list restrictions. (CVE-2016-7098) Orange Tsai discovered that Wget incorrectly handled CRLF sequences in HTTP headers. A remote attacker could possibly use this issue to inject arbitrary HTTP headers. (CVE-2017-6508) Update Instructions: Run `sudo pro fix USN-3464-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: wget - 1.17.1-1ubuntu1.3 wget-udeb - 1.17.1-1ubuntu1.3 No subscription required Medium CVE-2016-7098 CVE-2017-13089 CVE-2017-13090 CVE-2017-6508 Ubuntu 16.04 LTS Brian Carpenter discovered that Irssi incorrectly handled messages with invalid time stamps. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-10965) Brian Carpenter discovered that Irssi incorrectly handled the internal nick list. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-10966) Joseph Bisch discovered that Irssi incorrectly removed destroyed channels from the query list. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-15227) Hanno Böck discovered that Irssi incorrectly handled themes. If a user were tricked into using a malicious theme, a attacker could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-15228) Joseph Bisch discovered that Irssi incorrectly handled certain DCC CTCP messages. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-15721) Joseph Bisch discovered that Irssi incorrectly handled certain channel IDs. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-15722) Joseph Bisch discovered that Irssi incorrectly handled certain long nicks or targets. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-15723) Update Instructions: Run `sudo pro fix USN-3465-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: irssi-dev - 0.8.19-1ubuntu1.5 irssi - 0.8.19-1ubuntu1.5 No subscription required Medium CVE-2017-10965 CVE-2017-10966 CVE-2017-15227 CVE-2017-15228 CVE-2017-15721 CVE-2017-15722 CVE-2017-15723 Ubuntu 16.04 LTS It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service. Update Instructions: Run `sudo pro fix USN-3467-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpoppler58 - 0.41.0-0ubuntu1.5 poppler-utils - 0.41.0-0ubuntu1.5 libpoppler-qt5-1 - 0.41.0-0ubuntu1.5 libpoppler-cpp-dev - 0.41.0-0ubuntu1.5 libpoppler-cpp0 - 0.41.0-0ubuntu1.5 gir1.2-poppler-0.18 - 0.41.0-0ubuntu1.5 libpoppler-dev - 0.41.0-0ubuntu1.5 libpoppler-glib8 - 0.41.0-0ubuntu1.5 libpoppler-private-dev - 0.41.0-0ubuntu1.5 libpoppler-qt4-dev - 0.41.0-0ubuntu1.5 libpoppler-glib-dev - 0.41.0-0ubuntu1.5 libpoppler-qt4-4 - 0.41.0-0ubuntu1.5 libpoppler-qt5-dev - 0.41.0-0ubuntu1.5 libpoppler-glib-doc - 0.41.0-0ubuntu1.5 No subscription required Medium CVE-2017-15565 Ubuntu 16.04 LTS USN-3468-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. It was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2017-1000252) It was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-10663) Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. (CVE-2017-10911) It was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-11176) Dave Chinner discovered that the XFS filesystem did not enforce that the realtime inode flag was settable only on filesystems on a realtime device. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14340) Update Instructions: Run `sudo pro fix USN-3468-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.10.0-38-generic-lpae - 4.10.0-38.42~16.04.1 linux-image-4.10.0-38-generic - 4.10.0-38.42~16.04.1 linux-image-extra-4.10.0-38-generic - 4.10.0-38.42~16.04.1 linux-image-4.10.0-38-lowlatency - 4.10.0-38.42~16.04.1 No subscription required Medium CVE-2017-1000252 CVE-2017-10663 CVE-2017-10911 CVE-2017-11176 CVE-2017-14340 Ubuntu 16.04 LTS It was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2017-1000252) It was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-10663) Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. (CVE-2017-10911) It was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-11176) Dave Chinner discovered that the XFS filesystem did not enforce that the realtime inode flag was settable only on filesystems on a realtime device. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14340) Update Instructions: Run `sudo pro fix USN-3468-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-4.10.0-1008-gcp - 4.10.0-1008.8 linux-image-4.10.0-1008-gcp - 4.10.0-1008.8 No subscription required Medium CVE-2017-1000252 CVE-2017-10663 CVE-2017-10911 CVE-2017-11176 CVE-2017-14340 Ubuntu 16.04 LTS Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. (CVE-2017-10911) Bo Zhang discovered that the netlink wireless configuration interface in the Linux kernel did not properly validate attributes when handling certain requests. A local attacker with the CAP_NET_ADMIN could use this to cause a denial of service (system crash). (CVE-2017-12153) It was discovered that the nested KVM implementation in the Linux kernel in some situations did not properly prevent second level guests from reading and writing the hardware CR8 register. A local attacker in a guest could use this to cause a denial of service (system crash). It was discovered that the key management subsystem in the Linux kernel did not properly restrict key reads on negatively instantiated keys. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-12192) It was discovered that an integer overflow existed in the sysfs interface for the QLogic 24xx+ series SCSI driver in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2017-14051) It was discovered that the ATI Radeon framebuffer driver in the Linux kernel did not properly initialize a data structure returned to user space. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-14156) Dave Chinner discovered that the XFS filesystem did not enforce that the realtime inode flag was settable only on filesystems on a realtime device. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14340) ChunYu Wang discovered that the iSCSI transport implementation in the Linux kernel did not properly validate data structures. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14489) It was discovered that the generic SCSI driver in the Linux kernel did not properly initialize data returned to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-14991) Dmitry Vyukov discovered that the Floating Point Unit (fpu) subsystem in the Linux kernel did not properly handle attempts to set reserved bits in a task's extended state (xstate) area. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-15537) Pengfei Wang discovered that the Turtle Beach MultiSound audio device driver in the Linux kernel contained race conditions when fetching from the ring-buffer. A local attacker could use this to cause a denial of service (infinite loop). (CVE-2017-9984, CVE-2017-9985) Update Instructions: Run `sudo pro fix USN-3469-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1009-kvm - 4.4.0-1009.14 No subscription required linux-image-extra-4.4.0-1033-gke - 4.4.0-1033.33 linux-image-4.4.0-1033-gke - 4.4.0-1033.33 No subscription required linux-image-4.4.0-1039-aws - 4.4.0-1039.48 No subscription required linux-image-4.4.0-1076-raspi2 - 4.4.0-1076.84 No subscription required linux-image-4.4.0-1078-snapdragon - 4.4.0-1078.83 No subscription required linux-image-4.4.0-98-generic-lpae - 4.4.0-98.121 linux-image-4.4.0-98-powerpc64-emb - 4.4.0-98.121 linux-image-extra-4.4.0-98-generic - 4.4.0-98.121 linux-image-4.4.0-98-generic - 4.4.0-98.121 linux-image-4.4.0-98-powerpc-smp - 4.4.0-98.121 linux-image-4.4.0-98-lowlatency - 4.4.0-98.121 linux-image-4.4.0-98-powerpc-e500mc - 4.4.0-98.121 linux-image-4.4.0-98-powerpc64-smp - 4.4.0-98.121 No subscription required Medium CVE-2017-10911 CVE-2017-12153 CVE-2017-12154 CVE-2017-12192 CVE-2017-14051 CVE-2017-14156 CVE-2017-14340 CVE-2017-14489 CVE-2017-14991 CVE-2017-15537 CVE-2017-9984 CVE-2017-9985 Ubuntu 16.04 LTS Andreas Jaggi discovered that Quagga incorrectly handled certain BGP UPDATE messages. A remote attacker could possibly use this issue to cause Quagga to crash, resulting in a denial of service. (CVE-2017-16227) Quentin Young discovered that Quagga incorrectly handled memory in the telnet vty CLI. An attacker able to connect to the telnet interface could possibly use this issue to cause Quagga to consume memory, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-5495) Update Instructions: Run `sudo pro fix USN-3471-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: quagga - 0.99.24.1-2ubuntu1.3 quagga-doc - 0.99.24.1-2ubuntu1.3 No subscription required Medium CVE-2017-16227 CVE-2017-5495 Ubuntu 16.04 LTS It was discovered that the Smart Card IO subsystem in OpenJDK did not properly maintain state. An attacker could use this to specially construct an untrusted Java application or applet to gain access to a smart card, bypassing sandbox restrictions. (CVE-2017-10274) Gaston Traberg discovered that the Serialization component of OpenJDK did not properly limit the amount of memory allocated when performing deserializations. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2017-10281) It was discovered that the Remote Method Invocation (RMI) component in OpenJDK did not properly handle unreferenced objects. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10285) It was discovered that the HTTPUrlConnection classes in OpenJDK did not properly handle newlines. An attacker could use this to convince a Java application or applet to inject headers into http requests. (CVE-2017-10295) Francesco Palmarini, Marco Squarcina, Mauro Tempesta, and Riccardo Focardi discovered that the Serialization component of OpenJDK did not properly restrict the amount of memory allocated when deserializing objects from Java Cryptography Extension KeyStore (JCEKS). An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2017-10345) It was discovered that the Hotspot component of OpenJDK did not properly perform loader checks when handling the invokespecial JVM instruction. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10346) Gaston Traberg discovered that the Serialization component of OpenJDK did not properly limit the amount of memory allocated when performing deserializations in the SimpleTimeZone class. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2017-10347) It was discovered that the Serialization component of OpenJDK did not properly limit the amount of memory allocated when performing deserializations. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2017-10348, CVE-2017-10357) It was discovered that the JAXP component in OpenJDK did not properly limit the amount of memory allocated when performing deserializations. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2017-10349) It was discovered that the JAX-WS component in OpenJDK did not properly limit the amount of memory allocated when performing deserializations. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2017-10350) It was discovered that the Networking component of OpenJDK did not properly set timeouts on FTP client actions. A remote attacker could use this to cause a denial of service (application hang). (CVE-2017-10355) Francesco Palmarini, Marco Squarcina, Mauro Tempesta, Riccardo Focardi, and Tobias Ospelt discovered that the Security component in OpenJDK did not sufficiently protect password-based encryption keys in key stores. An attacker could use this to expose sensitive information. (CVE-2017-10356) Jeffrey Altman discovered that the Kerberos client implementation in OpenJDK incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network services or perform other attacks. (CVE-2017-10388) Update Instructions: Run `sudo pro fix USN-3473-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-8-doc - 8u151-b12-0ubuntu0.16.04.2 openjdk-8-jdk - 8u151-b12-0ubuntu0.16.04.2 openjdk-8-jre-headless - 8u151-b12-0ubuntu0.16.04.2 openjdk-8-jre - 8u151-b12-0ubuntu0.16.04.2 openjdk-8-jdk-headless - 8u151-b12-0ubuntu0.16.04.2 openjdk-8-source - 8u151-b12-0ubuntu0.16.04.2 openjdk-8-jre-zero - 8u151-b12-0ubuntu0.16.04.2 openjdk-8-demo - 8u151-b12-0ubuntu0.16.04.2 openjdk-8-jre-jamvm - 8u151-b12-0ubuntu0.16.04.2 No subscription required Medium CVE-2017-10274 CVE-2017-10281 CVE-2017-10285 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 Ubuntu 16.04 LTS It was discovered that OpenSSL incorrectly parsed the IPAddressFamily extension in X.509 certificates, resulting in an erroneous display of the certificate in text format. (CVE-2017-3735) It was discovered that OpenSSL incorrectly performed the x86_64 Montgomery squaring procedure. While unlikely, a remote attacker could possibly use this issue to recover private keys. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-3736) Update Instructions: Run `sudo pro fix USN-3475-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.2g-1ubuntu4.9 libssl-dev - 1.0.2g-1ubuntu4.9 openssl - 1.0.2g-1ubuntu4.9 libssl-doc - 1.0.2g-1ubuntu4.9 libcrypto1.0.0-udeb - 1.0.2g-1ubuntu4.9 libssl1.0.0-udeb - 1.0.2g-1ubuntu4.9 No subscription required Medium CVE-2017-3735 CVE-2017-3736 Ubuntu 16.04 LTS Dawid Golunski discovered that the postgresql-common pg_ctlcluster script incorrectly handled symlinks. A local attacker could possibly use this issue to escalate privileges. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-1255) It was discovered that the postgresql-common helper scripts incorrectly handled symlinks. A local attacker could possibly use this issue to escalate privileges. (CVE-2017-8806) Update Instructions: Run `sudo pro fix USN-3476-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-server-dev-all - 173ubuntu0.1 postgresql-client-common - 173ubuntu0.1 postgresql-common - 173ubuntu0.1 No subscription required postgresql - 9.5+173ubuntu0.1 postgresql-contrib - 9.5+173ubuntu0.1 postgresql-doc - 9.5+173ubuntu0.1 postgresql-client - 9.5+173ubuntu0.1 No subscription required Medium CVE-2016-1255 CVE-2017-8806 Ubuntu 16.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information, bypass same-origin restrictions, bypass CSP protections, bypass mixed content blocking, spoof the addressbar, or execute arbitrary code. (CVE-2017-7826, CVE-2017-7827, CVE-2017-7828, CVE-2017-7830, CVE-2017-7831, CVE-2017-7832, CVE-2017-7833, CVE-2017-7834, CVE-2017-7835, CVE-2017-7837, CVE-2017-7838, CVE-2017-7842) It was discovered that javascript: URLs pasted in to the addressbar would be executed instead of being blocked in some circumstances. If a user were tricked in to copying a specially crafted URL in to the addressbar, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2017-7839) It was discovered that exported bookmarks do not strip script elements from user-supplied tags. If a user were tricked in to adding specially crafted tags to bookmarks, exporting them and then opening the resulting HTML file, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2017-7840) Update Instructions: Run `sudo pro fix USN-3477-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-nn - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-nb - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-fa - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-fi - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-fr - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-fy - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-or - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-kab - 57.0+build4-0ubuntu0.16.04.5 firefox-testsuite - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-oc - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-cs - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-ga - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-gd - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-gn - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-gl - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-gu - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-pa - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-pl - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-cy - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-pt - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-hi - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-ms - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-he - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-hy - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-hr - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-hu - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-it - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-as - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-ar - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-az - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-id - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-mai - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-af - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-is - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-vi - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-an - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-bs - 57.0+build4-0ubuntu0.16.04.5 firefox - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-ro - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-ja - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-ru - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-br - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-zh-hant - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-zh-hans - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-bn - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-be - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-bg - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-sl - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-sk - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-si - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-sw - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-sv - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-sr - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-sq - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-ko - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-kn - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-km - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-kk - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-ka - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-xh - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-ca - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-ku - 57.0+build4-0ubuntu0.16.04.5 firefox-mozsymbols - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-lv - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-lt - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-th - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-hsb - 57.0+build4-0ubuntu0.16.04.5 firefox-dev - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-te - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-cak - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-ta - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-lg - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-tr - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-nso - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-de - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-da - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-uk - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-mr - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-my - 57.0+build4-0ubuntu0.16.04.5 firefox-globalmenu - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-uz - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-ml - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-mn - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-mk - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-ur - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-eu - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-et - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-es - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-csb - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-el - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-eo - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-en - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-zu - 57.0+build4-0ubuntu0.16.04.5 firefox-locale-ast - 57.0+build4-0ubuntu0.16.04.5 No subscription required Medium CVE-2017-7826 CVE-2017-7827 CVE-2017-7828 CVE-2017-7830 CVE-2017-7831 CVE-2017-7832 CVE-2017-7833 CVE-2017-7834 CVE-2017-7835 CVE-2017-7837 CVE-2017-7838 CVE-2017-7839 CVE-2017-7840 CVE-2017-7842 Ubuntu 16.04 LTS USN-3477-1 fixed vulnerabilities in Firefox. The update caused search suggestions to not be displayed when performing Google searches from the search bar. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information, bypass same-origin restrictions, bypass CSP protections, bypass mixed content blocking, spoof the addressbar, or execute arbitrary code. (CVE-2017-7826, CVE-2017-7827, CVE-2017-7828, CVE-2017-7830, CVE-2017-7831, CVE-2017-7832, CVE-2017-7833, CVE-2017-7834, CVE-2017-7835, CVE-2017-7837, CVE-2017-7838, CVE-2017-7842) It was discovered that javascript: URLs pasted in to the addressbar would be executed instead of being blocked in some circumstances. If a user were tricked in to copying a specially crafted URL in to the addressbar, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2017-7839) It was discovered that exported bookmarks do not strip script elements from user-supplied tags. If a user were tricked in to adding specially crafted tags to bookmarks, exporting them and then opening the resulting HTML file, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2017-7840) Update Instructions: Run `sudo pro fix USN-3477-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-nn - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-nb - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-fa - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-fi - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-fr - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-fy - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-or - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-kab - 57.0+build4-0ubuntu0.16.04.6 firefox-testsuite - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-oc - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-cs - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-ga - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-gd - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-gn - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-gl - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-gu - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-pa - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-pl - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-cy - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-pt - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-hi - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-ms - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-he - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-hy - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-hr - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-hu - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-it - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-as - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-ar - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-az - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-id - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-mai - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-af - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-is - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-vi - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-an - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-bs - 57.0+build4-0ubuntu0.16.04.6 firefox - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-ro - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-ja - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-ru - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-br - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-zh-hant - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-zh-hans - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-bn - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-be - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-bg - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-sl - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-sk - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-si - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-sw - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-sv - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-sr - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-sq - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-ko - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-kn - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-km - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-kk - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-ka - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-xh - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-ca - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-ku - 57.0+build4-0ubuntu0.16.04.6 firefox-mozsymbols - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-lv - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-lt - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-th - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-hsb - 57.0+build4-0ubuntu0.16.04.6 firefox-dev - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-te - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-cak - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-ta - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-lg - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-tr - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-nso - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-de - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-da - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-uk - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-mr - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-my - 57.0+build4-0ubuntu0.16.04.6 firefox-globalmenu - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-uz - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-ml - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-mn - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-mk - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-ur - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-eu - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-et - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-es - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-csb - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-el - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-eo - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-en - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-zu - 57.0+build4-0ubuntu0.16.04.6 firefox-locale-ast - 57.0+build4-0ubuntu0.16.04.6 No subscription required None https://launchpad.net/bugs/1733970 Ubuntu 16.04 LTS USN-3477-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information, bypass same-origin restrictions, bypass CSP protections, bypass mixed content blocking, spoof the addressbar, or execute arbitrary code. (CVE-2017-7826, CVE-2017-7827, CVE-2017-7828, CVE-2017-7830, CVE-2017-7831, CVE-2017-7832, CVE-2017-7833, CVE-2017-7834, CVE-2017-7835, CVE-2017-7837, CVE-2017-7838, CVE-2017-7842) It was discovered that javascript: URLs pasted in to the addressbar would be executed instead of being blocked in some circumstances. If a user were tricked in to copying a specially crafted URL in to the addressbar, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2017-7839) It was discovered that exported bookmarks do not strip script elements from user-supplied tags. If a user were tricked in to adding specially crafted tags to bookmarks, exporting them and then opening the resulting HTML file, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2017-7840) Update Instructions: Run `sudo pro fix USN-3477-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-nn - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-nb - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-fa - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-fi - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-fr - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-fy - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-or - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-kab - 57.0.1+build2-0ubuntu0.16.04.1 firefox-testsuite - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-oc - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-cs - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ga - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-gd - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-gn - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-gl - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-gu - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-pa - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-pl - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-cy - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-pt - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-hi - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ms - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-he - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-hy - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-hr - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-hu - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-it - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-as - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ar - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-az - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-id - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-mai - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-af - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-is - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-vi - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-an - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-bs - 57.0.1+build2-0ubuntu0.16.04.1 firefox - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ro - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ja - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ru - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-br - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-zh-hant - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-zh-hans - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-bn - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-be - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-bg - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-sl - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-sk - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-si - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-sw - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-sv - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-sr - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-sq - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ko - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-kn - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-km - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-kk - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ka - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-xh - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ca - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ku - 57.0.1+build2-0ubuntu0.16.04.1 firefox-mozsymbols - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-lv - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-lt - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-th - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-hsb - 57.0.1+build2-0ubuntu0.16.04.1 firefox-dev - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-te - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-cak - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ta - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-lg - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-tr - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-nso - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-de - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-da - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-uk - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-mr - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-my - 57.0.1+build2-0ubuntu0.16.04.1 firefox-globalmenu - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-uz - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ml - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-mn - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-mk - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ur - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-eu - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-et - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-es - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-csb - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-el - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-eo - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-en - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-zu - 57.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ast - 57.0.1+build2-0ubuntu0.16.04.1 No subscription required None https://launchpad.net/bugs/1735801 Ubuntu 16.04 LTS USN-3477-1 fixed vulnerabilities in Firefox. The update introduced a crash reporting issue where background tab crash reports were sent to Mozilla without user opt-in. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information, bypass same-origin restrictions, bypass CSP protections, bypass mixed content blocking, spoof the addressbar, or execute arbitrary code. (CVE-2017-7826, CVE-2017-7827, CVE-2017-7828, CVE-2017-7830, CVE-2017-7831, CVE-2017-7832, CVE-2017-7833, CVE-2017-7834, CVE-2017-7835, CVE-2017-7837, CVE-2017-7838, CVE-2017-7842) It was discovered that javascript: URLs pasted in to the addressbar would be executed instead of being blocked in some circumstances. If a user were tricked in to copying a specially crafted URL in to the addressbar, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2017-7839) It was discovered that exported bookmarks do not strip script elements from user-supplied tags. If a user were tricked in to adding specially crafted tags to bookmarks, exporting them and then opening the resulting HTML file, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2017-7840) Update Instructions: Run `sudo pro fix USN-3477-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-nn - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-nb - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-fa - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-fi - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-fr - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-fy - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-or - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-kab - 57.0.3+build1-0ubuntu0.16.04.1 firefox-testsuite - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-oc - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-cs - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ga - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-gd - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-gn - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-gl - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-gu - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-pa - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-pl - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-cy - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-pt - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-hi - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ms - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-he - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-hy - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-hr - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-hu - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-it - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-as - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ar - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-az - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-id - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-mai - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-af - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-is - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-vi - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-an - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-bs - 57.0.3+build1-0ubuntu0.16.04.1 firefox - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ro - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ja - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ru - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-br - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-zh-hant - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-zh-hans - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-bn - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-be - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-bg - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-sl - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-sk - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-si - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-sw - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-sv - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-sr - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-sq - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ko - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-kn - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-km - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-kk - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ka - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-xh - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ca - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ku - 57.0.3+build1-0ubuntu0.16.04.1 firefox-mozsymbols - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-lv - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-lt - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-th - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-hsb - 57.0.3+build1-0ubuntu0.16.04.1 firefox-dev - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-te - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-cak - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ta - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-lg - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-tr - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-nso - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-de - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-da - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-uk - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-mr - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-my - 57.0.3+build1-0ubuntu0.16.04.1 firefox-globalmenu - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-uz - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ml - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-mn - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-mk - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ur - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-eu - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-et - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-es - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-csb - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-el - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-eo - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-en - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-zu - 57.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ast - 57.0.3+build1-0ubuntu0.16.04.1 No subscription required None https://launchpad.net/bugs/1741048 Ubuntu 16.04 LTS Jakub Wilk discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-12837, CVE-2017-12883) Update Instructions: Run `sudo pro fix USN-3478-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: perl-modules-5.22 - 5.22.1-9ubuntu0.2 libperl-dev - 5.22.1-9ubuntu0.2 perl-doc - 5.22.1-9ubuntu0.2 perl - 5.22.1-9ubuntu0.2 perl-base - 5.22.1-9ubuntu0.2 perl-debug - 5.22.1-9ubuntu0.2 libperl5.22 - 5.22.1-9ubuntu0.2 No subscription required Medium CVE-2017-12837 CVE-2017-12883 Ubuntu 16.04 LTS David Rowley discovered that PostgreSQL incorrectly handled memory when processing certain JSON functions. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2017-15098) Dean Rasheed discovered that PostgreSQL incorrectly enforced SELECT privileges when processing INSERT ... ON CONFLICT DO UPDATE commands. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 17.04 and Ubuntu 17.10. Update Instructions: Run `sudo pro fix USN-3479-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-doc-9.5 - 9.5.10-0ubuntu0.16.04 postgresql-plperl-9.5 - 9.5.10-0ubuntu0.16.04 postgresql-server-dev-9.5 - 9.5.10-0ubuntu0.16.04 postgresql-9.5 - 9.5.10-0ubuntu0.16.04 postgresql-plpython-9.5 - 9.5.10-0ubuntu0.16.04 libecpg6 - 9.5.10-0ubuntu0.16.04 postgresql-client-9.5 - 9.5.10-0ubuntu0.16.04 libpq-dev - 9.5.10-0ubuntu0.16.04 postgresql-contrib-9.5 - 9.5.10-0ubuntu0.16.04 libpgtypes3 - 9.5.10-0ubuntu0.16.04 libecpg-dev - 9.5.10-0ubuntu0.16.04 postgresql-pltcl-9.5 - 9.5.10-0ubuntu0.16.04 libpq5 - 9.5.10-0ubuntu0.16.04 postgresql-plpython3-9.5 - 9.5.10-0ubuntu0.16.04 libecpg-compat3 - 9.5.10-0ubuntu0.16.04 No subscription required Medium CVE-2017-15098 CVE-2017-15099 Ubuntu 16.04 LTS Sander Bos discovered that Apport incorrectly handled core dumps for setuid binaries. A local attacker could use this issue to perform a denial of service via resource exhaustion or possibly gain root privileges. (CVE-2017-14177) Sander Bos discovered that Apport incorrectly handled core dumps for processes in a different PID namespace. A local attacker could use this issue to perform a denial of service via resource exhaustion or possibly gain root privileges. (CVE-2017-14180) Update Instructions: Run `sudo pro fix USN-3480-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.20.1-0ubuntu2.12 python3-problem-report - 2.20.1-0ubuntu2.12 apport-kde - 2.20.1-0ubuntu2.12 apport-retrace - 2.20.1-0ubuntu2.12 apport-valgrind - 2.20.1-0ubuntu2.12 python3-apport - 2.20.1-0ubuntu2.12 dh-apport - 2.20.1-0ubuntu2.12 apport-gtk - 2.20.1-0ubuntu2.12 apport - 2.20.1-0ubuntu2.12 python-problem-report - 2.20.1-0ubuntu2.12 apport-noui - 2.20.1-0ubuntu2.12 No subscription required High CVE-2017-14177 CVE-2017-14180 Ubuntu 16.04 LTS USN-3480-1 fixed vulnerabilities in Apport. The fix for CVE-2017-14177 introduced a regression in the ability to handle crashes for users that configured their systems to use the Upstart init system in Ubuntu 16.04 LTS and Ubuntu 17.04. The fix for CVE-2017-14180 temporarily disabled crash forwarding to containers. This update addresses the problems. We apologize for the inconvenience. Original advisory details: Sander Bos discovered that Apport incorrectly handled core dumps for setuid binaries. A local attacker could use this issue to perform a denial of service via resource exhaustion or possibly gain root privileges. (CVE-2017-14177) Sander Bos discovered that Apport incorrectly handled core dumps for processes in a different PID namespace. A local attacker could use this issue to perform a denial of service via resource exhaustion or possibly gain root privileges. (CVE-2017-14180) Update Instructions: Run `sudo pro fix USN-3480-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.20.1-0ubuntu2.13 python3-problem-report - 2.20.1-0ubuntu2.13 apport-kde - 2.20.1-0ubuntu2.13 apport-retrace - 2.20.1-0ubuntu2.13 apport-valgrind - 2.20.1-0ubuntu2.13 python3-apport - 2.20.1-0ubuntu2.13 dh-apport - 2.20.1-0ubuntu2.13 apport-gtk - 2.20.1-0ubuntu2.13 apport - 2.20.1-0ubuntu2.13 python-problem-report - 2.20.1-0ubuntu2.13 apport-noui - 2.20.1-0ubuntu2.13 No subscription required None https://launchpad.net/bugs/1726372 https://launchpad.net/bugs/1732518 Ubuntu 16.04 LTS USN-3480-2 fixed regressions in Apport. The update introduced a new regression in the container support. This update addresses the problem. We apologize for the inconvenience. Original advisory details: Sander Bos discovered that Apport incorrectly handled core dumps for setuid binaries. A local attacker could use this issue to perform a denial of service via resource exhaustion or possibly gain root privileges. (CVE-2017-14177) Sander Bos discovered that Apport incorrectly handled core dumps for processes in a different PID namespace. A local attacker could use this issue to perform a denial of service via resource exhaustion or possibly gain root privileges. (CVE-2017-14180) Update Instructions: Run `sudo pro fix USN-3480-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.20.1-0ubuntu2.15 python3-problem-report - 2.20.1-0ubuntu2.15 apport-kde - 2.20.1-0ubuntu2.15 apport-retrace - 2.20.1-0ubuntu2.15 apport-valgrind - 2.20.1-0ubuntu2.15 python3-apport - 2.20.1-0ubuntu2.15 dh-apport - 2.20.1-0ubuntu2.15 apport-gtk - 2.20.1-0ubuntu2.15 apport - 2.20.1-0ubuntu2.15 python-problem-report - 2.20.1-0ubuntu2.15 apport-noui - 2.20.1-0ubuntu2.15 No subscription required None https://launchpad.net/bugs/1733366 Ubuntu 16.04 LTS A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-3481-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.18.3-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.18.3-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-dev - 2.18.3-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 - 2.18.3-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-18 - 2.18.3-0ubuntu0.16.04.1 libwebkit2gtk-4.0-doc - 2.18.3-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-bin - 2.18.3-0ubuntu0.16.04.1 gir1.2-webkit2-4.0 - 2.18.3-0ubuntu0.16.04.1 libwebkit2gtk-4.0-dev - 2.18.3-0ubuntu0.16.04.1 No subscription required Medium CVE-2017-13783 CVE-2017-13784 CVE-2017-13785 CVE-2017-13788 CVE-2017-13791 CVE-2017-13792 CVE-2017-13793 CVE-2017-13794 CVE-2017-13795 CVE-2017-13796 CVE-2017-13798 CVE-2017-13802 CVE-2017-13803 Ubuntu 16.04 LTS Jakub Wilk discovered that the formail tool incorrectly handled certain malformed mail messages. An attacker could use this flaw to cause formail to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3483-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: procmail - 3.22-25ubuntu0.16.04.1 No subscription required High CVE-2017-16844 Ubuntu 16.04 LTS USN-3484-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host OS. Update Instructions: Run `sudo pro fix USN-3484-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.10.0-40-generic - 4.10.0-40.44~16.04.1 linux-image-4.10.0-40-lowlatency - 4.10.0-40.44~16.04.1 linux-image-extra-4.10.0-40-generic - 4.10.0-40.44~16.04.1 linux-image-4.10.0-40-generic-lpae - 4.10.0-40.44~16.04.1 No subscription required High CVE-2017-12188 Ubuntu 16.04 LTS It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host OS. Update Instructions: Run `sudo pro fix USN-3484-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.10.0-1009-gcp - 4.10.0-1009.9 linux-image-extra-4.10.0-1009-gcp - 4.10.0-1009.9 No subscription required High CVE-2017-12188 Ubuntu 16.04 LTS It was discovered that a race condition existed in the ALSA subsystem of the Linux kernel when creating and deleting a port via ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15265) Eric Biggers discovered that the key management subsystem in the Linux kernel did not properly restrict adding a key that already exists but is uninstantiated. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15299) It was discovered that a race condition existed in the packet fanout implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15649) Eric Biggers discovered a race condition in the key management subsystem of the Linux kernel around keys in a negative state. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15951) Andrey Konovalov discovered a use-after-free vulnerability in the USB serial console driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16525) Andrey Konovalov discovered that the Ultra Wide Band driver in the Linux kernel did not properly check for an error condition. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16526) Andrey Konovalov discovered that the ALSA subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16527) Andrey Konovalov discovered that the ALSA subsystem in the Linux kernel did not properly validate USB audio buffer descriptors. A physically proximate attacker could use this cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16529) Andrey Konovalov discovered that the USB unattached storage driver in the Linux kernel contained out-of-bounds error when handling alternative settings. A physically proximate attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16530) Andrey Konovalov discovered that the USB subsystem in the Linux kernel did not properly validate USB interface association descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16531) Andrey Konovalov discovered that the USB subsystem in the Linux kernel did not properly validate USB HID descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16533) Andrey Konovalov discovered that the USB subsystem in the Linux kernel did not properly validate CDC metadata. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16534) Andrey Konovalov discovered that the USB subsystem in the Linux kernel did not properly validate USB BOS metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16535) Update Instructions: Run `sudo pro fix USN-3485-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-101-generic-lpae - 4.4.0-101.124 linux-image-4.4.0-101-generic - 4.4.0-101.124 linux-image-4.4.0-101-powerpc-smp - 4.4.0-101.124 linux-image-extra-4.4.0-101-generic - 4.4.0-101.124 linux-image-4.4.0-101-powerpc-e500mc - 4.4.0-101.124 linux-image-4.4.0-101-powerpc64-emb - 4.4.0-101.124 linux-image-4.4.0-101-lowlatency - 4.4.0-101.124 linux-image-4.4.0-101-powerpc64-smp - 4.4.0-101.124 No subscription required linux-image-4.4.0-1010-kvm - 4.4.0-1010.15 No subscription required linux-image-4.4.0-1034-gke - 4.4.0-1034.34 linux-image-extra-4.4.0-1034-gke - 4.4.0-1034.34 No subscription required linux-image-4.4.0-1041-aws - 4.4.0-1041.50 No subscription required linux-image-4.4.0-1077-raspi2 - 4.4.0-1077.85 No subscription required linux-image-4.4.0-1079-snapdragon - 4.4.0-1079.84 No subscription required Medium CVE-2017-15265 CVE-2017-15299 CVE-2017-15649 CVE-2017-15951 CVE-2017-16525 CVE-2017-16526 CVE-2017-16527 CVE-2017-16529 CVE-2017-16530 CVE-2017-16531 CVE-2017-16533 CVE-2017-16534 CVE-2017-16535 Ubuntu 16.04 LTS Yihan Lian and Zhibin Hu discovered that Samba incorrectly handled memory when processing certain SMB1 requests. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2017-14746) Volker Lendecke discovered that Samba incorrectly cleared memory when returning data to a client. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2017-15275) Update Instructions: Run `sudo pro fix USN-3486-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.16.04.12 samba - 2:4.3.11+dfsg-0ubuntu0.16.04.12 libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.12 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.12 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.12 smbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.12 python-samba - 2:4.3.11+dfsg-0ubuntu0.16.04.12 winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.12 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.16.04.12 samba-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.12 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.16.04.12 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.16.04.12 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.12 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.12 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.12 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.12 samba-common - 2:4.3.11+dfsg-0ubuntu0.16.04.12 registry-tools - 2:4.3.11+dfsg-0ubuntu0.16.04.12 samba-libs - 2:4.3.11+dfsg-0ubuntu0.16.04.12 ctdb - 2:4.3.11+dfsg-0ubuntu0.16.04.12 No subscription required Medium CVE-2017-14746 CVE-2017-15275 Ubuntu 16.04 LTS It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host OS. Update Instructions: Run `sudo pro fix USN-3488-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.11.0-1015-azure - 4.11.0-1015.15 linux-image-extra-4.11.0-1015-azure - 4.11.0-1015.15 No subscription required High CVE-2017-12188 Ubuntu 16.04 LTS It was discovered that Berkeley DB incorrectly handled certain configuration files. An attacker could possibly use this issue to read sensitive information. Update Instructions: Run `sudo pro fix USN-3489-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: db5.3-doc - 5.3.28-11ubuntu0.1 libdb5.3-java-jni - 5.3.28-11ubuntu0.1 libdb5.3-tcl - 5.3.28-11ubuntu0.1 libdb5.3-java-dev - 5.3.28-11ubuntu0.1 libdb5.3-dev - 5.3.28-11ubuntu0.1 db5.3-util - 5.3.28-11ubuntu0.1 libdb5.3-stl-dev - 5.3.28-11ubuntu0.1 libdb5.3-sql - 5.3.28-11ubuntu0.1 libdb5.3++-dev - 5.3.28-11ubuntu0.1 db5.3-sql-util - 5.3.28-11ubuntu0.1 libdb5.3 - 5.3.28-11ubuntu0.1 libdb5.3-stl - 5.3.28-11ubuntu0.1 libdb5.3-java-gcj - 5.3.28-11ubuntu0.1 libdb5.3-sql-dev - 5.3.28-11ubuntu0.1 libdb5.3-java - 5.3.28-11ubuntu0.1 libdb5.3++ - 5.3.28-11ubuntu0.1 No subscription required Medium CVE-2017-10140 Ubuntu 16.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing-like context, an attacker could potentially exploit these to bypass same-origin restrictions, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-7826, CVE-2017-7828, CVE-2017-7830) Update Instructions: Run `sudo pro fix USN-3490-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-bn - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fr - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-en-us - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-es-es - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nb-no - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-br - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-dsb - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fy - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-vi - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-mk - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-bn-bd - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hu - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-es-ar - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-be - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-bg - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ja - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-lt - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sl - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-en-gb - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-cy - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-si - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-gnome-support - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hr - 1:52.5.0+build1-0ubuntu0.16.04.1 xul-ext-calendar-timezones - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-de - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-en - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-da - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nl - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nn - 1:52.5.0+build1-0ubuntu0.16.04.1 xul-ext-lightning - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ga-ie - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fy-nl - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sv - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pa-in - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sr - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sq - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-he - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hsb - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-kab - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ar - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-uk - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-globalmenu - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-cn - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ta-lk - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ru - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-cs - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-mozsymbols - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fi - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-testsuite - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ro - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-af - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pt-pt - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sk - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-dev - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hy - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ca - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sv-se - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pt-br - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-el - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pa - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-rm - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ka - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nn-no - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ko - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ga - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ast - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-tr - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-it - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pl - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-gd - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-tw - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-id - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-gl - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nb - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pt - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-eu - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-et - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-hant - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-hans - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-is - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-es - 1:52.5.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ta - 1:52.5.0+build1-0ubuntu0.16.04.1 No subscription required Medium CVE-2017-7826 CVE-2017-7828 CVE-2017-7830 Ubuntu 16.04 LTS Leon Weber discovered that the ldns-keygen tool incorrectly set permissions on private keys. A local attacker could possibly use this issue to obtain generated private keys. This issue only applied to Ubuntu 14.04 LTS. (CVE-2014-3209) Stephan Zeisberg discovered that ldns incorrectly handled memory when processing data. A remote attacker could use this issue to cause ldns to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-1000231, CVE-2017-1000232) Update Instructions: Run `sudo pro fix USN-3491-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libldns-dev - 1.6.17-8ubuntu0.1 python-ldns - 1.6.17-8ubuntu0.1 ldnsutils - 1.6.17-8ubuntu0.1 libldns1 - 1.6.17-8ubuntu0.1 No subscription required Medium CVE-2014-3209 CVE-2017-1000231 CVE-2017-1000232 Ubuntu 16.04 LTS It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code Update Instructions: Run `sudo pro fix USN-3492-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libraw-doc - 0.17.1-1ubuntu0.1 libraw-bin - 0.17.1-1ubuntu0.1 libraw-dev - 0.17.1-1ubuntu0.1 libraw15 - 0.17.1-1ubuntu0.1 No subscription required Medium CVE-2015-3885 CVE-2015-8366 CVE-2015-8367 CVE-2017-13735 CVE-2017-14265 CVE-2017-14348 CVE-2017-14608 CVE-2017-6886 CVE-2017-6887 Ubuntu 16.04 LTS It was discovered that XML::LibXML incorrectly handled memory when processing a replaceChild call. A remote attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3494-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxml-libxml-perl - 2.0123+dfsg-1ubuntu0.1 No subscription required Medium CVE-2017-10672 Ubuntu 16.04 LTS It was discovered that OptiPNG incorrectly handled memory. A remote attacker could use this issue with a specially crafted image file to cause OptiPNG to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3495-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: optipng - 0.7.6-1ubuntu0.16.04.1 No subscription required Medium CVE-2017-1000229 Ubuntu 16.04 LTS It was discovered that Python incorrectly handled decoding certain strings. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3496-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpython2.7-minimal - 2.7.12-1ubuntu0~16.04.2 libpython2.7 - 2.7.12-1ubuntu0~16.04.2 python2.7 - 2.7.12-1ubuntu0~16.04.2 python2.7-minimal - 2.7.12-1ubuntu0~16.04.2 libpython2.7-testsuite - 2.7.12-1ubuntu0~16.04.2 libpython2.7-dev - 2.7.12-1ubuntu0~16.04.2 idle-python2.7 - 2.7.12-1ubuntu0~16.04.2 python2.7-doc - 2.7.12-1ubuntu0~16.04.2 python2.7-dev - 2.7.12-1ubuntu0~16.04.2 python2.7-examples - 2.7.12-1ubuntu0~16.04.2 libpython2.7-stdlib - 2.7.12-1ubuntu0~16.04.2 No subscription required Medium CVE-2017-1000158 Ubuntu 16.04 LTS USN-3496-1 fixed a vulnerability in Python2.7. This update provides the corresponding update for versions 3.4 and 3.5. Original advisory details: It was discovered that Python incorrectly handled decoding certain strings. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3496-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpython3.5-stdlib - 3.5.2-2ubuntu0~16.04.4 libpython3.5-minimal - 3.5.2-2ubuntu0~16.04.4 python3.5-venv - 3.5.2-2ubuntu0~16.04.4 python3.5 - 3.5.2-2ubuntu0~16.04.4 python3.5-minimal - 3.5.2-2ubuntu0~16.04.4 python3.5-doc - 3.5.2-2ubuntu0~16.04.4 libpython3.5-testsuite - 3.5.2-2ubuntu0~16.04.4 libpython3.5 - 3.5.2-2ubuntu0~16.04.4 python3.5-examples - 3.5.2-2ubuntu0~16.04.4 python3.5-dev - 3.5.2-2ubuntu0~16.04.4 idle-python3.5 - 3.5.2-2ubuntu0~16.04.4 libpython3.5-dev - 3.5.2-2ubuntu0~16.04.4 No subscription required Medium CVE-2017-1000158 Ubuntu 16.04 LTS Alex Nichols discovered that curl incorrectly handled NTLM authentication credentials. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 17.04 and Ubuntu 17.10. (CVE-2017-8816) It was discovered that curl incorrectly handled FTP wildcard matching. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2017-8817) Update Instructions: Run `sudo pro fix USN-3498-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.47.0-1ubuntu2.5 libcurl4-openssl-dev - 7.47.0-1ubuntu2.5 libcurl3-gnutls - 7.47.0-1ubuntu2.5 libcurl4-doc - 7.47.0-1ubuntu2.5 libcurl3-nss - 7.47.0-1ubuntu2.5 libcurl4-nss-dev - 7.47.0-1ubuntu2.5 libcurl3 - 7.47.0-1ubuntu2.5 curl - 7.47.0-1ubuntu2.5 No subscription required Medium CVE-2017-8816 CVE-2017-8817 Ubuntu 16.04 LTS It was discovered that libXfont incorrectly followed symlinks when opening font files. A local unprivileged user could use this issue to cause the X server to access arbitrary files, including special device files. Update Instructions: Run `sudo pro fix USN-3500-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxfont1-dev - 1:1.5.1-1ubuntu0.16.04.4 libxfont1-udeb - 1:1.5.1-1ubuntu0.16.04.4 libxfont1 - 1:1.5.1-1ubuntu0.16.04.4 No subscription required libxfont2-udeb - 1:2.0.1-3~ubuntu16.04.3 libxfont2 - 1:2.0.1-3~ubuntu16.04.3 libxfont-dev - 1:2.0.1-3~ubuntu16.04.3 No subscription required Medium CVE-2017-16611 Ubuntu 16.04 LTS It was discovered that libxcursor incorrectly handled certain files. An attacker could use these issues to cause libxcursor to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3501-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxcursor-dev - 1:1.1.14-1ubuntu0.16.04.1 libxcursor1 - 1:1.1.14-1ubuntu0.16.04.1 libxcursor1-udeb - 1:1.1.14-1ubuntu0.16.04.1 No subscription required Medium CVE-2017-16612 Ubuntu 16.04 LTS It was discovered that Evince incorrectly handled printing certain DVI files. If a user were tricked into opening and printing a specially-named DVI file, an attacker could use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3503-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-evince-3.0 - 3.18.2-1ubuntu4.3 libevview3-3 - 3.18.2-1ubuntu4.3 evince-common - 3.18.2-1ubuntu4.3 libevince-dev - 3.18.2-1ubuntu4.3 evince - 3.18.2-1ubuntu4.3 libevdocument3-4 - 3.18.2-1ubuntu4.3 evince-gtk - 3.18.2-1ubuntu4.3 No subscription required Medium CVE-2017-1000159 Ubuntu 16.04 LTS Wei Lei discovered that libxml2 incorrecty handled certain parameter entities. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service. Update Instructions: Run `sudo pro fix USN-3504-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxml2 - 2.9.3+dfsg1-1ubuntu0.4 libxml2-utils - 2.9.3+dfsg1-1ubuntu0.4 libxml2 - 2.9.3+dfsg1-1ubuntu0.4 libxml2-udeb - 2.9.3+dfsg1-1ubuntu0.4 libxml2-doc - 2.9.3+dfsg1-1ubuntu0.4 libxml2-dev - 2.9.3+dfsg1-1ubuntu0.4 No subscription required Low CVE-2017-16932 Ubuntu 16.04 LTS Mathy Vanhoef discovered that the firmware for several Intel WLAN devices incorrectly handled WPA2 in relation to Wake on WLAN. A remote attacker could use this issue with key reinstallation attacks to obtain sensitive information. (CVE-2017-13080, CVE-2017-13081) Update Instructions: Run `sudo pro fix USN-3505-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: scsi-firmware - 1.157.14 nic-firmware - 1.157.14 linux-firmware - 1.157.14 No subscription required High CVE-2017-13080 CVE-2017-13081 Ubuntu 16.04 LTS It was discovered that rsync proceeds with certain file metadata updates before checking for a filename. An attacker could use this to bypass access restrictions. (CVE-2017-17433) It was discovered that rsync does not check for fnamecmp filenames and also does not apply the sanitize_paths protection mechanism to pathnames. An attacker could use this to bypass access restrictions. (CVE-2017-17434) Update Instructions: Run `sudo pro fix USN-3506-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rsync - 3.1.1-3ubuntu1.1 No subscription required Medium CVE-2017-17433 CVE-2017-17434 Ubuntu 16.04 LTS Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16939) It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service (application crashes) or possibly gain administrative privileges. (CVE-2017-1000405) Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array implementation in the Linux kernel sometimes did not properly handle adding a new entry. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-12193) Eric Biggers discovered that the key management subsystem in the Linux kernel did not properly restrict adding a key that already exists but is uninstantiated. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15299) It was discovered that a null pointer dereference error existed in the PowerPC KVM implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-15306) Eric Biggers discovered a race condition in the key management subsystem of the Linux kernel around keys in a negative state. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15951) Update Instructions: Run `sudo pro fix USN-3507-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.13.0-1002-gcp - 4.13.0-1002.5 linux-image-extra-4.13.0-1002-gcp - 4.13.0-1002.5 No subscription required High CVE-2017-1000405 CVE-2017-12193 CVE-2017-15299 CVE-2017-15306 CVE-2017-15951 CVE-2017-16939 Ubuntu 16.04 LTS USN-3508-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16939) It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service (application crashes) or possibly gain administrative privileges. (CVE-2017-1000405) Yonggang Guo discovered that a race condition existed in the driver subsystem in the Linux kernel. A local attacker could use this to possibly gain administrative privileges. (CVE-2017-12146) Update Instructions: Run `sudo pro fix USN-3508-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.10.0-42-generic-lpae - 4.10.0-42.46~16.04.1 linux-image-4.10.0-42-lowlatency - 4.10.0-42.46~16.04.1 linux-image-4.10.0-42-generic - 4.10.0-42.46~16.04.1 linux-image-extra-4.10.0-42-generic - 4.10.0-42.46~16.04.1 No subscription required High CVE-2017-1000405 CVE-2017-12146 CVE-2017-16939 Ubuntu 16.04 LTS Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16939) It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service (application crashes) or possibly gain administrative privileges. (CVE-2017-1000405) Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array implementation in the Linux kernel sometimes did not properly handle adding a new entry. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-12193) Andrey Konovalov discovered an out-of-bounds read in the GTCO digitizer USB driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16643) Update Instructions: Run `sudo pro fix USN-3509-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1012-kvm - 4.4.0-1012.17 No subscription required linux-image-4.4.0-103-powerpc64-smp - 4.4.0-103.126 linux-image-4.4.0-103-generic-lpae - 4.4.0-103.126 linux-image-4.4.0-103-powerpc64-emb - 4.4.0-103.126 linux-image-4.4.0-103-generic - 4.4.0-103.126 linux-image-extra-4.4.0-103-generic - 4.4.0-103.126 linux-image-4.4.0-103-powerpc-smp - 4.4.0-103.126 linux-image-4.4.0-103-powerpc-e500mc - 4.4.0-103.126 linux-image-4.4.0-103-lowlatency - 4.4.0-103.126 No subscription required linux-image-4.4.0-1043-aws - 4.4.0-1043.52 No subscription required linux-image-4.4.0-1079-raspi2 - 4.4.0-1079.87 No subscription required linux-image-4.4.0-1081-snapdragon - 4.4.0-1081.86 No subscription required High CVE-2017-1000405 CVE-2017-12193 CVE-2017-16643 CVE-2017-16939 Ubuntu 16.04 LTS USN-3509-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. Unfortunately, it also introduced a regression that prevented the Ceph network filesystem from being used. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16939) It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service (application crashes) or possibly gain administrative privileges. (CVE-2017-1000405) Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array implementation in the Linux kernel sometimes did not properly handle adding a new entry. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-12193) Andrey Konovalov discovered an out-of-bounds read in the GTCO digitizer USB driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16643) Update Instructions: Run `sudo pro fix USN-3509-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1013-kvm - 4.4.0-1013.18 No subscription required linux-image-4.4.0-104-powerpc64-smp - 4.4.0-104.127 linux-image-4.4.0-104-lowlatency - 4.4.0-104.127 linux-image-4.4.0-104-powerpc64-emb - 4.4.0-104.127 linux-image-extra-4.4.0-104-generic - 4.4.0-104.127 linux-image-4.4.0-104-powerpc-smp - 4.4.0-104.127 linux-image-4.4.0-104-powerpc-e500mc - 4.4.0-104.127 linux-image-4.4.0-104-generic-lpae - 4.4.0-104.127 linux-image-4.4.0-104-generic - 4.4.0-104.127 No subscription required linux-image-4.4.0-1044-aws - 4.4.0-1044.53 No subscription required linux-image-4.4.0-1080-raspi2 - 4.4.0-1080.88 No subscription required None https://launchpad.net/bugs/1737033 Ubuntu 16.04 LTS Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16939) It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service (application crashes) or possibly gain administrative privileges. (CVE-2017-1000405) Update Instructions: Run `sudo pro fix USN-3511-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-4.11.0-1016-azure - 4.11.0-1016.16 linux-image-4.11.0-1016-azure - 4.11.0-1016.16 No subscription required High CVE-2017-1000405 CVE-2017-16939 Ubuntu 16.04 LTS David Benjamin discovered that OpenSSL did not correctly prevent buggy applications that ignore handshake errors from subsequently calling certain functions. (CVE-2017-3737) It was discovered that OpenSSL incorrectly performed the x86_64 Montgomery multiplication procedure. While unlikely, a remote attacker could possibly use this issue to recover private keys. (CVE-2017-3738) Update Instructions: Run `sudo pro fix USN-3512-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.2g-1ubuntu4.10 libssl-dev - 1.0.2g-1ubuntu4.10 openssl - 1.0.2g-1ubuntu4.10 libssl-doc - 1.0.2g-1ubuntu4.10 libcrypto1.0.0-udeb - 1.0.2g-1ubuntu4.10 libssl1.0.0-udeb - 1.0.2g-1ubuntu4.10 No subscription required Medium CVE-2017-3737 CVE-2017-3738 Ubuntu 16.04 LTS It was discovered that libxml2 incorrecty handled certain files. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service. Update Instructions: Run `sudo pro fix USN-3513-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxml2 - 2.9.3+dfsg1-1ubuntu0.5 libxml2-utils - 2.9.3+dfsg1-1ubuntu0.5 libxml2 - 2.9.3+dfsg1-1ubuntu0.5 libxml2-udeb - 2.9.3+dfsg1-1ubuntu0.5 libxml2-doc - 2.9.3+dfsg1-1ubuntu0.5 libxml2-dev - 2.9.3+dfsg1-1ubuntu0.5 No subscription required Medium CVE-2017-15412 Ubuntu 16.04 LTS A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-3514-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.18.4-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.18.4-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-dev - 2.18.4-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 - 2.18.4-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-18 - 2.18.4-0ubuntu0.16.04.1 libwebkit2gtk-4.0-doc - 2.18.4-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-bin - 2.18.4-0ubuntu0.16.04.1 gir1.2-webkit2-4.0 - 2.18.4-0ubuntu0.16.04.1 libwebkit2gtk-4.0-dev - 2.18.4-0ubuntu0.16.04.1 No subscription required Medium CVE-2017-13856 CVE-2017-13866 CVE-2017-13870 CVE-2017-7156 Ubuntu 16.04 LTS It was discovered that Ruby allows FTP command injection. An attacker could use this to cause arbitrary command execution. Update Instructions: Run `sudo pro fix USN-3515-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libruby2.3 - 2.3.1-2~16.04.4 ruby2.3-tcltk - 2.3.1-2~16.04.4 ruby2.3 - 2.3.1-2~16.04.4 ruby2.3-dev - 2.3.1-2~16.04.4 ruby2.3-doc - 2.3.1-2~16.04.4 No subscription required Medium CVE-2017-17405 Ubuntu 16.04 LTS It was discovered that speculative execution performed by modern CPUs could leak information through a timing side-channel attack, and that this could be exploited in web browser JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information from other domains, bypassing same-origin restrictions. (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754). Update Instructions: Run `sudo pro fix USN-3516-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-nn - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-nb - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-fa - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-fi - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-fr - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-fy - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-or - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-kab - 57.0.4+build1-0ubuntu0.16.04.1 firefox-testsuite - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-oc - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-cs - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-ga - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-gd - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-gn - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-gl - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-gu - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-pa - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-pl - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-cy - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-pt - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-hi - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-ms - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-he - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-hy - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-hr - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-hu - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-it - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-as - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-ar - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-az - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-id - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-mai - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-af - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-is - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-vi - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-an - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-bs - 57.0.4+build1-0ubuntu0.16.04.1 firefox - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-ro - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-ja - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-ru - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-br - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-zh-hant - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-zh-hans - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-bn - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-be - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-bg - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-sl - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-sk - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-si - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-sw - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-sv - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-sr - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-sq - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-ko - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-kn - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-km - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-kk - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-ka - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-xh - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-ca - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-ku - 57.0.4+build1-0ubuntu0.16.04.1 firefox-mozsymbols - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-lv - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-lt - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-th - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-hsb - 57.0.4+build1-0ubuntu0.16.04.1 firefox-dev - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-te - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-cak - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-ta - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-lg - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-tr - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-nso - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-de - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-da - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-uk - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-mr - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-my - 57.0.4+build1-0ubuntu0.16.04.1 firefox-globalmenu - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-uz - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-ml - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-mn - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-mk - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-ur - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-eu - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-et - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-es - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-csb - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-el - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-eo - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-en - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-zu - 57.0.4+build1-0ubuntu0.16.04.1 firefox-locale-ast - 57.0.4+build1-0ubuntu0.16.04.1 No subscription required Critical CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 Ubuntu 16.04 LTS It was discovered that poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could execute arbitrary. (CVE-2017-1000456) It was discovered that poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2017-14976) Update Instructions: Run `sudo pro fix USN-3517-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpoppler58 - 0.41.0-0ubuntu1.6 poppler-utils - 0.41.0-0ubuntu1.6 libpoppler-qt5-1 - 0.41.0-0ubuntu1.6 libpoppler-cpp-dev - 0.41.0-0ubuntu1.6 libpoppler-cpp0 - 0.41.0-0ubuntu1.6 gir1.2-poppler-0.18 - 0.41.0-0ubuntu1.6 libpoppler-dev - 0.41.0-0ubuntu1.6 libpoppler-glib8 - 0.41.0-0ubuntu1.6 libpoppler-private-dev - 0.41.0-0ubuntu1.6 libpoppler-qt4-dev - 0.41.0-0ubuntu1.6 libpoppler-glib-dev - 0.41.0-0ubuntu1.6 libpoppler-qt4-4 - 0.41.0-0ubuntu1.6 libpoppler-qt5-dev - 0.41.0-0ubuntu1.6 libpoppler-glib-doc - 0.41.0-0ubuntu1.6 No subscription required Medium CVE-2017-1000456 CVE-2017-14976 Ubuntu 16.04 LTS It was discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3518-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: awstats - 7.4+dfsg-1ubuntu0.2 No subscription required Medium CVE-2017-1000501 Ubuntu 16.04 LTS It was discovered that Tomcat incorrectly handled certain pipelined requests when sendfile was used. A remote attacker could use this issue to obtain wrong responses possibly containing sensitive information. (CVE-2017-5647) It was discovered that Tomcat incorrectly used the appropriate facade object. A malicious application could possibly use this to bypass Security Manager restrictions. (CVE-2017-5648) It was discovered that Tomcat incorrectly handled error pages. A remote attacker could possibly use this issue to replace or remove the custom error page. (CVE-2017-5664) It was discovered that Tomcat incorrectly handled the CORS filter. A remote attacker could possibly use this issue to perform cache poisoning. (CVE-2017-7674) Update Instructions: Run `sudo pro fix USN-3519-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tomcat8-docs - 8.0.32-1ubuntu1.5 tomcat8-user - 8.0.32-1ubuntu1.5 libservlet3.1-java - 8.0.32-1ubuntu1.5 libservlet3.1-java-doc - 8.0.32-1ubuntu1.5 tomcat8-examples - 8.0.32-1ubuntu1.5 tomcat8-admin - 8.0.32-1ubuntu1.5 libtomcat8-java - 8.0.32-1ubuntu1.5 tomcat8-common - 8.0.32-1ubuntu1.5 tomcat8 - 8.0.32-1ubuntu1.5 No subscription required Medium CVE-2017-5647 CVE-2017-5648 CVE-2017-5664 CVE-2017-7674 Ubuntu 16.04 LTS It was discovered that PySAML2 incorrectly accepted any password when run with python optimizations enabled. An attacker could use this issue to authenticate as any user without a valid password. Update Instructions: Run `sudo pro fix USN-3520-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-pysaml2-doc - 3.0.0-3ubuntu1.16.04.3 python-pysaml2 - 3.0.0-3ubuntu1.16.04.3 python3-pysaml2 - 3.0.0-3ubuntu1.16.04.3 No subscription required Medium CVE-2017-1000433 Ubuntu 16.04 LTS Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations to address the issue, along with compatibility fixes for the corresponding Linux kernel updates. Update Instructions: Run `sudo pro fix USN-3521-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nvidia-opencl-icd-384 - 384.111-0ubuntu0.16.04.1 nvidia-libopencl1-375 - 384.111-0ubuntu0.16.04.1 nvidia-375-dev - 384.111-0ubuntu0.16.04.1 nvidia-libopencl1-384 - 384.111-0ubuntu0.16.04.1 nvidia-384-dev - 384.111-0ubuntu0.16.04.1 nvidia-opencl-icd-375 - 384.111-0ubuntu0.16.04.1 libcuda1-384 - 384.111-0ubuntu0.16.04.1 nvidia-384 - 384.111-0ubuntu0.16.04.1 libcuda1-375 - 384.111-0ubuntu0.16.04.1 nvidia-375 - 384.111-0ubuntu0.16.04.1 No subscription required High CVE-2017-5753 Ubuntu 16.04 LTS Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. Update Instructions: Run `sudo pro fix USN-3522-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1015-kvm - 4.4.0-1015.20 No subscription required linux-image-4.4.0-1047-aws - 4.4.0-1047.56 No subscription required linux-image-4.4.0-108-generic-lpae - 4.4.0-108.131 linux-image-extra-4.4.0-108-generic - 4.4.0-108.131 linux-image-4.4.0-108-powerpc-e500mc - 4.4.0-108.131 linux-image-4.4.0-108-powerpc64-emb - 4.4.0-108.131 linux-image-4.4.0-108-generic - 4.4.0-108.131 linux-image-4.4.0-108-powerpc-smp - 4.4.0-108.131 linux-image-4.4.0-108-lowlatency - 4.4.0-108.131 linux-image-4.4.0-108-powerpc64-smp - 4.4.0-108.131 No subscription required linux-image-extra-4.4.0-9021-euclid - 4.4.0-9021.22 linux-image-4.4.0-9021-euclid - 4.4.0-9021.22 No subscription required Critical CVE-2017-5754 Ubuntu 16.04 LTS USN-3522-1 fixed a vulnerability in the Linux kernel to address Meltdown (CVE-2017-5754). Unfortunately, that update introduced a regression where a few systems failed to boot successfully. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. Update Instructions: Run `sudo pro fix USN-3522-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-109-powerpc-e500mc - 4.4.0-109.132 linux-image-4.4.0-109-powerpc64-smp - 4.4.0-109.132 linux-image-4.4.0-109-generic-lpae - 4.4.0-109.132 linux-image-4.4.0-109-powerpc-smp - 4.4.0-109.132 linux-image-4.4.0-109-lowlatency - 4.4.0-109.132 linux-image-extra-4.4.0-109-generic - 4.4.0-109.132 linux-image-4.4.0-109-generic - 4.4.0-109.132 linux-image-4.4.0-109-powerpc64-emb - 4.4.0-109.132 No subscription required None https://launchpad.net/bugs/1741934 Ubuntu 16.04 LTS USN-3523-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5754) Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel did not properly check the relationship between pointer values and the BPF stack. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17863) Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16995) Alexei Starovoitov discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel contained a branch-pruning logic issue around unreachable code. A local attacker could use this to cause a denial of service. (CVE-2017-17862) Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel mishandled pointer data values in some situations. A local attacker could use this to to expose sensitive information (kernel memory). (CVE-2017-17864) Update Instructions: Run `sudo pro fix USN-3523-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.13.0-1005-azure - 4.13.0-1005.7 linux-image-extra-4.13.0-1005-azure - 4.13.0-1005.7 No subscription required linux-image-extra-4.13.0-1006-gcp - 4.13.0-1006.9 linux-image-4.13.0-1006-gcp - 4.13.0-1006.9 No subscription required linux-image-4.13.0-1015-oem - 4.13.0-1015.16 No subscription required linux-image-4.13.0-26-lowlatency - 4.13.0-26.29~16.04.2 linux-image-extra-4.13.0-26-generic - 4.13.0-26.29~16.04.2 linux-image-4.13.0-26-generic - 4.13.0-26.29~16.04.2 linux-image-4.13.0-26-generic-lpae - 4.13.0-26.29~16.04.2 No subscription required Critical CVE-2017-16995 CVE-2017-17862 CVE-2017-17863 CVE-2017-17864 CVE-2017-5754 Ubuntu 16.04 LTS It was discovered that SSSD incorrectly handled certain inputs when querying its local cache. An attacker could use this to inject arbitrary code and expose sensitive information. Update Instructions: Run `sudo pro fix USN-3526-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libipa-hbac-dev - 1.13.4-1ubuntu1.10 sssd-ad - 1.13.4-1ubuntu1.10 libsss-sudo - 1.13.4-1ubuntu1.10 libsss-nss-idmap0 - 1.13.4-1ubuntu1.10 libnss-sss - 1.13.4-1ubuntu1.10 sssd-ipa - 1.13.4-1ubuntu1.10 libsss-simpleifp0 - 1.13.4-1ubuntu1.10 libsss-idmap-dev - 1.13.4-1ubuntu1.10 python3-libsss-nss-idmap - 1.13.4-1ubuntu1.10 sssd-common - 1.13.4-1ubuntu1.10 python3-sss - 1.13.4-1ubuntu1.10 libpam-sss - 1.13.4-1ubuntu1.10 python-libsss-nss-idmap - 1.13.4-1ubuntu1.10 libsss-idmap0 - 1.13.4-1ubuntu1.10 sssd-ldap - 1.13.4-1ubuntu1.10 libsss-nss-idmap-dev - 1.13.4-1ubuntu1.10 libsss-simpleifp-dev - 1.13.4-1ubuntu1.10 sssd - 1.13.4-1ubuntu1.10 python-libipa-hbac - 1.13.4-1ubuntu1.10 libwbclient-sssd - 1.13.4-1ubuntu1.10 libwbclient-sssd-dev - 1.13.4-1ubuntu1.10 python3-libipa-hbac - 1.13.4-1ubuntu1.10 libipa-hbac0 - 1.13.4-1ubuntu1.10 sssd-tools - 1.13.4-1ubuntu1.10 sssd-ad-common - 1.13.4-1ubuntu1.10 sssd-krb5-common - 1.13.4-1ubuntu1.10 sssd-dbus - 1.13.4-1ubuntu1.10 sssd-krb5 - 1.13.4-1ubuntu1.10 python-sss - 1.13.4-1ubuntu1.10 sssd-proxy - 1.13.4-1ubuntu1.10 No subscription required Medium CVE-2017-12173 Ubuntu 16.04 LTS Joseph Bisch discovered that Irssi incorrectly handled incomplete escape codes. If a user were tricked into using malformed commands or opening malformed files, an attacker could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2018-5205) Joseph Bisch discovered that Irssi incorrectly handled settings the channel topic without specifying a sender. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2018-5206) Joseph Bisch discovered that Irssi incorrectly handled incomplete variable arguments. If a user were tricked into using malformed commands or opening malformed files, an attacker could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2018-5207) Joseph Bisch discovered that Irssi incorrectly handled completing certain strings. An attacker could use this issue to cause Irssi to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-5208) Update Instructions: Run `sudo pro fix USN-3527-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: irssi-dev - 0.8.19-1ubuntu1.6 irssi - 0.8.19-1ubuntu1.6 No subscription required Medium CVE-2018-5205 CVE-2018-5206 CVE-2018-5207 CVE-2018-5208 Ubuntu 16.04 LTS It was discovered that Ruby incorrectly handled certain terminal emulator escape sequences. An attacker could use this to execute arbitrary code via a crafted user name. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-10784) It was discovered that Ruby incorrectly handled certain strings. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-14033) It was discovered that Ruby incorrectly handled some generating JSON. An attacker could use this to possible expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-14064) It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to execute arbitrary code. (CVE-2017-17790) Update Instructions: Run `sudo pro fix USN-3528-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libruby2.3 - 2.3.1-2~16.04.5 ruby2.3-tcltk - 2.3.1-2~16.04.5 ruby2.3 - 2.3.1-2~16.04.5 ruby2.3-dev - 2.3.1-2~16.04.5 ruby2.3-doc - 2.3.1-2~16.04.5 No subscription required Medium CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 CVE-2017-17790 Ubuntu 16.04 LTS It was discovered that a From address encoded with a null character is cut off in the message header display. An attacker could potentially exploit this to spoof the sender address. (CVE-2017-7829) It was discovered that it is possible to execute JavaScript in RSS feeds in some circumstances. If a user were tricked in to opening a specially crafted RSS feed, an attacker could potentially exploit this in combination with another vulnerability, in order to cause unspecified problems. (CVE-2017-7846) It was discovered that the RSS feed can leak local path names. If a user were tricked in to opening a specially crafted RSS feed, an attacker could potentially exploit this to obtain sensitive information. (CVE-2017-7847) It was discovered that RSS feeds are vulnerable to new line injection. If a user were tricked in to opening a specially crafted RSS feed, an attacker could potentially exploit this to cause unspecified problems. (CVE-2017-7848) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, execute arbitrary code, or cause other unspecified effects. (CVE-2018-5089, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5117) Update Instructions: Run `sudo pro fix USN-3529-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-bn - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fr - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-en-us - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-es-es - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nb-no - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-br - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-dsb - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fy - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-vi - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-mk - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-bn-bd - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hu - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-es-ar - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-be - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-bg - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ja - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-lt - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sl - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-en-gb - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-cy - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-si - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-gnome-support - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hr - 1:52.6.0+build1-0ubuntu0.16.04.1 xul-ext-calendar-timezones - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-de - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-en - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-da - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nl - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nn - 1:52.6.0+build1-0ubuntu0.16.04.1 xul-ext-lightning - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ga-ie - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fy-nl - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sv - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pa-in - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sr - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sq - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-he - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hsb - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-kab - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ar - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-uk - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-globalmenu - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-cn - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ta-lk - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ru - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-cs - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-mozsymbols - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fi - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-testsuite - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ro - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-af - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pt-pt - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sk - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-dev - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hy - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ca - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sv-se - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pt-br - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-el - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pa - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-rm - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ka - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nn-no - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ko - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ga - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ast - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-tr - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-it - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pl - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-gd - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-tw - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-id - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-gl - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nb - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pt - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-eu - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-et - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-hant - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-hans - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-is - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-es - 1:52.6.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ta - 1:52.6.0+build1-0ubuntu0.16.04.1 No subscription required Medium CVE-2017-7829 CVE-2017-7846 CVE-2017-7847 CVE-2017-7848 CVE-2018-5089 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117 Ubuntu 16.04 LTS It was discovered that speculative execution performed by modern CPUs could leak information through a timing side-channel attack, and that this could be exploited in web browser JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information from other domains, bypassing same-origin restrictions. (CVE-2017-5753, CVE-2017-5715) Update Instructions: Run `sudo pro fix USN-3530-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.18.5-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.18.5-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-dev - 2.18.5-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 - 2.18.5-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-18 - 2.18.5-0ubuntu0.16.04.1 libwebkit2gtk-4.0-doc - 2.18.5-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-bin - 2.18.5-0ubuntu0.16.04.1 gir1.2-webkit2-4.0 - 2.18.5-0ubuntu0.16.04.1 libwebkit2gtk-4.0-dev - 2.18.5-0ubuntu0.16.04.1 No subscription required High CVE-2017-5715 CVE-2017-5753 Ubuntu 16.04 LTS It was discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5715) This update provides the microcode updates required for the corresponding Linux kernel updates. Update Instructions: Run `sudo pro fix USN-3531-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20180108.0~ubuntu16.04.2 No subscription required High CVE-2017-5715 Ubuntu 16.04 LTS USN-3531-1 updated Intel microcode to the 20180108 release. Regressions were discovered in the microcode updates which could cause system instability on certain hardware platforms. At the request of Intel, we have reverted to the previous packaged microcode version, the 20170707 release. Original advisory details: It was discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5715) This update provides the microcode updates required for the corresponding Linux kernel updates. Update Instructions: Run `sudo pro fix USN-3531-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20180108.0+really20170707ubuntu16.04.1 No subscription required None https://launchpad.net/bugs/1742933 Ubuntu 16.04 LTS Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5715) This update provides the corrected microcode updates required for the corresponding Linux kernel updates. Update Instructions: Run `sudo pro fix USN-3531-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20180312.0~ubuntu16.04.1 No subscription required High CVE-2017-5715 Ubuntu 16.04 LTS It was discoreved that GDK-PixBuf incorrectly handled certain gif images. An attacker could use this to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-1000422) Ariel Zelivansky discovered that GDK-PixBuf incorrectly handled certain images. An attacker could use this to cause a denial of service. (CVE-2017-6312, CVE-2017-6313) Ariel Zelivansky discovered that GDK-PixBuf incorrectly handled large TIFF files. An attacker could use this to cause a denial of service. (CVE-2017-6314) Update Instructions: Run `sudo pro fix USN-3532-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgdk-pixbuf2.0-0 - 2.32.2-1ubuntu1.4 libgdk-pixbuf2.0-common - 2.32.2-1ubuntu1.4 libgdk-pixbuf2.0-dev - 2.32.2-1ubuntu1.4 libgdk-pixbuf2.0-0-udeb - 2.32.2-1ubuntu1.4 libgdk-pixbuf2.0-doc - 2.32.2-1ubuntu1.4 gir1.2-gdkpixbuf-2.0 - 2.32.2-1ubuntu1.4 No subscription required Medium CVE-2017-1000422 CVE-2017-6312 CVE-2017-6313 CVE-2017-6314 Ubuntu 16.04 LTS It was discovered that Transmission incorrectly handled certain POST requests to the RPC server and allowed DNS rebinding attack. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3533-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: transmission-common - 2.84-3ubuntu3.1 transmission - 2.84-3ubuntu3.1 transmission-daemon - 2.84-3ubuntu3.1 transmission-qt - 2.84-3ubuntu3.1 transmission-gtk - 2.84-3ubuntu3.1 transmission-cli - 2.84-3ubuntu3.1 No subscription required Medium CVE-2018-5702 Ubuntu 16.04 LTS It was discovered that the GNU C library did not properly handle all of the possible return values from the kernel getcwd(2) syscall. A local attacker could potentially exploit this to execute arbitrary code in setuid programs and gain administrative privileges. (CVE-2018-1000001) A memory leak was discovered in the _dl_init_paths() function in the GNU C library dynamic loader. A local attacker could potentially exploit this with a specially crafted value in the LD_HWCAP_MASK environment variable, in combination with CVE-2017-1000409 and another vulnerability on a system with hardlink protections disabled, in order to gain administrative privileges. (CVE-2017-1000408) A heap-based buffer overflow was discovered in the _dl_init_paths() function in the GNU C library dynamic loader. A local attacker could potentially exploit this with a specially crafted value in the LD_LIBRARY_PATH environment variable, in combination with CVE-2017-1000408 and another vulnerability on a system with hardlink protections disabled, in order to gain administrative privileges. (CVE-2017-1000409) An off-by-one error leading to a heap-based buffer overflow was discovered in the GNU C library glob() implementation. An attacker could potentially exploit this to cause a denial of service or execute arbitrary code via a maliciously crafted pattern. (CVE-2017-15670) A heap-based buffer overflow was discovered during unescaping of user names with the ~ operator in the GNU C library glob() implementation. An attacker could potentially exploit this to cause a denial of service or execute arbitrary code via a maliciously crafted pattern. (CVE-2017-15804) It was discovered that the GNU C library dynamic loader mishandles RPATH and RUNPATH containing $ORIGIN for privileged (setuid or AT_SECURE) programs. A local attacker could potentially exploit this by providing a specially crafted library in the current working directory in order to gain administrative privileges. (CVE-2017-16997) It was discovered that the GNU C library malloc() implementation could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, resulting in a heap-based overflow. An attacker could potentially exploit this to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 17.10. (CVE-2017-17426) Update Instructions: Run `sudo pro fix USN-3534-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc6-i386 - 2.23-0ubuntu10 libc6-ppc64 - 2.23-0ubuntu10 libc6-dev-s390 - 2.23-0ubuntu10 glibc-source - 2.23-0ubuntu10 libc-bin - 2.23-0ubuntu10 libc6-x32 - 2.23-0ubuntu10 libc6-s390 - 2.23-0ubuntu10 libc6-armel - 2.23-0ubuntu10 libc6-pic - 2.23-0ubuntu10 libc6-dev-ppc64 - 2.23-0ubuntu10 libc6-dev-armel - 2.23-0ubuntu10 glibc-doc - 2.23-0ubuntu10 multiarch-support - 2.23-0ubuntu10 libc6-dev - 2.23-0ubuntu10 libc6-amd64 - 2.23-0ubuntu10 libc6-dev-amd64 - 2.23-0ubuntu10 libc6 - 2.23-0ubuntu10 locales-all - 2.23-0ubuntu10 libc6-dev-x32 - 2.23-0ubuntu10 locales - 2.23-0ubuntu10 libc6-udeb - 2.23-0ubuntu10 libc6-dev-i386 - 2.23-0ubuntu10 libc-dev-bin - 2.23-0ubuntu10 nscd - 2.23-0ubuntu10 No subscription required High CVE-2017-1000408 CVE-2017-1000409 CVE-2017-15670 CVE-2017-15804 CVE-2017-16997 CVE-2017-17426 CVE-2018-1000001 Ubuntu 16.04 LTS Jayachandran Palanisamy discovered that the Bind resolver incorrectly handled fetch cleanup sequencing. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3535-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libisccfg-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.10 libisc160 - 1:9.10.3.dfsg.P4-8ubuntu1.10 libisccc-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.10 libdns162 - 1:9.10.3.dfsg.P4-8ubuntu1.10 libbind-dev - 1:9.10.3.dfsg.P4-8ubuntu1.10 libisc-export160-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.10 liblwres141 - 1:9.10.3.dfsg.P4-8ubuntu1.10 libisccc-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.10 libisccfg-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.10 bind9 - 1:9.10.3.dfsg.P4-8ubuntu1.10 libisc-export160 - 1:9.10.3.dfsg.P4-8ubuntu1.10 libdns-export162-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.10 bind9-doc - 1:9.10.3.dfsg.P4-8ubuntu1.10 libbind-export-dev - 1:9.10.3.dfsg.P4-8ubuntu1.10 libisccc140 - 1:9.10.3.dfsg.P4-8ubuntu1.10 host - 1:9.10.3.dfsg.P4-8ubuntu1.10 libisccfg140 - 1:9.10.3.dfsg.P4-8ubuntu1.10 bind9-host - 1:9.10.3.dfsg.P4-8ubuntu1.10 dnsutils - 1:9.10.3.dfsg.P4-8ubuntu1.10 libdns-export162 - 1:9.10.3.dfsg.P4-8ubuntu1.10 bind9utils - 1:9.10.3.dfsg.P4-8ubuntu1.10 libirs-export141-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.10 libbind9-140 - 1:9.10.3.dfsg.P4-8ubuntu1.10 libirs141 - 1:9.10.3.dfsg.P4-8ubuntu1.10 libirs-export141 - 1:9.10.3.dfsg.P4-8ubuntu1.10 lwresd - 1:9.10.3.dfsg.P4-8ubuntu1.10 No subscription required Medium CVE-2017-3145 Ubuntu 16.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.59 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, and Ubuntu 17.10 have been updated to MySQL 5.7.21. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-59.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-21.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html Update Instructions: Run `sudo pro fix USN-3537-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.21-0ubuntu0.16.04.1 mysql-source-5.7 - 5.7.21-0ubuntu0.16.04.1 libmysqlclient-dev - 5.7.21-0ubuntu0.16.04.1 mysql-client-core-5.7 - 5.7.21-0ubuntu0.16.04.1 mysql-client-5.7 - 5.7.21-0ubuntu0.16.04.1 libmysqlclient20 - 5.7.21-0ubuntu0.16.04.1 mysql-server-5.7 - 5.7.21-0ubuntu0.16.04.1 mysql-common - 5.7.21-0ubuntu0.16.04.1 mysql-server - 5.7.21-0ubuntu0.16.04.1 mysql-server-core-5.7 - 5.7.21-0ubuntu0.16.04.1 mysql-testsuite - 5.7.21-0ubuntu0.16.04.1 libmysqld-dev - 5.7.21-0ubuntu0.16.04.1 mysql-testsuite-5.7 - 5.7.21-0ubuntu0.16.04.1 No subscription required Medium CVE-2018-2562 CVE-2018-2565 CVE-2018-2573 CVE-2018-2576 CVE-2018-2583 CVE-2018-2586 CVE-2018-2590 CVE-2018-2600 CVE-2018-2612 CVE-2018-2622 CVE-2018-2640 CVE-2018-2645 CVE-2018-2646 CVE-2018-2647 CVE-2018-2665 CVE-2018-2667 CVE-2018-2668 CVE-2018-2696 CVE-2018-2703 Ubuntu 16.04 LTS Jann Horn discovered that OpenSSH incorrectly loaded PKCS#11 modules from untrusted directories. A remote attacker could possibly use this issue to execute arbitrary PKCS#11 modules. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10009) Jann Horn discovered that OpenSSH incorrectly handled permissions on Unix-domain sockets when privilege separation is disabled. A local attacker could possibly use this issue to gain privileges. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-10010) Jann Horn discovered that OpenSSH incorrectly handled certain buffer memory operations. A local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10011) Guido Vranken discovered that OpenSSH incorrectly handled certain shared memory manager operations. A local attacker could possibly use issue to gain privileges. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10012) Michal Zalewski discovered that OpenSSH incorrectly prevented write operations in readonly mode. A remote attacker could possibly use this issue to create zero-length files, leading to a denial of service. (CVE-2017-15906) Update Instructions: Run `sudo pro fix USN-3538-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssh-server-udeb - 1:7.2p2-4ubuntu2.4 ssh-krb5 - 1:7.2p2-4ubuntu2.4 openssh-client - 1:7.2p2-4ubuntu2.4 openssh-server - 1:7.2p2-4ubuntu2.4 openssh-client-ssh1 - 1:7.2p2-4ubuntu2.4 ssh - 1:7.2p2-4ubuntu2.4 ssh-askpass-gnome - 1:7.2p2-4ubuntu2.4 openssh-client-udeb - 1:7.2p2-4ubuntu2.4 openssh-sftp-server - 1:7.2p2-4ubuntu2.4 No subscription required Medium CVE-2016-10009 CVE-2016-10010 CVE-2016-10011 CVE-2016-10012 CVE-2017-15906 Ubuntu 16.04 LTS Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 (CVE-2017-5753 only), amd64, ppc64el, and s390x architectures. (CVE-2017-5715, CVE-2017-5753) USN-3522-1 mitigated CVE-2017-5754 (Meltdown) for the amd64 architecture in Ubuntu 16.04 LTS. This update provides the corresponding mitigations for the ppc64el architecture. Original advisory details: Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5754) Update Instructions: Run `sudo pro fix USN-3540-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1049-aws - 4.4.0-1049.58 No subscription required linux-image-4.4.0-112-generic-lpae - 4.4.0-112.135 linux-image-4.4.0-112-powerpc-smp - 4.4.0-112.135 linux-image-4.4.0-112-powerpc64-emb - 4.4.0-112.135 linux-image-4.4.0-112-powerpc-e500mc - 4.4.0-112.135 linux-image-4.4.0-112-generic - 4.4.0-112.135 linux-image-extra-4.4.0-112-generic - 4.4.0-112.135 linux-image-4.4.0-112-lowlatency - 4.4.0-112.135 linux-image-4.4.0-112-powerpc64-smp - 4.4.0-112.135 No subscription required linux-image-4.4.0-9023-euclid - 4.4.0-9023.24 linux-image-extra-4.4.0-9023-euclid - 4.4.0-9023.24 No subscription required Critical CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown Ubuntu 16.04 LTS USN-3541-1 addressed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 (CVE-2017-5753 only), amd64, ppc64el, and s390x architectures. (CVE-2017-5715, CVE-2017-5753) USN-3523-2 mitigated CVE-2017-5754 (Meltdown) for the amd64 architecture in the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. This update provides the corresponding mitigations for the ppc64el architecture. Original advisory details: Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5754) Update Instructions: Run `sudo pro fix USN-3541-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.13.0-1006-azure - 4.13.0-1006.8 linux-image-extra-4.13.0-1006-azure - 4.13.0-1006.8 No subscription required linux-image-extra-4.13.0-1007-gcp - 4.13.0-1007.10 linux-image-4.13.0-1007-gcp - 4.13.0-1007.10 No subscription required linux-image-4.13.0-1017-oem - 4.13.0-1017.18 No subscription required linux-image-extra-4.13.0-31-generic - 4.13.0-31.34~16.04.1 linux-image-4.13.0-31-generic - 4.13.0-31.34~16.04.1 linux-image-4.13.0-31-lowlatency - 4.13.0-31.34~16.04.1 linux-image-4.13.0-31-generic-lpae - 4.13.0-31.34~16.04.1 No subscription required Critical CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown Ubuntu 16.04 LTS It was discovered that rsync incorrectly handled certain data input. An attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2017-16548) It was discovered that rsync incorrectly parsed certain arguments. An attacker could possibly use this to bypass arguments and execute arbitrary code. (CVE-2018-5764) Update Instructions: Run `sudo pro fix USN-3543-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rsync - 3.1.1-3ubuntu1.2 No subscription required Medium CVE-2017-16548 CVE-2018-5764 Ubuntu 16.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, spoof the origin in audio capture prompts, trick the user in to providing HTTP credentials for another origin, spoof the addressbar contents, or execute arbitrary code. (CVE-2018-5089, CVE-2018-5090, CVE-2018-5091, CVE-2018-5092, CVE-2018-5093, CVE-2018-5094, CVE-2018-5095, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5100, CVE-2018-5101, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5109, CVE-2018-5114, CVE-2018-5115, CVE-2018-5117, CVE-2018-5122) Multiple security issues were discovered in WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to gain additional privileges, bypass same-origin restrictions, or execute arbitrary code. (CVE-2018-5105, CVE-2018-5113, CVE-2018-5116) A security issue was discovered with the developer tools. If a user were tricked in to opening a specially crafted website with the developer tools open, an attacker could potentially exploit this to obtain sensitive information from other origins. (CVE-2018-5106) A security issue was discovered with printing. An attacker could potentially exploit this to obtain sensitive information from local files. (CVE-2018-5107) It was discovered that manually entered blob URLs could be accessed by subsequent private browsing tabs. If a user were tricked in to entering a blob URL, an attacker could potentially exploit this to obtain sensitive information from a private browsing context. (CVE-2018-5108) It was discovered that dragging certain specially formatted URLs to the addressbar could cause the wrong URL to be displayed. If a user were tricked in to opening a specially crafted website and dragging a URL to the addressbar, an attacker could potentially exploit this to spoof the addressbar contents. (CVE-2018-5111) It was discovered that WebExtension developer tools panels could open non-relative URLs. If a user were tricked in to installing a specially crafted extension and running the developer tools, an attacker could potentially exploit this to gain additional privileges. (CVE-2018-5112) It was discovered that ActivityStream images can attempt to load local content through file: URLs. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this in combination with another vulnerability that allowed sandbox protections to be bypassed, in order to obtain sensitive information from local files. (CVE-2018-5118) It was discovered that the reader view will load cross-origin content in violation of CORS headers. An attacker could exploit this to bypass CORS restrictions. (CVE-2018-5119) Update Instructions: Run `sudo pro fix USN-3544-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-nn - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-ne - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-nb - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-fa - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-fi - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-fr - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-fy - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-or - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-kab - 58.0+build6-0ubuntu0.16.04.1 firefox-testsuite - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-oc - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-cs - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-ga - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-gd - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-gn - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-gl - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-gu - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-pa - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-pl - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-cy - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-pt - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-hi - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-uk - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-he - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-hy - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-hr - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-hu - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-as - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-ar - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-az - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-id - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-mai - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-af - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-is - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-it - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-an - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-bs - 58.0+build6-0ubuntu0.16.04.1 firefox - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-ro - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-ja - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-ru - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-br - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-zh-hant - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-zh-hans - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-bn - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-be - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-bg - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-sl - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-sk - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-si - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-sw - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-sv - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-sr - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-sq - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-ko - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-kn - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-km - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-kk - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-ka - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-xh - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-ca - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-ku - 58.0+build6-0ubuntu0.16.04.1 firefox-mozsymbols - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-lv - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-lt - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-th - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-hsb - 58.0+build6-0ubuntu0.16.04.1 firefox-dev - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-te - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-cak - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-ta - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-lg - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-tr - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-nso - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-de - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-da - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-ms - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-mr - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-my - 58.0+build6-0ubuntu0.16.04.1 firefox-globalmenu - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-uz - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-ml - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-mn - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-mk - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-ur - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-vi - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-eu - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-et - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-es - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-csb - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-el - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-eo - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-en - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-zu - 58.0+build6-0ubuntu0.16.04.1 firefox-locale-ast - 58.0+build6-0ubuntu0.16.04.1 No subscription required Medium CVE-2018-5089 CVE-2018-5090 CVE-2018-5091 CVE-2018-5092 CVE-2018-5093 CVE-2018-5094 CVE-2018-5095 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5100 CVE-2018-5101 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5105 CVE-2018-5106 CVE-2018-5107 CVE-2018-5108 CVE-2018-5109 CVE-2018-5111 CVE-2018-5112 CVE-2018-5113 CVE-2018-5114 CVE-2018-5115 CVE-2018-5116 CVE-2018-5117 CVE-2018-5118 CVE-2018-5119 CVE-2018-5122 Ubuntu 16.04 LTS USN-3544-1 fixed vulnerabilities in Firefox. The update caused a web compatibility regression and a tab crash during printing in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, spoof the origin in audio capture prompts, trick the user in to providing HTTP credentials for another origin, spoof the addressbar contents, or execute arbitrary code. (CVE-2018-5089, CVE-2018-5090, CVE-2018-5091, CVE-2018-5092, CVE-2018-5093, CVE-2018-5094, CVE-2018-5095, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5100, CVE-2018-5101, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5109, CVE-2018-5114, CVE-2018-5115, CVE-2018-5117, CVE-2018-5122) Multiple security issues were discovered in WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to gain additional privileges, bypass same-origin restrictions, or execute arbitrary code. (CVE-2018-5105, CVE-2018-5113, CVE-2018-5116) A security issue was discovered with the developer tools. If a user were tricked in to opening a specially crafted website with the developer tools open, an attacker could potentially exploit this to obtain sensitive information from other origins. (CVE-2018-5106) A security issue was discovered with printing. An attacker could potentially exploit this to obtain sensitive information from local files. (CVE-2018-5107) It was discovered that manually entered blob URLs could be accessed by subsequent private browsing tabs. If a user were tricked in to entering a blob URL, an attacker could potentially exploit this to obtain sensitive information from a private browsing context. (CVE-2018-5108) It was discovered that dragging certain specially formatted URLs to the addressbar could cause the wrong URL to be displayed. If a user were tricked in to opening a specially crafted website and dragging a URL to the addressbar, an attacker could potentially exploit this to spoof the addressbar contents. (CVE-2018-5111) It was discovered that WebExtension developer tools panels could open non-relative URLs. If a user were tricked in to installing a specially crafted extension and running the developer tools, an attacker could potentially exploit this to gain additional privileges. (CVE-2018-5112) It was discovered that ActivityStream images can attempt to load local content through file: URLs. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this in combination with another vulnerability that allowed sandbox protections to be bypassed, in order to obtain sensitive information from local files. (CVE-2018-5118) It was discovered that the reader view will load cross-origin content in violation of CORS headers. An attacker could exploit this to bypass CORS restrictions. (CVE-2018-5119) Update Instructions: Run `sudo pro fix USN-3544-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nn - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ne - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nb - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fa - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fi - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fr - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fy - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-or - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kab - 58.0.2+build1-0ubuntu0.16.04.1 firefox-testsuite - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-oc - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cs - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ga - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gd - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gn - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gl - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gu - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pa - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pl - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cy - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pt - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hi - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-uk - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-he - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hy - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hr - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hu - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-as - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ar - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-az - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-id - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mai - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-af - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-is - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-it - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-an - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bs - 58.0.2+build1-0ubuntu0.16.04.1 firefox - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ro - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ja - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ru - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-br - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zh-hant - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zh-hans - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bn - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-be - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bg - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sl - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sk - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-si - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sw - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sv - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sr - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sq - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ko - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kn - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-km - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kk - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ka - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-xh - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ca - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ku - 58.0.2+build1-0ubuntu0.16.04.1 firefox-mozsymbols - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lv - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lt - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-th - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hsb - 58.0.2+build1-0ubuntu0.16.04.1 firefox-dev - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-te - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cak - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ta - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lg - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-tr - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nso - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-de - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-da - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ms - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mr - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-my - 58.0.2+build1-0ubuntu0.16.04.1 firefox-globalmenu - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-uz - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ml - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mn - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mk - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ur - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-vi - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-eu - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-et - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-es - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-csb - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-el - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-eo - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-en - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zu - 58.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ast - 58.0.2+build1-0ubuntu0.16.04.1 No subscription required None https://launchpad.net/bugs/1749025 Ubuntu 16.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2018-5125, CVE-2018-5127, CVE-2018-5129, CVE-2018-5144, CVE-2018-5145, CVE-2018-5146) Update Instructions: Run `sudo pro fix USN-3545-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-bn - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fr - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-en-us - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-es-es - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nb-no - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-br - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-dsb - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fy - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-vi - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-mk - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-bn-bd - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hu - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-es-ar - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-be - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-bg - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ja - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-lt - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sl - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-en-gb - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-cy - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-si - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-gnome-support - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hr - 1:52.7.0+build1-0ubuntu0.16.04.1 xul-ext-calendar-timezones - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-de - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-en - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-da - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nl - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nn - 1:52.7.0+build1-0ubuntu0.16.04.1 xul-ext-lightning - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ga-ie - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fy-nl - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sv - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pa-in - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sr - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sq - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-he - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hsb - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-kab - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ar - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-uk - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-globalmenu - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-cn - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ta-lk - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ru - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-cs - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-mozsymbols - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fi - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-testsuite - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ro - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-af - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pt-pt - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sk - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-dev - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hy - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ca - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sv-se - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pt-br - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-el - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pa - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-rm - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ka - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nn-no - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ko - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ga - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ast - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-tr - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-it - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pl - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-gd - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-tw - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-id - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-gl - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nb - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pt - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-eu - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-et - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-hant - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-hans - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-is - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-es - 1:52.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ta - 1:52.7.0+build1-0ubuntu0.16.04.1 No subscription required Medium CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5144 CVE-2018-5145 CVE-2018-5146 Ubuntu 16.04 LTS Richard Hughes discovered that gcab incorrectly handled certain malformed cabinet files. If a user or automated system were tricked into opening a specially crafted cabinet file, a remote attacker could use this issue to cause gcab to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3546-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-libgcab-1.0 - 0.7-1ubuntu0.1 libgcab-doc - 0.7-1ubuntu0.1 libgcab-dev - 0.7-1ubuntu0.1 libgcab-1.0-0 - 0.7-1ubuntu0.1 gcab - 0.7-1ubuntu0.1 No subscription required High CVE-2018-5345 Ubuntu 16.04 LTS It was discovered that Libtasn1 incorrectly handled certain files. If a user were tricked into opening a crafted file, an attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-10790) It was discovered that Libtasn1 incorrectly handled certain inputs. An attacker could possibly use this to cause Libtasn1 to hang, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-6003) Update Instructions: Run `sudo pro fix USN-3547-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtasn1-6-dev - 4.7-3ubuntu0.16.04.3 libtasn1-3-bin - 4.7-3ubuntu0.16.04.3 libtasn1-doc - 4.7-3ubuntu0.16.04.3 libtasn1-bin - 4.7-3ubuntu0.16.04.3 libtasn1-6 - 4.7-3ubuntu0.16.04.3 No subscription required Medium CVE-2017-10790 CVE-2018-6003 Ubuntu 16.04 LTS USN-3548-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. Jay Vosburgh discovered a logic error in the x86-64 syscall entry implementation in the Linux kernel, introduced as part of the mitigations for the Spectre vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3548-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-4.13.0-1007-azure - 4.13.0-1007.9 linux-image-4.13.0-1007-azure - 4.13.0-1007.9 No subscription required linux-image-extra-4.13.0-1008-gcp - 4.13.0-1008.11 linux-image-4.13.0-1008-gcp - 4.13.0-1008.11 No subscription required linux-image-4.13.0-1019-oem - 4.13.0-1019.20 No subscription required linux-image-4.13.0-32-lowlatency - 4.13.0-32.35~16.04.1 linux-image-extra-4.13.0-32-generic - 4.13.0-32.35~16.04.1 linux-image-4.13.0-32-generic-lpae - 4.13.0-32.35~16.04.1 linux-image-4.13.0-32-generic - 4.13.0-32.35~16.04.1 No subscription required None https://launchpad.net/bugs/1745564 Ubuntu 16.04 LTS Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5715, CVE-2017-5753) Update Instructions: Run `sudo pro fix USN-3549-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1017-kvm - 4.4.0-1017.22 No subscription required High CVE-2017-5715 CVE-2017-5753 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown Ubuntu 16.04 LTS It was discovered that ClamAV incorrectly handled parsing certain mail messages. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-12374, CVE-2017-12375, CVE-2017-12379, CVE-2017-12380) It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-12376) It was discovered that ClamAV incorrectly handled parsing certain mew packet files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-12377) It was discovered that ClamAV incorrectly handled parsing certain TAR files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2017-12378) In the default installation, attackers would be isolated by the ClamAV AppArmor profile. Update Instructions: Run `sudo pro fix USN-3550-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.99.3+addedllvm-0ubuntu0.16.04.1 clamav-testfiles - 0.99.3+addedllvm-0ubuntu0.16.04.1 clamav-base - 0.99.3+addedllvm-0ubuntu0.16.04.1 clamav - 0.99.3+addedllvm-0ubuntu0.16.04.1 libclamav7 - 0.99.3+addedllvm-0ubuntu0.16.04.1 clamav-daemon - 0.99.3+addedllvm-0ubuntu0.16.04.1 clamav-milter - 0.99.3+addedllvm-0ubuntu0.16.04.1 clamav-docs - 0.99.3+addedllvm-0ubuntu0.16.04.1 clamav-freshclam - 0.99.3+addedllvm-0ubuntu0.16.04.1 clamdscan - 0.99.3+addedllvm-0ubuntu0.16.04.1 No subscription required Medium CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380 Ubuntu 16.04 LTS Multiple security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the user interface, or execute arbitrary code. (CVE-2018-4088, CVE-2018-4096, CVE-2017-7153, CVE-2017-7160, CVE-2017-7161, CVE-2017-7165, CVE-2017-13884, CVE-2017-13885) Update Instructions: Run `sudo pro fix USN-3551-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.18.6-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.18.6-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-dev - 2.18.6-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 - 2.18.6-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-18 - 2.18.6-0ubuntu0.16.04.1 libwebkit2gtk-4.0-doc - 2.18.6-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-bin - 2.18.6-0ubuntu0.16.04.1 gir1.2-webkit2-4.0 - 2.18.6-0ubuntu0.16.04.1 libwebkit2gtk-4.0-dev - 2.18.6-0ubuntu0.16.04.1 No subscription required Medium CVE-2017-13884 CVE-2017-13885 CVE-2017-7153 CVE-2017-7160 CVE-2017-7161 CVE-2017-7165 CVE-2018-4088 CVE-2018-4096 Ubuntu 16.04 LTS Johann Hofmann discovered that HTML fragments created for chrome-privileged documents were not properly sanitized. An attacker could exploit this to execute arbitrary code. (CVE-2018-5124) Update Instructions: Run `sudo pro fix USN-3552-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nn - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ne - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nb - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fa - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fi - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fr - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fy - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-or - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kab - 58.0.1+build1-0ubuntu0.16.04.1 firefox-testsuite - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-oc - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cs - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ga - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gd - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gn - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gl - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gu - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pa - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pl - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cy - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pt - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hi - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-uk - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-he - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hy - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hr - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hu - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-as - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ar - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-az - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-id - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mai - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-af - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-is - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-it - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-an - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bs - 58.0.1+build1-0ubuntu0.16.04.1 firefox - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ro - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ja - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ru - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-br - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zh-hant - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zh-hans - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bn - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-be - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bg - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sl - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sk - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-si - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sw - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sv - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sr - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sq - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ko - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kn - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-km - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kk - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ka - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-xh - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ca - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ku - 58.0.1+build1-0ubuntu0.16.04.1 firefox-mozsymbols - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lv - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lt - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-th - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hsb - 58.0.1+build1-0ubuntu0.16.04.1 firefox-dev - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-te - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cak - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ta - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lg - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-tr - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nso - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-de - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-da - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ms - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mr - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-my - 58.0.1+build1-0ubuntu0.16.04.1 firefox-globalmenu - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-uz - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ml - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mn - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mk - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ur - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-vi - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-eu - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-et - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-es - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-csb - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-el - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-eo - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-en - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zu - 58.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ast - 58.0.1+build1-0ubuntu0.16.04.1 No subscription required High CVE-2018-5124 Ubuntu 16.04 LTS It was discovered that Ruby failed to validate specification names. An attacker could possibly use a maliciously crafted gem to potentially overwrite any file on the filesystem. (CVE-2017-0901) It was discovered that Ruby was vulnerable to a DNS hijacking vulnerability. An attacker could use this to possibly force the RubyGems client to download and install gems from a server that the attacker controls. (CVE-2017-0902) It was discovered that Ruby incorrectly handled certain YAML files. An attacker could use this to possibly execute arbitrary code. (CVE-2017-0903) Update Instructions: Run `sudo pro fix USN-3553-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libruby2.3 - 2.3.1-2~16.04.6 ruby2.3-tcltk - 2.3.1-2~16.04.6 ruby2.3 - 2.3.1-2~16.04.6 ruby2.3-dev - 2.3.1-2~16.04.6 ruby2.3-doc - 2.3.1-2~16.04.6 No subscription required Medium CVE-2017-0901 CVE-2017-0902 CVE-2017-0903 Ubuntu 16.04 LTS It was discovered that curl incorrectly handled certain data. An attacker could possibly use this to cause a denial of service or even to get access to sensitive data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. It was discovered that curl could accidentally leak authentication data. An attacker could possibly use this to get access to sensitive information. (CVE-2018-1000007) Update Instructions: Run `sudo pro fix USN-3554-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.47.0-1ubuntu2.6 libcurl4-openssl-dev - 7.47.0-1ubuntu2.6 libcurl3-gnutls - 7.47.0-1ubuntu2.6 libcurl4-doc - 7.47.0-1ubuntu2.6 libcurl3-nss - 7.47.0-1ubuntu2.6 libcurl4-nss-dev - 7.47.0-1ubuntu2.6 libcurl3 - 7.47.0-1ubuntu2.6 curl - 7.47.0-1ubuntu2.6 No subscription required Medium CVE-2018-1000005 CVE-2018-1000007 Ubuntu 16.04 LTS It was discovered that w3m incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service. (CVE-2018-6196, CVE-2018-6197) It was discovered that w3m incorrectly handled temporary files. An attacker could possibly use this to overwrite arbitrary files. (CVE-2018-6198) Update Instructions: Run `sudo pro fix USN-3555-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: w3m-img - 0.5.3-26ubuntu0.2 w3m - 0.5.3-26ubuntu0.2 No subscription required Medium CVE-2018-6196 CVE-2018-6197 CVE-2018-6198 Ubuntu 16.04 LTS It was discovered that Dovecot incorrectly handled certain authentications. An attacker could possibly use this to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3556-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dovecot-pgsql - 1:2.2.22-1ubuntu2.6 dovecot-mysql - 1:2.2.22-1ubuntu2.6 dovecot-sieve - 1:2.2.22-1ubuntu2.6 dovecot-core - 1:2.2.22-1ubuntu2.6 dovecot-ldap - 1:2.2.22-1ubuntu2.6 dovecot-sqlite - 1:2.2.22-1ubuntu2.6 dovecot-dev - 1:2.2.22-1ubuntu2.6 dovecot-pop3d - 1:2.2.22-1ubuntu2.6 dovecot-imapd - 1:2.2.22-1ubuntu2.6 dovecot-managesieved - 1:2.2.22-1ubuntu2.6 dovecot-lucene - 1:2.2.22-1ubuntu2.6 mail-stack-delivery - 1:2.2.22-1ubuntu2.6 dovecot-gssapi - 1:2.2.22-1ubuntu2.6 dovecot-solr - 1:2.2.22-1ubuntu2.6 dovecot-lmtpd - 1:2.2.22-1ubuntu2.6 No subscription required Medium CVE-2017-15132 Ubuntu 16.04 LTS Mathias Fischer discovered that Squid incorrectly handled certain long strings in headers. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2016-2569) William Lima discovered that Squid incorrectly handled XML parsing when processing Edge Side Includes (ESI). A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2016-2570) Alex Rousskov discovered that Squid incorrectly handled response-parsing failures. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS. (CVE-2016-2571) Santiago Ruano Rincón discovered that Squid incorrectly handled certain Vary headers. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2016-3948) Louis Dion-Marcil discovered that Squid incorrectly handled certain Edge Side Includes (ESI) responses. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. (CVE-2018-1000024) Louis Dion-Marcil discovered that Squid incorrectly handled certain Edge Side Includes (ESI) responses. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. (CVE-2018-1000027) Update Instructions: Run `sudo pro fix USN-3557-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squid-common - 3.5.12-1ubuntu7.5 squid - 3.5.12-1ubuntu7.5 squid-cgi - 3.5.12-1ubuntu7.5 squid-purge - 3.5.12-1ubuntu7.5 squidclient - 3.5.12-1ubuntu7.5 squid3 - 3.5.12-1ubuntu7.5 No subscription required Medium CVE-2016-2569 CVE-2016-2570 CVE-2016-2571 CVE-2016-3948 CVE-2018-1000024 CVE-2018-1000027 Ubuntu 16.04 LTS Karim Hossen & Thomas Imbert and Nelson William Gamazo Sanchez independently discovered that systemd-resolved incorrectly handled certain DNS responses. A remote attacker could possibly use this issue to cause systemd to temporarily stop responding, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-15908) It was discovered that systemd incorrectly handled automounted volumes. A local attacker could possibly use this issue to cause applications to hang, resulting in a denial of service. (CVE-2018-1049) Update Instructions: Run `sudo pro fix USN-3558-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: systemd-coredump - 229-4ubuntu21.1 systemd - 229-4ubuntu21.1 udev-udeb - 229-4ubuntu21.1 libsystemd0 - 229-4ubuntu21.1 systemd-container - 229-4ubuntu21.1 libnss-myhostname - 229-4ubuntu21.1 libudev1-udeb - 229-4ubuntu21.1 libudev1 - 229-4ubuntu21.1 libsystemd-dev - 229-4ubuntu21.1 systemd-journal-remote - 229-4ubuntu21.1 libpam-systemd - 229-4ubuntu21.1 libnss-mymachines - 229-4ubuntu21.1 libnss-resolve - 229-4ubuntu21.1 systemd-sysv - 229-4ubuntu21.1 udev - 229-4ubuntu21.1 libudev-dev - 229-4ubuntu21.1 No subscription required Medium CVE-2017-15908 CVE-2018-1049 Ubuntu 16.04 LTS It was discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows QEMU to expose new CPU features added by microcode updates to guests on amd64, i386, and s390x. On amd64 and i386, new CPU models that match the updated microcode features were added with an -IBRS suffix. Certain environments will require guests to be switched manually to the new CPU models after microcode updates have been applied to the host. Update Instructions: Run `sudo pro fix USN-3560-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.5+dfsg-5ubuntu10.20 qemu-user-static - 1:2.5+dfsg-5ubuntu10.20 qemu-system-s390x - 1:2.5+dfsg-5ubuntu10.20 qemu-block-extra - 1:2.5+dfsg-5ubuntu10.20 qemu-kvm - 1:2.5+dfsg-5ubuntu10.20 qemu-user - 1:2.5+dfsg-5ubuntu10.20 qemu-guest-agent - 1:2.5+dfsg-5ubuntu10.20 qemu-system - 1:2.5+dfsg-5ubuntu10.20 qemu-utils - 1:2.5+dfsg-5ubuntu10.20 qemu-system-aarch64 - 1:2.5+dfsg-5ubuntu10.20 qemu-system-mips - 1:2.5+dfsg-5ubuntu10.20 qemu-user-binfmt - 1:2.5+dfsg-5ubuntu10.20 qemu-system-x86 - 1:2.5+dfsg-5ubuntu10.20 qemu-system-arm - 1:2.5+dfsg-5ubuntu10.20 qemu-system-sparc - 1:2.5+dfsg-5ubuntu10.20 qemu - 1:2.5+dfsg-5ubuntu10.20 qemu-system-ppc - 1:2.5+dfsg-5ubuntu10.20 qemu-system-misc - 1:2.5+dfsg-5ubuntu10.20 No subscription required High CVE-2017-5715 Ubuntu 16.04 LTS It was discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows libvirt to expose new CPU features added by microcode updates to guests. On amd64 and i386, new CPU models that match the updated microcode features were added with an -IBRS suffix. Certain environments will require guests to be switched manually to the new CPU models after microcode updates have been applied to the host. Update Instructions: Run `sudo pro fix USN-3561-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvirt0 - 1.3.1-1ubuntu10.17 libvirt-dev - 1.3.1-1ubuntu10.17 libvirt-doc - 1.3.1-1ubuntu10.17 libvirt-bin - 1.3.1-1ubuntu10.17 No subscription required High CVE-2017-5715 Ubuntu 16.04 LTS It was discovered that MiniUPnP incorrectly handled memory. A remote attacker could use this issue to cause a denial of service or possibly execute arbitrary code with privileges of the user running an application that uses the MiniUPnP library. Update Instructions: Run `sudo pro fix USN-3562-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libminiupnpc-dev - 1.9.20140610-2ubuntu2.16.04.2 python-miniupnpc - 1.9.20140610-2ubuntu2.16.04.2 miniupnpc - 1.9.20140610-2ubuntu2.16.04.2 libminiupnpc10 - 1.9.20140610-2ubuntu2.16.04.2 No subscription required Medium CVE-2017-1000494 Ubuntu 16.04 LTS It was discovered that Mailman incorrectly handled certain web scripts. An attacker could possibly use this to inject arbitrary code. Update Instructions: Run `sudo pro fix USN-3563-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mailman - 1:2.1.20-1ubuntu0.3 No subscription required Medium CVE-2018-5950 Ubuntu 16.04 LTS It was discovered that PostgreSQL incorrectly handled certain temp files. An attacker could possibly use this to access sensitive information. Update Instructions: Run `sudo pro fix USN-3564-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-doc-9.5 - 9.5.11-0ubuntu0.16.04 postgresql-plperl-9.5 - 9.5.11-0ubuntu0.16.04 postgresql-server-dev-9.5 - 9.5.11-0ubuntu0.16.04 postgresql-9.5 - 9.5.11-0ubuntu0.16.04 postgresql-plpython-9.5 - 9.5.11-0ubuntu0.16.04 libecpg6 - 9.5.11-0ubuntu0.16.04 postgresql-client-9.5 - 9.5.11-0ubuntu0.16.04 libpq-dev - 9.5.11-0ubuntu0.16.04 postgresql-contrib-9.5 - 9.5.11-0ubuntu0.16.04 libpgtypes3 - 9.5.11-0ubuntu0.16.04 libecpg-dev - 9.5.11-0ubuntu0.16.04 postgresql-pltcl-9.5 - 9.5.11-0ubuntu0.16.04 libpq5 - 9.5.11-0ubuntu0.16.04 postgresql-plpython3-9.5 - 9.5.11-0ubuntu0.16.04 libecpg-compat3 - 9.5.11-0ubuntu0.16.04 No subscription required Low CVE-2018-1053 Ubuntu 16.04 LTS Meh Chang discovered that Exim incorrectly handled memory in certain decoding operations. A remote attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3565-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exim4-dev - 4.86.2-2ubuntu2.3 eximon4 - 4.86.2-2ubuntu2.3 exim4 - 4.86.2-2ubuntu2.3 exim4-daemon-light - 4.86.2-2ubuntu2.3 exim4-config - 4.86.2-2ubuntu2.3 exim4-daemon-heavy - 4.86.2-2ubuntu2.3 exim4-base - 4.86.2-2ubuntu2.3 No subscription required Medium CVE-2018-6789 Ubuntu 16.04 LTS Hanno Böck discovered that WavPack incorrectly handled certain WV files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10169) Joonun Jang discovered that WavPack incorrectly handled certain RF64 files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 17.10. (CVE-2018-6767) Update Instructions: Run `sudo pro fix USN-3568-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libwavpack1 - 4.75.2-2ubuntu0.1 libwavpack-dev - 4.75.2-2ubuntu0.1 wavpack - 4.75.2-2ubuntu0.1 No subscription required Medium CVE-2016-10169 CVE-2018-6767 Ubuntu 16.04 LTS It was discovered that libvorbis incorrectly handled certain sound files. An attacker could possibly use this to execute arbitrary code. (CVE-2017-14632) It was discovered that libvorbis incorrectly handled certain sound files. An attacker could use this to cause a denial of service. (CVE-2017-14633) Update Instructions: Run `sudo pro fix USN-3569-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvorbis0a - 1.3.5-3ubuntu0.1 libvorbisfile3 - 1.3.5-3ubuntu0.1 libvorbisenc2 - 1.3.5-3ubuntu0.1 libvorbis-dev - 1.3.5-3ubuntu0.1 No subscription required Medium CVE-2017-14632 CVE-2017-14633 Ubuntu 16.04 LTS Joonun Jang discovered that AdvanceCOMP incorrectly handled certain malformed zip files. If a user or automated system were tricked into processing a specially crafted zip file, a remote attacker could cause AdvanceCOMP to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3570-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: advancecomp - 1.20-1ubuntu0.1 No subscription required Medium CVE-2018-1056 Ubuntu 16.04 LTS It was discovered that the Erlang FTP module incorrectly handled certain CRLF sequences. A remote attacker could possibly use this issue to inject arbitrary FTP commands. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-1693) It was discovered that Erlang incorrectly checked CBC padding bytes. A remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-2774) It was discovered that Erlang incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause Erlang to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-10253) Hanno Böck, Juraj Somorovsky and Craig Young discovered that the Erlang otp TLS server incorrectly handled error reporting. A remote attacker could possibly use this issue to perform a variation of the Bleichenbacher attack and decrypt traffic or sign messages. (CVE-2017-1000385) Update Instructions: Run `sudo pro fix USN-3571-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: erlang-gs - 1:18.3-dfsg-1ubuntu3.1 erlang-x11 - 1:18.3-dfsg-1ubuntu3.1 erlang-jinterface - 1:18.3-dfsg-1ubuntu3.1 erlang-asn1 - 1:18.3-dfsg-1ubuntu3.1 erlang-inets - 1:18.3-dfsg-1ubuntu3.1 erlang-snmp - 1:18.3-dfsg-1ubuntu3.1 erlang-mode - 1:18.3-dfsg-1ubuntu3.1 erlang-odbc - 1:18.3-dfsg-1ubuntu3.1 erlang-typer - 1:18.3-dfsg-1ubuntu3.1 erlang-common-test - 1:18.3-dfsg-1ubuntu3.1 erlang-examples - 1:18.3-dfsg-1ubuntu3.1 erlang-wx - 1:18.3-dfsg-1ubuntu3.1 erlang-ic - 1:18.3-dfsg-1ubuntu3.1 erlang-os-mon - 1:18.3-dfsg-1ubuntu3.1 erlang-syntax-tools - 1:18.3-dfsg-1ubuntu3.1 erlang-ssl - 1:18.3-dfsg-1ubuntu3.1 erlang-dev - 1:18.3-dfsg-1ubuntu3.1 erlang-ssh - 1:18.3-dfsg-1ubuntu3.1 erlang-ic-java - 1:18.3-dfsg-1ubuntu3.1 erlang-megaco - 1:18.3-dfsg-1ubuntu3.1 erlang-manpages - 1:18.3-dfsg-1ubuntu3.1 erlang - 1:18.3-dfsg-1ubuntu3.1 erlang-runtime-tools - 1:18.3-dfsg-1ubuntu3.1 erlang-eunit - 1:18.3-dfsg-1ubuntu3.1 erlang-tools - 1:18.3-dfsg-1ubuntu3.1 erlang-observer - 1:18.3-dfsg-1ubuntu3.1 erlang-percept - 1:18.3-dfsg-1ubuntu3.1 erlang-debugger - 1:18.3-dfsg-1ubuntu3.1 erlang-parsetools - 1:18.3-dfsg-1ubuntu3.1 erlang-public-key - 1:18.3-dfsg-1ubuntu3.1 erlang-diameter - 1:18.3-dfsg-1ubuntu3.1 erlang-corba - 1:18.3-dfsg-1ubuntu3.1 erlang-doc - 1:18.3-dfsg-1ubuntu3.1 erlang-reltool - 1:18.3-dfsg-1ubuntu3.1 erlang-xmerl - 1:18.3-dfsg-1ubuntu3.1 erlang-nox - 1:18.3-dfsg-1ubuntu3.1 erlang-test-server - 1:18.3-dfsg-1ubuntu3.1 erlang-eldap - 1:18.3-dfsg-1ubuntu3.1 erlang-src - 1:18.3-dfsg-1ubuntu3.1 erlang-edoc - 1:18.3-dfsg-1ubuntu3.1 erlang-mnesia - 1:18.3-dfsg-1ubuntu3.1 erlang-webtool - 1:18.3-dfsg-1ubuntu3.1 erlang-base-hipe - 1:18.3-dfsg-1ubuntu3.1 erlang-crypto - 1:18.3-dfsg-1ubuntu3.1 erlang-erl-docgen - 1:18.3-dfsg-1ubuntu3.1 erlang-base - 1:18.3-dfsg-1ubuntu3.1 erlang-et - 1:18.3-dfsg-1ubuntu3.1 erlang-dialyzer - 1:18.3-dfsg-1ubuntu3.1 No subscription required Medium CVE-2014-1693 CVE-2015-2774 CVE-2016-10253 CVE-2017-1000385 Ubuntu 16.04 LTS It was discovered that a double-free vulnerability existed in the Quagga BGP daemon when processing certain forms of UPDATE message. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2018-5379) It was discovered that the Quagga BGP daemon did not properly bounds check the data sent with a NOTIFY to a peer. An attacker could use this to expose sensitive information or possibly cause a denial of service. This issue only affected Ubuntu 17.10. (CVE-2018-5378) It was discovered that a table overrun vulnerability existed in the Quagga BGP daemon. An attacker in control of a configured peer could use this to possibly expose sensitive information or possibly cause a denial of service. (CVE-2018-5380) It was discovered that the Quagga BGP daemon in some configurations did not properly handle invalid OPEN messages. An attacker in control of a configured peer could use this to cause a denial of service (infinite loop). (CVE-2018-5381) Update Instructions: Run `sudo pro fix USN-3573-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: quagga - 0.99.24.1-2ubuntu1.4 quagga-doc - 0.99.24.1-2ubuntu1.4 No subscription required Medium CVE-2018-5378 CVE-2018-5379 CVE-2018-5380 CVE-2018-5381 Ubuntu 16.04 LTS It was discovered that QEMU incorrectly handled guest ram. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-11334) David Buchanan discovered that QEMU incorrectly handled the VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 17.10. (CVE-2017-13672) Thomas Garnier discovered that QEMU incorrectly handled multiboot. An attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-14167) Tuomas Tynkkynen discovered that QEMU incorrectly handled VirtFS directory sharing. An attacker could use this issue to obtain sensitive information from host memory. (CVE-2017-15038) Eric Blake discovered that QEMU incorrectly handled memory in the NBD server. An attacker could use this issue to cause the NBD server to crash, resulting in a denial of service. This issue only affected Ubuntu 17.10. (CVE-2017-15118) Eric Blake discovered that QEMU incorrectly handled certain options to the NBD server. An attacker could use this issue to cause the NBD server to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-15119) Daniel Berrange discovered that QEMU incorrectly handled the VNC server. A remote attacker could possibly use this issue to consume memory, resulting in a denial of service. This issue was only addressed in Ubuntu 17.10. (CVE-2017-15124) Carl Brassey discovered that QEMU incorrectly handled certain websockets. A remote attacker could possibly use this issue to consume memory, resulting in a denial of service. This issue only affected Ubuntu 17.10. (CVE-2017-15268) Guoxiang Niu discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-15289) Cyrille Chatras discovered that QEMU incorrectly handled certain PS2 values during migration. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-16845) It was discovered that QEMU incorrectly handled the Virtio Vring implementation. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-17381) Eric Blake discovered that QEMU incorrectly handled certain rounding operations. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-18043) Jiang Xin and Lin ZheCheng discovered that QEMU incorrectly handled the VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-5683) Update Instructions: Run `sudo pro fix USN-3575-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.5+dfsg-5ubuntu10.22 qemu-user-static - 1:2.5+dfsg-5ubuntu10.22 qemu-system-s390x - 1:2.5+dfsg-5ubuntu10.22 qemu-block-extra - 1:2.5+dfsg-5ubuntu10.22 qemu-kvm - 1:2.5+dfsg-5ubuntu10.22 qemu-user - 1:2.5+dfsg-5ubuntu10.22 qemu-guest-agent - 1:2.5+dfsg-5ubuntu10.22 qemu-system - 1:2.5+dfsg-5ubuntu10.22 qemu-utils - 1:2.5+dfsg-5ubuntu10.22 qemu-system-aarch64 - 1:2.5+dfsg-5ubuntu10.22 qemu-system-mips - 1:2.5+dfsg-5ubuntu10.22 qemu-user-binfmt - 1:2.5+dfsg-5ubuntu10.22 qemu-system-x86 - 1:2.5+dfsg-5ubuntu10.22 qemu-system-arm - 1:2.5+dfsg-5ubuntu10.22 qemu-system-sparc - 1:2.5+dfsg-5ubuntu10.22 qemu - 1:2.5+dfsg-5ubuntu10.22 qemu-system-ppc - 1:2.5+dfsg-5ubuntu10.22 qemu-system-misc - 1:2.5+dfsg-5ubuntu10.22 No subscription required Medium CVE-2017-11334 CVE-2017-13672 CVE-2017-14167 CVE-2017-15038 CVE-2017-15118 CVE-2017-15119 CVE-2017-15124 CVE-2017-15268 CVE-2017-15289 CVE-2017-16845 CVE-2017-17381 CVE-2017-18043 CVE-2018-5683 Ubuntu 16.04 LTS USN-3575-1 fixed vulnerabilities in QEMU. The fix for CVE-2017-11334 caused a regression in Xen environments. This update removes the problematic fix pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that QEMU incorrectly handled guest ram. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-11334) David Buchanan discovered that QEMU incorrectly handled the VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 17.10. (CVE-2017-13672) Thomas Garnier discovered that QEMU incorrectly handled multiboot. An attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-14167) Tuomas Tynkkynen discovered that QEMU incorrectly handled VirtFS directory sharing. An attacker could use this issue to obtain sensitive information from host memory. (CVE-2017-15038) Eric Blake discovered that QEMU incorrectly handled memory in the NBD server. An attacker could use this issue to cause the NBD server to crash, resulting in a denial of service. This issue only affected Ubuntu 17.10. (CVE-2017-15118) Eric Blake discovered that QEMU incorrectly handled certain options to the NBD server. An attacker could use this issue to cause the NBD server to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-15119) Daniel Berrange discovered that QEMU incorrectly handled the VNC server. A remote attacker could possibly use this issue to consume memory, resulting in a denial of service. This issue was only addressed in Ubuntu 17.10. (CVE-2017-15124) Carl Brassey discovered that QEMU incorrectly handled certain websockets. A remote attacker could possibly use this issue to consume memory, resulting in a denial of service. This issue only affected Ubuntu 17.10. (CVE-2017-15268) Guoxiang Niu discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-15289) Cyrille Chatras discovered that QEMU incorrectly handled certain PS2 values during migration. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-16845) It was discovered that QEMU incorrectly handled the Virtio Vring implementation. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-17381) Eric Blake discovered that QEMU incorrectly handled certain rounding operations. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-18043) Jiang Xin and Lin ZheCheng discovered that QEMU incorrectly handled the VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-5683) Update Instructions: Run `sudo pro fix USN-3575-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.5+dfsg-5ubuntu10.24 qemu-user-static - 1:2.5+dfsg-5ubuntu10.24 qemu-system-s390x - 1:2.5+dfsg-5ubuntu10.24 qemu-block-extra - 1:2.5+dfsg-5ubuntu10.24 qemu-kvm - 1:2.5+dfsg-5ubuntu10.24 qemu-user - 1:2.5+dfsg-5ubuntu10.24 qemu-guest-agent - 1:2.5+dfsg-5ubuntu10.24 qemu-system - 1:2.5+dfsg-5ubuntu10.24 qemu-utils - 1:2.5+dfsg-5ubuntu10.24 qemu-system-aarch64 - 1:2.5+dfsg-5ubuntu10.24 qemu-system-mips - 1:2.5+dfsg-5ubuntu10.24 qemu-user-binfmt - 1:2.5+dfsg-5ubuntu10.24 qemu-system-x86 - 1:2.5+dfsg-5ubuntu10.24 qemu-system-arm - 1:2.5+dfsg-5ubuntu10.24 qemu-system-sparc - 1:2.5+dfsg-5ubuntu10.24 qemu - 1:2.5+dfsg-5ubuntu10.24 qemu-system-ppc - 1:2.5+dfsg-5ubuntu10.24 qemu-system-misc - 1:2.5+dfsg-5ubuntu10.24 No subscription required None https://launchpad.net/bugs/1752761 Ubuntu 16.04 LTS Vivian Zhang and Christoph Anton Mitterer discovered that libvirt incorrectly disabled password authentication when the VNC password was set to an empty string. A remote attacker could possibly use this issue to bypass authentication, contrary to expectations. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5008) Daniel P. Berrange discovered that libvirt incorrectly handled validating SSL/TLS certificates. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 17.10. (CVE-2017-1000256) Daniel P. Berrange and Peter Krempa discovered that libvirt incorrectly handled large QEMU replies. An attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. (CVE-2018-5748) Pedro Sampaio discovered that libvirt incorrectly handled the libnss_dns.so module. An attacker in a libvirt_lxc session could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-6764) Update Instructions: Run `sudo pro fix USN-3576-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvirt0 - 1.3.1-1ubuntu10.19 libvirt-dev - 1.3.1-1ubuntu10.19 libvirt-doc - 1.3.1-1ubuntu10.19 libvirt-bin - 1.3.1-1ubuntu10.19 No subscription required Low CVE-2016-5008 CVE-2017-1000256 CVE-2018-5748 CVE-2018-6764 Ubuntu 16.04 LTS Jann Horn discovered that CUPS permitted HTTP requests with the Host header set to "localhost.localdomain" from the loopback interface. If a user were tricked in to opening a specially crafted website in their web browser, an attacker could potentially exploit this to obtain sensitive information or control printers, via a DNS rebinding attack. (CVE-2017-18190) Update Instructions: Run `sudo pro fix USN-3577-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcupscgi1 - 2.1.3-4ubuntu0.4 libcups2-dev - 2.1.3-4ubuntu0.4 cups-bsd - 2.1.3-4ubuntu0.4 libcupsmime1 - 2.1.3-4ubuntu0.4 cups-common - 2.1.3-4ubuntu0.4 cups-core-drivers - 2.1.3-4ubuntu0.4 cups-server-common - 2.1.3-4ubuntu0.4 libcupsimage2 - 2.1.3-4ubuntu0.4 cups-client - 2.1.3-4ubuntu0.4 libcupscgi1-dev - 2.1.3-4ubuntu0.4 cups-ipp-utils - 2.1.3-4ubuntu0.4 libcups2 - 2.1.3-4ubuntu0.4 libcupsmime1-dev - 2.1.3-4ubuntu0.4 cups-ppdc - 2.1.3-4ubuntu0.4 libcupsppdc1 - 2.1.3-4ubuntu0.4 cups - 2.1.3-4ubuntu0.4 libcupsppdc1-dev - 2.1.3-4ubuntu0.4 libcupsimage2-dev - 2.1.3-4ubuntu0.4 cups-daemon - 2.1.3-4ubuntu0.4 No subscription required Medium CVE-2017-18190 Ubuntu 16.04 LTS It was discovered that =WEBSERVICE calls in a document could be used to read arbitrary files. If a user were tricked in to opening a specially crafted document, a remote attacker could exploit this to obtain sensitive information. (CVE-2018-6871) Update Instructions: Run `sudo pro fix USN-3579-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libreoffice-mysql-connector - 1.0.2+LibO5.1.6~rc2-0ubuntu1~xenial3 No subscription required libreoffice-wiki-publisher - 1.2.0+LibO5.1.6~rc2-0ubuntu1~xenial3 No subscription required libreoffice-impress - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-officebean - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-base - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-librelogo - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-java-common - 1:5.1.6~rc2-0ubuntu1~xenial3 gir1.2-lokdocview-0.1 - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-subsequentcheckbase - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-style-elementary - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-kde - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-style-galaxy - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-style-hicontrast - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-core - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-script-provider-bsh - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-avmedia-backend-gstreamer - 1:5.1.6~rc2-0ubuntu1~xenial3 libreofficekit-dev - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-script-provider-python - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-common - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-gnome - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-dev - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-gtk3 - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-report-builder - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-pdfimport - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-base-core - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-ogltrans - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-sdbc-hsqldb - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-gtk - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-calc - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-base-drivers - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-style-oxygen - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-style-tango - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-style-human - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-sdbc-firebird - 1:5.1.6~rc2-0ubuntu1~xenial3 python3-uno - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-math - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-writer - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-report-builder-bin - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-style-breeze - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-script-provider-js - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-draw - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-style-sifr - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-dev-doc - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-l10n-in - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-l10n-za - 1:5.1.6~rc2-0ubuntu1~xenial3 libreoffice-sdbc-postgresql - 1:5.1.6~rc2-0ubuntu1~xenial3 No subscription required fonts-opensymbol - 2:102.7+LibO5.1.6~rc2-0ubuntu1~xenial3 No subscription required uno-libs3 - 5.1.6~rc2-0ubuntu1~xenial3 ure - 5.1.6~rc2-0ubuntu1~xenial3 No subscription required High CVE-2018-6871 Ubuntu 16.04 LTS USN-3581-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2017-17712) ChunYu Wang discovered that a use-after-free vulnerability existed in the SCTP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code, (CVE-2017-15115) Mohamed Ghannam discovered a use-after-free vulnerability in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-8824) USN-3541-2 mitigated CVE-2017-5715 (Spectre Variant 2) for the amd64 architecture in Ubuntu 16.04 LTS. This update provides the compiler-based retpoline kernel mitigation for the amd64 and i386 architectures. Original advisory details: Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5715) Update Instructions: Run `sudo pro fix USN-3581-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-4.13.0-1011-azure - 4.13.0-1011.14 linux-image-4.13.0-1011-azure - 4.13.0-1011.14 No subscription required linux-image-4.13.0-1011-gcp - 4.13.0-1011.15 linux-image-extra-4.13.0-1011-gcp - 4.13.0-1011.15 No subscription required linux-image-4.13.0-1021-oem - 4.13.0-1021.23 No subscription required linux-image-4.13.0-36-generic - 4.13.0-36.40~16.04.1 linux-image-4.13.0-36-lowlatency - 4.13.0-36.40~16.04.1 linux-image-4.13.0-36-generic-lpae - 4.13.0-36.40~16.04.1 linux-image-extra-4.13.0-36-generic - 4.13.0-36.40~16.04.1 No subscription required High CVE-2017-15115 CVE-2017-17712 CVE-2017-5715 CVE-2017-8824 Ubuntu 16.04 LTS Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2017-17712) Laurent Guerby discovered that the mbcache feature in the ext2 and ext4 filesystems in the Linux kernel improperly handled xattr block caching. A local attacker could use this to cause a denial of service. (CVE-2015-8952) Vitaly Mayatskikh discovered that the SCSI subsystem in the Linux kernel did not properly track reference counts when merging buffers. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2017-12190) ChunYu Wang discovered that a use-after-free vulnerability existed in the SCTP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code, (CVE-2017-15115) Mohamed Ghannam discovered a use-after-free vulnerability in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-8824) USN-3540-1 mitigated CVE-2017-5715 (Spectre Variant 2) for the amd64 architecture in Ubuntu 16.04 LTS. This update provides the compiler-based retpoline kernel mitigation for the amd64 and i386 architectures. Original advisory details: Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5715) Update Instructions: Run `sudo pro fix USN-3582-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1019-kvm - 4.4.0-1019.24 No subscription required linux-image-4.4.0-1052-aws - 4.4.0-1052.61 No subscription required linux-image-4.4.0-1085-raspi2 - 4.4.0-1085.93 No subscription required linux-image-4.4.0-1087-snapdragon - 4.4.0-1087.92 No subscription required linux-image-4.4.0-116-powerpc64-smp - 4.4.0-116.140 linux-image-extra-4.4.0-116-generic - 4.4.0-116.140 linux-image-4.4.0-116-lowlatency - 4.4.0-116.140 linux-image-4.4.0-116-generic - 4.4.0-116.140 linux-image-4.4.0-116-generic-lpae - 4.4.0-116.140 linux-image-4.4.0-116-powerpc-e500mc - 4.4.0-116.140 linux-image-4.4.0-116-powerpc64-emb - 4.4.0-116.140 linux-image-4.4.0-116-powerpc-smp - 4.4.0-116.140 No subscription required High CVE-2015-8952 CVE-2017-12190 CVE-2017-15115 CVE-2017-17712 CVE-2017-5715 CVE-2017-8824 Ubuntu 16.04 LTS Gabriel Corona discovered that sensible-utils incorrectly validated strings when launcher a browser with the sensible-browser tool. A remote attacker could possibly use this issue with a specially crafted URL to conduct an argument injection attack and execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3584-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sensible-utils - 0.0.9ubuntu0.16.04.1 No subscription required Medium CVE-2017-17512 Ubuntu 16.04 LTS It was discovered that Twisted incorrectly handled certain HTTP requests. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3585-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: twisted-doc - 16.0.0-1ubuntu0.2 python-twisted-news - 16.0.0-1ubuntu0.2 python3-twisted - 16.0.0-1ubuntu0.2 python-twisted-names - 16.0.0-1ubuntu0.2 python-twisted-words - 16.0.0-1ubuntu0.2 python-twisted-runner - 16.0.0-1ubuntu0.2 python-twisted-core - 16.0.0-1ubuntu0.2 python-twisted-web - 16.0.0-1ubuntu0.2 python-twisted - 16.0.0-1ubuntu0.2 python-twisted-mail - 16.0.0-1ubuntu0.2 python-twisted-bin - 16.0.0-1ubuntu0.2 No subscription required python-twisted-conch - 1:16.0.0-1ubuntu0.2 No subscription required Low CVE-2016-1000111 Ubuntu 16.04 LTS Konstantin Orekhov discovered that the DHCP server incorrectly handled a large number of concurrent TCP sessions. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-2774) It was discovered that the DHCP server incorrectly handled socket descriptors. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2017-3144) Felix Wilhelm discovered that the DHCP client incorrectly handled certain malformed responses. A remote attacker could use this issue to cause the DHCP client to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the dhclient AppArmor profile. (CVE-2018-5732) Felix Wilhelm discovered that the DHCP server incorrectly handled reference counting. A remote attacker could possibly use this issue to cause the DHCP server to crash, resulting in a denial of service. (CVE-2018-5733) Update Instructions: Run `sudo pro fix USN-3586-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: isc-dhcp-relay - 4.3.3-5ubuntu12.9 isc-dhcp-client-ddns - 4.3.3-5ubuntu12.9 isc-dhcp-dev - 4.3.3-5ubuntu12.9 isc-dhcp-client - 4.3.3-5ubuntu12.9 isc-dhcp-common - 4.3.3-5ubuntu12.9 isc-dhcp-server - 4.3.3-5ubuntu12.9 isc-dhcp-client-udeb - 4.3.3-5ubuntu12.9 isc-dhcp-server-ldap - 4.3.3-5ubuntu12.9 No subscription required Medium CVE-2016-2774 CVE-2017-3144 CVE-2018-5732 CVE-2018-5733 Ubuntu 16.04 LTS It was discovered that Dovecot incorrectly handled parsing certain email addresses. A remote attacker could use this issue to cause Dovecot to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2017-14461) It was discovered that Dovecot incorrectly handled TLS SNI config lookups. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service. (CVE-2017-15130) Update Instructions: Run `sudo pro fix USN-3587-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dovecot-pgsql - 1:2.2.22-1ubuntu2.7 dovecot-mysql - 1:2.2.22-1ubuntu2.7 dovecot-sieve - 1:2.2.22-1ubuntu2.7 dovecot-core - 1:2.2.22-1ubuntu2.7 dovecot-ldap - 1:2.2.22-1ubuntu2.7 dovecot-sqlite - 1:2.2.22-1ubuntu2.7 dovecot-dev - 1:2.2.22-1ubuntu2.7 dovecot-pop3d - 1:2.2.22-1ubuntu2.7 dovecot-imapd - 1:2.2.22-1ubuntu2.7 dovecot-managesieved - 1:2.2.22-1ubuntu2.7 dovecot-lucene - 1:2.2.22-1ubuntu2.7 mail-stack-delivery - 1:2.2.22-1ubuntu2.7 dovecot-gssapi - 1:2.2.22-1ubuntu2.7 dovecot-solr - 1:2.2.22-1ubuntu2.7 dovecot-lmtpd - 1:2.2.22-1ubuntu2.7 No subscription required Medium CVE-2017-14461 CVE-2017-15130 Ubuntu 16.04 LTS Daniel Shapira discovered an integer overflow issue in Memcached. A remote attacker could use this to cause a denial of service (daemon crash). (CVE-2017-9951) It was discovered that Memcached listened to UDP by default. A remote attacker could use this as part of a distributed denial of service attack. (CVE-2018-1000115) Update Instructions: Run `sudo pro fix USN-3588-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: memcached - 1.4.25-2ubuntu1.3 No subscription required Low CVE-2017-9951 CVE-2018-1000115 Ubuntu 16.04 LTS It was discovered that PostgreSQL incorrectly handled certain settings. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3589-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-doc-9.5 - 9.5.12-0ubuntu0.16.04 postgresql-plperl-9.5 - 9.5.12-0ubuntu0.16.04 postgresql-server-dev-9.5 - 9.5.12-0ubuntu0.16.04 postgresql-9.5 - 9.5.12-0ubuntu0.16.04 postgresql-plpython-9.5 - 9.5.12-0ubuntu0.16.04 libecpg6 - 9.5.12-0ubuntu0.16.04 postgresql-client-9.5 - 9.5.12-0ubuntu0.16.04 libpq-dev - 9.5.12-0ubuntu0.16.04 postgresql-contrib-9.5 - 9.5.12-0ubuntu0.16.04 libpgtypes3 - 9.5.12-0ubuntu0.16.04 libecpg-dev - 9.5.12-0ubuntu0.16.04 postgresql-pltcl-9.5 - 9.5.12-0ubuntu0.16.04 libpq5 - 9.5.12-0ubuntu0.16.04 postgresql-plpython3-9.5 - 9.5.12-0ubuntu0.16.04 libecpg-compat3 - 9.5.12-0ubuntu0.16.04 No subscription required Medium CVE-2018-1058 https://launchpad.net/bugs/1752271 Ubuntu 16.04 LTS It was discovered that Irssi incorrectly handled certain empty nick names. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-7050) It was discovered that Irssi incorrectly handled certain nick names. An attacker could possibly use this to access sensitive information. (CVE-2018-7051) It was discovered that Irssi incorrectly handled an increase in the number of windows. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-7052) It was discovered that Irssi incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-7053) It was discovered that Irssi incorrectly handled certain disconnections. An attacker could possibly use this to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 17.10. (CVE-2018-7054) Update Instructions: Run `sudo pro fix USN-3590-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: irssi-dev - 0.8.19-1ubuntu1.7 irssi - 0.8.19-1ubuntu1.7 No subscription required Medium CVE-2018-7050 CVE-2018-7051 CVE-2018-7052 CVE-2018-7053 CVE-2018-7054 Ubuntu 16.04 LTS James Davis discovered that Django incorrectly handled certain template filters. A remote attacker could possibly use this issue to cause Django to consume resources, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3591-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1.8.7-1ubuntu5.6 python-django-doc - 1.8.7-1ubuntu5.6 python-django-common - 1.8.7-1ubuntu5.6 python-django - 1.8.7-1ubuntu5.6 No subscription required Medium CVE-2018-7536 CVE-2018-7537 Ubuntu 16.04 LTS It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-0202) Hanno Böck discovered that ClamAV incorrectly handled parsing certain XAR files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2018-1000085) Update Instructions: Run `sudo pro fix USN-3592-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.99.4+addedllvm-0ubuntu0.16.04.1 clamav-testfiles - 0.99.4+addedllvm-0ubuntu0.16.04.1 clamav-base - 0.99.4+addedllvm-0ubuntu0.16.04.1 clamav - 0.99.4+addedllvm-0ubuntu0.16.04.1 libclamav7 - 0.99.4+addedllvm-0ubuntu0.16.04.1 clamav-daemon - 0.99.4+addedllvm-0ubuntu0.16.04.1 clamav-milter - 0.99.4+addedllvm-0ubuntu0.16.04.1 clamav-docs - 0.99.4+addedllvm-0ubuntu0.16.04.1 clamav-freshclam - 0.99.4+addedllvm-0ubuntu0.16.04.1 clamdscan - 0.99.4+addedllvm-0ubuntu0.16.04.1 No subscription required Medium CVE-2018-0202 CVE-2018-1000085 Ubuntu 16.04 LTS It was discovered that Zsh incorrectly handled certain enviroment variables. An attacker could possibly use this issue to gain privileged access to the system. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-10070) It was discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-10071) It was discovered that Zsh incorrectly handled some symbolic links. An attacker could possibly use this to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-10072) It was discovered that Zsh incorrectly handled certain errors. An attacker could possibly use this issue to cause a denial of service. (CVE-2016-10714) It was discovered that Zsh incorrectly handled certain commands. An attacker could possibly use this to execute arbitrary code. (CVE-2017-18205) It was discovered that Zsh incorrectly handled certain symlinks. An attacker could possibly use this to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-18206) It was discovered that Zsh incorrectly handled certain inputs. An attacker could possible use to execute arbitrary code. This issue only affected Ubuntu 17.10. (CVE-2018-7548) It was discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service. (CVE-2018-7549) Update Instructions: Run `sudo pro fix USN-3593-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: zsh-static - 5.1.1-1ubuntu2.1 zsh-common - 5.1.1-1ubuntu2.1 zsh-dev - 5.1.1-1ubuntu2.1 zsh - 5.1.1-1ubuntu2.1 zsh-doc - 5.1.1-1ubuntu2.1 No subscription required Medium CVE-2014-10070 CVE-2014-10071 CVE-2014-10072 CVE-2016-10714 CVE-2017-18205 CVE-2017-18206 CVE-2018-7548 CVE-2018-7549 Ubuntu 16.04 LTS Björn Baumbach discovered that Samba incorrectly validated permissions when changing account passwords via LDAP. An authenticated attacker could use this issue to change the password of other users, including administrators, and perform actions as those users. (CVE-2018-1057) It was discovered that Samba incorrectly validated inputs to the RPC spoolss service. An authenticated attacker could use this issue to cause the service to crash, resulting in a denial of service. (CVE-2018-1050) Update Instructions: Run `sudo pro fix USN-3595-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.16.04.13 samba - 2:4.3.11+dfsg-0ubuntu0.16.04.13 libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.13 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.13 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.13 smbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.13 python-samba - 2:4.3.11+dfsg-0ubuntu0.16.04.13 winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.13 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.16.04.13 samba-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.13 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.16.04.13 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.16.04.13 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.13 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.13 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.13 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.13 samba-common - 2:4.3.11+dfsg-0ubuntu0.16.04.13 registry-tools - 2:4.3.11+dfsg-0ubuntu0.16.04.13 samba-libs - 2:4.3.11+dfsg-0ubuntu0.16.04.13 ctdb - 2:4.3.11+dfsg-0ubuntu0.16.04.13 No subscription required High CVE-2018-1050 CVE-2018-1057 Ubuntu 16.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or opening new tabs, escape the sandbox, bypass same-origin restrictions, obtain sensitive information, confuse the user with misleading permission requests, or execute arbitrary code. (CVE-2018-5125, CVE-2018-5126, CVE-2018-5127, CVE-2018-5128, CVE-2018-5129, CVE-2018-5130, CVE-2018-5136, CVE-2018-5137, CVE-2018-5140, CVE-2018-5141, CVE-2018-5142) It was discovered that the fetch() API could incorrectly return cached copies of no-store/no-cache resources in some circumstances. A local attacker could potentially exploit this to obtain sensitive information in environments where multiple users share a common profile. (CVE-2018-5131) Multiple security issues were discovered with WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to obtain sensitive information or bypass security restrictions. (CVE-2018-5132, CVE-2018-5134, CVE-2018-5135) It was discovered that the value of app.support.baseURL is not sanitized properly. If a malicious local application were to set this to a specially crafted value, an attacker could potentially exploit this to execute arbitrary code. (CVE-2018-5133) It was discovered that javascript: URLs with embedded tab characters could be pasted in to the addressbar. If a user were tricked in to copying a specially crafted URL in to the addressbar, an attacker could exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2018-5143) Update Instructions: Run `sudo pro fix USN-3596-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-nn - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-ne - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-nb - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-fa - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-fi - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-fr - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-fy - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-or - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-kab - 59.0+build5-0ubuntu0.16.04.1 firefox-testsuite - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-oc - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-cs - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-ga - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-gd - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-gn - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-gl - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-gu - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-pa - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-pl - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-cy - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-pt - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-hi - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-uk - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-he - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-hy - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-hr - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-hu - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-as - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-ar - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-ia - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-az - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-id - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-mai - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-af - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-is - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-it - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-an - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-bs - 59.0+build5-0ubuntu0.16.04.1 firefox - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-ro - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-ja - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-ru - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-br - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-zh-hant - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-zh-hans - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-bn - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-be - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-bg - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-sl - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-sk - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-si - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-sw - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-sv - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-sr - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-sq - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-ko - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-kn - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-km - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-kk - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-ka - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-xh - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-ca - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-ku - 59.0+build5-0ubuntu0.16.04.1 firefox-mozsymbols - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-lv - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-lt - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-th - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-hsb - 59.0+build5-0ubuntu0.16.04.1 firefox-dev - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-te - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-cak - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-ta - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-lg - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-tr - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-nso - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-de - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-da - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-ms - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-mr - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-my - 59.0+build5-0ubuntu0.16.04.1 firefox-globalmenu - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-uz - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-ml - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-mn - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-mk - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-ur - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-vi - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-eu - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-et - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-es - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-csb - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-el - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-eo - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-en - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-zu - 59.0+build5-0ubuntu0.16.04.1 firefox-locale-ast - 59.0+build5-0ubuntu0.16.04.1 No subscription required Medium CVE-2018-5125 CVE-2018-5126 CVE-2018-5127 CVE-2018-5128 CVE-2018-5129 CVE-2018-5130 CVE-2018-5131 CVE-2018-5132 CVE-2018-5133 CVE-2018-5134 CVE-2018-5135 CVE-2018-5136 CVE-2018-5137 CVE-2018-5140 CVE-2018-5141 CVE-2018-5142 CVE-2018-5143 Ubuntu 16.04 LTS USN-3596-1 fixed vulnerabilities in Firefox. The update caused an issue where it was not possible to customize the toolbars when running Firefox in Unity. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or opening new tabs, escape the sandbox, bypass same-origin restrictions, obtain sensitive information, confuse the user with misleading permission requests, or execute arbitrary code. (CVE-2018-5125, CVE-2018-5126, CVE-2018-5127, CVE-2018-5128, CVE-2018-5129, CVE-2018-5130, CVE-2018-5136, CVE-2018-5137, CVE-2018-5140, CVE-2018-5141, CVE-2018-5142) It was discovered that the fetch() API could incorrectly return cached copies of no-store/no-cache resources in some circumstances. A local attacker could potentially exploit this to obtain sensitive information in environments where multiple users share a common profile. (CVE-2018-5131) Multiple security issues were discovered with WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to obtain sensitive information or bypass security restrictions. (CVE-2018-5132, CVE-2018-5134, CVE-2018-5135) It was discovered that the value of app.support.baseURL is not sanitized properly. If a malicious local application were to set this to a specially crafted value, an attacker could potentially exploit this to execute arbitrary code. (CVE-2018-5133) It was discovered that javascript: URLs with embedded tab characters could be pasted in to the addressbar. If a user were tricked in to copying a specially crafted URL in to the addressbar, an attacker could exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2018-5143) Update Instructions: Run `sudo pro fix USN-3596-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-nn - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-ne - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-nb - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-fa - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-fi - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-fr - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-fy - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-or - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-kab - 59.0.2+build1-0ubuntu0.16.04.3 firefox-testsuite - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-oc - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-cs - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-ga - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-gd - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-gn - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-gl - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-gu - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-pa - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-pl - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-cy - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-pt - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-hi - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-uk - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-he - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-hy - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-hr - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-hu - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-as - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-ar - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-ia - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-az - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-id - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-mai - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-af - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-is - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-it - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-an - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-bs - 59.0.2+build1-0ubuntu0.16.04.3 firefox - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-ro - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-ja - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-ru - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-br - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-zh-hant - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-zh-hans - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-bn - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-be - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-bg - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-sl - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-sk - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-si - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-sw - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-sv - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-sr - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-sq - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-ko - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-kn - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-km - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-kk - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-ka - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-xh - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-ca - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-ku - 59.0.2+build1-0ubuntu0.16.04.3 firefox-mozsymbols - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-lv - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-lt - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-th - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-hsb - 59.0.2+build1-0ubuntu0.16.04.3 firefox-dev - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-te - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-cak - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-ta - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-lg - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-tr - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-nso - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-de - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-da - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-ms - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-mr - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-my - 59.0.2+build1-0ubuntu0.16.04.3 firefox-globalmenu - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-uz - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-ml - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-mn - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-mk - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-ur - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-vi - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-eu - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-et - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-es - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-csb - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-el - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-eo - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-en - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-zu - 59.0.2+build1-0ubuntu0.16.04.3 firefox-locale-ast - 59.0.2+build1-0ubuntu0.16.04.3 No subscription required None https://launchpad.net/bugs/1758107 Ubuntu 16.04 LTS USN-3597-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. USNS 3541-2 and 3523-2 provided mitigations for Spectre and Meltdown (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) for the i386, amd64, and ppc64el architectures for Ubuntu 16.04 LTS. This update provides the corresponding mitigations for the arm64 architecture. Original advisory details: Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5754) Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5715, CVE-2017-5753) Update Instructions: Run `sudo pro fix USN-3597-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.13.0-37-generic-lpae - 4.13.0-37.42~16.04.1 linux-image-extra-4.13.0-37-generic - 4.13.0-37.42~16.04.1 linux-image-4.13.0-37-lowlatency - 4.13.0-37.42~16.04.1 linux-image-4.13.0-37-generic - 4.13.0-37.42~16.04.1 No subscription required Critical CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 https://usn.ubuntu.com/3541-2/ https://usn.ubuntu.com/3523-2/ Ubuntu 16.04 LTS Phan Thanh discovered that curl incorrectly handled certain FTP paths. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2018-1000120) Dario Weisser discovered that curl incorrectly handled certain LDAP URLs. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-1000121) Max Dymond discovered that curl incorrectly handled certain RTSP data. An attacker could possibly use this to cause a denial of service or even to get access to sensitive data. (CVE-2018-1000122) Update Instructions: Run `sudo pro fix USN-3598-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.47.0-1ubuntu2.7 libcurl4-openssl-dev - 7.47.0-1ubuntu2.7 libcurl3-gnutls - 7.47.0-1ubuntu2.7 libcurl4-doc - 7.47.0-1ubuntu2.7 libcurl3-nss - 7.47.0-1ubuntu2.7 libcurl4-nss-dev - 7.47.0-1ubuntu2.7 libcurl3 - 7.47.0-1ubuntu2.7 curl - 7.47.0-1ubuntu2.7 No subscription required Medium CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 Ubuntu 16.04 LTS An out-of-bounds write was discovered when processing Vorbis audio data. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code. (CVE-2018-5146) Update Instructions: Run `sudo pro fix USN-3599-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nn - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ne - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nb - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fa - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fi - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fr - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fy - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-or - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kab - 59.0.1+build1-0ubuntu0.16.04.1 firefox-testsuite - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-oc - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cs - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ga - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gd - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gn - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gl - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gu - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pa - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pl - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cy - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pt - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hi - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-uk - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-he - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hy - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hr - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hu - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-as - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ar - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ia - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-az - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-id - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mai - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-af - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-is - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-it - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-an - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bs - 59.0.1+build1-0ubuntu0.16.04.1 firefox - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ro - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ja - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ru - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-br - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zh-hant - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zh-hans - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bn - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-be - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bg - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sl - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sk - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-si - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sw - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sv - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sr - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sq - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ko - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kn - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-km - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kk - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ka - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-xh - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ca - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ku - 59.0.1+build1-0ubuntu0.16.04.1 firefox-mozsymbols - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lv - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lt - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-th - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hsb - 59.0.1+build1-0ubuntu0.16.04.1 firefox-dev - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-te - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cak - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ta - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lg - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-tr - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nso - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-de - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-da - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ms - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mr - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-my - 59.0.1+build1-0ubuntu0.16.04.1 firefox-globalmenu - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-uz - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ml - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mn - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mk - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ur - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-vi - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-eu - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-et - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-es - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-csb - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-el - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-eo - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-en - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zu - 59.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ast - 59.0.1+build1-0ubuntu0.16.04.1 No subscription required Medium CVE-2018-5146 Ubuntu 16.04 LTS It was discovered that PHP incorrectly handled certain stream metadata. A remote attacker could possibly use this issue to set arbitrary metadata. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-10712) It was discovered that PHP incorrectly handled the PHAR 404 error page. A remote attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-5712) It was discovered that PHP incorrectly handled parsing certain HTTP responses. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-7584) Update Instructions: Run `sudo pro fix USN-3600-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.0-cgi - 7.0.28-0ubuntu0.16.04.1 php7.0-mcrypt - 7.0.28-0ubuntu0.16.04.1 php7.0-xsl - 7.0.28-0ubuntu0.16.04.1 php7.0-fpm - 7.0.28-0ubuntu0.16.04.1 libphp7.0-embed - 7.0.28-0ubuntu0.16.04.1 php7.0-phpdbg - 7.0.28-0ubuntu0.16.04.1 php7.0-curl - 7.0.28-0ubuntu0.16.04.1 php7.0-ldap - 7.0.28-0ubuntu0.16.04.1 php7.0-mbstring - 7.0.28-0ubuntu0.16.04.1 php7.0-gmp - 7.0.28-0ubuntu0.16.04.1 php7.0-sqlite3 - 7.0.28-0ubuntu0.16.04.1 php7.0-gd - 7.0.28-0ubuntu0.16.04.1 php7.0-common - 7.0.28-0ubuntu0.16.04.1 php7.0-enchant - 7.0.28-0ubuntu0.16.04.1 php7.0-odbc - 7.0.28-0ubuntu0.16.04.1 php7.0-cli - 7.0.28-0ubuntu0.16.04.1 php7.0-json - 7.0.28-0ubuntu0.16.04.1 php7.0-pgsql - 7.0.28-0ubuntu0.16.04.1 libapache2-mod-php7.0 - 7.0.28-0ubuntu0.16.04.1 php7.0-zip - 7.0.28-0ubuntu0.16.04.1 php7.0-mysql - 7.0.28-0ubuntu0.16.04.1 php7.0-dba - 7.0.28-0ubuntu0.16.04.1 php7.0-sybase - 7.0.28-0ubuntu0.16.04.1 php7.0-pspell - 7.0.28-0ubuntu0.16.04.1 php7.0-xml - 7.0.28-0ubuntu0.16.04.1 php7.0-bz2 - 7.0.28-0ubuntu0.16.04.1 php7.0-recode - 7.0.28-0ubuntu0.16.04.1 php7.0-soap - 7.0.28-0ubuntu0.16.04.1 php7.0 - 7.0.28-0ubuntu0.16.04.1 php7.0-tidy - 7.0.28-0ubuntu0.16.04.1 php7.0-interbase - 7.0.28-0ubuntu0.16.04.1 php7.0-opcache - 7.0.28-0ubuntu0.16.04.1 php7.0-readline - 7.0.28-0ubuntu0.16.04.1 php7.0-intl - 7.0.28-0ubuntu0.16.04.1 php7.0-imap - 7.0.28-0ubuntu0.16.04.1 php7.0-xmlrpc - 7.0.28-0ubuntu0.16.04.1 php7.0-bcmath - 7.0.28-0ubuntu0.16.04.1 php7.0-dev - 7.0.28-0ubuntu0.16.04.1 php7.0-snmp - 7.0.28-0ubuntu0.16.04.1 No subscription required Medium CVE-2016-10712 CVE-2018-5712 CVE-2018-7584 Ubuntu 16.04 LTS It was discovered that Memcached incorrectly handled reusing certain items. A remote attacker could possibly use this issue to cause Memcached to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3601-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: memcached - 1.4.25-2ubuntu1.4 No subscription required Medium CVE-2018-1000127 Ubuntu 16.04 LTS It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Update Instructions: Run `sudo pro fix USN-3602-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.6-1ubuntu0.3 libtiffxx5 - 4.0.6-1ubuntu0.3 libtiff5-dev - 4.0.6-1ubuntu0.3 libtiff5 - 4.0.6-1ubuntu0.3 libtiff-tools - 4.0.6-1ubuntu0.3 libtiff-doc - 4.0.6-1ubuntu0.3 No subscription required Medium CVE-2016-10266 CVE-2016-10267 CVE-2016-10268 CVE-2016-10269 CVE-2016-10371 CVE-2017-10688 CVE-2017-11335 CVE-2017-12944 CVE-2017-13726 CVE-2017-13727 CVE-2017-18013 CVE-2017-7592 CVE-2017-7593 CVE-2017-7594 CVE-2017-7595 CVE-2017-7596 CVE-2017-7597 CVE-2017-7598 CVE-2017-7599 CVE-2017-7600 CVE-2017-7601 CVE-2017-7602 CVE-2017-9403 CVE-2017-9404 CVE-2017-9815 CVE-2017-9936 CVE-2018-5784 Ubuntu 16.04 LTS Matthijs Kooijman discovered that Paramiko's SSH server implementation did not properly require authentication before processing requests. An unauthenticated remote attacker could possibly use this to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3603-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-paramiko - 1.16.0-1ubuntu0.1 paramiko-doc - 1.16.0-1ubuntu0.1 python-paramiko - 1.16.0-1ubuntu0.1 No subscription required High CVE-2018-7750 Ubuntu 16.04 LTS Richard Zhu discovered that libvorbis incorrectly handled certain sound files. An attacker could use this to cause libvorbis to crash, resulting in a denial or service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3604-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvorbis0a - 1.3.5-3ubuntu0.2 libvorbisfile3 - 1.3.5-3ubuntu0.2 libvorbisenc2 - 1.3.5-3ubuntu0.2 libvorbis-dev - 1.3.5-3ubuntu0.2 No subscription required Medium CVE-2018-5146 Ubuntu 16.04 LTS It was discovered that Sharutils incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3605-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sharutils - 1:4.15.2-1ubuntu0.1 sharutils-doc - 1:4.15.2-1ubuntu0.1 No subscription required Medium CVE-2018-1000097 Ubuntu 16.04 LTS It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Update Instructions: Run `sudo pro fix USN-3606-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.6-1ubuntu0.4 libtiffxx5 - 4.0.6-1ubuntu0.4 libtiff5-dev - 4.0.6-1ubuntu0.4 libtiff5 - 4.0.6-1ubuntu0.4 libtiff-tools - 4.0.6-1ubuntu0.4 libtiff-doc - 4.0.6-1ubuntu0.4 No subscription required Medium CVE-2016-3186 CVE-2016-5102 CVE-2016-5318 CVE-2017-11613 CVE-2017-12944 CVE-2017-17095 CVE-2017-18013 CVE-2017-5563 CVE-2017-9117 CVE-2017-9147 CVE-2017-9935 CVE-2018-5784 Ubuntu 16.04 LTS It was discovered that Screen Resolution Extra was using PolicyKit in an unsafe manner. A local attacker could potentially exploit this issue to bypass intended PolicyKit authorizations. Update Instructions: Run `sudo pro fix USN-3607-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: screen-resolution-extra - 0.17.1.1~16.04.1 No subscription required Medium CVE-2018-8885 Ubuntu 16.04 LTS Richard Maciel Costa discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service. (CVE-2018-1071) It was discovered that Zsh incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. (CVE-2018-1083) Update Instructions: Run `sudo pro fix USN-3608-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: zsh-static - 5.1.1-1ubuntu2.2 zsh-common - 5.1.1-1ubuntu2.2 zsh-dev - 5.1.1-1ubuntu2.2 zsh - 5.1.1-1ubuntu2.2 zsh-doc - 5.1.1-1ubuntu2.2 No subscription required Medium CVE-2018-1071 CVE-2018-1083 Ubuntu 16.04 LTS A use-after-free was discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3609-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nn - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ne - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nb - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fa - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fi - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fr - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fy - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-or - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kab - 59.0.2+build1-0ubuntu0.16.04.1 firefox-testsuite - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-oc - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cs - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ga - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gd - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gn - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gl - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gu - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pa - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pl - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cy - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pt - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hi - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-uk - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-he - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hy - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hr - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hu - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-as - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ar - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ia - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-az - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-id - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mai - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-af - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-is - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-it - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-an - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bs - 59.0.2+build1-0ubuntu0.16.04.1 firefox - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ro - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ja - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ru - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-br - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zh-hant - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zh-hans - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bn - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-be - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bg - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sl - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sk - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-si - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sw - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sv - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sr - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sq - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ko - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kn - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-km - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kk - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ka - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-xh - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ca - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ku - 59.0.2+build1-0ubuntu0.16.04.1 firefox-mozsymbols - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lv - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lt - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-th - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hsb - 59.0.2+build1-0ubuntu0.16.04.1 firefox-dev - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-te - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cak - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ta - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lg - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-tr - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nso - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-de - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-da - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ms - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mr - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-my - 59.0.2+build1-0ubuntu0.16.04.1 firefox-globalmenu - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-uz - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ml - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mn - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mk - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ur - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-vi - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-eu - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-et - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-es - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-csb - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-el - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-eo - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-en - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zu - 59.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ast - 59.0.2+build1-0ubuntu0.16.04.1 No subscription required Medium CVE-2018-5148 Ubuntu 16.04 LTS It was discovered that ICU incorrectly handled certain calendars. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash, leading to a denial of service. Update Instructions: Run `sudo pro fix USN-3610-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: icu-devtools - 55.1-7ubuntu0.4 libicu55 - 55.1-7ubuntu0.4 libicu-dev - 55.1-7ubuntu0.4 icu-doc - 55.1-7ubuntu0.4 No subscription required Medium CVE-2017-15422 Ubuntu 16.04 LTS It was discovered that OpenSSL incorrectly handled certain ASN.1 types. A remote attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3611-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.2g-1ubuntu4.11 libssl-dev - 1.0.2g-1ubuntu4.11 openssl - 1.0.2g-1ubuntu4.11 libssl-doc - 1.0.2g-1ubuntu4.11 libcrypto1.0.0-udeb - 1.0.2g-1ubuntu4.11 libssl1.0.0-udeb - 1.0.2g-1ubuntu4.11 No subscription required Medium CVE-2018-0739 Ubuntu 16.04 LTS It was discovered that a race condition existed in the cryptography implementation in OpenJDK. An attacker could possibly use this to expose sensitive information. (CVE-2018-2579) It was discovered that the Hotspot component of OpenJDK did not properly validate uses of the invokeinterface JVM instruction. An attacker could possibly use this to access unauthorized resources. (CVE-2018-2582) It was discovered that the LDAP implementation in OpenJDK did not properly encode login names. A remote attacker could possibly use this to expose sensitive information. (CVE-2018-2588) It was discovered that the DNS client implementation in OpenJDK did not properly randomize source ports. A remote attacker could use this to spoof responses to DNS queries made by Java applications. (CVE-2018-2599) It was discovered that the Internationalization component of OpenJDK did not restrict search paths when loading resource bundle classes. A local attacker could use this to trick a user into running malicious code. (CVE-2018-2602) It was discovered that OpenJDK did not properly restrict memory allocations when parsing DER input. A remote attacker could possibly use this to cause a denial of service. (CVE-2018-2603) It was discovered that the Java Cryptography Extension (JCE) implementation in OpenJDK in some situations did not guarantee sufficient strength of keys during key agreement. An attacker could use this to expose sensitive information. (CVE-2018-2618) It was discovered that the Java GSS implementation in OpenJDK in some situations did not properly handle GSS contexts in the native GSS library. An attacker could possibly use this to access unauthorized resources. (CVE-2018-2629) It was discovered that the LDAP implementation in OpenJDK did not properly handle LDAP referrals in some situations. An attacker could possibly use this to expose sensitive information or gain unauthorized privileges. (CVE-2018-2633) It was discovered that the Java GSS implementation in OpenJDK in some situations did not properly apply subject credentials. An attacker could possibly use this to expose sensitive information or gain access to unauthorized resources. (CVE-2018-2634) It was discovered that the Java Management Extensions (JMX) component of OpenJDK did not properly apply deserialization filters in some situations. An attacker could use this to bypass deserialization restrictions. (CVE-2018-2637) It was discovered that a use-after-free vulnerability existed in the AWT component of OpenJDK when loading the GTK library. An attacker could possibly use this to execute arbitrary code and escape Java sandbox restrictions. (CVE-2018-2641) It was discovered that in some situations OpenJDK did not properly validate objects when performing deserialization. An attacker could use this to cause a denial of service (application crash or excessive memory consumption). (CVE-2018-2663) It was discovered that the AWT component of OpenJDK did not properly restrict the amount of memory allocated when deserializing some objects. An attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2018-2677) It was discovered that the JNDI component of OpenJDK did not properly restrict the amount of memory allocated when deserializing objects in some situations. An attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2018-2678) Update Instructions: Run `sudo pro fix USN-3613-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-8-doc - 8u162-b12-0ubuntu0.16.04.2 openjdk-8-jdk - 8u162-b12-0ubuntu0.16.04.2 openjdk-8-jre-headless - 8u162-b12-0ubuntu0.16.04.2 openjdk-8-jre - 8u162-b12-0ubuntu0.16.04.2 openjdk-8-jdk-headless - 8u162-b12-0ubuntu0.16.04.2 openjdk-8-source - 8u162-b12-0ubuntu0.16.04.2 openjdk-8-jre-zero - 8u162-b12-0ubuntu0.16.04.2 openjdk-8-demo - 8u162-b12-0ubuntu0.16.04.2 openjdk-8-jre-jamvm - 8u162-b12-0ubuntu0.16.04.2 No subscription required Medium CVE-2018-2579 CVE-2018-2582 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602 CVE-2018-2603 CVE-2018-2618 CVE-2018-2629 CVE-2018-2633 CVE-2018-2634 CVE-2018-2637 CVE-2018-2641 CVE-2018-2663 CVE-2018-2677 CVE-2018-2678 Ubuntu 16.04 LTS It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3615-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libraw-doc - 0.17.1-1ubuntu0.2 libraw-bin - 0.17.1-1ubuntu0.2 libraw-dev - 0.17.1-1ubuntu0.2 libraw15 - 0.17.1-1ubuntu0.2 No subscription required Medium CVE-2017-16909 CVE-2017-16910 CVE-2018-5800 CVE-2018-5801 CVE-2018-5802 Ubuntu 16.04 LTS It was discovered that Python Crypto incorrectly generated ElGamal key parameters. A remote attacker could possibly use this issue to obtain sensitive information. Update Instructions: Run `sudo pro fix USN-3616-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-crypto-doc - 2.6.1-6ubuntu0.16.04.3 python3-crypto - 2.6.1-6ubuntu0.16.04.3 python-crypto - 2.6.1-6ubuntu0.16.04.3 No subscription required Medium CVE-2018-6594 Ubuntu 16.04 LTS USN-3617-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861) It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2017-1000407) It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15129) Andrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532) Andrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537) Andrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645) Andrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the Linux kernel did not properly handle detach events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16646) Andrey Konovalov discovered that the ASIX Ethernet USB driver in the Linux kernel did not properly handle suspend and resume events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16647) Andrey Konovalov discovered that the CDC USB Ethernet driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16649) Andrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16650) It was discovered that the HugeTLB component of the Linux kernel did not properly handle holes in hugetlb ranges. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16994) It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions. (CVE-2017-17448) It was discovered that the netfilter passive OS fingerprinting (xt_osf) module did not properly perform access control checks. A local attacker could improperly modify the system-wide OS fingerprint list. (CVE-2017-17450) Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information. (CVE-2017-17741) It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805) It was discovered that the HMAC implementation did not validate the state of the underlying cryptographic hash algorithm. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17806) It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a task's default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807) It was discovered that a race condition existed in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18204) It was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. An attacker could use this to cause a denial of service (interface unavailability). (CVE-2018-1000026) It was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds write during RDMA page allocation. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5332) Mohamed Ghannam discovered a null pointer dereference in the RDS (Reliable Datagram Sockets) protocol implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5333) 范龙飞 discovered that a race condition existed in loop block device implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5344) Update Instructions: Run `sudo pro fix USN-3617-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.13.0-1012-gcp - 4.13.0-1012.16 linux-image-extra-4.13.0-1012-gcp - 4.13.0-1012.16 No subscription required linux-image-4.13.0-1022-oem - 4.13.0-1022.24 No subscription required linux-image-4.13.0-38-generic - 4.13.0-38.43~16.04.1 linux-image-4.13.0-38-lowlatency - 4.13.0-38.43~16.04.1 linux-image-extra-4.13.0-38-generic - 4.13.0-38.43~16.04.1 linux-image-4.13.0-38-generic-lpae - 4.13.0-38.43~16.04.1 No subscription required Medium CVE-2017-0861 CVE-2017-1000407 CVE-2017-15129 CVE-2017-16532 CVE-2017-16537 CVE-2017-16645 CVE-2017-16646 CVE-2017-16647 CVE-2017-16649 CVE-2017-16650 CVE-2017-16994 CVE-2017-17448 CVE-2017-17450 CVE-2017-17741 CVE-2017-17805 CVE-2017-17806 CVE-2017-17807 CVE-2017-18204 CVE-2018-1000026 CVE-2018-5332 CVE-2018-5333 CVE-2018-5344 Ubuntu 16.04 LTS It was discovered that LibVNCServer incorrectly handled certain packet lengths. A remote attacker able to connect to a LibVNCServer could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3618-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvncserver-config - 0.9.10+dfsg-3ubuntu0.16.04.2 libvncserver-dev - 0.9.10+dfsg-3ubuntu0.16.04.2 libvncserver1 - 0.9.10+dfsg-3ubuntu0.16.04.2 libvncclient1 - 0.9.10+dfsg-3ubuntu0.16.04.2 No subscription required Medium CVE-2018-7225 Ubuntu 16.04 LTS Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16995) It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861) It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2017-1000407) It was discovered that an information disclosure vulnerability existed in the ACPI implementation of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory addresses). (CVE-2017-11472) It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15129) It was discovered that the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel contained a use-after-free when handling device removal. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16528) Andrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532) Andrey Konovalov discovered that the Conexant cx231xx USB video capture driver in the Linux kernel did not properly validate interface descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16536) Andrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537) Andrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645) Andrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the Linux kernel did not properly handle detach events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16646) Andrey Konovalov discovered that the CDC USB Ethernet driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16649) Andrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16650) It was discovered that the USB Virtual Host Controller Interface (VHCI) driver in the Linux kernel contained an information disclosure vulnerability. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16911) It was discovered that the USB over IP implementation in the Linux kernel did not validate endpoint numbers. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16912) It was discovered that the USB over IP implementation in the Linux kernel did not properly validate CMD_SUBMIT packets. A remote attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2017-16913) It was discovered that the USB over IP implementation in the Linux kernel contained a NULL pointer dereference error. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16914) It was discovered that the HugeTLB component of the Linux kernel did not properly handle holes in hugetlb ranges. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16994) It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions. (CVE-2017-17448) It was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. A local attacker could use this to expose sensitive information (kernel netlink traffic). (CVE-2017-17449) It was discovered that the netfilter passive OS fingerprinting (xt_osf) module did not properly perform access control checks. A local attacker could improperly modify the system-wide OS fingerprint list. (CVE-2017-17450) It was discovered that the core USB subsystem in the Linux kernel did not validate the number of configurations and interfaces in a device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-17558) Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information. (CVE-2017-17741) It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805) It was discovered that the HMAC implementation did not validate the state of the underlying cryptographic hash algorithm. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17806) It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a task's default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807) Alexei Starovoitov discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel contained a branch-pruning logic issue around unreachable code. A local attacker could use this to cause a denial of service. (CVE-2017-17862) It was discovered that the parallel cryptography component of the Linux kernel incorrectly freed kernel memory. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18075) It was discovered that a race condition existed in the Device Mapper component of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18203) It was discovered that a race condition existed in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18204) It was discovered that an infinite loop could occur in the madvise(2) implementation in the Linux kernel in certain circumstances. A local attacker could use this to cause a denial of service (system hang). (CVE-2017-18208) Andy Lutomirski discovered that the KVM implementation in the Linux kernel was vulnerable to a debug exception error when single-stepping through a syscall. A local attacker in a non-Linux guest vm could possibly use this to gain administrative privileges in the guest vm. (CVE-2017-7518) It was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. An attacker could use this to cause a denial of service (interface unavailability). (CVE-2018-1000026) It was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds write during RDMA page allocation. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5332) Mohamed Ghannam discovered a null pointer dereference in the RDS (Reliable Datagram Sockets) protocol implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5333) 范龙飞 discovered that a race condition existed in loop block device implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5344) It was discovered that an integer overflow error existed in the futex implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-6927) It was discovered that a NULL pointer dereference existed in the RDS (Reliable Datagram Sockets) protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-7492) It was discovered that the Broadcom UniMAC MDIO bus controller driver in the Linux kernel did not properly validate device resources. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-8043) Update Instructions: Run `sudo pro fix USN-3619-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1020-kvm - 4.4.0-1020.25 No subscription required linux-image-4.4.0-1054-aws - 4.4.0-1054.63 No subscription required linux-image-4.4.0-1086-raspi2 - 4.4.0-1086.94 No subscription required linux-image-4.4.0-1088-snapdragon - 4.4.0-1088.93 No subscription required linux-image-extra-4.4.0-119-generic - 4.4.0-119.143 linux-image-4.4.0-119-generic - 4.4.0-119.143 linux-image-4.4.0-119-powerpc-e500mc - 4.4.0-119.143 linux-image-4.4.0-119-powerpc-smp - 4.4.0-119.143 linux-image-4.4.0-119-powerpc64-smp - 4.4.0-119.143 linux-image-4.4.0-119-lowlatency - 4.4.0-119.143 linux-image-4.4.0-119-powerpc64-emb - 4.4.0-119.143 linux-image-4.4.0-119-generic-lpae - 4.4.0-119.143 No subscription required High CVE-2017-0861 CVE-2017-1000407 CVE-2017-11472 CVE-2017-15129 CVE-2017-16528 CVE-2017-16532 CVE-2017-16536 CVE-2017-16537 CVE-2017-16645 CVE-2017-16646 CVE-2017-16649 CVE-2017-16650 CVE-2017-16911 CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-16994 CVE-2017-16995 CVE-2017-17448 CVE-2017-17449 CVE-2017-17450 CVE-2017-17558 CVE-2017-17741 CVE-2017-17805 CVE-2017-17806 CVE-2017-17807 CVE-2017-17862 CVE-2017-18075 CVE-2017-18203 CVE-2017-18204 CVE-2017-18208 CVE-2017-7518 CVE-2018-1000026 CVE-2018-5332 CVE-2018-5333 CVE-2018-5344 CVE-2018-6927 CVE-2018-7492 CVE-2018-8043 Ubuntu 16.04 LTS It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information. (CVE-2018-1000073) It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. (CVE-2018-1000074) It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. (CVE-2018-1000075) It was discovered that Ruby incorrectly handled certain crypto signatures. An attacker could possibly use this to execute arbitrary code. (CVE-2018-1000076) It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code. (CVE-2018-1000077, CVE-2018-1000078, CVE-2018-1000079) Update Instructions: Run `sudo pro fix USN-3621-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libruby2.3 - 2.3.1-2~16.04.7 ruby2.3-tcltk - 2.3.1-2~16.04.7 ruby2.3 - 2.3.1-2~16.04.7 ruby2.3-dev - 2.3.1-2~16.04.7 ruby2.3-doc - 2.3.1-2~16.04.7 No subscription required Medium CVE-2018-1000073 CVE-2018-1000074 CVE-2018-1000075 CVE-2018-1000076 CVE-2018-1000077 CVE-2018-1000078 CVE-2018-1000079 Ubuntu 16.04 LTS It was discovered that the Wayland Xcursor support incorrectly handled certain files. An attacker could use these issues to cause Wayland to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3622-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libwayland-bin - 1.12.0-1~ubuntu16.04.3 libwayland-dev - 1.12.0-1~ubuntu16.04.3 libwayland-cursor0 - 1.12.0-1~ubuntu16.04.3 libwayland-server0 - 1.12.0-1~ubuntu16.04.3 libwayland-doc - 1.12.0-1~ubuntu16.04.3 libwayland-client0 - 1.12.0-1~ubuntu16.04.3 No subscription required Medium CVE-2017-16612 Ubuntu 16.04 LTS It was discovered that ubuntu-release-upgrader did not correctly drop permissions before opening a browser to view the release notes. This update fixes the issue. Update Instructions: Run `sudo pro fix USN-3623-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ubuntu-release-upgrader-core - 1:16.04.25 python3-distupgrade - 1:16.04.25 ubuntu-release-upgrader-gtk - 1:16.04.25 ubuntu-release-upgrader-qt - 1:16.04.25 No subscription required None https://launchpad.net/bugs/1174007 Ubuntu 16.04 LTS It was discovered that Patch incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. (CVE-2016-10713) It was discovered that Patch incorrectly handled certain input validation. An attacker could possibly use this to execute arbitrary code. (CVE-2018-1000156) It was discovered that Patch incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service. (CVE-2018-6951) Update Instructions: Run `sudo pro fix USN-3624-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: patch - 2.7.5-1ubuntu0.16.04.1 No subscription required Medium CVE-2016-10713 CVE-2018-1000156 CVE-2018-6951 Ubuntu 16.04 LTS It was discovered that Perl incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause Perl to hang, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-8853) It was discovered that Perl incorrectly loaded libraries from the current working directory. A local attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6185) It was discovered that Perl incorrectly handled the rmtree and remove_tree functions. A local attacker could possibly use this issue to set the mode on arbitrary files. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-6512) Brian Carpenter discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue has only been addressed in Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-6797) Nguyen Duc Manh discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-6798) GwanYeong Kim discovered that Perl incorrectly handled certain data when using the pack function. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-6913) Update Instructions: Run `sudo pro fix USN-3625-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: perl-modules-5.22 - 5.22.1-9ubuntu0.3 libperl-dev - 5.22.1-9ubuntu0.3 perl-doc - 5.22.1-9ubuntu0.3 perl - 5.22.1-9ubuntu0.3 perl-base - 5.22.1-9ubuntu0.3 perl-debug - 5.22.1-9ubuntu0.3 libperl5.22 - 5.22.1-9ubuntu0.3 No subscription required Medium CVE-2015-8853 CVE-2016-6185 CVE-2017-6512 CVE-2018-6797 CVE-2018-6798 CVE-2018-6913 Ubuntu 16.04 LTS It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code. (CVE-2018-6914) It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information. (CVE-2018-8778, CVE-2018-8780) It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to connect to an unintended socket. (CVE-2018-8779) Update Instructions: Run `sudo pro fix USN-3626-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libruby2.3 - 2.3.1-2~16.04.9 ruby2.3-tcltk - 2.3.1-2~16.04.9 ruby2.3 - 2.3.1-2~16.04.9 ruby2.3-dev - 2.3.1-2~16.04.9 ruby2.3-doc - 2.3.1-2~16.04.9 No subscription required Medium CVE-2018-6914 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 Ubuntu 16.04 LTS Alex Nichols and Jakob Hirsch discovered that the Apache HTTP Server mod_authnz_ldap module incorrectly handled missing charset encoding headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2017-15710) Elar Lang discovered that the Apache HTTP Server incorrectly handled certain characters specified in <FilesMatch>. A remote attacker could possibly use this issue to upload certain files, contrary to expectations. (CVE-2017-15715) It was discovered that the Apache HTTP Server mod_session module incorrectly handled certain headers. A remote attacker could possibly use this issue to influence session data. (CVE-2018-1283) Robert Swiecki discovered that the Apache HTTP Server incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to crash, leading to a denial of service. (CVE-2018-1301) Robert Swiecki discovered that the Apache HTTP Server mod_cache_socache module incorrectly handled certain headers. A remote attacker could possibly use this issue to cause the server to crash, leading to a denial of service. (CVE-2018-1303) Nicolas Daniels discovered that the Apache HTTP Server incorrectly generated the nonce when creating HTTP Digest authentication challenges. A remote attacker could possibly use this issue to replay HTTP requests across a cluster of servers. (CVE-2018-1312) Update Instructions: Run `sudo pro fix USN-3627-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2-data - 2.4.18-2ubuntu3.8 apache2-utils - 2.4.18-2ubuntu3.8 apache2-dev - 2.4.18-2ubuntu3.8 apache2-suexec-pristine - 2.4.18-2ubuntu3.8 apache2-suexec-custom - 2.4.18-2ubuntu3.8 apache2 - 2.4.18-2ubuntu3.8 apache2-doc - 2.4.18-2ubuntu3.8 apache2-bin - 2.4.18-2ubuntu3.8 No subscription required Medium CVE-2017-15710 CVE-2017-15715 CVE-2018-1283 CVE-2018-1301 CVE-2018-1303 CVE-2018-1312 Ubuntu 16.04 LTS Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private RSA keys. Update Instructions: Run `sudo pro fix USN-3628-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.2g-1ubuntu4.12 libssl-dev - 1.0.2g-1ubuntu4.12 openssl - 1.0.2g-1ubuntu4.12 libssl-doc - 1.0.2g-1ubuntu4.12 libcrypto1.0.0-udeb - 1.0.2g-1ubuntu4.12 libssl1.0.0-udeb - 1.0.2g-1ubuntu4.12 No subscription required Low CVE-2018-0737 Ubuntu 16.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.60 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, and Ubuntu 17.10 have been updated to MySQL 5.7.22. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-60.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-22.html http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html Update Instructions: Run `sudo pro fix USN-3629-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.22-0ubuntu0.16.04.1 mysql-source-5.7 - 5.7.22-0ubuntu0.16.04.1 libmysqlclient-dev - 5.7.22-0ubuntu0.16.04.1 mysql-client-core-5.7 - 5.7.22-0ubuntu0.16.04.1 mysql-client-5.7 - 5.7.22-0ubuntu0.16.04.1 libmysqlclient20 - 5.7.22-0ubuntu0.16.04.1 mysql-server-5.7 - 5.7.22-0ubuntu0.16.04.1 mysql-common - 5.7.22-0ubuntu0.16.04.1 mysql-server - 5.7.22-0ubuntu0.16.04.1 mysql-server-core-5.7 - 5.7.22-0ubuntu0.16.04.1 mysql-testsuite - 5.7.22-0ubuntu0.16.04.1 libmysqld-dev - 5.7.22-0ubuntu0.16.04.1 mysql-testsuite-5.7 - 5.7.22-0ubuntu0.16.04.1 No subscription required Medium CVE-2018-2755 CVE-2018-2758 CVE-2018-2759 CVE-2018-2761 CVE-2018-2762 CVE-2018-2766 CVE-2018-2769 CVE-2018-2771 CVE-2018-2773 CVE-2018-2775 CVE-2018-2776 CVE-2018-2777 CVE-2018-2778 CVE-2018-2779 CVE-2018-2780 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2786 CVE-2018-2787 CVE-2018-2810 CVE-2018-2812 CVE-2018-2813 CVE-2018-2816 CVE-2018-2817 CVE-2018-2818 CVE-2018-2819 CVE-2018-2839 CVE-2018-2846 Ubuntu 16.04 LTS USN-3630-1 fixed a vulnerability in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. It was discovered that the Broadcom UniMAC MDIO bus controller driver in the Linux kernel did not properly validate device resources. A local attacker could use this to cause a denial of service (system crash). Update Instructions: Run `sudo pro fix USN-3630-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.13.0-1013-gcp - 4.13.0-1013.17 linux-image-extra-4.13.0-1013-gcp - 4.13.0-1013.17 No subscription required linux-image-4.13.0-1024-oem - 4.13.0-1024.27 No subscription required linux-image-4.13.0-39-generic - 4.13.0-39.44~16.04.1 linux-image-4.13.0-39-generic-lpae - 4.13.0-39.44~16.04.1 linux-image-4.13.0-39-lowlatency - 4.13.0-39.44~16.04.1 linux-image-extra-4.13.0-39-generic - 4.13.0-39.44~16.04.1 No subscription required Medium CVE-2018-8043 Ubuntu 16.04 LTS It was discovered that a buffer overread vulnerability existed in the keyring subsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2017-13305) It was discovered that the DM04/QQBOX USB driver in the Linux kernel did not properly handle device attachment and warm-start. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16538) Luo Quan and Wei Yang discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel when handling ioctl()s. A local attacker could use this to cause a denial of service (system deadlock). (CVE-2018-1000004) Wang Qize discovered that an information disclosure vulnerability existed in the SMBus driver for ACPI Embedded Controllers in the Linux kernel. A local attacker could use this to expose sensitive information (kernel pointer addresses). (CVE-2018-5750) 范龙飞 discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel that could lead to a use-after-free or an out-of-bounds buffer access. A local attacker with access to /dev/snd/seq could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-7566) Update Instructions: Run `sudo pro fix USN-3631-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1021-kvm - 4.4.0-1021.26 No subscription required linux-image-4.4.0-1055-aws - 4.4.0-1055.64 No subscription required linux-image-4.4.0-1087-raspi2 - 4.4.0-1087.95 No subscription required linux-image-4.4.0-1090-snapdragon - 4.4.0-1090.95 No subscription required linux-image-4.4.0-121-powerpc-smp - 4.4.0-121.145 linux-image-extra-4.4.0-121-generic - 4.4.0-121.145 linux-image-4.4.0-121-generic-lpae - 4.4.0-121.145 linux-image-4.4.0-121-powerpc-e500mc - 4.4.0-121.145 linux-image-4.4.0-121-lowlatency - 4.4.0-121.145 linux-image-4.4.0-121-powerpc64-smp - 4.4.0-121.145 linux-image-4.4.0-121-powerpc64-emb - 4.4.0-121.145 linux-image-4.4.0-121-generic - 4.4.0-121.145 No subscription required Medium CVE-2017-13305 CVE-2017-16538 CVE-2018-1000004 CVE-2018-5750 CVE-2018-7566 Ubuntu 16.04 LTS It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861) It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2017-1000407) It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15129) It was discovered that the HugeTLB component of the Linux kernel did not properly handle holes in hugetlb ranges. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16994) It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions. (CVE-2017-17448) It was discovered that the netfilter passive OS fingerprinting (xt_osf) module did not properly perform access control checks. A local attacker could improperly modify the system-wide OS fingerprint list. (CVE-2017-17450) Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information. (CVE-2017-17741) It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805) It was discovered that the HMAC implementation did not validate the state of the underlying cryptographic hash algorithm. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17806) It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a task's default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807) It was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. An attacker could use this to cause a denial of service (interface unavailability). (CVE-2018-1000026) It was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds write during RDMA page allocation. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5332) Mohamed Ghannam discovered a null pointer dereference in the RDS (Reliable Datagram Sockets) protocol implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5333) 范龙飞 discovered that a race condition existed in loop block device implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5344) It was discovered that the Broadcom UniMAC MDIO bus controller driver in the Linux kernel did not properly validate device resources. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-8043) Update Instructions: Run `sudo pro fix USN-3632-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-4.13.0-1014-azure - 4.13.0-1014.17 linux-image-4.13.0-1014-azure - 4.13.0-1014.17 No subscription required Medium CVE-2017-0861 CVE-2017-1000407 CVE-2017-15129 CVE-2017-16994 CVE-2017-17448 CVE-2017-17450 CVE-2017-17741 CVE-2017-17805 CVE-2017-17806 CVE-2017-17807 CVE-2018-1000026 CVE-2018-5332 CVE-2018-5333 CVE-2018-5344 CVE-2018-8043 Ubuntu 16.04 LTS Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3633-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-4.4.0-9026-euclid - 4.4.0-9026.28 linux-image-4.4.0-9026-euclid - 4.4.0-9026.28 No subscription required High CVE-2017-16995 Ubuntu 16.04 LTS A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-3635-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.20.1-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.20.1-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-dev - 2.20.1-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 - 2.20.1-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-18 - 2.20.1-0ubuntu0.16.04.1 libwebkit2gtk-4.0-doc - 2.20.1-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-bin - 2.20.1-0ubuntu0.16.04.1 gir1.2-webkit2-4.0 - 2.20.1-0ubuntu0.16.04.1 libwebkit2gtk-4.0-dev - 2.20.1-0ubuntu0.16.04.1 No subscription required Medium CVE-2018-4101 CVE-2018-4113 CVE-2018-4114 CVE-2018-4117 CVE-2018-4118 CVE-2018-4119 CVE-2018-4120 CVE-2018-4122 CVE-2018-4125 CVE-2018-4127 CVE-2018-4128 CVE-2018-4129 CVE-2018-4133 CVE-2018-4146 CVE-2018-4161 CVE-2018-4162 CVE-2018-4163 CVE-2018-4165 Ubuntu 16.04 LTS It was discovered that Ghostscript incorrectly handled certain PostScript files. An attacker could possibly use this to cause a denial of server. (CVE-2016-10317) It was discovered that Ghostscript incorrectly handled certain PDF files. An attacker could possibly use this to cause a denial of service. (CVE-2018-10194) Update Instructions: Run `sudo pro fix USN-3636-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.18~dfsg~0-0ubuntu2.8 ghostscript-x - 9.18~dfsg~0-0ubuntu2.8 libgs-dev - 9.18~dfsg~0-0ubuntu2.8 ghostscript-doc - 9.18~dfsg~0-0ubuntu2.8 libgs9 - 9.18~dfsg~0-0ubuntu2.8 libgs9-common - 9.18~dfsg~0-0ubuntu2.8 No subscription required Medium CVE-2016-10317 CVE-2018-10194 Ubuntu 16.04 LTS It was discovered that QPDF incorrectly handled certain malformed files. A remote attacker could use this issue to cause QPDF to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3638-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libqpdf-dev - 8.0.2-3~16.04.1 qpdf - 8.0.2-3~16.04.1 libqpdf21 - 8.0.2-3~16.04.1 No subscription required Medium CVE-2015-9252 CVE-2017-11624 CVE-2017-11625 CVE-2017-11626 CVE-2017-11627 CVE-2017-12595 CVE-2017-18183 CVE-2017-18184 CVE-2017-18185 CVE-2017-18186 CVE-2017-9208 CVE-2017-9209 CVE-2017-9210 CVE-2018-9918 Ubuntu 16.04 LTS It was discovered that LibRaw incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. (CVE-2018-10528) It was discovered that LibRaw incorrectly handled certain files. An attacker could possibly use this to obtain sensitive information. (CVE-2018-10529) Update Instructions: Run `sudo pro fix USN-3639-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libraw-doc - 0.17.1-1ubuntu0.3 libraw-bin - 0.17.1-1ubuntu0.3 libraw-dev - 0.17.1-1ubuntu0.3 libraw15 - 0.17.1-1ubuntu0.3 No subscription required Medium CVE-2018-10528 CVE-2018-10529 Ubuntu 16.04 LTS Ivan Fratric discovered that WebKitGTK+ incorrectly handled certain web content. If a user were tricked into viewing a malicious website, a remote attacker could possibly exploit this to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3640-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.20.2-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.20.2-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-dev - 2.20.2-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 - 2.20.2-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-18 - 2.20.2-0ubuntu0.16.04.1 libwebkit2gtk-4.0-doc - 2.20.2-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-bin - 2.20.2-0ubuntu0.16.04.1 gir1.2-webkit2-4.0 - 2.20.2-0ubuntu0.16.04.1 libwebkit2gtk-4.0-dev - 2.20.2-0ubuntu0.16.04.1 No subscription required Medium CVE-2018-4200 Ubuntu 16.04 LTS Nick Peterson discovered that the Linux kernel did not properly handle debug exceptions following a MOV/POP to SS instruction. A local attacker could use this to cause a denial of service (system crash). This issue only affected the amd64 architecture. (CVE-2018-8897) Andy Lutomirski discovered that the KVM subsystem of the Linux kernel did not properly emulate the ICEBP instruction following a MOV/POP to SS instruction. A local attacker in a KVM virtual machine could use this to cause a denial of service (guest VM crash) or possibly escalate privileges inside of the virtual machine. This issue only affected the i386 and amd64 architectures. (CVE-2018-1087) Andy Lutomirski discovered that the Linux kernel did not properly perform error handling on virtualized debug registers. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1000199) Update Instructions: Run `sudo pro fix USN-3641-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-extra-4.13.0-1015-gcp - 4.13.0-1015.19 linux-image-4.13.0-1015-gcp - 4.13.0-1015.19 No subscription required linux-image-4.13.0-1016-azure - 4.13.0-1016.19 linux-image-extra-4.13.0-1016-azure - 4.13.0-1016.19 No subscription required linux-image-4.13.0-1026-oem - 4.13.0-1026.29 No subscription required linux-image-4.13.0-41-lowlatency - 4.13.0-41.46~16.04.1 linux-image-4.13.0-41-generic - 4.13.0-41.46~16.04.1 linux-image-extra-4.13.0-41-generic - 4.13.0-41.46~16.04.1 linux-image-4.13.0-41-generic-lpae - 4.13.0-41.46~16.04.1 No subscription required linux-image-4.4.0-1023-kvm - 4.4.0-1023.28 No subscription required linux-image-4.4.0-1057-aws - 4.4.0-1057.66 No subscription required linux-image-4.4.0-1089-raspi2 - 4.4.0-1089.97 No subscription required linux-image-4.4.0-1092-snapdragon - 4.4.0-1092.97 No subscription required linux-image-4.4.0-124-powerpc-e500mc - 4.4.0-124.148 linux-image-4.4.0-124-powerpc64-emb - 4.4.0-124.148 linux-image-4.4.0-124-generic - 4.4.0-124.148 linux-image-4.4.0-124-powerpc-smp - 4.4.0-124.148 linux-image-4.4.0-124-powerpc64-smp - 4.4.0-124.148 linux-image-4.4.0-124-generic-lpae - 4.4.0-124.148 linux-image-4.4.0-124-lowlatency - 4.4.0-124.148 linux-image-extra-4.4.0-124-generic - 4.4.0-124.148 No subscription required linux-image-extra-4.4.0-9027-euclid - 4.4.0-9027.29 linux-image-4.4.0-9027-euclid - 4.4.0-9027.29 No subscription required High CVE-2018-1000199 CVE-2018-1087 CVE-2018-8897 Ubuntu 16.04 LTS It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this to inject arbitrary cookie values. Update Instructions: Run `sudo pro fix USN-3643-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: wget - 1.17.1-1ubuntu1.4 wget-udeb - 1.17.1-1ubuntu1.4 No subscription required Medium CVE-2018-0494 Ubuntu 16.04 LTS It was discovered that the Security component of OpenJDK did not correctly perform merging of multiple sections for the same file listed in JAR archive file manifests. An attacker could possibly use this to modify attributes in a manifest without invalidating the signature. (CVE-2018-2790) Francesco Palmarini, Marco Squarcina, Mauro Tempesta, and Riccardo Focardi discovered that the Security component of OpenJDK did not restrict which classes could be used when deserializing keys from the JCEKS key stores. An attacker could use this to specially craft a JCEKS key store to execute arbitrary code. (CVE-2018-2794) It was discovered that the Security component of OpenJDK in some situations did not properly limit the amount of memory allocated when performing deserialization. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-2795) It was discovered that the Concurrency component of OpenJDK in some situations did not properly limit the amount of memory allocated when performing deserialization. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-2796) It was discovered that the JMX component of OpenJDK in some situations did not properly limit the amount of memory allocated when performing deserialization. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-2797) It was discovered that the AWT component of OpenJDK in some situations did not properly limit the amount of memory allocated when performing deserialization. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-2798) It was discovered that the JAXP component of OpenJDK in some situations did not properly limit the amount of memory allocated when performing deserialization. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-2799) Moritz Bechler discovered that the RMI component of OpenJDK enabled HTTP transport for RMI servers by default. A remote attacker could use this to gain access to restricted services. (CVE-2018-2800) It was discovered that a vulnerability existed in the Hotspot component of OpenJDK affecting confidentiality, data integrity, and availability. An attacker could use this to specially craft an Java application that caused a denial of service or bypassed sandbox restrictions. (CVE-2018-2814) Apostolos Giannakidis discovered that the Serialization component of OpenJDK did not properly bound memory allocations in some situations. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-2815) David Benjamin discovered a vulnerability in the Security component of OpenJDK related to data integrity and confidentiality. A remote attacker could possibly use this to expose sensitive information. (CVE-2018-2783) Update Instructions: Run `sudo pro fix USN-3644-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-8-doc - 8u171-b11-0ubuntu0.16.04.1 openjdk-8-jdk - 8u171-b11-0ubuntu0.16.04.1 openjdk-8-jre-headless - 8u171-b11-0ubuntu0.16.04.1 openjdk-8-jre - 8u171-b11-0ubuntu0.16.04.1 openjdk-8-jdk-headless - 8u171-b11-0ubuntu0.16.04.1 openjdk-8-source - 8u171-b11-0ubuntu0.16.04.1 openjdk-8-jre-zero - 8u171-b11-0ubuntu0.16.04.1 openjdk-8-demo - 8u171-b11-0ubuntu0.16.04.1 openjdk-8-jre-jamvm - 8u171-b11-0ubuntu0.16.04.1 No subscription required Medium CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815 CVE-2018-2783 Ubuntu 16.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, install lightweight themes without user interaction, spoof the filename in the downloads panel, or execute arbitrary code. (CVE-2018-5150, CVE-2018-5151, CVE-2018-5153, CVE-2018-5154, CVE-2018-5155, CVE-2018-5157, CVE-2018-5158, CVE-2018-5159, CVE-2018-5160, CVE-2018-5163, CVE-2018-5164, CVE-2018-5168, CVE-2018-5173, CVE-2018-5175, CVE-2018-5177, CVE-2018-5180) Multiple security issues were discovered with WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to obtain sensitive information, or bypass security restrictions. (CVE-2018-5152, CVE-2018-5166) It was discovered that the web console and JavaScript debugger incorrectly linkified chrome: and javascript URLs. If a user were tricked in to clicking a specially crafted link, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2018-5167) It was discovered that dragging and dropping link text on to the home button could set the home page to include chrome pages. If a user were tricked in to dragging and dropping a specially crafted link on to the home button, an attacker could potentially exploit this bypass security restrictions. (CVE-2018-5169) It was discovered that the Live Bookmarks page and PDF viewer would run script pasted from the clipboard. If a user were tricked in to copying and pasting specially crafted text, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2018-5172) It was discovered that the JSON viewer incorrectly linkified javascript: URLs. If a user were tricked in to clicking on a specially crafted link, an attacker could potentially exploit this to obtain sensitive information. (CVE-2018-5176) It was discovered that dragging a file: URL on to a tab that is running in a different process would cause the file to open in that process. If a user were tricked in to dragging a file: URL, an attacker could potentially exploit this to bypass intended security policies. (CVE-2018-5181) It was discovered that dragging text that is a file: URL on to the addressbar would open the specified file. If a user were tricked in to dragging specially crafted text on to the addressbar, an attacker could potentially exploit this to bypass intended security policies. (CVE-2018-5182) Update Instructions: Run `sudo pro fix USN-3645-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-nn - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-ne - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-nb - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-fa - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-fi - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-fr - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-fy - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-or - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-kab - 60.0+build2-0ubuntu0.16.04.1 firefox-testsuite - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-oc - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-cs - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-ga - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-gd - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-gn - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-gl - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-gu - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-pa - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-pl - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-cy - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-pt - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-hi - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-uk - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-he - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-hy - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-hr - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-hu - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-as - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-ar - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-ia - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-az - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-id - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-mai - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-af - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-is - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-it - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-an - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-bs - 60.0+build2-0ubuntu0.16.04.1 firefox - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-ro - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-ja - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-ru - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-br - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-zh-hant - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-zh-hans - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-bn - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-be - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-bg - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-sl - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-sk - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-si - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-sw - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-sv - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-sr - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-sq - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-ko - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-kn - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-km - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-kk - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-ka - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-xh - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-ca - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-ku - 60.0+build2-0ubuntu0.16.04.1 firefox-mozsymbols - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-lv - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-lt - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-th - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-hsb - 60.0+build2-0ubuntu0.16.04.1 firefox-dev - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-te - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-cak - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-ta - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-lg - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-tr - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-nso - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-de - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-da - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-ms - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-mr - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-my - 60.0+build2-0ubuntu0.16.04.1 firefox-globalmenu - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-uz - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-ml - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-mn - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-mk - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-ur - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-vi - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-eu - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-et - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-es - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-csb - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-el - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-eo - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-en - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-zu - 60.0+build2-0ubuntu0.16.04.1 firefox-locale-ast - 60.0+build2-0ubuntu0.16.04.1 No subscription required Medium CVE-2018-5150 CVE-2018-5151 CVE-2018-5152 CVE-2018-5153 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5160 CVE-2018-5163 CVE-2018-5164 CVE-2018-5166 CVE-2018-5167 CVE-2018-5168 CVE-2018-5169 CVE-2018-5172 CVE-2018-5173 CVE-2018-5175 CVE-2018-5176 CVE-2018-5177 CVE-2018-5180 CVE-2018-5181 CVE-2018-5182 Ubuntu 16.04 LTS USN-3645-1 fixed vulnerabilities in Firefox. The update caused an issue where users experienced long UI pauses in some circumsances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, install lightweight themes without user interaction, spoof the filename in the downloads panel, or execute arbitrary code. (CVE-2018-5150, CVE-2018-5151, CVE-2018-5153, CVE-2018-5154, CVE-2018-5155, CVE-2018-5157, CVE-2018-5158, CVE-2018-5159, CVE-2018-5160, CVE-2018-5163, CVE-2018-5164, CVE-2018-5168, CVE-2018-5173, CVE-2018-5175, CVE-2018-5177, CVE-2018-5180) Multiple security issues were discovered with WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to obtain sensitive information, or bypass security restrictions. (CVE-2018-5152, CVE-2018-5166) It was discovered that the web console and JavaScript debugger incorrectly linkified chrome: and javascript URLs. If a user were tricked in to clicking a specially crafted link, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2018-5167) It was discovered that dragging and dropping link text on to the home button could set the home page to include chrome pages. If a user were tricked in to dragging and dropping a specially crafted link on to the home button, an attacker could potentially exploit this bypass security restrictions. (CVE-2018-5169) It was discovered that the Live Bookmarks page and PDF viewer would run script pasted from the clipboard. If a user were tricked in to copying and pasting specially crafted text, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2018-5172) It was discovered that the JSON viewer incorrectly linkified javascript: URLs. If a user were tricked in to clicking on a specially crafted link, an attacker could potentially exploit this to obtain sensitive information. (CVE-2018-5176) It was discovered that dragging a file: URL on to a tab that is running in a different process would cause the file to open in that process. If a user were tricked in to dragging a file: URL, an attacker could potentially exploit this to bypass intended security policies. (CVE-2018-5181) It was discovered that dragging text that is a file: URL on to the addressbar would open the specified file. If a user were tricked in to dragging specially crafted text on to the addressbar, an attacker could potentially exploit this to bypass intended security policies. (CVE-2018-5182) Update Instructions: Run `sudo pro fix USN-3645-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-nn - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ne - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-nb - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-fa - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-fi - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-fr - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-fy - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-or - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-kab - 60.0.1+build2-0ubuntu0.16.04.1 firefox-testsuite - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-oc - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-cs - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ga - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-gd - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-gn - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-gl - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-gu - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-pa - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-pl - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-cy - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-pt - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-hi - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-uk - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-he - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-hy - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-hr - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-hu - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-as - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ar - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ia - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-az - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-id - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-mai - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-af - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-is - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-it - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-an - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-bs - 60.0.1+build2-0ubuntu0.16.04.1 firefox - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ro - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ja - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ru - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-br - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-zh-hant - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-zh-hans - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-bn - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-be - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-bg - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-sl - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-sk - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-si - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-sw - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-sv - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-sr - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-sq - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ko - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-kn - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-km - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-kk - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ka - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-xh - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ca - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ku - 60.0.1+build2-0ubuntu0.16.04.1 firefox-mozsymbols - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-lv - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-lt - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-th - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-hsb - 60.0.1+build2-0ubuntu0.16.04.1 firefox-dev - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-te - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-cak - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ta - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-lg - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-tr - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-nso - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-de - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-da - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ms - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-mr - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-my - 60.0.1+build2-0ubuntu0.16.04.1 firefox-globalmenu - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-uz - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ml - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-mn - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-mk - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ur - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-vi - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-eu - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-et - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-es - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-csb - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-el - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-eo - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-en - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-zu - 60.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ast - 60.0.1+build2-0ubuntu0.16.04.1 No subscription required None https://launchpad.net/bugs/1772115 Ubuntu 16.04 LTS It was discovered that PHP incorrectly handled opcache access controls when configured to use PHP-FPM. A local user could possibly use this issue to obtain sensitive information from another user's PHP applications. (CVE-2018-10545) It was discovered that the PHP iconv stream filter incorrect handled certain invalid multibyte sequences. A remote attacker could possibly use this issue to cause PHP to hang, resulting in a denial of service. (CVE-2018-10546) It was discovered that the PHP PHAR error pages incorrectly filtered certain data. A remote attacker could possibly use this issue to perform a reflected XSS attack. (CVE-2018-10547) It was discovered that PHP incorrectly handled LDAP. A malicious remote LDAP server could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2018-10548) It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 17.10, and Ubuntu 18.04 LTS. (CVE-2018-10549) Update Instructions: Run `sudo pro fix USN-3646-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.0-cgi - 7.0.30-0ubuntu0.16.04.1 php7.0-mcrypt - 7.0.30-0ubuntu0.16.04.1 php7.0-xsl - 7.0.30-0ubuntu0.16.04.1 php7.0-fpm - 7.0.30-0ubuntu0.16.04.1 libphp7.0-embed - 7.0.30-0ubuntu0.16.04.1 php7.0-phpdbg - 7.0.30-0ubuntu0.16.04.1 php7.0-curl - 7.0.30-0ubuntu0.16.04.1 php7.0-ldap - 7.0.30-0ubuntu0.16.04.1 php7.0-mbstring - 7.0.30-0ubuntu0.16.04.1 php7.0-gmp - 7.0.30-0ubuntu0.16.04.1 php7.0-sqlite3 - 7.0.30-0ubuntu0.16.04.1 php7.0-gd - 7.0.30-0ubuntu0.16.04.1 php7.0-common - 7.0.30-0ubuntu0.16.04.1 php7.0-enchant - 7.0.30-0ubuntu0.16.04.1 php7.0-odbc - 7.0.30-0ubuntu0.16.04.1 php7.0-cli - 7.0.30-0ubuntu0.16.04.1 php7.0-json - 7.0.30-0ubuntu0.16.04.1 php7.0-pgsql - 7.0.30-0ubuntu0.16.04.1 libapache2-mod-php7.0 - 7.0.30-0ubuntu0.16.04.1 php7.0-zip - 7.0.30-0ubuntu0.16.04.1 php7.0-mysql - 7.0.30-0ubuntu0.16.04.1 php7.0-dba - 7.0.30-0ubuntu0.16.04.1 php7.0-sybase - 7.0.30-0ubuntu0.16.04.1 php7.0-pspell - 7.0.30-0ubuntu0.16.04.1 php7.0-xml - 7.0.30-0ubuntu0.16.04.1 php7.0-bz2 - 7.0.30-0ubuntu0.16.04.1 php7.0-recode - 7.0.30-0ubuntu0.16.04.1 php7.0-soap - 7.0.30-0ubuntu0.16.04.1 php7.0 - 7.0.30-0ubuntu0.16.04.1 php7.0-tidy - 7.0.30-0ubuntu0.16.04.1 php7.0-interbase - 7.0.30-0ubuntu0.16.04.1 php7.0-opcache - 7.0.30-0ubuntu0.16.04.1 php7.0-readline - 7.0.30-0ubuntu0.16.04.1 php7.0-intl - 7.0.30-0ubuntu0.16.04.1 php7.0-imap - 7.0.30-0ubuntu0.16.04.1 php7.0-xmlrpc - 7.0.30-0ubuntu0.16.04.1 php7.0-bcmath - 7.0.30-0ubuntu0.16.04.1 php7.0-dev - 7.0.30-0ubuntu0.16.04.1 php7.0-snmp - 7.0.30-0ubuntu0.16.04.1 No subscription required Medium CVE-2018-10545 CVE-2018-10546 CVE-2018-10547 CVE-2018-10548 CVE-2018-10549 Ubuntu 16.04 LTS It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this to cause a denial of service. (CVE-2017-18267) It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2018-10768) Update Instructions: Run `sudo pro fix USN-3647-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpoppler58 - 0.41.0-0ubuntu1.7 poppler-utils - 0.41.0-0ubuntu1.7 libpoppler-qt5-1 - 0.41.0-0ubuntu1.7 libpoppler-cpp-dev - 0.41.0-0ubuntu1.7 libpoppler-cpp0 - 0.41.0-0ubuntu1.7 gir1.2-poppler-0.18 - 0.41.0-0ubuntu1.7 libpoppler-dev - 0.41.0-0ubuntu1.7 libpoppler-glib8 - 0.41.0-0ubuntu1.7 libpoppler-private-dev - 0.41.0-0ubuntu1.7 libpoppler-qt4-dev - 0.41.0-0ubuntu1.7 libpoppler-glib-dev - 0.41.0-0ubuntu1.7 libpoppler-qt4-4 - 0.41.0-0ubuntu1.7 libpoppler-qt5-dev - 0.41.0-0ubuntu1.7 libpoppler-glib-doc - 0.41.0-0ubuntu1.7 No subscription required Medium CVE-2017-18267 CVE-2018-10768 Ubuntu 16.04 LTS Dario Weisser discovered that curl incorrectly handled long FTP server command replies. If a user or automated system were tricked into connecting to a malicious FTP server, a remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2018-1000300) Max Dymond discovered that curl incorrectly handled certain RTSP responses. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2018-1000301) Update Instructions: Run `sudo pro fix USN-3648-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.47.0-1ubuntu2.8 libcurl4-openssl-dev - 7.47.0-1ubuntu2.8 libcurl3-gnutls - 7.47.0-1ubuntu2.8 libcurl4-doc - 7.47.0-1ubuntu2.8 libcurl3-nss - 7.47.0-1ubuntu2.8 libcurl4-nss-dev - 7.47.0-1ubuntu2.8 libcurl3 - 7.47.0-1ubuntu2.8 curl - 7.47.0-1ubuntu2.8 No subscription required Medium CVE-2018-1000300 CVE-2018-1000301 Ubuntu 16.04 LTS Cyrille Chatras discovered that QEMU incorrectly handled certain PS2 values during migration. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2017-16845) Cyrille Chatras discovered that QEMU incorrectly handled multiboot. An attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2018-7550) Ross Lagerwall discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2018-7858) Update Instructions: Run `sudo pro fix USN-3649-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.5+dfsg-5ubuntu10.28 qemu-user-static - 1:2.5+dfsg-5ubuntu10.28 qemu-system-s390x - 1:2.5+dfsg-5ubuntu10.28 qemu-block-extra - 1:2.5+dfsg-5ubuntu10.28 qemu-kvm - 1:2.5+dfsg-5ubuntu10.28 qemu-user - 1:2.5+dfsg-5ubuntu10.28 qemu-guest-agent - 1:2.5+dfsg-5ubuntu10.28 qemu-system - 1:2.5+dfsg-5ubuntu10.28 qemu-utils - 1:2.5+dfsg-5ubuntu10.28 qemu-system-aarch64 - 1:2.5+dfsg-5ubuntu10.28 qemu-system-mips - 1:2.5+dfsg-5ubuntu10.28 qemu-user-binfmt - 1:2.5+dfsg-5ubuntu10.28 qemu-system-x86 - 1:2.5+dfsg-5ubuntu10.28 qemu-system-arm - 1:2.5+dfsg-5ubuntu10.28 qemu-system-sparc - 1:2.5+dfsg-5ubuntu10.28 qemu - 1:2.5+dfsg-5ubuntu10.28 qemu-system-ppc - 1:2.5+dfsg-5ubuntu10.28 qemu-system-misc - 1:2.5+dfsg-5ubuntu10.28 No subscription required Medium CVE-2017-16845 CVE-2018-7550 CVE-2018-7858 Ubuntu 16.04 LTS It was discovered that xdg-utils incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3650-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xdg-utils - 1.1.1-1ubuntu1.16.04.3 No subscription required Medium CVE-2017-18266 Ubuntu 16.04 LTS Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via sidechannel attacks. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows QEMU to expose new CPU features added by microcode updates to guests on amd64 and i386. Update Instructions: Run `sudo pro fix USN-3651-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.5+dfsg-5ubuntu10.29 qemu-user-static - 1:2.5+dfsg-5ubuntu10.29 qemu-system-s390x - 1:2.5+dfsg-5ubuntu10.29 qemu-block-extra - 1:2.5+dfsg-5ubuntu10.29 qemu-kvm - 1:2.5+dfsg-5ubuntu10.29 qemu-user - 1:2.5+dfsg-5ubuntu10.29 qemu-guest-agent - 1:2.5+dfsg-5ubuntu10.29 qemu-system - 1:2.5+dfsg-5ubuntu10.29 qemu-utils - 1:2.5+dfsg-5ubuntu10.29 qemu-system-aarch64 - 1:2.5+dfsg-5ubuntu10.29 qemu-system-mips - 1:2.5+dfsg-5ubuntu10.29 qemu-user-binfmt - 1:2.5+dfsg-5ubuntu10.29 qemu-system-x86 - 1:2.5+dfsg-5ubuntu10.29 qemu-system-arm - 1:2.5+dfsg-5ubuntu10.29 qemu-system-sparc - 1:2.5+dfsg-5ubuntu10.29 qemu - 1:2.5+dfsg-5ubuntu10.29 qemu-system-ppc - 1:2.5+dfsg-5ubuntu10.29 qemu-system-misc - 1:2.5+dfsg-5ubuntu10.29 No subscription required Medium CVE-2018-3639 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4 Ubuntu 16.04 LTS USN-3653-1 fixed vulnerabilities and added mitigations in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2018-3639) It was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. A local attacker could use this to expose sensitive information (kernel netlink traffic). (CVE-2017-17449) Tuba Yavuz discovered that a double-free error existed in the USBTV007 driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17975) It was discovered that a race condition existed in the Device Mapper component of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18203) It was discovered that an infinite loop could occur in the madvise(2) implementation in the Linux kernel in certain circumstances. A local attacker could use this to cause a denial of service (system hang). (CVE-2017-18208) Silvio Cesare discovered a buffer overwrite existed in the NCPFS implementation in the Linux kernel. A remote attacker controlling a malicious NCPFS server could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-8822) Update Instructions: Run `sudo pro fix USN-3653-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.13.0-1017-gcp - 4.13.0-1017.21 linux-image-extra-4.13.0-1017-gcp - 4.13.0-1017.21 No subscription required linux-image-4.13.0-1018-azure - 4.13.0-1018.21 linux-image-extra-4.13.0-1018-azure - 4.13.0-1018.21 No subscription required linux-image-4.13.0-1028-oem - 4.13.0-1028.31 No subscription required linux-image-4.13.0-43-generic-lpae - 4.13.0-43.48~16.04.1 linux-image-4.13.0-43-generic - 4.13.0-43.48~16.04.1 linux-image-4.13.0-43-lowlatency - 4.13.0-43.48~16.04.1 linux-image-extra-4.13.0-43-generic - 4.13.0-43.48~16.04.1 No subscription required Medium CVE-2017-17449 CVE-2017-17975 CVE-2017-18203 CVE-2017-18208 CVE-2018-3639 CVE-2018-8822 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4 Ubuntu 16.04 LTS Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2018-3639) Tuba Yavuz discovered that a double-free error existed in the USBTV007 driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17975) It was discovered that a race condition existed in the F2FS implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18193) It was discovered that a buffer overflow existed in the Hisilicon HNS Ethernet Device driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18222) It was discovered that the netfilter subsystem in the Linux kernel did not validate that rules containing jumps contained user-defined chains. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1065) It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1068) It was discovered that a null pointer dereference vulnerability existed in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1130) It was discovered that the SCTP Protocol implementation in the Linux kernel did not properly validate userspace provided payload lengths in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5803) It was discovered that a double free error existed in the block layer subsystem of the Linux kernel when setting up a request queue. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-7480) It was discovered that a memory leak existed in the SAS driver subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-7757) It was discovered that a race condition existed in the x86 machine check handler in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-7995) Eyal Itkin discovered that the USB displaylink video adapter driver in the Linux kernel did not properly validate mmap offsets sent from userspace. A local attacker could use this to expose sensitive information (kernel memory) or possibly execute arbitrary code. (CVE-2018-8781) Silvio Cesare discovered a buffer overwrite existed in the NCPFS implementation in the Linux kernel. A remote attacker controlling a malicious NCPFS server could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-8822) Update Instructions: Run `sudo pro fix USN-3654-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1026-kvm - 4.4.0-1026.31 No subscription required linux-image-4.4.0-1060-aws - 4.4.0-1060.69 No subscription required linux-image-4.4.0-127-powerpc-smp - 4.4.0-127.153 linux-image-4.4.0-127-powerpc-e500mc - 4.4.0-127.153 linux-image-4.4.0-127-powerpc64-emb - 4.4.0-127.153 linux-image-extra-4.4.0-127-generic - 4.4.0-127.153 linux-image-4.4.0-127-generic - 4.4.0-127.153 linux-image-4.4.0-127-generic-lpae - 4.4.0-127.153 linux-image-4.4.0-127-powerpc64-smp - 4.4.0-127.153 linux-image-4.4.0-127-lowlatency - 4.4.0-127.153 No subscription required Medium CVE-2017-17975 CVE-2017-18193 CVE-2017-18222 CVE-2018-1065 CVE-2018-1068 CVE-2018-1130 CVE-2018-3639 CVE-2018-5803 CVE-2018-7480 CVE-2018-7757 CVE-2018-7995 CVE-2018-8781 CVE-2018-8822 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4 Ubuntu 16.04 LTS Tuba Yavuz discovered that a double-free error existed in the USBTV007 driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17975) It was discovered that a race condition existed in the F2FS implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18193) It was discovered that a buffer overflow existed in the Hisilicon HNS Ethernet Device driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18222) It was discovered that the netfilter subsystem in the Linux kernel did not validate that rules containing jumps contained user-defined chains. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1065) It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1068) It was discovered that a null pointer dereference vulnerability existed in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1130) It was discovered that the SCTP Protocol implementation in the Linux kernel did not properly validate userspace provided payload lengths in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5803) It was discovered that a double free error existed in the block layer subsystem of the Linux kernel when setting up a request queue. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-7480) It was discovered that a memory leak existed in the SAS driver subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-7757) It was discovered that a race condition existed in the x86 machine check handler in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-7995) Eyal Itkin discovered that the USB displaylink video adapter driver in the Linux kernel did not properly validate mmap offsets sent from userspace. A local attacker could use this to expose sensitive information (kernel memory) or possibly execute arbitrary code. (CVE-2018-8781) Silvio Cesare discovered a buffer overwrite existed in the NCPFS implementation in the Linux kernel. A remote attacker controlling a malicious NCPFS server could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-8822) Update Instructions: Run `sudo pro fix USN-3656-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1090-raspi2 - 4.4.0-1090.98 No subscription required linux-image-4.4.0-1093-snapdragon - 4.4.0-1093.98 No subscription required Medium CVE-2017-17975 CVE-2017-18193 CVE-2017-18222 CVE-2018-1065 CVE-2018-1068 CVE-2018-1130 CVE-2018-5803 CVE-2018-7480 CVE-2018-7757 CVE-2018-7995 CVE-2018-8781 CVE-2018-8822 Ubuntu 16.04 LTS It was discovered that the procps-ng top utility incorrectly read its configuration file from the current working directory. A local attacker could possibly use this issue to escalate privileges. (CVE-2018-1122) It was discovered that the procps-ng ps tool incorrectly handled memory. A local user could possibly use this issue to cause a denial of service. (CVE-2018-1123) It was discovered that libprocps incorrectly handled the file2strvec() function. A local attacker could possibly use this to execute arbitrary code. (CVE-2018-1124) It was discovered that the procps-ng pgrep utility incorrectly handled memory. A local attacker could possibly use this issue to cause de denial of service. (CVE-2018-1125) It was discovered that procps-ng incorrectly handled memory. A local attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2018-1126) Update Instructions: Run `sudo pro fix USN-3658-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libprocps4-dev - 2:3.3.10-4ubuntu2.4 libprocps4 - 2:3.3.10-4ubuntu2.4 procps - 2:3.3.10-4ubuntu2.4 No subscription required Medium CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 Ubuntu 16.04 LTS Frediano Ziglio discovered that Spice incorrectly handled certain client messages. An attacker could possibly use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3659-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libspice-protocol-dev - 0.12.10-1ubuntu0.1 No subscription required Medium CVE-2017-12194 Ubuntu 16.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service via application crash, install lightweight themes without user interaction, or execute arbitrary code. (CVE-2018-5150, CVE-2018-5154, CVE-2018-5155, CVE-2018-5159, CVE-2018-5168, CVE-2018-5178) An issue was discovered when processing message headers in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application hang. (CVE-2018-5161) It was discovered encrypted messages could leak plaintext via the src attribute of remote images or links. An attacker could potentially exploit this to obtain sensitive information. (CVE-2018-5162) It was discovered that the filename of an attachment could be spoofed. An attacker could potentially exploit this by tricking the user in to opening an attachment of a different type to the one expected. (CVE-2018-5170) Multiple security issues were discovered in Skia. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2018-5183) It was discovered that S/MIME encrypted messages with remote content could leak plaintext via a chosen-ciphertext attack. An attacker could potentially exploit this to obtain sensitive information. (CVE-2018-5184) It was discovered that plaintext of decrypted emails could leak by submitting an embedded form. An attacker could potentially exploit this to obtain sensitive information. (CVE-2018-5185) Update Instructions: Run `sudo pro fix USN-3660-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-bn - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fr - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-en-us - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-es-es - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nb-no - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-br - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-dsb - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fy - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-vi - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-mk - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-bn-bd - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hu - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-es-ar - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-be - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-bg - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ja - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-lt - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sl - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-en-gb - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-cy - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-si - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-gnome-support - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hr - 1:52.8.0+build1-0ubuntu0.16.04.1 xul-ext-calendar-timezones - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-de - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-en - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-da - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nl - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nn - 1:52.8.0+build1-0ubuntu0.16.04.1 xul-ext-lightning - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ga-ie - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fy-nl - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sv - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pa-in - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sr - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sq - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-he - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hsb - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-kab - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ar - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-uk - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-globalmenu - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-cn - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ta-lk - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ru - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-cs - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-mozsymbols - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fi - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-testsuite - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ro - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-af - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pt-pt - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sk - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-dev - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hy - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ca - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sv-se - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pt-br - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-el - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pa - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-rm - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ka - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nn-no - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ko - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ga - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ast - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-tr - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-it - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pl - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-gd - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-tw - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-id - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-gl - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nb - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pt - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-eu - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-et - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-hant - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-hans - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-is - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-es - 1:52.8.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ta - 1:52.8.0+build1-0ubuntu0.16.04.1 No subscription required Medium CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5159 CVE-2018-5161 CVE-2018-5162 CVE-2018-5168 CVE-2018-5170 CVE-2018-5178 CVE-2018-5183 CVE-2018-5184 CVE-2018-5185 Ubuntu 16.04 LTS It was discovered that the NVIDIA graphics drivers contained flaws in the kernel mode layer. A local attacker could use these issues to cause a denial of service or potentially escalate their privileges on the system. Update Instructions: Run `sudo pro fix USN-3662-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nvidia-opencl-icd-384 - 384.130-0ubuntu0.16.04.1 nvidia-libopencl1-375 - 384.130-0ubuntu0.16.04.1 nvidia-375-dev - 384.130-0ubuntu0.16.04.1 nvidia-libopencl1-384 - 384.130-0ubuntu0.16.04.1 nvidia-384-dev - 384.130-0ubuntu0.16.04.1 nvidia-opencl-icd-375 - 384.130-0ubuntu0.16.04.1 libcuda1-384 - 384.130-0ubuntu0.16.04.1 nvidia-384 - 384.130-0ubuntu0.16.04.1 libcuda1-375 - 384.130-0ubuntu0.16.04.1 nvidia-375 - 384.130-0ubuntu0.16.04.1 No subscription required Medium CVE-2018-6249 CVE-2018-6253 Ubuntu 16.04 LTS Sander Bos discovered that Apport incorrectly handled core dumps when certain files are missing from /proc. A local attacker could possibly use this issue to cause a denial of service, gain root privileges, or escape from containers. Update Instructions: Run `sudo pro fix USN-3664-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.20.1-0ubuntu2.18 python3-problem-report - 2.20.1-0ubuntu2.18 apport-kde - 2.20.1-0ubuntu2.18 apport-retrace - 2.20.1-0ubuntu2.18 apport-valgrind - 2.20.1-0ubuntu2.18 python3-apport - 2.20.1-0ubuntu2.18 dh-apport - 2.20.1-0ubuntu2.18 apport-gtk - 2.20.1-0ubuntu2.18 apport - 2.20.1-0ubuntu2.18 python-problem-report - 2.20.1-0ubuntu2.18 apport-noui - 2.20.1-0ubuntu2.18 No subscription required High CVE-2018-6552 Ubuntu 16.04 LTS It was discovered that Tomcat incorrectly handled being configured with HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP file to the server and execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-12616, CVE-2017-12617) It was discovered that Tomcat contained incorrect documentation regarding description of the search algorithm used by the CGI Servlet to identify which script to execute. This issue only affected Ubuntu 17.10. (CVE-2017-15706) It was discovered that Tomcat incorrectly handled en empty string URL pattern in security constraint definitions. A remote attacker could possibly use this issue to gain access to web application resources, contrary to expectations. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-1304) It was discovered that Tomcat incorrectly handled applying certain security constraints. A remote attacker could possibly access certain resources, contrary to expectations. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-1305) It was discovered that the Tomcat CORS filter default settings were insecure and would enable 'supportsCredentials' for all origins, contrary to expectations. (CVE-2018-8014) Update Instructions: Run `sudo pro fix USN-3665-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tomcat8-docs - 8.0.32-1ubuntu1.6 tomcat8-user - 8.0.32-1ubuntu1.6 libservlet3.1-java - 8.0.32-1ubuntu1.6 libservlet3.1-java-doc - 8.0.32-1ubuntu1.6 tomcat8-examples - 8.0.32-1ubuntu1.6 tomcat8-admin - 8.0.32-1ubuntu1.6 libtomcat8-java - 8.0.32-1ubuntu1.6 tomcat8-common - 8.0.32-1ubuntu1.6 tomcat8 - 8.0.32-1ubuntu1.6 No subscription required Medium CVE-2017-12616 CVE-2017-12617 CVE-2017-15706 CVE-2018-1304 CVE-2018-1305 CVE-2018-8014 Ubuntu 16.04 LTS Divya K Konoor discovered Oslo middleware was vulnerable to an information disclosure. A local attacker could exploit this flaw to obtain sensitive information from OpenStack component error logs. Update Instructions: Run `sudo pro fix USN-3666-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-oslo.middleware-doc - 3.8.0-2ubuntu1 python-oslo-middleware - 3.8.0-2ubuntu1 python3-oslo-middleware - 3.8.0-2ubuntu1 python-oslo-middleware-doc - 3.8.0-2ubuntu1 python-oslo.middleware - 3.8.0-2ubuntu1 python3-oslo.middleware - 3.8.0-2ubuntu1 No subscription required Low CVE-2017-2592 https://launchpad.net/bugs/1628031 Ubuntu 16.04 LTS It was discovered that Exempi incorrectly handled certain media files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could cause Exempi to hang or crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3668-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exempi - 2.2.2-2ubuntu0.1 libexempi3 - 2.2.2-2ubuntu0.1 libexempi-dev - 2.2.2-2ubuntu0.1 No subscription required Medium CVE-2017-18233 CVE-2017-18234 CVE-2017-18236 CVE-2017-18238 CVE-2018-7728 CVE-2018-7729 CVE-2018-7730 CVE-2018-7731 Ubuntu 16.04 LTS It was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-11410) It was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. (CVE-2018-11440) It was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2018-11577) Update Instructions: Run `sudo pro fix USN-3669-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblouis9 - 2.6.4-2ubuntu0.2 liblouis-bin - 2.6.4-2ubuntu0.2 python-louis - 2.6.4-2ubuntu0.2 liblouis-dev - 2.6.4-2ubuntu0.2 python3-louis - 2.6.4-2ubuntu0.2 liblouis-data - 2.6.4-2ubuntu0.2 No subscription required Medium CVE-2018-11410 CVE-2018-11440 CVE-2018-11577 Ubuntu 16.04 LTS Agostino Sarubbo discovered that elfutils incorrectly handled certain malformed ELF files. If a user or automated system were tricked into processing a specially crafted ELF file, elfutils could be made to crash or consume resources, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3670-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libasm1 - 0.165-3ubuntu1.1 libdw-dev - 0.165-3ubuntu1.1 libelf1 - 0.165-3ubuntu1.1 libelf-dev - 0.165-3ubuntu1.1 elfutils - 0.165-3ubuntu1.1 libdw1 - 0.165-3ubuntu1.1 libasm-dev - 0.165-3ubuntu1.1 No subscription required Medium CVE-2016-10254 CVE-2016-10255 CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 Ubuntu 16.04 LTS Etienne Stalmans discovered that git did not properly validate git submodules files. A remote attacker could possibly use this to craft a git repo that causes arbitrary code execution when "git clone --recurse-submodules" is used. (CVE-2018-11235) It was discovered that an integer overflow existed in git's pathname consistency checking code when used on NTFS filesystems. An attacker could use this to cause a denial of service or expose sensitive information. (CVE-2018-11233) Update Instructions: Run `sudo pro fix USN-3671-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:2.7.4-0ubuntu1.4 gitweb - 1:2.7.4-0ubuntu1.4 git-gui - 1:2.7.4-0ubuntu1.4 git-daemon-sysvinit - 1:2.7.4-0ubuntu1.4 git-arch - 1:2.7.4-0ubuntu1.4 git-el - 1:2.7.4-0ubuntu1.4 gitk - 1:2.7.4-0ubuntu1.4 git-all - 1:2.7.4-0ubuntu1.4 git-mediawiki - 1:2.7.4-0ubuntu1.4 git-daemon-run - 1:2.7.4-0ubuntu1.4 git-man - 1:2.7.4-0ubuntu1.4 git-doc - 1:2.7.4-0ubuntu1.4 git-svn - 1:2.7.4-0ubuntu1.4 git-cvs - 1:2.7.4-0ubuntu1.4 git-core - 1:2.7.4-0ubuntu1.4 git-email - 1:2.7.4-0ubuntu1.4 No subscription required High CVE-2018-11233 CVE-2018-11235 Ubuntu 16.04 LTS Henri Salo discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. (CVE-2018-11683, CVE-2018-11684, CVE-2018-11685) Update Instructions: Run `sudo pro fix USN-3672-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblouis9 - 2.6.4-2ubuntu0.3 liblouis-bin - 2.6.4-2ubuntu0.3 python-louis - 2.6.4-2ubuntu0.3 liblouis-dev - 2.6.4-2ubuntu0.3 python3-louis - 2.6.4-2ubuntu0.3 liblouis-data - 2.6.4-2ubuntu0.3 No subscription required Medium CVE-2018-11683 CVE-2018-11684 CVE-2018-11685 Ubuntu 16.04 LTS Ralph Dolmans and Karst Koymans discovered that Unbound did not properly handle certain NSEC records. An attacker could use this to to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick Unbound into accepting a NODATA proof. Update Instructions: Run `sudo pro fix USN-3673-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libunbound2 - 1.5.8-1ubuntu1.1 unbound - 1.5.8-1ubuntu1.1 python-unbound - 1.5.8-1ubuntu1.1 unbound-anchor - 1.5.8-1ubuntu1.1 unbound-host - 1.5.8-1ubuntu1.1 libunbound-dev - 1.5.8-1ubuntu1.1 No subscription required Low CVE-2017-15105 Ubuntu 16.04 LTS Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the status of the cryptographic operation reported by GnuPG. (CVE-2018-12020) Lance Vick discovered that GnuPG did not enforce configurations where key certification required an offline primary Certify key. An attacker with access to a signing subkey could generate certifications that appeared to be valid. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-9234) Update Instructions: Run `sudo pro fix USN-3675-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gnupg-curl - 1.4.20-1ubuntu3.2 gpgv-udeb - 1.4.20-1ubuntu3.2 gpgv - 1.4.20-1ubuntu3.2 gnupg - 1.4.20-1ubuntu3.2 No subscription required Medium CVE-2018-12020 CVE-2018-9234 Ubuntu 16.04 LTS USN-3675-1 fixed a vulnerability in GnuPG 2 for Ubuntu 18.04 LTS and Ubuntu 17.10. This update provides the corresponding update for GnuPG 2 in Ubuntu 16.04 LTS and Ubuntu 14.04 LTS. Original advisory details: Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the status of the cryptographic operation reported by GnuPG. Update Instructions: Run `sudo pro fix USN-3675-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dirmngr - 2.1.11-6ubuntu2.1 scdaemon - 2.1.11-6ubuntu2.1 gpgsm - 2.1.11-6ubuntu2.1 gnupg-agent - 2.1.11-6ubuntu2.1 gnupg2 - 2.1.11-6ubuntu2.1 gpgv-udeb - 2.1.11-6ubuntu2.1 gpgv2 - 2.1.11-6ubuntu2.1 No subscription required Medium CVE-2018-12020 Ubuntu 16.04 LTS Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 filesystem that caused a denial of service (system crash) when mounted. (CVE-2018-1092, CVE-2018-1093) It was discovered that the cdrom driver in the Linux kernel contained an incorrect bounds check. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-10940) It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2018-8087) Update Instructions: Run `sudo pro fix USN-3676-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1027-kvm - 4.4.0-1027.32 No subscription required linux-image-4.4.0-1061-aws - 4.4.0-1061.70 No subscription required linux-image-4.4.0-1091-raspi2 - 4.4.0-1091.99 No subscription required linux-image-4.4.0-1094-snapdragon - 4.4.0-1094.99 No subscription required linux-image-4.4.0-128-powerpc-smp - 4.4.0-128.154 linux-image-4.4.0-128-powerpc64-smp - 4.4.0-128.154 linux-image-4.4.0-128-powerpc64-emb - 4.4.0-128.154 linux-image-4.4.0-128-powerpc-e500mc - 4.4.0-128.154 linux-image-4.4.0-128-generic-lpae - 4.4.0-128.154 linux-image-4.4.0-128-lowlatency - 4.4.0-128.154 linux-image-extra-4.4.0-128-generic - 4.4.0-128.154 linux-image-4.4.0-128-generic - 4.4.0-128.154 No subscription required Medium CVE-2018-1092 CVE-2018-1093 CVE-2018-10940 CVE-2018-8087 Ubuntu 16.04 LTS USN-3677-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1068) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service (system crash) when mounted. (CVE-2018-1092) It was discovered that a NULL pointer dereference existed in the RDS (Reliable Datagram Sockets) protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-7492) It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2018-8087) Eyal Itkin discovered that the USB displaylink video adapter driver in the Linux kernel did not properly validate mmap offsets sent from userspace. A local attacker could use this to expose sensitive information (kernel memory) or possibly execute arbitrary code. (CVE-2018-8781) Update Instructions: Run `sudo pro fix USN-3677-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.13.0-1019-gcp - 4.13.0-1019.23 linux-image-extra-4.13.0-1019-gcp - 4.13.0-1019.23 No subscription required linux-image-4.13.0-1030-oem - 4.13.0-1030.33 No subscription required linux-image-extra-4.13.0-45-generic - 4.13.0-45.50~16.04.1 linux-image-4.13.0-45-generic-lpae - 4.13.0-45.50~16.04.1 linux-image-4.13.0-45-lowlatency - 4.13.0-45.50~16.04.1 linux-image-4.13.0-45-generic - 4.13.0-45.50~16.04.1 No subscription required Medium CVE-2018-1068 CVE-2018-1092 CVE-2018-7492 CVE-2018-8087 CVE-2018-8781 Ubuntu 16.04 LTS Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service (system crash) when mounted. (CVE-2018-1092) It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2018-8087) It was discovered that a memory leak existed in the Serial Attached SCSI (SAS) implementation in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-10021) Update Instructions: Run `sudo pro fix USN-3678-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1013-azure - 4.15.0-1013.13~16.04.2 No subscription required Medium CVE-2018-10021 CVE-2018-1092 CVE-2018-8087 Ubuntu 16.04 LTS Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via sidechannel attacks. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows QEMU to expose new CPU features added by AMD microcode updates to guests on amd64 and i386. Update Instructions: Run `sudo pro fix USN-3679-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.5+dfsg-5ubuntu10.30 qemu-user-static - 1:2.5+dfsg-5ubuntu10.30 qemu-system-s390x - 1:2.5+dfsg-5ubuntu10.30 qemu-block-extra - 1:2.5+dfsg-5ubuntu10.30 qemu-kvm - 1:2.5+dfsg-5ubuntu10.30 qemu-user - 1:2.5+dfsg-5ubuntu10.30 qemu-guest-agent - 1:2.5+dfsg-5ubuntu10.30 qemu-system - 1:2.5+dfsg-5ubuntu10.30 qemu-utils - 1:2.5+dfsg-5ubuntu10.30 qemu-system-aarch64 - 1:2.5+dfsg-5ubuntu10.30 qemu-system-mips - 1:2.5+dfsg-5ubuntu10.30 qemu-user-binfmt - 1:2.5+dfsg-5ubuntu10.30 qemu-system-x86 - 1:2.5+dfsg-5ubuntu10.30 qemu-system-arm - 1:2.5+dfsg-5ubuntu10.30 qemu-system-sparc - 1:2.5+dfsg-5ubuntu10.30 qemu - 1:2.5+dfsg-5ubuntu10.30 qemu-system-ppc - 1:2.5+dfsg-5ubuntu10.30 qemu-system-misc - 1:2.5+dfsg-5ubuntu10.30 No subscription required Medium CVE-2018-3639 Ubuntu 16.04 LTS Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via sidechannel attacks. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows libvirt to expose new CPU features added by microcode updates to guests. (CVE-2018-3639) Daniel P. Berrange discovered that libvirt incorrectly handled the QEMU guest agent. An attacker could possibly use this issue to consume resources, leading to a denial of service. (CVE-2018-1064) Update Instructions: Run `sudo pro fix USN-3680-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvirt0 - 1.3.1-1ubuntu10.24 libvirt-dev - 1.3.1-1ubuntu10.24 libvirt-doc - 1.3.1-1ubuntu10.24 libvirt-bin - 1.3.1-1ubuntu10.24 No subscription required Medium CVE-2018-1064 CVE-2018-3639 Ubuntu 16.04 LTS It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-3681-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.8.9.9-7ubuntu5.11 libmagickcore-6.q16-dev - 8:6.8.9.9-7ubuntu5.11 libmagickcore-dev - 8:6.8.9.9-7ubuntu5.11 imagemagick - 8:6.8.9.9-7ubuntu5.11 imagemagick-doc - 8:6.8.9.9-7ubuntu5.11 libmagickwand-dev - 8:6.8.9.9-7ubuntu5.11 libmagickwand-6.q16-dev - 8:6.8.9.9-7ubuntu5.11 libmagick++-6-headers - 8:6.8.9.9-7ubuntu5.11 libimage-magick-q16-perl - 8:6.8.9.9-7ubuntu5.11 libimage-magick-perl - 8:6.8.9.9-7ubuntu5.11 libmagick++-dev - 8:6.8.9.9-7ubuntu5.11 imagemagick-6.q16 - 8:6.8.9.9-7ubuntu5.11 libmagick++-6.q16-5v5 - 8:6.8.9.9-7ubuntu5.11 perlmagick - 8:6.8.9.9-7ubuntu5.11 libmagickwand-6.q16-2 - 8:6.8.9.9-7ubuntu5.11 libmagickcore-6-arch-config - 8:6.8.9.9-7ubuntu5.11 libmagick++-6.q16-dev - 8:6.8.9.9-7ubuntu5.11 libmagickcore-6.q16-2-extra - 8:6.8.9.9-7ubuntu5.11 libmagickcore-6-headers - 8:6.8.9.9-7ubuntu5.11 libmagickwand-6-headers - 8:6.8.9.9-7ubuntu5.11 libmagickcore-6.q16-2 - 8:6.8.9.9-7ubuntu5.11 No subscription required Medium CVE-2017-1000445 CVE-2017-1000476 CVE-2017-10995 CVE-2017-11352 CVE-2017-11533 CVE-2017-11535 CVE-2017-11537 CVE-2017-11639 CVE-2017-11640 CVE-2017-12140 CVE-2017-12418 CVE-2017-12429 CVE-2017-12430 CVE-2017-12431 CVE-2017-12432 CVE-2017-12433 CVE-2017-12435 CVE-2017-12563 CVE-2017-12587 CVE-2017-12640 CVE-2017-12643 CVE-2017-12644 CVE-2017-12670 CVE-2017-12674 CVE-2017-12691 CVE-2017-12692 CVE-2017-12693 CVE-2017-12875 CVE-2017-12877 CVE-2017-12983 CVE-2017-13058 CVE-2017-13059 CVE-2017-13060 CVE-2017-13061 CVE-2017-13062 CVE-2017-13131 CVE-2017-13134 CVE-2017-13139 CVE-2017-13142 CVE-2017-13143 CVE-2017-13144 CVE-2017-13145 CVE-2017-13758 CVE-2017-13768 CVE-2017-13769 CVE-2017-14060 CVE-2017-14172 CVE-2017-14173 CVE-2017-14174 CVE-2017-14175 CVE-2017-14224 CVE-2017-14249 CVE-2017-14325 CVE-2017-14326 CVE-2017-14341 CVE-2017-14342 CVE-2017-14343 CVE-2017-14400 CVE-2017-14505 CVE-2017-14531 CVE-2017-14532 CVE-2017-14533 CVE-2017-14607 CVE-2017-14624 CVE-2017-14625 CVE-2017-14626 CVE-2017-14682 CVE-2017-14684 CVE-2017-14739 CVE-2017-14741 CVE-2017-14989 CVE-2017-15015 CVE-2017-15016 CVE-2017-15017 CVE-2017-15032 CVE-2017-15033 CVE-2017-15217 CVE-2017-15218 CVE-2017-15277 CVE-2017-15281 CVE-2017-16546 CVE-2017-17499 CVE-2017-17504 CVE-2017-17680 CVE-2017-17681 CVE-2017-17682 CVE-2017-17879 CVE-2017-17881 CVE-2017-17882 CVE-2017-17884 CVE-2017-17885 CVE-2017-17886 CVE-2017-17887 CVE-2017-17914 CVE-2017-17934 CVE-2017-18008 CVE-2017-18022 CVE-2017-18027 CVE-2017-18028 CVE-2017-18029 CVE-2017-18209 CVE-2017-18211 CVE-2017-18251 CVE-2017-18252 CVE-2017-18254 CVE-2017-18271 CVE-2017-18273 CVE-2018-10177 CVE-2018-10804 CVE-2018-10805 CVE-2018-11251 CVE-2018-11625 CVE-2018-11655 CVE-2018-11656 CVE-2018-5246 CVE-2018-5247 CVE-2018-5248 CVE-2018-5357 CVE-2018-5358 CVE-2018-6405 CVE-2018-7443 CVE-2018-8804 CVE-2018-8960 CVE-2018-9133 Ubuntu 16.04 LTS A heap buffer overflow was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3682-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nn - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ne - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nb - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fa - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fi - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fr - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fy - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-or - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kab - 60.0.2+build1-0ubuntu0.16.04.1 firefox-testsuite - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-oc - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cs - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ga - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gd - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gn - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gl - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gu - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pa - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pl - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cy - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pt - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hi - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-uk - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-he - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hy - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hr - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hu - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-as - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ar - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ia - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-az - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-id - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mai - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-af - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-is - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-it - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-an - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bs - 60.0.2+build1-0ubuntu0.16.04.1 firefox - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ro - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ja - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ru - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-br - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zh-hant - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zh-hans - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bn - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-be - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bg - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sl - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sk - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-si - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sw - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sv - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sr - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sq - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ko - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kn - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-km - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kk - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ka - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-xh - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ca - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ku - 60.0.2+build1-0ubuntu0.16.04.1 firefox-mozsymbols - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lv - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lt - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-th - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hsb - 60.0.2+build1-0ubuntu0.16.04.1 firefox-dev - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-te - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cak - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ta - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lg - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-tr - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nso - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-de - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-da - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ms - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mr - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-my - 60.0.2+build1-0ubuntu0.16.04.1 firefox-globalmenu - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-uz - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ml - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mn - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mk - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ur - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-vi - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-eu - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-et - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-es - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-csb - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-el - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-eo - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-en - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zu - 60.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ast - 60.0.2+build1-0ubuntu0.16.04.1 No subscription required Medium CVE-2018-6126 Ubuntu 16.04 LTS It was discovered that Perl incorrectly handled certain archive files. An attacker could possibly use this to overwrite arbitrary files. Update Instructions: Run `sudo pro fix USN-3684-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: perl-modules-5.22 - 5.22.1-9ubuntu0.5 libperl-dev - 5.22.1-9ubuntu0.5 perl-doc - 5.22.1-9ubuntu0.5 perl - 5.22.1-9ubuntu0.5 perl-base - 5.22.1-9ubuntu0.5 perl-debug - 5.22.1-9ubuntu0.5 libperl5.22 - 5.22.1-9ubuntu0.5 No subscription required Medium CVE-2018-12015 Ubuntu 16.04 LTS Some of these CVE were already addressed in previous USN: 3439-1, 3553-1, 3528-1. Here we address for the remain releases. It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. (CVE-2017-0898) It was discovered that Ruby incorrectly handled certain files. An attacker could use this to overwrite any file on the filesystem. (CVE-2017-0901) It was discovered that Ruby was vulnerable to a DNS hijacking vulnerability. An attacker could use this to possibly force the RubyGems client to download and install gems from a server that the attacker controls. (CVE-2017-0902) It was discovered that Ruby incorrectly handled certain YAML files. An attacker could use this to possibly execute arbitrary code. (CVE-2017-0903) It was discovered that Ruby incorrectly handled certain files. An attacker could use this to expose sensitive information. (CVE-2017-14064) It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to execute arbitrary code. (CVE-2017-10784) It was discovered that Ruby incorrectly handled certain network requests. An attacker could possibly use this to inject a crafted key into a HTTP response. (CVE-2017-17742) It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. This update is only addressed to ruby2.0. (CVE-2018-1000074) It was discovered that Ruby incorrectly handled certain network requests. An attacker could possibly use this to cause a denial of service. (CVE-2018-8777) Update Instructions: Run `sudo pro fix USN-3685-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libruby2.3 - 2.3.1-2~16.04.10 ruby2.3-tcltk - 2.3.1-2~16.04.10 ruby2.3 - 2.3.1-2~16.04.10 ruby2.3-dev - 2.3.1-2~16.04.10 ruby2.3-doc - 2.3.1-2~16.04.10 No subscription required Medium CVE-2017-0898 CVE-2017-0901 CVE-2017-0902 CVE-2017-0903 CVE-2017-10784 CVE-2017-14064 CVE-2017-17742 CVE-2018-1000074 CVE-2018-8777 Ubuntu 16.04 LTS Alexander Cherepanov discovered that file incorrectly handled a large number of notes. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9620) Alexander Cherepanov discovered that file incorrectly handled certain long strings. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9621) Alexander Cherepanov discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9653) It was discovered that file incorrectly handled certain magic files. An attacker could use this issue with a specially crafted magic file to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-8865) It was discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service. (CVE-2018-10360) Update Instructions: Run `sudo pro fix USN-3686-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmagic-dev - 1:5.25-2ubuntu1.1 python-magic - 1:5.25-2ubuntu1.1 libmagic1 - 1:5.25-2ubuntu1.1 python3-magic - 1:5.25-2ubuntu1.1 file - 1:5.25-2ubuntu1.1 No subscription required Medium CVE-2014-9620 CVE-2014-9621 CVE-2014-9653 CVE-2015-8865 CVE-2018-10360 Ubuntu 16.04 LTS A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-3687-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.20.3-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.20.3-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-dev - 2.20.3-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 - 2.20.3-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-18 - 2.20.3-0ubuntu0.16.04.1 libwebkit2gtk-4.0-doc - 2.20.3-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-bin - 2.20.3-0ubuntu0.16.04.1 gir1.2-webkit2-4.0 - 2.20.3-0ubuntu0.16.04.1 libwebkit2gtk-4.0-dev - 2.20.3-0ubuntu0.16.04.1 No subscription required Medium CVE-2018-12293 CVE-2018-4190 CVE-2018-4199 CVE-2018-4218 CVE-2018-4222 CVE-2018-4232 CVE-2018-4233 Ubuntu 16.04 LTS Keegan Ryan discovered that Libgcrypt was susceptible to a side-channel attack. A local attacker could possibly use this attack to recover ECDSA private keys. Update Instructions: Run `sudo pro fix USN-3689-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgcrypt11-dev - 1.5.4-3+really1.6.5-2ubuntu0.5 No subscription required libgcrypt20 - 1.6.5-2ubuntu0.5 libgcrypt20-doc - 1.6.5-2ubuntu0.5 libgcrypt20-udeb - 1.6.5-2ubuntu0.5 libgcrypt20-dev - 1.6.5-2ubuntu0.5 No subscription required Low CVE-2018-0495 Ubuntu 16.04 LTS Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides the microcode updates for AMD 17H family processors required for the corresponding Linux kernel updates. Update Instructions: Run `sudo pro fix USN-3690-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: amd64-microcode - 3.20180524.1~ubuntu0.16.04.1 No subscription required High CVE-2017-5715 Ubuntu 16.04 LTS Keegan Ryan discovered that OpenSSL incorrectly handled ECDSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. (CVE-2018-0495) Guido Vranken discovered that OpenSSL incorrectly handled very large prime values during a key agreement. A remote attacker could possibly use this issue to consume resources, leading to a denial of service. (CVE-2018-0732) Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private RSA keys. (CVE-2018-0737) Update Instructions: Run `sudo pro fix USN-3692-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.2g-1ubuntu4.13 libssl-dev - 1.0.2g-1ubuntu4.13 openssl - 1.0.2g-1ubuntu4.13 libssl-doc - 1.0.2g-1ubuntu4.13 libcrypto1.0.0-udeb - 1.0.2g-1ubuntu4.13 libssl1.0.0-udeb - 1.0.2g-1ubuntu4.13 No subscription required Low CVE-2018-0495 CVE-2018-0732 CVE-2018-0737 Ubuntu 16.04 LTS It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user or automated system using JasPer were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-3693-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjasper-runtime - 1.900.1-debian1-2.4ubuntu1.2 libjasper-dev - 1.900.1-debian1-2.4ubuntu1.2 libjasper1 - 1.900.1-debian1-2.4ubuntu1.2 No subscription required Medium CVE-2015-5203 CVE-2015-5221 CVE-2016-10248 CVE-2016-10250 CVE-2016-8883 CVE-2016-8887 CVE-2016-9262 CVE-2016-9387 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 CVE-2016-9391 CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 CVE-2016-9396 CVE-2016-9600 CVE-2017-1000050 CVE-2017-6850 Ubuntu 16.04 LTS USN-3695-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Wen Xu discovered that the ext4 file system implementation in the Linux kernel did not properly initialize the crc32c checksum driver. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1094) It was discovered that the cdrom driver in the Linux kernel contained an incorrect bounds check. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-10940) Wen Xu discovered that the ext4 file system implementation in the Linux kernel did not properly validate xattr sizes. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1095) Jann Horn discovered that the 32 bit adjtimex() syscall implementation for 64 bit Linux kernels did not properly initialize memory returned to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-11508) It was discovered that an information leak vulnerability existed in the floppy driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-7755) Update Instructions: Run `sudo pro fix USN-3695-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1014-azure - 4.15.0-1014.14~16.04.1 No subscription required linux-image-unsigned-4.15.0-24-generic - 4.15.0-24.26~16.04.1 linux-image-unsigned-4.15.0-24-lowlatency - 4.15.0-24.26~16.04.1 linux-image-4.15.0-24-generic-lpae - 4.15.0-24.26~16.04.1 linux-image-4.15.0-24-lowlatency - 4.15.0-24.26~16.04.1 linux-image-4.15.0-24-generic - 4.15.0-24.26~16.04.1 No subscription required Medium CVE-2018-1094 CVE-2018-10940 CVE-2018-1095 CVE-2018-11508 CVE-2018-7755 Ubuntu 16.04 LTS It was discovered that an integer overflow existed in the perf subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18255) Wei Fang discovered an integer overflow in the F2FS filesystem implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2017-18257) It was discovered that an information leak existed in the generic SCSI driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-1000204) It was discovered that the wait4() system call in the Linux kernel did not properly validate its arguments in some situations. A local attacker could possibly use this to cause a denial of service. (CVE-2018-10087) It was discovered that the kill() system call implementation in the Linux kernel did not properly validate its arguments in some situations. A local attacker could possibly use this to cause a denial of service. (CVE-2018-10124) Julian Stecklina and Thomas Prescher discovered that FPU register states (such as MMX, SSE, and AVX registers) which are lazily restored are potentially vulnerable to a side channel attack. A local attacker could use this to expose sensitive information. (CVE-2018-3665) Jakub Jirasek discovered that multiple use-after-free errors existed in the USB/IP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5814) It was discovered that an information leak vulnerability existed in the floppy driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-7755) Seunghun Han discovered an information leak in the ACPI handling code in the Linux kernel when handling early termination of ACPI table loading. A local attacker could use this to expose sensitive informal (kernel address locations). (CVE-2017-13695) It was discovered that a memory leak existed in the Serial Attached SCSI (SAS) implementation in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-10021) Update Instructions: Run `sudo pro fix USN-3696-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1029-kvm - 4.4.0-1029.34 No subscription required linux-image-4.4.0-1062-aws - 4.4.0-1062.71 No subscription required linux-image-4.4.0-1092-raspi2 - 4.4.0-1092.100 No subscription required linux-image-4.4.0-1095-snapdragon - 4.4.0-1095.100 No subscription required linux-image-extra-4.4.0-130-generic - 4.4.0-130.156 linux-image-4.4.0-130-lowlatency - 4.4.0-130.156 linux-image-4.4.0-130-generic - 4.4.0-130.156 linux-image-4.4.0-130-powerpc64-smp - 4.4.0-130.156 linux-image-4.4.0-130-generic-lpae - 4.4.0-130.156 linux-image-4.4.0-130-powerpc-e500mc - 4.4.0-130.156 linux-image-4.4.0-130-powerpc64-emb - 4.4.0-130.156 linux-image-4.4.0-130-powerpc-smp - 4.4.0-130.156 No subscription required Medium CVE-2017-13695 CVE-2017-18255 CVE-2017-18257 CVE-2018-1000204 CVE-2018-10021 CVE-2018-10087 CVE-2018-10124 CVE-2018-3665 CVE-2018-5814 CVE-2018-7755 Ubuntu 16.04 LTS It was discovered that a null pointer dereference vulnerability existed in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1130) Jann Horn discovered that the 32 bit adjtimex() syscall implementation for 64 bit Linux kernels did not properly initialize memory returned to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-11508) Wang Qize discovered that an information disclosure vulnerability existed in the SMBus driver for ACPI Embedded Controllers in the Linux kernel. A local attacker could use this to expose sensitive information (kernel pointer addresses). (CVE-2018-5750) It was discovered that the SCTP Protocol implementation in the Linux kernel did not properly validate userspace provided payload lengths in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5803) It was discovered that an integer overflow error existed in the futex implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-6927) It was discovered that an information leak vulnerability existed in the floppy driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-7755) It was discovered that a memory leak existed in the SAS driver subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-7757) Update Instructions: Run `sudo pro fix USN-3697-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.13.0-1031-oem - 4.13.0-1031.35 No subscription required Medium CVE-2018-1130 CVE-2018-11508 CVE-2018-5750 CVE-2018-5803 CVE-2018-6927 CVE-2018-7755 CVE-2018-7757 Ubuntu 16.04 LTS It was discovered that zziplib incorrectly handled certain malformed ZIP files. If a user or automated system were tricked into opening a specially crafted ZIP file, a remote attacker could cause zziplib to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3699-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: zziplib-bin - 0.13.62-3ubuntu0.16.04.2 libzzip-dev - 0.13.62-3ubuntu0.16.04.2 libzzip-0-13 - 0.13.62-3ubuntu0.16.04.2 No subscription required Medium CVE-2018-6381 CVE-2018-6484 CVE-2018-6540 CVE-2018-6541 CVE-2018-6869 CVE-2018-7725 CVE-2018-7726 Ubuntu 16.04 LTS It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. (CVE-2018-10958, CVE-2018-10998) It was discovered that Exiv2 incorrectly handled certain PNG files. An attacker could possibly use this to access sensitive information. (CVE-2018-10999) It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. (CVE-2018-11531) It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this to access sensitive information. (CVE-2018-12264, CVE-2018-12265) Update Instructions: Run `sudo pro fix USN-3700-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exiv2 - 0.25-2.1ubuntu16.04.2 libexiv2-14 - 0.25-2.1ubuntu16.04.2 libexiv2-doc - 0.25-2.1ubuntu16.04.2 libexiv2-dev - 0.25-2.1ubuntu16.04.2 No subscription required Medium CVE-2018-10958 CVE-2018-10998 CVE-2018-10999 CVE-2018-11531 CVE-2018-12264 CVE-2018-12265 Ubuntu 16.04 LTS It was discovered that libsoup incorrectly handled certain cookie requests. An attacker could possibly use this to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3701-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsoup-gnome2.4-1 - 2.52.2-1ubuntu0.3 libsoup-gnome2.4-dev - 2.52.2-1ubuntu0.3 gir1.2-soup-2.4 - 2.52.2-1ubuntu0.3 libsoup2.4-1 - 2.52.2-1ubuntu0.3 libsoup2.4-dev - 2.52.2-1ubuntu0.3 libsoup2.4-doc - 2.52.2-1ubuntu0.3 No subscription required Medium CVE-2018-12910 Ubuntu 16.04 LTS It was discovered that the Archive Zip module incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information. Update Instructions: Run `sudo pro fix USN-3703-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libarchive-zip-perl - 1.56-2ubuntu0.1 No subscription required Medium CVE-2018-10860 Ubuntu 16.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, bypass same-origin restrictions, bypass CORS restrictions, bypass CSRF protections, obtain sensitive information, or execute arbitrary code. (CVE-2018-5156, CVE-2018-5186, CVE-2018-5187, CVE-2018-5188, CVE-2018-12358, CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12367, CVE-2018-12370, CVE-2018-12371) A security issue was discovered with WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit this to obtain full browser permissions. (CVE-2018-12369) Update Instructions: Run `sudo pro fix USN-3705-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-nn - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-ne - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-nb - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-fa - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-fi - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-fr - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-fy - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-or - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-kab - 61.0+build3-0ubuntu0.16.04.2 firefox-testsuite - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-oc - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-cs - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-ga - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-gd - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-gn - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-gl - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-gu - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-pa - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-pl - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-cy - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-pt - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-hi - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-uk - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-he - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-hy - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-hr - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-hu - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-as - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-ar - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-ia - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-az - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-id - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-mai - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-af - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-is - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-it - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-an - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-bs - 61.0+build3-0ubuntu0.16.04.2 firefox - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-ro - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-ja - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-ru - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-br - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-zh-hant - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-zh-hans - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-bn - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-be - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-bg - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-sl - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-sk - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-si - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-sw - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-sv - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-sr - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-sq - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-ko - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-kn - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-km - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-kk - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-ka - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-xh - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-ca - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-ku - 61.0+build3-0ubuntu0.16.04.2 firefox-mozsymbols - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-lv - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-lt - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-th - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-hsb - 61.0+build3-0ubuntu0.16.04.2 firefox-dev - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-te - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-cak - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-ta - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-lg - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-tr - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-nso - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-de - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-da - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-ms - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-mr - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-my - 61.0+build3-0ubuntu0.16.04.2 firefox-globalmenu - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-uz - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-ml - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-mn - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-mk - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-ur - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-vi - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-eu - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-et - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-es - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-csb - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-el - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-eo - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-en - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-zu - 61.0+build3-0ubuntu0.16.04.2 firefox-locale-ast - 61.0+build3-0ubuntu0.16.04.2 No subscription required Medium CVE-2018-5156 CVE-2018-5186 CVE-2018-5187 CVE-2018-5188 CVE-2018-12358 CVE-2018-12359 CVE-2018-12360 CVE-2018-12361 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12367 CVE-2018-12369 CVE-2018-12370 CVE-2018-12371 Ubuntu 16.04 LTS USN-3705-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, bypass same-origin restrictions, bypass CORS restrictions, bypass CSRF protections, obtain sensitive information, or execute arbitrary code. (CVE-2018-5156, CVE-2018-5186, CVE-2018-5187, CVE-2018-5188, CVE-2018-12358, CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12367, CVE-2018-12370, CVE-2018-12371) A security issue was discovered with WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit this to obtain full browser permissions. (CVE-2018-12369) Update Instructions: Run `sudo pro fix USN-3705-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nn - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ne - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nb - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fa - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fi - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fr - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fy - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-or - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kab - 61.0.1+build1-0ubuntu0.16.04.1 firefox-testsuite - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-oc - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cs - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ga - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gd - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gn - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gl - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gu - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pa - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pl - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cy - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pt - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hi - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-uk - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-he - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hy - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hr - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hu - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-as - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ar - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ia - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-az - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-id - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mai - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-af - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-is - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-it - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-an - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bs - 61.0.1+build1-0ubuntu0.16.04.1 firefox - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ro - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ja - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ru - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-br - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zh-hant - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zh-hans - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bn - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-be - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bg - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sl - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sk - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-si - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sw - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sv - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sr - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sq - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ko - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kn - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-km - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kk - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ka - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-xh - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ca - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ku - 61.0.1+build1-0ubuntu0.16.04.1 firefox-mozsymbols - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lv - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lt - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-th - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hsb - 61.0.1+build1-0ubuntu0.16.04.1 firefox-dev - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-te - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cak - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ta - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lg - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-tr - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nso - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-de - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-da - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ms - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mr - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-my - 61.0.1+build1-0ubuntu0.16.04.1 firefox-globalmenu - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-uz - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ml - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mn - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mk - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ur - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-vi - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-eu - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-et - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-es - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-csb - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-el - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-eo - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-en - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zu - 61.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ast - 61.0.1+build1-0ubuntu0.16.04.1 No subscription required None https://launchpad.net/bugs/1781009 Ubuntu 16.04 LTS It was discovered that libjpeg-turbo incorrectly handled certain malformed JPEG images. If a user or automated system were tricked into opening a specially crafted JPEG image, a remote attacker could cause libjpeg-turbo to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3706-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjpeg-turbo8 - 1.4.2-0ubuntu3.1 libjpeg-turbo-test - 1.4.2-0ubuntu3.1 libjpeg-turbo8-dev - 1.4.2-0ubuntu3.1 libturbojpeg - 1.4.2-0ubuntu3.1 libjpeg-turbo-progs - 1.4.2-0ubuntu3.1 No subscription required Medium CVE-2014-9092 CVE-2016-3616 CVE-2017-15232 CVE-2018-11212 CVE-2018-11213 CVE-2018-11214 CVE-2018-1152 Ubuntu 16.04 LTS Yihan Lian discovered that NTP incorrectly handled certain malformed mode 6 packets. A remote attacker could possibly use this issue to cause ntpd to crash, resulting in a denial of service. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2018-7182) Michael Macnair discovered that NTP incorrectly handled certain responses. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2018-7183) Miroslav Lichvar discovered that NTP incorrectly handled certain zero-origin timestamps. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2018-7184) Miroslav Lichvar discovered that NTP incorrectly handled certain zero-origin timestamps. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2018-7185) Update Instructions: Run `sudo pro fix USN-3707-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ntp - 1:4.2.8p4+dfsg-3ubuntu5.9 ntp-doc - 1:4.2.8p4+dfsg-3ubuntu5.9 ntpdate - 1:4.2.8p4+dfsg-3ubuntu5.9 No subscription required Medium CVE-2018-7182 CVE-2018-7183 CVE-2018-7184 CVE-2018-7185 Ubuntu 16.04 LTS It was discovered that OpenSLP incorrectly handled certain memory operations. A remote attacker could use this issue to cause OpenSLP to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3708-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libslp-dev - 1.2.1-11ubuntu0.16.04.1 openslp-doc - 1.2.1-11ubuntu0.16.04.1 slptool - 1.2.1-11ubuntu0.16.04.1 slpd - 1.2.1-11ubuntu0.16.04.1 libslp1 - 1.2.1-11ubuntu0.16.04.1 No subscription required Medium CVE-2017-17833 CVE-2018-12938 Ubuntu 16.04 LTS It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-3711-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.8.9.9-7ubuntu5.12 libmagickcore-6.q16-dev - 8:6.8.9.9-7ubuntu5.12 libmagickcore-dev - 8:6.8.9.9-7ubuntu5.12 imagemagick - 8:6.8.9.9-7ubuntu5.12 imagemagick-doc - 8:6.8.9.9-7ubuntu5.12 libmagickwand-dev - 8:6.8.9.9-7ubuntu5.12 libmagickwand-6.q16-dev - 8:6.8.9.9-7ubuntu5.12 libmagick++-6-headers - 8:6.8.9.9-7ubuntu5.12 libimage-magick-q16-perl - 8:6.8.9.9-7ubuntu5.12 libimage-magick-perl - 8:6.8.9.9-7ubuntu5.12 libmagick++-dev - 8:6.8.9.9-7ubuntu5.12 imagemagick-6.q16 - 8:6.8.9.9-7ubuntu5.12 libmagick++-6.q16-5v5 - 8:6.8.9.9-7ubuntu5.12 perlmagick - 8:6.8.9.9-7ubuntu5.12 libmagickwand-6.q16-2 - 8:6.8.9.9-7ubuntu5.12 libmagickcore-6-arch-config - 8:6.8.9.9-7ubuntu5.12 libmagick++-6.q16-dev - 8:6.8.9.9-7ubuntu5.12 libmagickcore-6.q16-2-extra - 8:6.8.9.9-7ubuntu5.12 libmagickcore-6-headers - 8:6.8.9.9-7ubuntu5.12 libmagickwand-6-headers - 8:6.8.9.9-7ubuntu5.12 libmagickcore-6.q16-2 - 8:6.8.9.9-7ubuntu5.12 No subscription required Medium CVE-2018-12599 CVE-2018-12600 CVE-2018-13153 Ubuntu 16.04 LTS Patrick Keshishian discovered that libpng incorrectly handled certain PNG files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10087) Thuan Pham discovered that libpng incorrectly handled certain PNG files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2018-13785) Update Instructions: Run `sudo pro fix USN-3712-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpng12-0-udeb - 1.2.54-1ubuntu1.1 libpng12-dev - 1.2.54-1ubuntu1.1 libpng3 - 1.2.54-1ubuntu1.1 libpng12-0 - 1.2.54-1ubuntu1.1 No subscription required Medium CVE-2016-10087 CVE-2018-13785 Ubuntu 16.04 LTS It was discovered that CUPS incorrectly handled certain print jobs with invalid usernames. A remote attacker could possibly use this issue to cause CUPS to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2017-18248) Dan Bastone discovered that the CUPS dnssd backend incorrectly handled certain environment variables. A local attacker could possibly use this issue to escalate privileges. (CVE-2018-4180) Eric Rafaloff and John Dunlap discovered that CUPS incorrectly handled certain include directives. A local attacker could possibly use this issue to read arbitrary files. (CVE-2018-4181) Dan Bastone discovered that the CUPS AppArmor profile incorrectly confined the dnssd backend. A local attacker could possibly use this issue to escape confinement. (CVE-2018-6553) Update Instructions: Run `sudo pro fix USN-3713-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcupscgi1 - 2.1.3-4ubuntu0.5 libcups2-dev - 2.1.3-4ubuntu0.5 cups-bsd - 2.1.3-4ubuntu0.5 libcupsmime1 - 2.1.3-4ubuntu0.5 cups-common - 2.1.3-4ubuntu0.5 cups-core-drivers - 2.1.3-4ubuntu0.5 cups-server-common - 2.1.3-4ubuntu0.5 libcupsimage2 - 2.1.3-4ubuntu0.5 cups-client - 2.1.3-4ubuntu0.5 libcupscgi1-dev - 2.1.3-4ubuntu0.5 cups-ipp-utils - 2.1.3-4ubuntu0.5 libcups2 - 2.1.3-4ubuntu0.5 libcupsmime1-dev - 2.1.3-4ubuntu0.5 cups-ppdc - 2.1.3-4ubuntu0.5 libcupsppdc1 - 2.1.3-4ubuntu0.5 cups - 2.1.3-4ubuntu0.5 libcupsppdc1-dev - 2.1.3-4ubuntu0.5 libcupsimage2-dev - 2.1.3-4ubuntu0.5 cups-daemon - 2.1.3-4ubuntu0.5 No subscription required Medium CVE-2017-18248 CVE-2018-4180 CVE-2018-4181 CVE-2018-6553 Ubuntu 16.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass CORS restrictions, obtain sensitive information, or execute arbitrary code. (CVE-2018-12359, CVE-2018-12360, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366) It was discovered that S/MIME and PGP decryption oracles can be built with HTML emails. An attacker could potentially exploit this to obtain sensitive information. (CVE-2018-12372) It was discovered that S/MIME plaintext can be leaked through HTML reply/forward. An attacker could potentially exploit this to obtain sensitive information. (CVE-2018-12373) It was discovered that forms can be used to exfiltrate encrypted mail parts by pressing enter in a form field. An attacker could potentially exploit this to obtain sensitive information. (CVE-2018-12374) Update Instructions: Run `sudo pro fix USN-3714-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-bn - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-fr - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-en-us - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-es-es - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-nb-no - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-br - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-dsb - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-fy - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-vi - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-mk - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-bn-bd - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-hu - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-es-ar - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-be - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-bg - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-ja - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-lt - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-sl - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-en-gb - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-cy - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-si - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-gnome-support - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-hr - 1:52.9.1+build3-0ubuntu0.16.04.1 xul-ext-calendar-timezones - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-de - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-en - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-da - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-nl - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-nn - 1:52.9.1+build3-0ubuntu0.16.04.1 xul-ext-lightning - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-ga-ie - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-fy-nl - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-sv - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-pa-in - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-sr - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-sq - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-he - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-hsb - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-kab - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-ar - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-uk - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-globalmenu - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-zh-cn - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-ta-lk - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-ru - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-cs - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-mozsymbols - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-fi - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-testsuite - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-ro - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-af - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-pt-pt - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-sk - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-dev - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-hy - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-ca - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-sv-se - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-pt-br - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-el - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-pa - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-rm - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-ka - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-nn-no - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-ko - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-ga - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-ast - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-tr - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-it - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-pl - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-gd - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-zh-tw - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-id - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-gl - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-nb - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-pt - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-eu - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-et - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-zh-hant - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-zh-hans - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-is - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-es - 1:52.9.1+build3-0ubuntu0.16.04.1 thunderbird-locale-ta - 1:52.9.1+build3-0ubuntu0.16.04.1 No subscription required Medium CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12372 CVE-2018-12373 CVE-2018-12374 CVE-2018-5188 Ubuntu 16.04 LTS This update adds the latest DNSSEC validation trust anchor required for the upcoming Root Zone KSK Rollover and refreshes the list of root hints. Update Instructions: Run `sudo pro fix USN-3715-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dns-root-data - 2018013001~16.04.1 No subscription required None https://launchpad.net/bugs/1721129 Ubuntu 16.04 LTS This update adds the latest DNSSEC validation trust anchor required for the upcoming Root Zone KSK Rollover. Update Instructions: Run `sudo pro fix USN-3716-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsmasq - 2.75-1ubuntu0.16.04.5 dnsmasq-utils - 2.75-1ubuntu0.16.04.5 dnsmasq-base - 2.75-1ubuntu0.16.04.5 No subscription required None https://launchpad.net/bugs/1721129 Ubuntu 16.04 LTS Tavis Ormandy discovered that PolicyKit incorrectly handled certain invalid object paths. A local attacker could possibly use this issue to cause PolicyKit to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-3218) It was discovered that PolicyKit incorrectly handled certain duplicate action IDs. A local attacker could use this issue to cause PolicyKit to crash, resulting in a denial of service, or possibly escalate privileges. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-3255) Tavis Ormandy discovered that PolicyKit incorrectly handled duplicate cookie values. A local attacker could use this issue to cause PolicyKit to crash, resulting in a denial of service, or possibly escalate privileges. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-4625) Matthias Gerstner discovered that PolicyKit incorrectly checked users. A local attacker could possibly use this issue to cause authentication dialogs to show up for other users, leading to a denial of service or an information leak. (CVE-2018-1116) Update Instructions: Run `sudo pro fix USN-3717-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpolkit-backend-1-0 - 0.105-14.1ubuntu0.1 policykit-1-doc - 0.105-14.1ubuntu0.1 libpolkit-gobject-1-dev - 0.105-14.1ubuntu0.1 libpolkit-agent-1-0 - 0.105-14.1ubuntu0.1 libpolkit-gobject-1-0 - 0.105-14.1ubuntu0.1 policykit-1 - 0.105-14.1ubuntu0.1 gir1.2-polkit-1.0 - 0.105-14.1ubuntu0.1 libpolkit-backend-1-dev - 0.105-14.1ubuntu0.1 libpolkit-agent-1-dev - 0.105-14.1ubuntu0.1 No subscription required Medium CVE-2015-3218 CVE-2015-3255 CVE-2015-4625 CVE-2018-1116 Ubuntu 16.04 LTS USN-3695-2 fixed vulnerabilities in the Linux Hardware Enablement Kernel (HWE) kernel for Ubuntu 16.04 LTS. Unfortunately, the fix for CVE-2018-1108 introduced a regression where insufficient early entropy prevented services from starting, leading in some situations to a failure to boot, This update addresses the issue. We apologize for the inconvenience. Original advisory details: Jann Horn discovered that the Linux kernel's implementation of random seed data reported that it was in a ready state before it had gathered sufficient entropy. An attacker could use this to expose sensitive information. (CVE-2018-1108) Wen Xu discovered that the ext4 file system implementation in the Linux kernel did not properly initialize the crc32c checksum driver. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1094) It was discovered that the cdrom driver in the Linux kernel contained an incorrect bounds check. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-10940) Wen Xu discovered that the ext4 file system implementation in the Linux kernel did not properly validate xattr sizes. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1095) Jann Horn discovered that the 32 bit adjtimex() syscall implementation for 64 bit Linux kernels did not properly initialize memory returned to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-11508) It was discovered that an information leak vulnerability existed in the floppy driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-7755) Update Instructions: Run `sudo pro fix USN-3718-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1014-gcp - 4.15.0-1014.14~16.04.1 No subscription required linux-image-unsigned-4.15.0-1018-azure - 4.15.0-1018.18~16.04.1 No subscription required linux-image-unsigned-4.15.0-29-generic - 4.15.0-29.31~16.04.1 linux-image-4.15.0-29-generic - 4.15.0-29.31~16.04.1 linux-image-4.15.0-29-lowlatency - 4.15.0-29.31~16.04.1 linux-image-unsigned-4.15.0-29-lowlatency - 4.15.0-29.31~16.04.1 linux-image-4.15.0-29-generic-lpae - 4.15.0-29.31~16.04.1 No subscription required None https://launchpad.net/bugs/1779827 https://usn.ubuntu.com/usn/usn-3695-2 Ubuntu 16.04 LTS It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this to execute arbitrary code. (CVE-2018-14350, CVE-2018-14352, CVE-2018-14354, CVE-2018-14359, CVE-2018-14358, CVE-2018-14353 ,CVE-2018-14357) It was discovered that Mutt incorrectly handled certain inputs. An attacker could possibly use this to access or expose sensitive information. (CVE-2018-14355, CVE-2018-14356, CVE-2018-14351, CVE-2018-14362, CVE-2018-14349) Update Instructions: Run `sudo pro fix USN-3719-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mutt-patched - 1.5.24-1ubuntu0.1 mutt - 1.5.24-1ubuntu0.1 No subscription required Medium CVE-2018-14349 CVE-2018-14350 CVE-2018-14351 CVE-2018-14352 CVE-2018-14353 CVE-2018-14354 CVE-2018-14355 CVE-2018-14356 CVE-2018-14357 CVE-2018-14358 CVE-2018-14359 CVE-2018-14362 Ubuntu 16.04 LTS USN-3719-1 fixed vulnerabilities in Mutt. Unfortunately, the fixes were not correctly applied to the packaging for Mutt in Ubuntu 16.04 LTS. This update corrects the oversight. We apologize for the inconvenience. Original advisory details: It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this to execute arbitrary code. (CVE-2018-14350, CVE-2018-14352, CVE-2018-14354, CVE-2018-14359, CVE-2018-14358, CVE-2018-14353 ,CVE-2018-14357) It was discovered that Mutt incorrectly handled certain inputs. An attacker could possibly use this to access or expose sensitive information. (CVE-2018-14355, CVE-2018-14356, CVE-2018-14351, CVE-2018-14362, CVE-2018-14349) Update Instructions: Run `sudo pro fix USN-3719-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mutt-patched - 1.5.24-1ubuntu0.2 mutt - 1.5.24-1ubuntu0.2 No subscription required Medium CVE-2018-14350 CVE-2018-14352 CVE-2018-14354 CVE-2018-14359 CVE-2018-14358 CVE-2018-14353 CVE-2018-14357 CVE-2018-14355 CVE-2018-14356 CVE-2018-14351 CVE-2018-14362 CVE-2018-14349 https://launchpad.net/bugs/1794278 Ubuntu 16.04 LTS It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. (CVE-2018-0360) It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. (CVE-2018-0361) Update Instructions: Run `sudo pro fix USN-3722-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.100.1+dfsg-1ubuntu0.16.04.1 clamav-testfiles - 0.100.1+dfsg-1ubuntu0.16.04.1 clamav-base - 0.100.1+dfsg-1ubuntu0.16.04.1 clamav - 0.100.1+dfsg-1ubuntu0.16.04.1 libclamav7 - 0.100.1+dfsg-1ubuntu0.16.04.1 clamav-daemon - 0.100.1+dfsg-1ubuntu0.16.04.1 clamav-milter - 0.100.1+dfsg-1ubuntu0.16.04.1 clamav-docs - 0.100.1+dfsg-1ubuntu0.16.04.1 clamav-freshclam - 0.100.1+dfsg-1ubuntu0.16.04.1 clamdscan - 0.100.1+dfsg-1ubuntu0.16.04.1 No subscription required Medium CVE-2018-0360 CVE-2018-0361 Ubuntu 16.04 LTS USN-3722-1 fixed vulnerabilities in ClamAV. The updated ClamAV version removed some configuration options which caused the daemon to fail to start in environments where the ClamAV configuration file was manually edited. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. (CVE-2018-0360) It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. (CVE-2018-0361) Update Instructions: Run `sudo pro fix USN-3722-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.100.1+dfsg-1ubuntu0.16.04.2 clamav-testfiles - 0.100.1+dfsg-1ubuntu0.16.04.2 clamav-base - 0.100.1+dfsg-1ubuntu0.16.04.2 clamav - 0.100.1+dfsg-1ubuntu0.16.04.2 libclamav7 - 0.100.1+dfsg-1ubuntu0.16.04.2 clamav-daemon - 0.100.1+dfsg-1ubuntu0.16.04.2 clamav-milter - 0.100.1+dfsg-1ubuntu0.16.04.2 clamav-docs - 0.100.1+dfsg-1ubuntu0.16.04.2 clamav-freshclam - 0.100.1+dfsg-1ubuntu0.16.04.2 clamdscan - 0.100.1+dfsg-1ubuntu0.16.04.2 No subscription required None https://launchpad.net/bugs/1783632 Ubuntu 16.04 LTS USN-3722-1 fixed vulnerabilities in ClamAV. The new package introduced an issue which caused dpkg-reconfigure to enter an infinite loop. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. (CVE-2018-0360) It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. (CVE-2018-0361) Update Instructions: Run `sudo pro fix USN-3722-5` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.100.1+dfsg-1ubuntu0.16.04.3 clamav-testfiles - 0.100.1+dfsg-1ubuntu0.16.04.3 clamav-base - 0.100.1+dfsg-1ubuntu0.16.04.3 clamav - 0.100.1+dfsg-1ubuntu0.16.04.3 libclamav7 - 0.100.1+dfsg-1ubuntu0.16.04.3 clamav-daemon - 0.100.1+dfsg-1ubuntu0.16.04.3 clamav-milter - 0.100.1+dfsg-1ubuntu0.16.04.3 clamav-docs - 0.100.1+dfsg-1ubuntu0.16.04.3 clamav-freshclam - 0.100.1+dfsg-1ubuntu0.16.04.3 clamdscan - 0.100.1+dfsg-1ubuntu0.16.04.3 No subscription required None https://launchpad.net/bugs/1792051 Ubuntu 16.04 LTS It was discovered that Tomcat incorrectly handled decoding certain UTF-8 strings. A remote attacker could possibly use this issue to cause Tomcat to crash, resulting in a denial of service. (CVE-2018-1336) It was discovered that the Tomcat WebSocket client incorrectly performed hostname verification. A remote attacker could possibly use this issue to intercept sensitive information. (CVE-2018-8034) Update Instructions: Run `sudo pro fix USN-3723-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tomcat8-docs - 8.0.32-1ubuntu1.7 tomcat8-user - 8.0.32-1ubuntu1.7 libservlet3.1-java - 8.0.32-1ubuntu1.7 libservlet3.1-java-doc - 8.0.32-1ubuntu1.7 tomcat8-examples - 8.0.32-1ubuntu1.7 tomcat8-admin - 8.0.32-1ubuntu1.7 libtomcat8-java - 8.0.32-1ubuntu1.7 tomcat8-common - 8.0.32-1ubuntu1.7 tomcat8 - 8.0.32-1ubuntu1.7 No subscription required Medium CVE-2018-1336 CVE-2018-8034 Ubuntu 16.04 LTS Jon Kristensen discovered that Evolution Data Server would automatically downgrade a connection to an IMAP server if the IMAP server did not support SSL. This would result in the user's password being unexpectedly sent in clear text, even though the user had requested to use SSL. Update Instructions: Run `sudo pro fix USN-3724-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libecal1.2-dev - 3.18.5-1ubuntu1.1 libedataserver-1.2-21 - 3.18.5-1ubuntu1.1 libebackend-1.2-10 - 3.18.5-1ubuntu1.1 libebook1.2-dev - 3.18.5-1ubuntu1.1 libedata-cal1.2-dev - 3.18.5-1ubuntu1.1 libcamel-1.2-54 - 3.18.5-1ubuntu1.1 libebook-contacts-1.2-2 - 3.18.5-1ubuntu1.1 libedata-book1.2-dev - 3.18.5-1ubuntu1.1 libecal-1.2-19 - 3.18.5-1ubuntu1.1 evolution-data-server-online-accounts - 3.18.5-1ubuntu1.1 libebackend1.2-dev - 3.18.5-1ubuntu1.1 libcamel1.2-dev - 3.18.5-1ubuntu1.1 libedataserverui-1.2-1 - 3.18.5-1ubuntu1.1 gir1.2-edataserver-1.2 - 3.18.5-1ubuntu1.1 libedataserver1.2-dev - 3.18.5-1ubuntu1.1 libebook-contacts1.2-dev - 3.18.5-1ubuntu1.1 gir1.2-ebookcontacts-1.2 - 3.18.5-1ubuntu1.1 libedata-book-1.2-25 - 3.18.5-1ubuntu1.1 evolution-data-server - 3.18.5-1ubuntu1.1 evolution-data-server-common - 3.18.5-1ubuntu1.1 libedataserverui1.2-dev - 3.18.5-1ubuntu1.1 evolution-data-server-doc - 3.18.5-1ubuntu1.1 libebook-1.2-16 - 3.18.5-1ubuntu1.1 evolution-data-server-dev - 3.18.5-1ubuntu1.1 gir1.2-ebook-1.2 - 3.18.5-1ubuntu1.1 libedata-cal-1.2-28 - 3.18.5-1ubuntu1.1 No subscription required Medium CVE-2016-10727 Ubuntu 16.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.61 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.23. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-61.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-23.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html Update Instructions: Run `sudo pro fix USN-3725-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.23-0ubuntu0.16.04.1 mysql-source-5.7 - 5.7.23-0ubuntu0.16.04.1 libmysqlclient-dev - 5.7.23-0ubuntu0.16.04.1 mysql-client-core-5.7 - 5.7.23-0ubuntu0.16.04.1 mysql-client-5.7 - 5.7.23-0ubuntu0.16.04.1 libmysqlclient20 - 5.7.23-0ubuntu0.16.04.1 mysql-server-5.7 - 5.7.23-0ubuntu0.16.04.1 mysql-common - 5.7.23-0ubuntu0.16.04.1 mysql-server - 5.7.23-0ubuntu0.16.04.1 mysql-server-core-5.7 - 5.7.23-0ubuntu0.16.04.1 mysql-testsuite - 5.7.23-0ubuntu0.16.04.1 libmysqld-dev - 5.7.23-0ubuntu0.16.04.1 mysql-testsuite-5.7 - 5.7.23-0ubuntu0.16.04.1 No subscription required Medium CVE-2018-2767 CVE-2018-3054 CVE-2018-3056 CVE-2018-3058 CVE-2018-3060 CVE-2018-3061 CVE-2018-3062 CVE-2018-3063 CVE-2018-3064 CVE-2018-3065 CVE-2018-3066 CVE-2018-3070 CVE-2018-3071 CVE-2018-3077 CVE-2018-3081 Ubuntu 16.04 LTS Hanno Böck discovered that libmspack incorrectly handled certain CHM files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-14679, CVE-2018-14680) Jakub Wilk discovered that libmspack incorrectly handled certain KWAJ files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-14681) Dmitry Glavatskikh discovered that libmspack incorrectly certain CHM files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-14682) Update Instructions: Run `sudo pro fix USN-3728-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmspack0 - 0.5-1ubuntu0.16.04.2 libmspack-dev - 0.5-1ubuntu0.16.04.2 libmspack-doc - 0.5-1ubuntu0.16.04.2 No subscription required Medium CVE-2018-14679 CVE-2018-14680 CVE-2018-14681 CVE-2018-14682 Ubuntu 16.04 LTS It was discovered that libxcursor incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3729-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxcursor-dev - 1:1.1.14-1ubuntu0.16.04.2 libxcursor1 - 1:1.1.14-1ubuntu0.16.04.2 libxcursor1-udeb - 1:1.1.14-1ubuntu0.16.04.2 No subscription required Medium CVE-2015-9262 Ubuntu 16.04 LTS It was discovered that LFTP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3731-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lftp - 4.6.3a-1ubuntu0.1 No subscription required Medium CVE-2018-10916 Ubuntu 16.04 LTS USN-3732-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Juha-Matti Tilli discovered that the TCP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packets. A remote attacker could use this to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3732-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1015-gcp - 4.15.0-1015.15~16.04.1 No subscription required linux-image-unsigned-4.15.0-1019-azure - 4.15.0-1019.19~16.04.1 No subscription required linux-image-4.15.0-30-generic-lpae - 4.15.0-30.32~16.04.1 linux-image-4.15.0-30-lowlatency - 4.15.0-30.32~16.04.1 linux-image-4.15.0-30-generic - 4.15.0-30.32~16.04.1 linux-image-unsigned-4.15.0-30-generic - 4.15.0-30.32~16.04.1 linux-image-unsigned-4.15.0-30-lowlatency - 4.15.0-30.32~16.04.1 No subscription required High CVE-2018-5390 Ubuntu 16.04 LTS Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and Yuval Yarom discovered that GnuPG is vulnerable to a cache side-channel attack. A local attacker could use this attack to recover RSA private keys. Update Instructions: Run `sudo pro fix USN-3733-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gnupg-curl - 1.4.20-1ubuntu3.3 gpgv-udeb - 1.4.20-1ubuntu3.3 gpgv - 1.4.20-1ubuntu3.3 gnupg - 1.4.20-1ubuntu3.3 No subscription required Medium CVE-2017-7526 https://launchpad.net/bugs/1785176 Ubuntu 16.04 LTS It was discovered that the PatternSyntaxException class in OpenJDK did not properly validate arguments passed to it. An attacker could use this to possibly construct a class that caused a denial of service (excessive memory consumption). Update Instructions: Run `sudo pro fix USN-3734-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-8-doc - 8u181-b13-0ubuntu0.16.04.1 openjdk-8-jdk - 8u181-b13-0ubuntu0.16.04.1 openjdk-8-jre-headless - 8u181-b13-0ubuntu0.16.04.1 openjdk-8-jre - 8u181-b13-0ubuntu0.16.04.1 openjdk-8-jdk-headless - 8u181-b13-0ubuntu0.16.04.1 openjdk-8-source - 8u181-b13-0ubuntu0.16.04.1 openjdk-8-jre-zero - 8u181-b13-0ubuntu0.16.04.1 openjdk-8-demo - 8u181-b13-0ubuntu0.16.04.1 openjdk-8-jre-jamvm - 8u181-b13-0ubuntu0.16.04.1 No subscription required Medium CVE-2018-2952 Ubuntu 16.04 LTS It was discovered that libarchive incorrectly handled certain archive files. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10209, CVE-2016-10349, CVE-2016-10350) Agostino Sarubbo discovered that libarchive incorrectly handled certain XAR files. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-14166) It was discovered that libarchive incorrectly handled certain files. A remote attacker could possibly use this issue to get access to sensitive information. (CVE-2017-14501, CVE-2017-14503) Update Instructions: Run `sudo pro fix USN-3736-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bsdcpio - 3.1.2-11ubuntu0.16.04.4 libarchive13 - 3.1.2-11ubuntu0.16.04.4 bsdtar - 3.1.2-11ubuntu0.16.04.4 libarchive-dev - 3.1.2-11ubuntu0.16.04.4 No subscription required Medium CVE-2016-10209 CVE-2016-10349 CVE-2016-10350 CVE-2017-14166 CVE-2017-14501 CVE-2017-14503 Ubuntu 16.04 LTS Svyatoslav Phirsov discovered that the Samba libsmbclient library incorrectly handled extra long filenames. A malicious server could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-10858) Volker Mauel discovered that Samba incorrectly handled database output. When used as an Active Directory Domain Controller, a remote authenticated attacker could use this issue to cause Samba to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-10918) Phillip Kuhrt discovered that the Samba LDAP server incorrectly handled certain confidential attribute values. A remote authenticated attacker could possibly use this issue to obtain certain sensitive information. (CVE-2018-10919) Vivek Das discovered that Samba incorrectly handled NTLMv1 being explicitly disabled on the server. A remote user could possibly be authenticated using NTLMv1, contrary to expectations. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-1139) Update Instructions: Run `sudo pro fix USN-3738-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.16.04.15 samba - 2:4.3.11+dfsg-0ubuntu0.16.04.15 libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.15 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.15 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.15 smbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.15 python-samba - 2:4.3.11+dfsg-0ubuntu0.16.04.15 winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.15 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.16.04.15 samba-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.15 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.16.04.15 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.16.04.15 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.15 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.15 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.15 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.15 samba-common - 2:4.3.11+dfsg-0ubuntu0.16.04.15 registry-tools - 2:4.3.11+dfsg-0ubuntu0.16.04.15 samba-libs - 2:4.3.11+dfsg-0ubuntu0.16.04.15 ctdb - 2:4.3.11+dfsg-0ubuntu0.16.04.15 No subscription required Medium CVE-2018-10858 CVE-2018-10918 CVE-2018-10919 CVE-2018-1139 Ubuntu 16.04 LTS Matias Brutti discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information. (CVE-2016-9318) It was discovered that libxml2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2017-16932) It was discovered that libxml2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-18258, CVE-2018-14404, CVE-2018-14567) Update Instructions: Run `sudo pro fix USN-3739-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxml2 - 2.9.3+dfsg1-1ubuntu0.6 libxml2-utils - 2.9.3+dfsg1-1ubuntu0.6 libxml2 - 2.9.3+dfsg1-1ubuntu0.6 libxml2-udeb - 2.9.3+dfsg1-1ubuntu0.6 libxml2-doc - 2.9.3+dfsg1-1ubuntu0.6 libxml2-dev - 2.9.3+dfsg1-1ubuntu0.6 No subscription required Medium CVE-2016-9318 CVE-2017-16932 CVE-2017-18258 CVE-2018-14404 CVE-2018-14567 Ubuntu 16.04 LTS USN-3740-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). (CVE-2018-3646) It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker could use this to expose sensitive information (memory from the kernel or other processes). (CVE-2018-3620) Juha-Matti Tilli discovered that the IP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packet fragments. A remote attacker could use this to cause a denial of service. (CVE-2018-5391) Update Instructions: Run `sudo pro fix USN-3740-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1017-gcp - 4.15.0-1017.18~16.04.1 No subscription required linux-image-unsigned-4.15.0-1021-azure - 4.15.0-1021.21~16.04.1 No subscription required linux-image-4.15.0-32-generic-lpae - 4.15.0-32.35~16.04.1 linux-image-4.15.0-32-lowlatency - 4.15.0-32.35~16.04.1 linux-image-unsigned-4.15.0-32-lowlatency - 4.15.0-32.35~16.04.1 linux-image-unsigned-4.15.0-32-generic - 4.15.0-32.35~16.04.1 linux-image-4.15.0-32-generic - 4.15.0-32.35~16.04.1 No subscription required High CVE-2018-3620 CVE-2018-3646 CVE-2018-5391 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/L1TF Ubuntu 16.04 LTS It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). (CVE-2018-3646) It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker could use this to expose sensitive information (memory from the kernel or other processes). (CVE-2018-3620) Juha-Matti Tilli discovered that the TCP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packets. A remote attacker could use this to cause a denial of service. (CVE-2018-5390) Juha-Matti Tilli discovered that the IP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packet fragments. A remote attacker could use this to cause a denial of service. (CVE-2018-5391) Update Instructions: Run `sudo pro fix USN-3741-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1031-kvm - 4.4.0-1031.37 No subscription required linux-image-4.4.0-1065-aws - 4.4.0-1065.75 No subscription required linux-image-4.4.0-1094-raspi2 - 4.4.0-1094.102 No subscription required linux-image-4.4.0-1098-snapdragon - 4.4.0-1098.103 No subscription required linux-image-4.4.0-133-generic - 4.4.0-133.159 linux-image-4.4.0-133-powerpc-e500mc - 4.4.0-133.159 linux-image-4.4.0-133-lowlatency - 4.4.0-133.159 linux-image-extra-4.4.0-133-generic - 4.4.0-133.159 linux-image-4.4.0-133-powerpc-smp - 4.4.0-133.159 linux-image-4.4.0-133-powerpc64-smp - 4.4.0-133.159 linux-image-4.4.0-133-powerpc64-emb - 4.4.0-133.159 linux-image-4.4.0-133-generic-lpae - 4.4.0-133.159 No subscription required High CVE-2018-3620 CVE-2018-3646 CVE-2018-5390 CVE-2018-5391 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/L1TF Ubuntu 16.04 LTS A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-3743-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.20.5-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.20.5-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-dev - 2.20.5-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 - 2.20.5-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-18 - 2.20.5-0ubuntu0.16.04.1 libwebkit2gtk-4.0-doc - 2.20.5-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-bin - 2.20.5-0ubuntu0.16.04.1 gir1.2-webkit2-4.0 - 2.20.5-0ubuntu0.16.04.1 libwebkit2gtk-4.0-dev - 2.20.5-0ubuntu0.16.04.1 No subscription required Medium CVE-2018-12911 CVE-2018-4246 CVE-2018-4261 CVE-2018-4262 CVE-2018-4263 CVE-2018-4264 CVE-2018-4265 CVE-2018-4266 CVE-2018-4267 CVE-2018-4270 CVE-2018-4272 CVE-2018-4273 CVE-2018-4278 CVE-2018-4284 Ubuntu 16.04 LTS Andrew Krasichkov discovered that the PostgreSQL client library incorrectly reset its internal state between connections. A remote attacker could possibly use this issue to bypass certain client-side connection security features. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-10915) It was discovered that PostgreSQL incorrectly checked authorization on certain statements. A remote attacker could possibly use this issue to read arbitrary server memory or alter certain data. (CVE-2018-10925) Update Instructions: Run `sudo pro fix USN-3744-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-doc-9.5 - 9.5.14-0ubuntu0.16.04 postgresql-plperl-9.5 - 9.5.14-0ubuntu0.16.04 postgresql-server-dev-9.5 - 9.5.14-0ubuntu0.16.04 postgresql-9.5 - 9.5.14-0ubuntu0.16.04 postgresql-plpython-9.5 - 9.5.14-0ubuntu0.16.04 libecpg6 - 9.5.14-0ubuntu0.16.04 postgresql-client-9.5 - 9.5.14-0ubuntu0.16.04 libpq-dev - 9.5.14-0ubuntu0.16.04 postgresql-contrib-9.5 - 9.5.14-0ubuntu0.16.04 libpgtypes3 - 9.5.14-0ubuntu0.16.04 libecpg-dev - 9.5.14-0ubuntu0.16.04 postgresql-pltcl-9.5 - 9.5.14-0ubuntu0.16.04 libpq5 - 9.5.14-0ubuntu0.16.04 postgresql-plpython3-9.5 - 9.5.14-0ubuntu0.16.04 libecpg-compat3 - 9.5.14-0ubuntu0.16.04 No subscription required Medium CVE-2018-10915 CVE-2018-10925 Ubuntu 16.04 LTS It was discovered that wpa_supplicant and hostapd incorrectly handled certain messages. An attacker could possibly use this to access sensitive information. Update Instructions: Run `sudo pro fix USN-3745-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: hostapd - 1:2.4-0ubuntu6.3 No subscription required wpagui - 2.4-0ubuntu6.3 wpasupplicant-udeb - 2.4-0ubuntu6.3 wpasupplicant - 2.4-0ubuntu6.3 No subscription required Medium CVE-2018-14526 Ubuntu 16.04 LTS It was discovered that Spice incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3751-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libspice-protocol-dev - 0.12.10-1ubuntu0.2 No subscription required Medium CVE-2018-10873 Ubuntu 16.04 LTS USN-3752-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. It was discovered that, when attempting to handle an out-of-memory situation, a null pointer dereference could be triggered in the Linux kernel in some circumstances. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1000200) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10323) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate xattr information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10840) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly keep meta-data information consistent in some situations. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10881) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 filesystem that caused a denial of service (system crash) when mounted. (CVE-2018-1093) Jann Horn discovered that the Linux kernel's implementation of random seed data reported that it was in a ready state before it had gathered sufficient entropy. An attacker could use this to expose sensitive information. (CVE-2018-1108) It was discovered that the procfs filesystem did not properly handle processes mapping some memory elements onto files. A local attacker could use this to block utilities that examine the procfs filesystem to report operating system state, such as ps(1). (CVE-2018-1120) Jann Horn discovered that the ext4 filesystem implementation in the Linux kernel did not properly keep xattr information consistent in some situations. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-11412) Piotr Gabriel Kosinski and Daniel Shapira discovered a stack-based buffer overflow in the CDROM driver implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-11506) Shankara Pailoor discovered that a race condition existed in the socket handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-12232) Shankara Pailoor discovered that the JFS filesystem implementation in the Linux kernel contained a buffer overflow when handling extended attributes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-12233) Felix Wilhelm discovered that the KVM implementation in the Linux kernel did not properly perform permission checks in some situations when nested virtualization is used. An attacker in a guest VM could possibly use this to escape into an outer VM or the host OS. (CVE-2018-12904) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly handle an error condition with a corrupted xfs image. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13094) It was discovered that the Linux kernel did not properly handle setgid file creation when performed by a non-member of the group. A local attacker could use this to gain elevated privileges. (CVE-2018-13405) Silvio Cesare discovered that the generic VESA frame buffer driver in the Linux kernel contained an integer overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-13406) Jakub Jirasek discovered that multiple use-after-free errors existed in the USB/IP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5814) It was discovered that a race condition existed in the ARM Advanced Microcontroller Bus Architecture (AMBA) driver in the Linux kernel that could result in a double free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-9415) It was discovered that an information leak existed in the generic SCSI driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-1000204) Update Instructions: Run `sudo pro fix USN-3752-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-33-generic - 4.15.0-33.36~16.04.1 linux-image-unsigned-4.15.0-33-lowlatency - 4.15.0-33.36~16.04.1 linux-image-4.15.0-33-generic-lpae - 4.15.0-33.36~16.04.1 linux-image-unsigned-4.15.0-33-generic - 4.15.0-33.36~16.04.1 linux-image-4.15.0-33-lowlatency - 4.15.0-33.36~16.04.1 No subscription required Medium CVE-2018-1000200 CVE-2018-1000204 CVE-2018-10323 CVE-2018-10840 CVE-2018-10881 CVE-2018-1093 CVE-2018-1108 CVE-2018-1120 CVE-2018-11412 CVE-2018-11506 CVE-2018-12232 CVE-2018-12233 CVE-2018-12904 CVE-2018-13094 CVE-2018-13405 CVE-2018-13406 CVE-2018-5814 CVE-2018-9415 Ubuntu 16.04 LTS It was discovered that, when attempting to handle an out-of-memory situation, a null pointer dereference could be triggered in the Linux kernel in some circumstances. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1000200) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10323) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate xattr information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10840) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly keep meta-data information consistent in some situations. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10881) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 filesystem that caused a denial of service (system crash) when mounted. (CVE-2018-1093) Jann Horn discovered that the Linux kernel's implementation of random seed data reported that it was in a ready state before it had gathered sufficient entropy. An attacker could use this to expose sensitive information. (CVE-2018-1108) It was discovered that the procfs filesystem did not properly handle processes mapping some memory elements onto files. A local attacker could use this to block utilities that examine the procfs filesystem to report operating system state, such as ps(1). (CVE-2018-1120) Jann Horn discovered that the ext4 filesystem implementation in the Linux kernel did not properly keep xattr information consistent in some situations. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-11412) Piotr Gabriel Kosinski and Daniel Shapira discovered a stack-based buffer overflow in the CDROM driver implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-11506) Shankara Pailoor discovered that a race condition existed in the socket handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-12232) Shankara Pailoor discovered that the JFS filesystem implementation in the Linux kernel contained a buffer overflow when handling extended attributes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-12233) Felix Wilhelm discovered that the KVM implementation in the Linux kernel did not properly perform permission checks in some situations when nested virtualization is used. An attacker in a guest VM could possibly use this to escape into an outer VM or the host OS. (CVE-2018-12904) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly handle an error condition with a corrupted xfs image. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13094) It was discovered that the Linux kernel did not properly handle setgid file creation when performed by a non-member of the group. A local attacker could use this to gain elevated privileges. (CVE-2018-13405) Silvio Cesare discovered that the generic VESA frame buffer driver in the Linux kernel contained an integer overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-13406) Jakub Jirasek discovered that multiple use-after-free errors existed in the USB/IP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5814) It was discovered that a race condition existed in the ARM Advanced Microcontroller Bus Architecture (AMBA) driver in the Linux kernel that could result in a double free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-9415) It was discovered that an information leak existed in the generic SCSI driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-1000204) Update Instructions: Run `sudo pro fix USN-3752-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1018-gcp - 4.15.0-1018.19~16.04.2 No subscription required linux-image-unsigned-4.15.0-1022-azure - 4.15.0-1022.22~16.04.1 No subscription required Medium CVE-2018-1000200 CVE-2018-1000204 CVE-2018-10323 CVE-2018-10840 CVE-2018-10881 CVE-2018-1093 CVE-2018-1108 CVE-2018-1120 CVE-2018-11412 CVE-2018-11506 CVE-2018-12232 CVE-2018-12233 CVE-2018-12904 CVE-2018-13094 CVE-2018-13405 CVE-2018-13406 CVE-2018-5814 CVE-2018-9415 Ubuntu 16.04 LTS It was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2017-13168) Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10876, CVE-2018-10879) Wen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10877) Wen Xu discovered that an out-of-bounds write vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10878, CVE-2018-10882) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly keep meta-data information consistent in some situations. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10881) Shankara Pailoor discovered that the JFS filesystem implementation in the Linux kernel contained a buffer overflow when handling extended attributes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-12233) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly handle an error condition with a corrupted xfs image. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13094) It was discovered that the Linux kernel did not properly handle setgid file creation when performed by a non-member of the group. A local attacker could use this to gain elevated privileges. (CVE-2018-13405) Silvio Cesare discovered that the generic VESA frame buffer driver in the Linux kernel contained an integer overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-13406) Update Instructions: Run `sudo pro fix USN-3753-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1032-kvm - 4.4.0-1032.38 No subscription required linux-image-4.4.0-1066-aws - 4.4.0-1066.76 No subscription required linux-image-4.4.0-1095-raspi2 - 4.4.0-1095.103 No subscription required linux-image-4.4.0-1099-snapdragon - 4.4.0-1099.104 No subscription required linux-image-4.4.0-134-generic-lpae - 4.4.0-134.160 linux-image-4.4.0-134-powerpc-smp - 4.4.0-134.160 linux-image-extra-4.4.0-134-generic - 4.4.0-134.160 linux-image-4.4.0-134-powerpc64-emb - 4.4.0-134.160 linux-image-4.4.0-134-powerpc-e500mc - 4.4.0-134.160 linux-image-4.4.0-134-generic - 4.4.0-134.160 linux-image-4.4.0-134-lowlatency - 4.4.0-134.160 linux-image-4.4.0-134-powerpc64-smp - 4.4.0-134.160 No subscription required Medium CVE-2017-13168 CVE-2018-10876 CVE-2018-10877 CVE-2018-10878 CVE-2018-10879 CVE-2018-10881 CVE-2018-10882 CVE-2018-12233 CVE-2018-13094 CVE-2018-13405 CVE-2018-13406 Ubuntu 16.04 LTS It was discovered that GD incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-1000222) It was discovered that GD incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-5711) Update Instructions: Run `sudo pro fix USN-3755-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgd3 - 2.1.1-4ubuntu0.16.04.10 libgd-tools - 2.1.1-4ubuntu0.16.04.10 libgd-dev - 2.1.1-4ubuntu0.16.04.10 No subscription required Medium CVE-2018-1000222 CVE-2018-5711 Ubuntu 16.04 LTS It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). (CVE-2018-3646) Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2018-3639) Zdenek Sojka, Rudolf Marek, Alex Zuepke, and Innokentiy Sennovskiy discovered that microprocessors that perform speculative reads of system registers may allow unauthorized disclosure of system parameters via a sidechannel attack. This vulnerability is also known as Rogue System Register Read (RSRE). An attacker could use this to expose sensitive information. (CVE-2018-3640) Update Instructions: Run `sudo pro fix USN-3756-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20180807a.0ubuntu0.16.04.1 No subscription required High CVE-2018-3639 CVE-2018-3640 CVE-2018-3646 Ubuntu 16.04 LTS Hosein Askari discovered that poppler incorrectly handled certain PDF files. An attacker could possible use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3757-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpoppler58 - 0.41.0-0ubuntu1.8 poppler-utils - 0.41.0-0ubuntu1.8 libpoppler-qt5-1 - 0.41.0-0ubuntu1.8 libpoppler-cpp-dev - 0.41.0-0ubuntu1.8 libpoppler-cpp0 - 0.41.0-0ubuntu1.8 gir1.2-poppler-0.18 - 0.41.0-0ubuntu1.8 libpoppler-dev - 0.41.0-0ubuntu1.8 libpoppler-glib8 - 0.41.0-0ubuntu1.8 libpoppler-private-dev - 0.41.0-0ubuntu1.8 libpoppler-qt4-dev - 0.41.0-0ubuntu1.8 libpoppler-glib-dev - 0.41.0-0ubuntu1.8 libpoppler-qt4-4 - 0.41.0-0ubuntu1.8 libpoppler-qt5-dev - 0.41.0-0ubuntu1.8 libpoppler-glib-doc - 0.41.0-0ubuntu1.8 No subscription required Medium CVE-2018-13988 Ubuntu 16.04 LTS Tobias Stoeckmann discovered that libx11 incorrectly handled certain images. An attacker could possibly use this issue to access sensitive information (CVE-2016-7942) Tobias Stoeckmann discovered that libx11 incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. (CVE-2016-7943) It was discovered that libx11 incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-14598, CVE-2018-14599, CVE-2018-14600) Update Instructions: Run `sudo pro fix USN-3758-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libx11-6 - 2:1.6.3-1ubuntu2.1 libx11-data - 2:1.6.3-1ubuntu2.1 libx11-xcb-dev - 2:1.6.3-1ubuntu2.1 libx11-xcb1 - 2:1.6.3-1ubuntu2.1 libx11-doc - 2:1.6.3-1ubuntu2.1 libx11-6-udeb - 2:1.6.3-1ubuntu2.1 libx11-dev - 2:1.6.3-1ubuntu2.1 No subscription required Medium CVE-2016-7942 CVE-2016-7943 CVE-2018-14598 CVE-2018-14599 CVE-2018-14600 Ubuntu 16.04 LTS Aldy Hernandez discovered that libtirpc incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-4429) It was discovered that libtirpc incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-14622) It was discovered that libtirpc incorrectly handled certain strings. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-8779) Update Instructions: Run `sudo pro fix USN-3759-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtirpc1 - 0.2.5-1ubuntu0.1 libtirpc-dev - 0.2.5-1ubuntu0.1 No subscription required Medium CVE-2016-4429 CVE-2017-8779 CVE-2018-14622 Ubuntu 16.04 LTS It was discovered that transfig incorrectly handled certain FIG files. An attacker could possibly use this to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3760-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: transfig - 1:3.2.5.e-5ubuntu0.1 No subscription required Medium CVE-2018-16140 Ubuntu 16.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2018-12375, CVE-2018-12376, CVE-2018-12377, CVE-2018-12378) It was discovered that if a user saved passwords before Firefox 58 and then later set a primary password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. (CVE-2018-12383) Update Instructions: Run `sudo pro fix USN-3761-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-nn - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-ne - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-nb - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-fa - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-fi - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-fr - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-fy - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-or - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-kab - 62.0+build2-0ubuntu0.16.04.3 firefox-testsuite - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-oc - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-cs - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-ga - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-gd - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-gn - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-gl - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-gu - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-pa - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-pl - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-cy - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-pt - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-hi - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-uk - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-he - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-hy - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-hr - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-hu - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-as - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-ar - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-ia - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-az - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-id - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-mai - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-af - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-is - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-it - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-an - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-bs - 62.0+build2-0ubuntu0.16.04.3 firefox - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-ro - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-ja - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-ru - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-br - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-zh-hant - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-zh-hans - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-bn - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-be - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-bg - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-sl - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-sk - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-si - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-sw - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-sv - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-sr - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-sq - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-ko - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-kn - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-km - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-kk - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-ka - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-xh - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-ca - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-ku - 62.0+build2-0ubuntu0.16.04.3 firefox-mozsymbols - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-lv - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-lt - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-th - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-hsb - 62.0+build2-0ubuntu0.16.04.3 firefox-dev - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-te - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-cak - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-ta - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-lg - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-tr - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-nso - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-de - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-da - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-ms - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-mr - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-my - 62.0+build2-0ubuntu0.16.04.3 firefox-globalmenu - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-uz - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-ml - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-mn - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-mk - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-ur - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-vi - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-eu - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-et - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-es - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-csb - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-el - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-eo - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-en - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-zu - 62.0+build2-0ubuntu0.16.04.3 firefox-locale-ast - 62.0+build2-0ubuntu0.16.04.3 No subscription required Medium CVE-2018-12375 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12383 Ubuntu 16.04 LTS USN-3761-1 fixed vulnerabilities in Firefox. The update caused several regressions affecting spellchecker dictionaries and search engines. This update fixes the problems. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2018-12375, CVE-2018-12376, CVE-2018-12377, CVE-2018-12378) It was discovered that if a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. (CVE-2018-12383) Update Instructions: Run `sudo pro fix USN-3761-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-nn - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-ne - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-nb - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-fa - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-fi - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-fr - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-fy - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-or - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-kab - 62.0+build2-0ubuntu0.16.04.4 firefox-testsuite - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-oc - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-cs - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-ga - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-gd - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-gn - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-gl - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-gu - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-pa - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-pl - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-cy - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-pt - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-hi - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-uk - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-he - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-hy - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-hr - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-hu - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-as - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-ar - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-ia - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-az - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-id - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-mai - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-af - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-is - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-it - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-an - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-bs - 62.0+build2-0ubuntu0.16.04.4 firefox - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-ro - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-ja - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-ru - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-br - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-zh-hant - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-zh-hans - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-bn - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-be - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-bg - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-sl - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-sk - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-si - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-sw - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-sv - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-sr - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-sq - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-ko - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-kn - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-km - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-kk - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-ka - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-xh - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-ca - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-ku - 62.0+build2-0ubuntu0.16.04.4 firefox-mozsymbols - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-lv - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-lt - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-th - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-hsb - 62.0+build2-0ubuntu0.16.04.4 firefox-dev - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-te - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-cak - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-ta - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-lg - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-tr - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-nso - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-de - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-da - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-ms - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-mr - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-my - 62.0+build2-0ubuntu0.16.04.4 firefox-globalmenu - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-uz - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-ml - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-mn - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-mk - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-ur - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-vi - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-eu - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-et - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-es - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-csb - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-el - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-eo - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-en - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-zu - 62.0+build2-0ubuntu0.16.04.4 firefox-locale-ast - 62.0+build2-0ubuntu0.16.04.4 No subscription required None https://launchpad.net/bugs/1791789 Ubuntu 16.04 LTS USN-3761-1 fixed vulnerabilities in Firefox. The update caused several regressions affecting spellchecker dictionaries and search engines, which were partially fixed by USN-3761-2. This update contains the remaining fix. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2018-12375, CVE-2018-12376, CVE-2018-12377, CVE-2018-12378) It was discovered that if a user saved passwords before Firefox 58 and then later set a primary password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. (CVE-2018-12383) Update Instructions: Run `sudo pro fix USN-3761-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-nn - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-ne - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-nb - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-fa - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-fi - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-fr - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-fy - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-or - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-kab - 62.0+build2-0ubuntu0.16.04.5 firefox-testsuite - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-oc - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-cs - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-ga - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-gd - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-gn - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-gl - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-gu - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-pa - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-pl - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-cy - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-pt - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-hi - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-uk - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-he - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-hy - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-hr - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-hu - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-as - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-ar - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-ia - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-az - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-id - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-mai - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-af - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-is - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-it - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-an - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-bs - 62.0+build2-0ubuntu0.16.04.5 firefox - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-ro - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-ja - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-ru - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-br - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-zh-hant - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-zh-hans - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-bn - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-be - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-bg - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-sl - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-sk - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-si - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-sw - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-sv - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-sr - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-sq - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-ko - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-kn - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-km - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-kk - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-ka - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-xh - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-ca - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-ku - 62.0+build2-0ubuntu0.16.04.5 firefox-mozsymbols - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-lv - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-lt - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-th - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-hsb - 62.0+build2-0ubuntu0.16.04.5 firefox-dev - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-te - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-cak - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-ta - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-lg - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-tr - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-nso - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-de - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-da - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-ms - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-mr - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-my - 62.0+build2-0ubuntu0.16.04.5 firefox-globalmenu - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-uz - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-ml - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-mn - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-mk - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-ur - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-vi - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-eu - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-et - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-es - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-csb - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-el - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-eo - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-en - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-zu - 62.0+build2-0ubuntu0.16.04.5 firefox-locale-ast - 62.0+build2-0ubuntu0.16.04.5 No subscription required None https://launchpad.net/bugs/1791789 https://usn.ubuntu.com/usn/usn-3761-2 Ubuntu 16.04 LTS USN-3762-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. It was discovered that the VirtIO subsystem in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2018-1118) Seunghun Han discovered an information leak in the ACPI handling code in the Linux kernel when handling early termination of ACPI table loading. A local attacker could use this to expose sensitive informal (kernel address locations). (CVE-2017-13695) Update Instructions: Run `sudo pro fix USN-3762-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1019-gcp - 4.15.0-1019.20~16.04.1 No subscription required linux-image-unsigned-4.15.0-1023-azure - 4.15.0-1023.24~16.04.1 No subscription required linux-image-unsigned-4.15.0-34-generic - 4.15.0-34.37~16.04.1 linux-image-4.15.0-34-generic - 4.15.0-34.37~16.04.1 linux-image-4.15.0-34-generic-lpae - 4.15.0-34.37~16.04.1 linux-image-unsigned-4.15.0-34-lowlatency - 4.15.0-34.37~16.04.1 linux-image-4.15.0-34-lowlatency - 4.15.0-34.37~16.04.1 No subscription required Low CVE-2017-13695 CVE-2018-1118 Ubuntu 16.04 LTS It was discovered that Zsh incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-0502, CVE-2018-13259) Richard Maciel Costa discovered that Zsh incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-1100) Update Instructions: Run `sudo pro fix USN-3764-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: zsh-static - 5.1.1-1ubuntu2.3 zsh-common - 5.1.1-1ubuntu2.3 zsh-dev - 5.1.1-1ubuntu2.3 zsh - 5.1.1-1ubuntu2.3 zsh-doc - 5.1.1-1ubuntu2.3 No subscription required Medium CVE-2018-0502 CVE-2018-1100 CVE-2018-13259 Ubuntu 16.04 LTS It was discovered that curl incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3765-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.47.0-1ubuntu2.9 libcurl4-openssl-dev - 7.47.0-1ubuntu2.9 libcurl3-gnutls - 7.47.0-1ubuntu2.9 libcurl4-doc - 7.47.0-1ubuntu2.9 libcurl3-nss - 7.47.0-1ubuntu2.9 libcurl4-nss-dev - 7.47.0-1ubuntu2.9 libcurl3 - 7.47.0-1ubuntu2.9 curl - 7.47.0-1ubuntu2.9 No subscription required Medium CVE-2018-14618 Ubuntu 16.04 LTS It was discovered that PHP incorrectly handled restarting certain child processes when php-fpm is used. A remote attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 18.04 LTS. (CVE-2015-9253) It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2018-14851, CVE-2018-14883) Update Instructions: Run `sudo pro fix USN-3766-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.0-cgi - 7.0.32-0ubuntu0.16.04.1 php7.0-mcrypt - 7.0.32-0ubuntu0.16.04.1 php7.0-xsl - 7.0.32-0ubuntu0.16.04.1 php7.0-fpm - 7.0.32-0ubuntu0.16.04.1 libphp7.0-embed - 7.0.32-0ubuntu0.16.04.1 php7.0-phpdbg - 7.0.32-0ubuntu0.16.04.1 php7.0-curl - 7.0.32-0ubuntu0.16.04.1 php7.0-ldap - 7.0.32-0ubuntu0.16.04.1 php7.0-mbstring - 7.0.32-0ubuntu0.16.04.1 php7.0-gmp - 7.0.32-0ubuntu0.16.04.1 php7.0-sqlite3 - 7.0.32-0ubuntu0.16.04.1 php7.0-gd - 7.0.32-0ubuntu0.16.04.1 php7.0-common - 7.0.32-0ubuntu0.16.04.1 php7.0-enchant - 7.0.32-0ubuntu0.16.04.1 php7.0-odbc - 7.0.32-0ubuntu0.16.04.1 php7.0-cli - 7.0.32-0ubuntu0.16.04.1 php7.0-json - 7.0.32-0ubuntu0.16.04.1 php7.0-pgsql - 7.0.32-0ubuntu0.16.04.1 libapache2-mod-php7.0 - 7.0.32-0ubuntu0.16.04.1 php7.0-zip - 7.0.32-0ubuntu0.16.04.1 php7.0-mysql - 7.0.32-0ubuntu0.16.04.1 php7.0-dba - 7.0.32-0ubuntu0.16.04.1 php7.0-sybase - 7.0.32-0ubuntu0.16.04.1 php7.0-pspell - 7.0.32-0ubuntu0.16.04.1 php7.0-xml - 7.0.32-0ubuntu0.16.04.1 php7.0-bz2 - 7.0.32-0ubuntu0.16.04.1 php7.0-recode - 7.0.32-0ubuntu0.16.04.1 php7.0-soap - 7.0.32-0ubuntu0.16.04.1 php7.0 - 7.0.32-0ubuntu0.16.04.1 php7.0-tidy - 7.0.32-0ubuntu0.16.04.1 php7.0-interbase - 7.0.32-0ubuntu0.16.04.1 php7.0-opcache - 7.0.32-0ubuntu0.16.04.1 php7.0-readline - 7.0.32-0ubuntu0.16.04.1 php7.0-intl - 7.0.32-0ubuntu0.16.04.1 php7.0-imap - 7.0.32-0ubuntu0.16.04.1 php7.0-xmlrpc - 7.0.32-0ubuntu0.16.04.1 php7.0-bcmath - 7.0.32-0ubuntu0.16.04.1 php7.0-dev - 7.0.32-0ubuntu0.16.04.1 php7.0-snmp - 7.0.32-0ubuntu0.16.04.1 No subscription required Medium CVE-2015-9253 CVE-2018-14851 CVE-2018-14883 Ubuntu 16.04 LTS It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2018-16428) It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. (CVE-2018-16429) Update Instructions: Run `sudo pro fix USN-3767-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libglib2.0-0 - 2.48.2-0ubuntu4.1 libglib2.0-0-refdbg - 2.48.2-0ubuntu4.1 libglib2.0-data - 2.48.2-0ubuntu4.1 libglib2.0-udeb - 2.48.2-0ubuntu4.1 libglib2.0-tests - 2.48.2-0ubuntu4.1 libglib2.0-doc - 2.48.2-0ubuntu4.1 libglib2.0-bin - 2.48.2-0ubuntu4.1 libglib2.0-dev - 2.48.2-0ubuntu4.1 No subscription required Medium CVE-2018-16428 CVE-2018-16429 Ubuntu 16.04 LTS Tavis Ormandy discovered multiple security issues in Ghostscript. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service. Update Instructions: Run `sudo pro fix USN-3768-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.18~dfsg~0-0ubuntu2.9 ghostscript-x - 9.18~dfsg~0-0ubuntu2.9 libgs-dev - 9.18~dfsg~0-0ubuntu2.9 ghostscript-doc - 9.18~dfsg~0-0ubuntu2.9 libgs9 - 9.18~dfsg~0-0ubuntu2.9 libgs9-common - 9.18~dfsg~0-0ubuntu2.9 No subscription required Medium CVE-2018-11645 CVE-2018-15908 CVE-2018-15909 CVE-2018-15910 CVE-2018-15911 CVE-2018-16509 CVE-2018-16510 CVE-2018-16511 CVE-2018-16513 CVE-2018-16539 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 CVE-2018-16543 CVE-2018-16585 CVE-2018-16802 Ubuntu 16.04 LTS It was discovered that Bind incorrectly handled the deny-answer-aliases feature. If this feature is enabled, a remote attacker could use this issue to cause Bind to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3769-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libisccfg-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.11 libisc160 - 1:9.10.3.dfsg.P4-8ubuntu1.11 libisccc-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.11 libdns162 - 1:9.10.3.dfsg.P4-8ubuntu1.11 libbind-dev - 1:9.10.3.dfsg.P4-8ubuntu1.11 libisc-export160-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.11 liblwres141 - 1:9.10.3.dfsg.P4-8ubuntu1.11 libisccc-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.11 libisccfg-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.11 bind9 - 1:9.10.3.dfsg.P4-8ubuntu1.11 libisc-export160 - 1:9.10.3.dfsg.P4-8ubuntu1.11 libdns-export162-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.11 bind9-doc - 1:9.10.3.dfsg.P4-8ubuntu1.11 libbind-export-dev - 1:9.10.3.dfsg.P4-8ubuntu1.11 libisccc140 - 1:9.10.3.dfsg.P4-8ubuntu1.11 host - 1:9.10.3.dfsg.P4-8ubuntu1.11 libisccfg140 - 1:9.10.3.dfsg.P4-8ubuntu1.11 bind9-host - 1:9.10.3.dfsg.P4-8ubuntu1.11 dnsutils - 1:9.10.3.dfsg.P4-8ubuntu1.11 libdns-export162 - 1:9.10.3.dfsg.P4-8ubuntu1.11 bind9utils - 1:9.10.3.dfsg.P4-8ubuntu1.11 libirs-export141-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.11 libbind9-140 - 1:9.10.3.dfsg.P4-8ubuntu1.11 libirs141 - 1:9.10.3.dfsg.P4-8ubuntu1.11 libirs-export141 - 1:9.10.3.dfsg.P4-8ubuntu1.11 lwresd - 1:9.10.3.dfsg.P4-8ubuntu1.11 No subscription required Medium CVE-2018-5740 Ubuntu 16.04 LTS Ibrahim El-Sayed discovered that Little CMS incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2016-10165) Quang Nguyen discovered that Little CMS incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-16435) Update Instructions: Run `sudo pro fix USN-3770-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblcms2-dev - 2.6-3ubuntu2.1 liblcms2-2 - 2.6-3ubuntu2.1 liblcms2-utils - 2.6-3ubuntu2.1 No subscription required Medium CVE-2016-10165 CVE-2018-16435 Ubuntu 16.04 LTS It was discovered that strongSwan incorrectly handled IKEv2 key derivation. A remote attacker could possibly use this issue to cause strongSwan to crash, resulting in a denial of service. (CVE-2018-10811) Sze Yiu Chau discovered that strongSwan incorrectly handled parsing OIDs in the gmp plugin. A remote attacker could possibly use this issue to bypass authorization. (CVE-2018-16151) Sze Yiu Chau discovered that strongSwan incorrectly handled certain parameters fields in the gmp plugin. A remote attacker could possibly use this issue to bypass authorization. (CVE-2018-16152) It was discovered that strongSwan incorrectly handled the stroke plugin. A local administrator could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2018-5388) Update Instructions: Run `sudo pro fix USN-3771-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: strongswan-plugin-xauth-noauth - 5.3.5-1ubuntu3.7 libcharon-extra-plugins - 5.3.5-1ubuntu3.7 strongswan-plugin-eap-simaka-pseudonym - 5.3.5-1ubuntu3.7 libstrongswan-extra-plugins - 5.3.5-1ubuntu3.7 strongswan-plugin-unbound - 5.3.5-1ubuntu3.7 strongswan-plugin-farp - 5.3.5-1ubuntu3.7 strongswan-charon - 5.3.5-1ubuntu3.7 strongswan-ikev1 - 5.3.5-1ubuntu3.7 strongswan-plugin-pkcs11 - 5.3.5-1ubuntu3.7 strongswan-plugin-xauth-eap - 5.3.5-1ubuntu3.7 strongswan-plugin-sshkey - 5.3.5-1ubuntu3.7 strongswan-plugin-error-notify - 5.3.5-1ubuntu3.7 strongswan-plugin-gcrypt - 5.3.5-1ubuntu3.7 strongswan-plugin-sql - 5.3.5-1ubuntu3.7 strongswan-plugin-coupling - 5.3.5-1ubuntu3.7 strongswan-plugin-xauth-generic - 5.3.5-1ubuntu3.7 strongswan-plugin-lookip - 5.3.5-1ubuntu3.7 strongswan-plugin-eap-ttls - 5.3.5-1ubuntu3.7 strongswan-plugin-af-alg - 5.3.5-1ubuntu3.7 strongswan-plugin-eap-aka-3gpp2 - 5.3.5-1ubuntu3.7 strongswan-ike - 5.3.5-1ubuntu3.7 strongswan-plugin-dnskey - 5.3.5-1ubuntu3.7 strongswan-plugin-eap-aka - 5.3.5-1ubuntu3.7 libstrongswan - 5.3.5-1ubuntu3.7 strongswan-plugin-eap-simaka-sql - 5.3.5-1ubuntu3.7 libstrongswan-standard-plugins - 5.3.5-1ubuntu3.7 strongswan-plugin-sqlite - 5.3.5-1ubuntu3.7 strongswan-plugin-duplicheck - 5.3.5-1ubuntu3.7 strongswan - 5.3.5-1ubuntu3.7 strongswan-tnc-server - 5.3.5-1ubuntu3.7 strongswan-plugin-attr-sql - 5.3.5-1ubuntu3.7 strongswan-tnc-base - 5.3.5-1ubuntu3.7 strongswan-plugin-eap-peap - 5.3.5-1ubuntu3.7 strongswan-starter - 5.3.5-1ubuntu3.7 strongswan-plugin-curl - 5.3.5-1ubuntu3.7 strongswan-plugin-radattr - 5.3.5-1ubuntu3.7 strongswan-plugin-soup - 5.3.5-1ubuntu3.7 strongswan-plugin-eap-dynamic - 5.3.5-1ubuntu3.7 strongswan-plugin-eap-gtc - 5.3.5-1ubuntu3.7 strongswan-plugin-eap-tls - 5.3.5-1ubuntu3.7 strongswan-tnc-ifmap - 5.3.5-1ubuntu3.7 strongswan-plugin-eap-tnc - 5.3.5-1ubuntu3.7 strongswan-plugin-eap-radius - 5.3.5-1ubuntu3.7 strongswan-ikev2 - 5.3.5-1ubuntu3.7 strongswan-plugin-mysql - 5.3.5-1ubuntu3.7 strongswan-plugin-eap-simaka-reauth - 5.3.5-1ubuntu3.7 strongswan-plugin-openssl - 5.3.5-1ubuntu3.7 strongswan-plugin-dnscert - 5.3.5-1ubuntu3.7 strongswan-plugin-xauth-pam - 5.3.5-1ubuntu3.7 strongswan-plugin-pubkey - 5.3.5-1ubuntu3.7 strongswan-plugin-eap-md5 - 5.3.5-1ubuntu3.7 charon-cmd - 5.3.5-1ubuntu3.7 strongswan-plugin-whitelist - 5.3.5-1ubuntu3.7 strongswan-plugin-fips-prf - 5.3.5-1ubuntu3.7 strongswan-libcharon - 5.3.5-1ubuntu3.7 strongswan-plugin-eap-mschapv2 - 5.3.5-1ubuntu3.7 strongswan-nm - 5.3.5-1ubuntu3.7 strongswan-plugin-ldap - 5.3.5-1ubuntu3.7 strongswan-plugin-certexpire - 5.3.5-1ubuntu3.7 strongswan-tnc-pdp - 5.3.5-1ubuntu3.7 strongswan-plugin-eap-sim - 5.3.5-1ubuntu3.7 strongswan-plugin-kernel-libipsec - 5.3.5-1ubuntu3.7 strongswan-plugin-ipseckey - 5.3.5-1ubuntu3.7 strongswan-plugin-dhcp - 5.3.5-1ubuntu3.7 strongswan-plugin-eap-sim-pcsc - 5.3.5-1ubuntu3.7 strongswan-plugin-ntru - 5.3.5-1ubuntu3.7 strongswan-plugin-gmp - 5.3.5-1ubuntu3.7 strongswan-plugin-agent - 5.3.5-1ubuntu3.7 strongswan-plugin-pgp - 5.3.5-1ubuntu3.7 strongswan-tnc-client - 5.3.5-1ubuntu3.7 strongswan-plugin-load-tester - 5.3.5-1ubuntu3.7 strongswan-plugin-unity - 5.3.5-1ubuntu3.7 strongswan-plugin-led - 5.3.5-1ubuntu3.7 strongswan-plugin-eap-sim-file - 5.3.5-1ubuntu3.7 strongswan-plugin-systime-fix - 5.3.5-1ubuntu3.7 No subscription required Medium CVE-2018-10811 CVE-2018-16151 CVE-2018-16152 CVE-2018-5388 Ubuntu 16.04 LTS It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service. Update Instructions: Run `sudo pro fix USN-3773-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.25~dfsg+1-0ubuntu0.16.04.1 ghostscript-x - 9.25~dfsg+1-0ubuntu0.16.04.1 libgs-dev - 9.25~dfsg+1-0ubuntu0.16.04.1 ghostscript-doc - 9.25~dfsg+1-0ubuntu0.16.04.1 libgs9 - 9.25~dfsg+1-0ubuntu0.16.04.1 libgs9-common - 9.25~dfsg+1-0ubuntu0.16.04.1 No subscription required Medium CVE-2018-16510 CVE-2018-17183 Ubuntu 16.04 LTS It was discovered that strongSwan incorrectly handled signature validation in the gmp plugin. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3774-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: strongswan-plugin-xauth-noauth - 5.3.5-1ubuntu3.8 libcharon-extra-plugins - 5.3.5-1ubuntu3.8 strongswan-plugin-eap-simaka-pseudonym - 5.3.5-1ubuntu3.8 libstrongswan-extra-plugins - 5.3.5-1ubuntu3.8 strongswan-plugin-unbound - 5.3.5-1ubuntu3.8 strongswan-plugin-farp - 5.3.5-1ubuntu3.8 strongswan-charon - 5.3.5-1ubuntu3.8 strongswan-ikev1 - 5.3.5-1ubuntu3.8 strongswan-plugin-pkcs11 - 5.3.5-1ubuntu3.8 strongswan-plugin-xauth-eap - 5.3.5-1ubuntu3.8 strongswan-plugin-sshkey - 5.3.5-1ubuntu3.8 strongswan-plugin-error-notify - 5.3.5-1ubuntu3.8 strongswan-plugin-gcrypt - 5.3.5-1ubuntu3.8 strongswan-plugin-sql - 5.3.5-1ubuntu3.8 strongswan-plugin-coupling - 5.3.5-1ubuntu3.8 strongswan-plugin-xauth-generic - 5.3.5-1ubuntu3.8 strongswan-plugin-lookip - 5.3.5-1ubuntu3.8 strongswan-plugin-eap-ttls - 5.3.5-1ubuntu3.8 strongswan-plugin-af-alg - 5.3.5-1ubuntu3.8 strongswan-plugin-eap-aka-3gpp2 - 5.3.5-1ubuntu3.8 strongswan-ike - 5.3.5-1ubuntu3.8 strongswan-plugin-dnskey - 5.3.5-1ubuntu3.8 strongswan-plugin-eap-aka - 5.3.5-1ubuntu3.8 libstrongswan - 5.3.5-1ubuntu3.8 strongswan-plugin-eap-simaka-sql - 5.3.5-1ubuntu3.8 libstrongswan-standard-plugins - 5.3.5-1ubuntu3.8 strongswan-plugin-sqlite - 5.3.5-1ubuntu3.8 strongswan-plugin-duplicheck - 5.3.5-1ubuntu3.8 strongswan - 5.3.5-1ubuntu3.8 strongswan-tnc-server - 5.3.5-1ubuntu3.8 strongswan-plugin-attr-sql - 5.3.5-1ubuntu3.8 strongswan-tnc-base - 5.3.5-1ubuntu3.8 strongswan-plugin-eap-peap - 5.3.5-1ubuntu3.8 strongswan-starter - 5.3.5-1ubuntu3.8 strongswan-plugin-curl - 5.3.5-1ubuntu3.8 strongswan-plugin-radattr - 5.3.5-1ubuntu3.8 strongswan-plugin-soup - 5.3.5-1ubuntu3.8 strongswan-plugin-eap-dynamic - 5.3.5-1ubuntu3.8 strongswan-plugin-eap-gtc - 5.3.5-1ubuntu3.8 strongswan-plugin-eap-tls - 5.3.5-1ubuntu3.8 strongswan-tnc-ifmap - 5.3.5-1ubuntu3.8 strongswan-plugin-eap-tnc - 5.3.5-1ubuntu3.8 strongswan-plugin-eap-radius - 5.3.5-1ubuntu3.8 strongswan-ikev2 - 5.3.5-1ubuntu3.8 strongswan-plugin-mysql - 5.3.5-1ubuntu3.8 strongswan-plugin-eap-simaka-reauth - 5.3.5-1ubuntu3.8 strongswan-plugin-openssl - 5.3.5-1ubuntu3.8 strongswan-plugin-dnscert - 5.3.5-1ubuntu3.8 strongswan-plugin-xauth-pam - 5.3.5-1ubuntu3.8 strongswan-plugin-pubkey - 5.3.5-1ubuntu3.8 strongswan-plugin-eap-md5 - 5.3.5-1ubuntu3.8 charon-cmd - 5.3.5-1ubuntu3.8 strongswan-plugin-whitelist - 5.3.5-1ubuntu3.8 strongswan-plugin-fips-prf - 5.3.5-1ubuntu3.8 strongswan-libcharon - 5.3.5-1ubuntu3.8 strongswan-plugin-eap-mschapv2 - 5.3.5-1ubuntu3.8 strongswan-nm - 5.3.5-1ubuntu3.8 strongswan-plugin-ldap - 5.3.5-1ubuntu3.8 strongswan-plugin-certexpire - 5.3.5-1ubuntu3.8 strongswan-tnc-pdp - 5.3.5-1ubuntu3.8 strongswan-plugin-eap-sim - 5.3.5-1ubuntu3.8 strongswan-plugin-kernel-libipsec - 5.3.5-1ubuntu3.8 strongswan-plugin-ipseckey - 5.3.5-1ubuntu3.8 strongswan-plugin-dhcp - 5.3.5-1ubuntu3.8 strongswan-plugin-eap-sim-pcsc - 5.3.5-1ubuntu3.8 strongswan-plugin-ntru - 5.3.5-1ubuntu3.8 strongswan-plugin-gmp - 5.3.5-1ubuntu3.8 strongswan-plugin-agent - 5.3.5-1ubuntu3.8 strongswan-plugin-pgp - 5.3.5-1ubuntu3.8 strongswan-tnc-client - 5.3.5-1ubuntu3.8 strongswan-plugin-load-tester - 5.3.5-1ubuntu3.8 strongswan-plugin-unity - 5.3.5-1ubuntu3.8 strongswan-plugin-led - 5.3.5-1ubuntu3.8 strongswan-plugin-eap-sim-file - 5.3.5-1ubuntu3.8 strongswan-plugin-systime-fix - 5.3.5-1ubuntu3.8 No subscription required Medium CVE-2018-17540 Ubuntu 16.04 LTS Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2018-17182) It was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. A local attacker could use this to expose sensitive information. (CVE-2018-15594) It was discovered that microprocessors utilizing speculative execution and prediction of return addresses via Return Stack Buffer (RSB) may allow unauthorized memory reads via sidechannel attacks. An attacker could use this to expose sensitive information. (CVE-2018-15572) It was discovered that a NULL pointer dereference could be triggered in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18216) It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10902) It was discovered that a stack-based buffer overflow existed in the iSCSI target implementation of the Linux kernel. A remote attacker could use this to cause a denial of service (system crash). (CVE-2018-14633) It was discovered that the YUREX USB device driver for the Linux kernel did not properly restrict user space reads or writes. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-16276) It was discovered that a memory leak existed in the IRDA subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2018-6554) It was discovered that a use-after-free vulnerability existed in the IRDA implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-6555) Update Instructions: Run `sudo pro fix USN-3776-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1035-kvm - 4.4.0-1035.41 No subscription required linux-image-4.4.0-1069-aws - 4.4.0-1069.79 No subscription required linux-image-4.4.0-1098-raspi2 - 4.4.0-1098.106 No subscription required linux-image-4.4.0-1102-snapdragon - 4.4.0-1102.107 No subscription required linux-image-4.4.0-137-powerpc-smp - 4.4.0-137.163 linux-image-4.4.0-137-powerpc64-emb - 4.4.0-137.163 linux-image-4.4.0-137-powerpc-e500mc - 4.4.0-137.163 linux-image-4.4.0-137-generic-lpae - 4.4.0-137.163 linux-image-4.4.0-137-lowlatency - 4.4.0-137.163 linux-image-4.4.0-137-powerpc64-smp - 4.4.0-137.163 linux-image-extra-4.4.0-137-generic - 4.4.0-137.163 linux-image-4.4.0-137-generic - 4.4.0-137.163 No subscription required High CVE-2017-18216 CVE-2018-10902 CVE-2018-14633 CVE-2018-15572 CVE-2018-15594 CVE-2018-16276 CVE-2018-17182 CVE-2018-6554 CVE-2018-6555 Ubuntu 16.04 LTS USN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2018-17182) It was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. A local attacker could use this to expose sensitive information. (CVE-2018-15594) It was discovered that microprocessors utilizing speculative execution and prediction of return addresses via Return Stack Buffer (RSB) may allow unauthorized memory reads via sidechannel attacks. An attacker could use this to expose sensitive information. (CVE-2018-15572) Andy Lutomirski and Mika Penttilä discovered that the KVM implementation in the Linux kernel did not properly check privilege levels when emulating some instructions. An unprivileged attacker in a guest VM could use this to escalate privileges within the guest. (CVE-2018-10853) It was discovered that a stack-based buffer overflow existed in the iSCSI target implementation of the Linux kernel. A remote attacker could use this to cause a denial of service (system crash). (CVE-2018-14633) It was discovered that a memory leak existed in the IRDA subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2018-6554) It was discovered that a use-after-free vulnerability existed in the IRDA implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-6555) USN 3653-2 added a mitigation for Speculative Store Bypass a.k.a. Spectre Variant 4 (CVE-2018-3639). This update provides the corresponding mitigation for ARM64 processors. Please note that for this mitigation to be effective, an updated firmware for the processor may be required. ' Update Instructions: Run `sudo pro fix USN-3777-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1021-gcp - 4.15.0-1021.22~16.04.1 No subscription required linux-image-4.15.0-36-generic - 4.15.0-36.39~16.04.1 linux-image-unsigned-4.15.0-36-lowlatency - 4.15.0-36.39~16.04.1 linux-image-4.15.0-36-lowlatency - 4.15.0-36.39~16.04.1 linux-image-4.15.0-36-generic-lpae - 4.15.0-36.39~16.04.1 linux-image-unsigned-4.15.0-36-generic - 4.15.0-36.39~16.04.1 No subscription required High CVE-2018-10853 CVE-2018-14633 CVE-2018-15572 CVE-2018-15594 CVE-2018-17182 CVE-2018-6554 CVE-2018-6555 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4 Ubuntu 16.04 LTS USN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 %LTS. This update provides the corresponding updates for the Linux kernel for Azure Cloud systems. Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2018-17182) It was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. A local attacker could use this to expose sensitive information. (CVE-2018-15594) It was discovered that microprocessors utilizing speculative execution and prediction of return addresses via Return Stack Buffer (RSB) may allow unauthorized memory reads via sidechannel attacks. An attacker could use this to expose sensitive information. (CVE-2018-15572) Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5715) It was discovered that a stack-based buffer overflow existed in the iSCSI target implementation of the Linux kernel. A remote attacker could use this to cause a denial of service (system crash). (CVE-2018-14633) Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2018-3639) It was discovered that a memory leak existed in the IRDA subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2018-6554) It was discovered that a use-after-free vulnerability existed in the IRDA implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-6555) Update Instructions: Run `sudo pro fix USN-3777-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1025-azure - 4.15.0-1025.26~16.04.1 No subscription required High CVE-2017-5715 CVE-2018-14633 CVE-2018-15572 CVE-2018-15594 CVE-2018-17182 CVE-2018-3639 CVE-2018-6554 CVE-2018-6555 Ubuntu 16.04 LTS A crash was discovered in TransportSecurityInfo used for SSL, which could be triggered by data stored in the local cache directory. An attacker could potentially exploit this in combination with another vulnerability that allowed them to write data to the cache, to execute arbitrary code. (CVE-2018-12385) A type confusion bug was discovered in JavaScript. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code. (CVE-2018-12386) It was discovered that the Array.prototype.push could leak memory addresses to the calling function in some circumstances. An attacker could exploit this in combination with another vulnerability to help execute arbitrary code. (CVE-2018-12387) Update Instructions: Run `sudo pro fix USN-3778-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-nn - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-ne - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-nb - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-fa - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-fi - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-fr - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-fy - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-or - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-kab - 62.0.3+build1-0ubuntu0.16.04.2 firefox-testsuite - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-oc - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-cs - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-ga - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-gd - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-gn - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-gl - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-gu - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-pa - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-pl - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-cy - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-pt - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-hi - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-uk - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-he - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-hy - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-hr - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-hu - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-as - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-ar - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-ia - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-az - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-id - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-mai - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-af - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-is - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-it - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-an - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-bs - 62.0.3+build1-0ubuntu0.16.04.2 firefox - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-ro - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-ja - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-ru - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-br - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-zh-hant - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-zh-hans - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-bn - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-be - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-bg - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-sl - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-sk - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-si - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-sw - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-sv - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-sr - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-sq - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-ko - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-kn - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-km - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-kk - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-ka - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-xh - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-ca - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-ku - 62.0.3+build1-0ubuntu0.16.04.2 firefox-mozsymbols - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-lv - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-lt - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-th - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-hsb - 62.0.3+build1-0ubuntu0.16.04.2 firefox-dev - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-te - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-cak - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-ta - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-lg - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-tr - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-nso - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-de - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-da - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-ms - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-mr - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-my - 62.0.3+build1-0ubuntu0.16.04.2 firefox-globalmenu - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-uz - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-ml - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-mn - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-mk - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-ur - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-vi - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-eu - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-et - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-es - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-csb - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-el - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-eo - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-en - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-zu - 62.0.3+build1-0ubuntu0.16.04.2 firefox-locale-ast - 62.0.3+build1-0ubuntu0.16.04.2 No subscription required Medium CVE-2018-12385 CVE-2018-12386 CVE-2018-12387 Ubuntu 16.04 LTS Henri Salo discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-12085) It was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-17294) Update Instructions: Run `sudo pro fix USN-3782-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblouis9 - 2.6.4-2ubuntu0.4 liblouis-bin - 2.6.4-2ubuntu0.4 python-louis - 2.6.4-2ubuntu0.4 liblouis-dev - 2.6.4-2ubuntu0.4 python3-louis - 2.6.4-2ubuntu0.4 liblouis-data - 2.6.4-2ubuntu0.4 No subscription required Medium CVE-2018-12085 CVE-2018-17294 Ubuntu 16.04 LTS As a security improvement, this update adjusts the private-files abstraction to disallow writing to thumbnailer configuration files. Additionally adjust the private-files, private-files-strict and user-files abstractions to disallow writes on parent directories of sensitive files. Update Instructions: Run `sudo pro fix USN-3784-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apparmor-docs - 2.10.95-0ubuntu2.10 python-apparmor - 2.10.95-0ubuntu2.10 libapparmor-dev - 2.10.95-0ubuntu2.10 libapparmor-perl - 2.10.95-0ubuntu2.10 libapparmor1 - 2.10.95-0ubuntu2.10 apparmor-notify - 2.10.95-0ubuntu2.10 apparmor-profiles - 2.10.95-0ubuntu2.10 python3-libapparmor - 2.10.95-0ubuntu2.10 python-libapparmor - 2.10.95-0ubuntu2.10 libpam-apparmor - 2.10.95-0ubuntu2.10 apparmor-easyprof - 2.10.95-0ubuntu2.10 apparmor - 2.10.95-0ubuntu2.10 python3-apparmor - 2.10.95-0ubuntu2.10 apparmor-utils - 2.10.95-0ubuntu2.10 libapache2-mod-apparmor - 2.10.95-0ubuntu2.10 dh-apparmor - 2.10.95-0ubuntu2.10 No subscription required None https://launchpad.net/bugs/1788929 https://launchpad.net/bugs/1794848 Ubuntu 16.04 LTS Due to a large number of issues discovered in GhostScript that prevent it from being used by ImageMagick safely, this update includes a default policy change that disables support for the Postscript and PDF formats in ImageMagick. This policy can be overridden if necessary by using an alternate ImageMagick policy configuration. It was discovered that several memory leaks existed when handling certain images in ImageMagick. An attacker could use this to cause a denial of service. (CVE-2018-14434, CVE-2018-14435, CVE-2018-14436, CVE-2018-14437, CVE-2018-16640, CVE-2018-16750) It was discovered that ImageMagick did not properly initialize a variable before using it when processing MAT images. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-14551) It was discovered that an information disclosure vulnerability existed in ImageMagick when processing XBM images. An attacker could use this to expose sensitive information. (CVE-2018-16323) It was discovered that an out-of-bounds write vulnerability existed in ImageMagick when handling certain images. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2018-16642) It was discovered that ImageMagick did not properly check for errors in some situations. An attacker could use this to cause a denial of service. (CVE-2018-16643) It was discovered that ImageMagick did not properly validate image meta data in some situations. An attacker could use this to cause a denial of service. (CVE-2018-16644) It was discovered that ImageMagick did not prevent excessive memory allocation when handling certain image types. An attacker could use this to cause a denial of service. (CVE-2018-16645) Sergej Schumilo and Cornelius Aschermann discovered that ImageMagick did not properly check for NULL in some situations when processing PNG images. An attacker could use this to cause a denial of service. (CVE-2018-16749) USN-3681-1 fixed vulnerabilities in Imagemagick. Unfortunately, the fix for CVE-2017-13144 introduced a regression in ImageMagick in Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. This update reverts the fix for CVE-2017-13144 for those releases. We apologize for the inconvenience. Update Instructions: Run `sudo pro fix USN-3785-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.8.9.9-7ubuntu5.13 libmagickcore-6.q16-dev - 8:6.8.9.9-7ubuntu5.13 libmagickcore-dev - 8:6.8.9.9-7ubuntu5.13 imagemagick - 8:6.8.9.9-7ubuntu5.13 imagemagick-doc - 8:6.8.9.9-7ubuntu5.13 libmagickwand-dev - 8:6.8.9.9-7ubuntu5.13 libmagickwand-6.q16-dev - 8:6.8.9.9-7ubuntu5.13 libmagick++-6-headers - 8:6.8.9.9-7ubuntu5.13 libimage-magick-q16-perl - 8:6.8.9.9-7ubuntu5.13 libimage-magick-perl - 8:6.8.9.9-7ubuntu5.13 libmagick++-dev - 8:6.8.9.9-7ubuntu5.13 imagemagick-6.q16 - 8:6.8.9.9-7ubuntu5.13 libmagick++-6.q16-5v5 - 8:6.8.9.9-7ubuntu5.13 perlmagick - 8:6.8.9.9-7ubuntu5.13 libmagickwand-6.q16-2 - 8:6.8.9.9-7ubuntu5.13 libmagickcore-6-arch-config - 8:6.8.9.9-7ubuntu5.13 libmagick++-6.q16-dev - 8:6.8.9.9-7ubuntu5.13 libmagickcore-6.q16-2-extra - 8:6.8.9.9-7ubuntu5.13 libmagickcore-6-headers - 8:6.8.9.9-7ubuntu5.13 libmagickwand-6-headers - 8:6.8.9.9-7ubuntu5.13 libmagickcore-6.q16-2 - 8:6.8.9.9-7ubuntu5.13 No subscription required Medium CVE-2018-14434 CVE-2018-14435 CVE-2018-14436 CVE-2018-14437 CVE-2018-14551 CVE-2018-16323 CVE-2018-16640 CVE-2018-16642 CVE-2018-16643 CVE-2018-16644 CVE-2018-16645 CVE-2018-16749 CVE-2018-16750 https://launchpad.net/bugs/1793485 Ubuntu 16.04 LTS It was discovered that libxkbcommon incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-15853, CVE-2018-15854, CVE-2018-15855, CVE-2018-15856, CVE-2018-15857, CVE-2018-15858, CVE-2018-15859, CVE-2018-15861, CVE-2018-15862, CVE-2018-15863, CVE-2018-15864) Update Instructions: Run `sudo pro fix USN-3786-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxkbcommon-x11-dev - 0.5.0-1ubuntu2.1 libxkbcommon-dev - 0.5.0-1ubuntu2.1 libxkbcommon0 - 0.5.0-1ubuntu2.1 libxkbcommon-x11-0 - 0.5.0-1ubuntu2.1 No subscription required Medium CVE-2018-15853 CVE-2018-15854 CVE-2018-15855 CVE-2018-15856 CVE-2018-15857 CVE-2018-15858 CVE-2018-15859 CVE-2018-15861 CVE-2018-15862 CVE-2018-15863 CVE-2018-15864 Ubuntu 16.04 LTS It was discovered that Tomcat incorrectly handled returning redirects to a directory. A remote attacker could possibly use this issue with a specially crafted URL to redirect to arbitrary URIs. Update Instructions: Run `sudo pro fix USN-3787-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tomcat8-docs - 8.0.32-1ubuntu1.8 tomcat8-user - 8.0.32-1ubuntu1.8 libservlet3.1-java - 8.0.32-1ubuntu1.8 libservlet3.1-java-doc - 8.0.32-1ubuntu1.8 tomcat8-examples - 8.0.32-1ubuntu1.8 tomcat8-admin - 8.0.32-1ubuntu1.8 libtomcat8-java - 8.0.32-1ubuntu1.8 tomcat8-common - 8.0.32-1ubuntu1.8 tomcat8 - 8.0.32-1ubuntu1.8 No subscription required Medium CVE-2018-11784 Ubuntu 16.04 LTS Jakub Wilk discovered that Tex Live incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-5700) It was discovered that Tex Live incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-17407) Update Instructions: Run `sudo pro fix USN-3788-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libptexenc-dev - 2015.20160222.37495-1ubuntu0.1 libkpathsea-dev - 2015.20160222.37495-1ubuntu0.1 libptexenc1 - 2015.20160222.37495-1ubuntu0.1 libtexluajit2 - 2015.20160222.37495-1ubuntu0.1 libtexluajit-dev - 2015.20160222.37495-1ubuntu0.1 texlive-binaries - 2015.20160222.37495-1ubuntu0.1 libtexlua52-dev - 2015.20160222.37495-1ubuntu0.1 libtexlua52 - 2015.20160222.37495-1ubuntu0.1 libsynctex-dev - 2015.20160222.37495-1ubuntu0.1 libkpathsea6 - 2015.20160222.37495-1ubuntu0.1 libsynctex1 - 2015.20160222.37495-1ubuntu0.1 No subscription required Medium CVE-2015-5700 CVE-2018-17407 Ubuntu 16.04 LTS It was discovered that ClamAV incorrectly handled unpacking MEW executables. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3789-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.100.2+dfsg-1ubuntu0.16.04.1 clamav-testfiles - 0.100.2+dfsg-1ubuntu0.16.04.1 clamav-base - 0.100.2+dfsg-1ubuntu0.16.04.1 clamav - 0.100.2+dfsg-1ubuntu0.16.04.1 libclamav7 - 0.100.2+dfsg-1ubuntu0.16.04.1 clamav-daemon - 0.100.2+dfsg-1ubuntu0.16.04.1 clamav-milter - 0.100.2+dfsg-1ubuntu0.16.04.1 clamav-docs - 0.100.2+dfsg-1ubuntu0.16.04.1 clamav-freshclam - 0.100.2+dfsg-1ubuntu0.16.04.1 clamdscan - 0.100.2+dfsg-1ubuntu0.16.04.1 No subscription required Medium CVE-2018-15378 Ubuntu 16.04 LTS It was discovered that Requests incorrectly handled certain HTTP headers. An attacker could possibly use this issue to access sensitive information. Update Instructions: Run `sudo pro fix USN-3790-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-requests - 2.9.1-3ubuntu0.1 python-requests - 2.9.1-3ubuntu0.1 No subscription required Medium CVE-2018-18074 Ubuntu 16.04 LTS It was discovered that git did not properly validate git submodule urls or paths. A remote attacker could possibly use this to craft a git repository that causes arbitrary code execution when recursive operations are used. Update Instructions: Run `sudo pro fix USN-3791-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:2.7.4-0ubuntu1.5 gitweb - 1:2.7.4-0ubuntu1.5 git-gui - 1:2.7.4-0ubuntu1.5 git-daemon-sysvinit - 1:2.7.4-0ubuntu1.5 git-arch - 1:2.7.4-0ubuntu1.5 git-el - 1:2.7.4-0ubuntu1.5 gitk - 1:2.7.4-0ubuntu1.5 git-all - 1:2.7.4-0ubuntu1.5 git-mediawiki - 1:2.7.4-0ubuntu1.5 git-daemon-run - 1:2.7.4-0ubuntu1.5 git-man - 1:2.7.4-0ubuntu1.5 git-doc - 1:2.7.4-0ubuntu1.5 git-svn - 1:2.7.4-0ubuntu1.5 git-cvs - 1:2.7.4-0ubuntu1.5 git-core - 1:2.7.4-0ubuntu1.5 git-email - 1:2.7.4-0ubuntu1.5 No subscription required Medium CVE-2018-17456 Ubuntu 16.04 LTS It was discovered that Net-SNMP incorrectly handled certain certain crafted packets. A remote attacker could possibly use this issue to cause Net-SNMP to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3792-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: snmptrapd - 5.7.3+dfsg-1ubuntu4.2 libsnmp-perl - 5.7.3+dfsg-1ubuntu4.2 libsnmp-dev - 5.7.3+dfsg-1ubuntu4.2 libsnmp-base - 5.7.3+dfsg-1ubuntu4.2 snmp - 5.7.3+dfsg-1ubuntu4.2 libsnmp30 - 5.7.3+dfsg-1ubuntu4.2 tkmib - 5.7.3+dfsg-1ubuntu4.2 snmpd - 5.7.3+dfsg-1ubuntu4.2 python-netsnmp - 5.7.3+dfsg-1ubuntu4.2 No subscription required Medium CVE-2018-18065 Ubuntu 16.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2018-12376, CVE-2018-12377, CVE-2018-12378) It was discovered that if a user saved passwords before Thunderbird 58 and then later set a master password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. (CVE-2018-12383) A crash was discovered in TransportSecurityInfo used for SSL, which could be triggered by data stored in the local cache directory. An attacker could potentially exploit this in combination with another vulnerability that allowed them to write data to the cache, to execute arbitrary code. (CVE-2018-12385) Update Instructions: Run `sudo pro fix USN-3793-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: thunderbird-locale-es-ar - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-br - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-bn - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-be - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-bg - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-ja - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-sl - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-sk - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-si - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-gnome-support - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-sv - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-sr - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-sq - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-hsb - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-cy - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-cs - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-ca - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-pt-br - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-pa - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-ka - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-ko - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-kk - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-kab - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-pl - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-zh-tw - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-pt - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-nn-no - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-nb-no - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-bn-bd - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-lt - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-en-gb - 1:60.2.1+build1-0ubuntu0.16.04.4 xul-ext-calendar-timezones - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-de - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-da - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-uk - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-globalmenu - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-testsuite - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-dev - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-el - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-en-us - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-rm - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-ms - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-ro - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-eu - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-et - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-zh-hant - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-zh-hans - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-ru - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-mk - 1:60.2.1+build1-0ubuntu0.16.04.4 xul-ext-gdata-provider - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-fr - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-es-es - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-ta-lk - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-fy - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-fi - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-ast - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-nl - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-nn - 1:60.2.1+build1-0ubuntu0.16.04.4 xul-ext-lightning - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-ga-ie - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-fy-nl - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-nb - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-en - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-zh-cn - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-gl - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-ga - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-tr - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-gd - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-ta - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-dsb - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-it - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-hy - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-sv-se - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-hr - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-hu - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-pa-in - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-he - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-ar - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-af - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-pt-pt - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-is - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-vi - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-mozsymbols - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-es - 1:60.2.1+build1-0ubuntu0.16.04.4 thunderbird-locale-id - 1:60.2.1+build1-0ubuntu0.16.04.4 No subscription required Medium CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12383 CVE-2018-12385 Ubuntu 16.04 LTS It was discovered that MoinMoin incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. Update Instructions: Run `sudo pro fix USN-3794-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-moinmoin - 1.9.8-1ubuntu1.16.04.2 No subscription required Medium CVE-2017-5934 Ubuntu 16.04 LTS Peter Winter-Smith discovered that libssh incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials. Update Instructions: Run `sudo pro fix USN-3795-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssh-gcrypt-dev - 0.6.3-4.3ubuntu0.1 libssh-doc - 0.6.3-4.3ubuntu0.1 libssh-gcrypt-4 - 0.6.3-4.3ubuntu0.1 libssh-4 - 0.6.3-4.3ubuntu0.1 libssh-dev - 0.6.3-4.3ubuntu0.1 No subscription required Medium CVE-2018-10933 Ubuntu 16.04 LTS USN-3795-1 and USN-3795-2 fixed a vulnerability in libssh. The upstream fix introduced a regression. This update fixes the problem. Original advisory details: Peter Winter-Smith discovered that libssh incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials. Update Instructions: Run `sudo pro fix USN-3795-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssh-gcrypt-dev - 0.6.3-4.3ubuntu0.2 libssh-doc - 0.6.3-4.3ubuntu0.2 libssh-gcrypt-4 - 0.6.3-4.3ubuntu0.2 libssh-4 - 0.6.3-4.3ubuntu0.2 libssh-dev - 0.6.3-4.3ubuntu0.2 No subscription required None https://launchpad.net/bugs/1805348 Ubuntu 16.04 LTS Daniel Hoffman discovered that Paramiko incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials. Update Instructions: Run `sudo pro fix USN-3796-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-paramiko - 1.16.0-1ubuntu0.2 paramiko-doc - 1.16.0-1ubuntu0.2 python-paramiko - 1.16.0-1ubuntu0.2 No subscription required Medium CVE-2018-1000805 Ubuntu 16.04 LTS Noam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2018-14734) It was discovered that an integer overflow existed in the CD-ROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-16658) It was discovered that an integer overflow existed in the HID Bluetooth implementation in the Linux kernel that could lead to a buffer overwrite. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-9363) Yves Younan discovered that the CIPSO labeling implementation in the Linux kernel did not properly handle IP header options in some situations. A remote attacker could use this to specially craft network traffic that could cause a denial of service (infinite loop). (CVE-2018-10938) Update Instructions: Run `sudo pro fix USN-3797-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1036-kvm - 4.4.0-1036.42 No subscription required linux-image-4.4.0-1070-aws - 4.4.0-1070.80 No subscription required linux-image-4.4.0-1099-raspi2 - 4.4.0-1099.107 No subscription required linux-image-4.4.0-1103-snapdragon - 4.4.0-1103.108 No subscription required linux-image-4.4.0-138-powerpc-smp - 4.4.0-138.164 linux-image-4.4.0-138-powerpc64-emb - 4.4.0-138.164 linux-image-4.4.0-138-powerpc-e500mc - 4.4.0-138.164 linux-image-4.4.0-138-powerpc64-smp - 4.4.0-138.164 linux-image-extra-4.4.0-138-generic - 4.4.0-138.164 linux-image-4.4.0-138-generic - 4.4.0-138.164 linux-image-4.4.0-138-generic-lpae - 4.4.0-138.164 linux-image-4.4.0-138-lowlatency - 4.4.0-138.164 No subscription required Medium CVE-2018-10938 CVE-2018-14734 CVE-2018-16658 CVE-2018-9363 Ubuntu 16.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.62 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10 have been updated to MySQL 5.7.24. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-62.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-24.html https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html Update Instructions: Run `sudo pro fix USN-3799-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.24-0ubuntu0.16.04.1 mysql-source-5.7 - 5.7.24-0ubuntu0.16.04.1 libmysqlclient-dev - 5.7.24-0ubuntu0.16.04.1 mysql-client-core-5.7 - 5.7.24-0ubuntu0.16.04.1 mysql-client-5.7 - 5.7.24-0ubuntu0.16.04.1 libmysqlclient20 - 5.7.24-0ubuntu0.16.04.1 mysql-server-5.7 - 5.7.24-0ubuntu0.16.04.1 mysql-common - 5.7.24-0ubuntu0.16.04.1 mysql-server - 5.7.24-0ubuntu0.16.04.1 mysql-server-core-5.7 - 5.7.24-0ubuntu0.16.04.1 mysql-testsuite - 5.7.24-0ubuntu0.16.04.1 libmysqld-dev - 5.7.24-0ubuntu0.16.04.1 mysql-testsuite-5.7 - 5.7.24-0ubuntu0.16.04.1 No subscription required Medium CVE-2018-3133 CVE-2018-3143 CVE-2018-3144 CVE-2018-3155 CVE-2018-3156 CVE-2018-3161 CVE-2018-3162 CVE-2018-3171 CVE-2018-3173 CVE-2018-3174 CVE-2018-3185 CVE-2018-3187 CVE-2018-3200 CVE-2018-3247 CVE-2018-3251 CVE-2018-3276 CVE-2018-3277 CVE-2018-3278 CVE-2018-3282 CVE-2018-3283 CVE-2018-3284 Ubuntu 16.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass CSP restrictions, spoof the protocol registration notification bar, leak SameSite cookies, bypass mixed content warnings, or execute arbitrary code. (CVE-2018-12388, CVE-2018-12390, CVE-2018-12392, CVE-2018-12393, CVE-2018-12398, CVE-2018-12399, CVE-2018-12401, CVE-2018-12402, CVE-2018-12403) Multiple security issues were discovered with WebExtensions in Firefox. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to bypass domain restrictions, gain additional privileges, or run content scripts in local pages without permission. (CVE-2018-12395, CVE-2018-12396, CVE-2018-12397) Update Instructions: Run `sudo pro fix USN-3801-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-nn - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-ne - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-nb - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-fa - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-fi - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-fr - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-fy - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-or - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-kab - 63.0+build2-0ubuntu0.16.04.2 firefox-testsuite - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-oc - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-cs - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-ga - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-gd - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-gn - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-gl - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-gu - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-pa - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-pl - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-cy - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-pt - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-hi - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-uk - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-he - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-hy - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-hr - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-hu - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-as - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-ar - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-ia - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-az - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-id - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-mai - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-af - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-is - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-it - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-an - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-bs - 63.0+build2-0ubuntu0.16.04.2 firefox - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-ro - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-ja - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-ru - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-br - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-zh-hant - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-zh-hans - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-bn - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-be - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-bg - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-sl - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-sk - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-si - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-sw - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-sv - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-sr - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-sq - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-ko - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-kn - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-km - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-kk - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-ka - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-xh - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-ca - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-ku - 63.0+build2-0ubuntu0.16.04.2 firefox-mozsymbols - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-lv - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-lt - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-th - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-hsb - 63.0+build2-0ubuntu0.16.04.2 firefox-dev - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-te - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-cak - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-ta - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-lg - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-tr - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-nso - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-de - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-da - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-ms - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-mr - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-my - 63.0+build2-0ubuntu0.16.04.2 firefox-globalmenu - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-uz - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-ml - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-mn - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-mk - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-ur - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-vi - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-eu - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-et - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-es - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-csb - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-el - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-eo - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-en - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-zu - 63.0+build2-0ubuntu0.16.04.2 firefox-locale-ast - 63.0+build2-0ubuntu0.16.04.2 No subscription required Medium CVE-2018-12388 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 CVE-2018-12395 CVE-2018-12396 CVE-2018-12397 CVE-2018-12398 CVE-2018-12399 CVE-2018-12401 CVE-2018-12402 CVE-2018-12403 Ubuntu 16.04 LTS USN-3801-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass CSP restrictions, spoof the protocol registration notification bar, leak SameSite cookies, bypass mixed content warnings, or execute arbitrary code. (CVE-2018-12388, CVE-2018-12390, CVE-2018-12392, CVE-2018-12393, CVE-2018-12398, CVE-2018-12399, CVE-2018-12401, CVE-2018-12402, CVE-2018-12403) Multiple security issues were discovered with WebExtensions in Firefox. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to bypass domain restrictions, gain additional privileges, or run content scripts in local pages without permission. (CVE-2018-12395, CVE-2018-12396, CVE-2018-12397) Update Instructions: Run `sudo pro fix USN-3801-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-nn - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ne - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-nb - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-fa - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-fi - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-fr - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-fy - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-or - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-kab - 63.0.3+build1-0ubuntu0.16.04.1 firefox-testsuite - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-oc - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-cs - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ga - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-gd - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-gn - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-gl - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-gu - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-pa - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-pl - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-cy - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-pt - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-hi - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-uk - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-he - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-hy - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-hr - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-hu - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-as - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ar - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ia - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-az - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-id - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-mai - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-af - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-is - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-it - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-an - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-bs - 63.0.3+build1-0ubuntu0.16.04.1 firefox - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ro - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ja - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ru - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-br - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-zh-hant - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-zh-hans - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-bn - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-be - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-bg - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-sl - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-sk - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-si - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-sw - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-sv - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-sr - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-sq - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ko - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-kn - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-km - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-kk - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ka - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-xh - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ca - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ku - 63.0.3+build1-0ubuntu0.16.04.1 firefox-mozsymbols - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-lv - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-lt - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-th - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-hsb - 63.0.3+build1-0ubuntu0.16.04.1 firefox-dev - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-te - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-cak - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ta - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-lg - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-tr - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-nso - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-de - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-da - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ms - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-mr - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-my - 63.0.3+build1-0ubuntu0.16.04.1 firefox-globalmenu - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-uz - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ml - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-mn - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-mk - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ur - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-vi - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-eu - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-et - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-es - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-csb - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-el - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-eo - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-en - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-zu - 63.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ast - 63.0.3+build1-0ubuntu0.16.04.1 No subscription required None https://launchpad.net/bugs/1804881 Ubuntu 16.04 LTS Narendra Shinde discovered that the X.Org X server incorrectly handled certain command line parameters when running as root with the legacy wrapper. When certain graphics drivers are being used, a local attacker could possibly use this issue to overwrite arbitrary files and escalate privileges. Update Instructions: Run `sudo pro fix USN-3802-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xserver-xorg-dev-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.2 xorg-server-source-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.2 xserver-xorg-core-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.2 xmir-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.2 xserver-xorg-legacy-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.2 xwayland-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.2 xserver-xephyr-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.2 No subscription required Medium CVE-2018-14665 Ubuntu 16.04 LTS Tavis Ormandy discovered multiple security issues in Ghostscript. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service. Update Instructions: Run `sudo pro fix USN-3803-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.25~dfsg+1-0ubuntu0.16.04.2 ghostscript-x - 9.25~dfsg+1-0ubuntu0.16.04.2 libgs-dev - 9.25~dfsg+1-0ubuntu0.16.04.2 ghostscript-doc - 9.25~dfsg+1-0ubuntu0.16.04.2 libgs9 - 9.25~dfsg+1-0ubuntu0.16.04.2 libgs9-common - 9.25~dfsg+1-0ubuntu0.16.04.2 No subscription required Medium CVE-2018-17961 CVE-2018-18073 CVE-2018-18284 Ubuntu 16.04 LTS It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2018-3136) Artem Smotrakov discovered that the HTTP client redirection handler implementation in OpenJDK did not clear potentially sensitive information in HTTP headers when following redirections to different hosts. An attacker could use this to expose sensitive information. (CVE-2018-3139) It was discovered that the Java Naming and Directory Interface (JNDI) implementation in OpenJDK did not properly enforce restrictions specified by system properties in some situations. An attacker could potentially use this to execute arbitrary code. (CVE-2018-3149) It was discovered that the Utility component of OpenJDK did not properly ensure all attributes in a JAR were signed before use. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-3150) It was discovered that the Hotspot component of OpenJDK did not properly perform access checks in certain cases when performing field link resolution. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2018-3169) Felix Dörre discovered that the Java Secure Socket Extension (JSSE) implementation in OpenJDK did not ensure that the same endpoint identification algorithm was used during TLS session resumption as during initial session setup. An attacker could use this to expose sensitive information. (CVE-2018-3180) Krzysztof Szafrański discovered that the Scripting component did not properly restrict access to the scripting engine in some situations. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2018-3183) Tobias Ospelt discovered that the Resource Interchange File Format (RIFF) reader implementation in OpenJDK contained an infinite loop. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-3214) Update Instructions: Run `sudo pro fix USN-3804-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-8-doc - 8u181-b13-1ubuntu0.16.04.1 openjdk-8-jdk - 8u181-b13-1ubuntu0.16.04.1 openjdk-8-jre-headless - 8u181-b13-1ubuntu0.16.04.1 openjdk-8-jre - 8u181-b13-1ubuntu0.16.04.1 openjdk-8-jdk-headless - 8u181-b13-1ubuntu0.16.04.1 openjdk-8-source - 8u181-b13-1ubuntu0.16.04.1 openjdk-8-jre-zero - 8u181-b13-1ubuntu0.16.04.1 openjdk-8-demo - 8u181-b13-1ubuntu0.16.04.1 openjdk-8-jre-jamvm - 8u181-b13-1ubuntu0.16.04.1 No subscription required Medium CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3150 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-3214 Ubuntu 16.04 LTS Harry Sintonen discovered that curl incorrectly handled SASL authentication. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-16839) Brian Carpenter discovered that curl incorrectly handled memory when closing certain handles. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-16840) Brian Carpenter discovered that the curl command-line tool incorrectly handled error messages. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2018-16842) Update Instructions: Run `sudo pro fix USN-3805-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.47.0-1ubuntu2.11 libcurl4-openssl-dev - 7.47.0-1ubuntu2.11 libcurl3-gnutls - 7.47.0-1ubuntu2.11 libcurl4-doc - 7.47.0-1ubuntu2.11 libcurl3-nss - 7.47.0-1ubuntu2.11 libcurl4-nss-dev - 7.47.0-1ubuntu2.11 libcurl3 - 7.47.0-1ubuntu2.11 curl - 7.47.0-1ubuntu2.11 No subscription required Medium CVE-2018-16839 CVE-2018-16840 CVE-2018-16842 Ubuntu 16.04 LTS Felix Wilhelm discovered that the systemd-networkd DHCPv6 client incorrectly handled certain DHCPv6 messages. In configurations where systemd-networkd is being used, an attacker on the same network could use this issue to cause systemd-networkd to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3806-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: systemd-coredump - 229-4ubuntu21.6 systemd - 229-4ubuntu21.6 udev-udeb - 229-4ubuntu21.6 libsystemd0 - 229-4ubuntu21.6 systemd-container - 229-4ubuntu21.6 libnss-myhostname - 229-4ubuntu21.6 libudev1-udeb - 229-4ubuntu21.6 libudev1 - 229-4ubuntu21.6 libsystemd-dev - 229-4ubuntu21.6 systemd-journal-remote - 229-4ubuntu21.6 libpam-systemd - 229-4ubuntu21.6 libnss-mymachines - 229-4ubuntu21.6 libnss-resolve - 229-4ubuntu21.6 systemd-sysv - 229-4ubuntu21.6 udev - 229-4ubuntu21.6 libudev-dev - 229-4ubuntu21.6 No subscription required Medium CVE-2018-15688 Ubuntu 16.04 LTS Felix Wilhelm discovered that the NetworkManager internal DHCPv6 client incorrectly handled certain DHCPv6 messages. In non-default configurations where the internal DHCP client is enabled, an attacker on the same network could use this issue to cause NetworkManager to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3807-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnm-glib-vpn-dev - 1.2.6-0ubuntu0.16.04.3 libnm-util2 - 1.2.6-0ubuntu0.16.04.3 network-manager-dev - 1.2.6-0ubuntu0.16.04.3 libnm-glib-dev - 1.2.6-0ubuntu0.16.04.3 gir1.2-networkmanager-1.0 - 1.2.6-0ubuntu0.16.04.3 network-manager - 1.2.6-0ubuntu0.16.04.3 libnm-glib4 - 1.2.6-0ubuntu0.16.04.3 libnm0 - 1.2.6-0ubuntu0.16.04.3 libnm-dev - 1.2.6-0ubuntu0.16.04.3 libnm-glib-vpn1 - 1.2.6-0ubuntu0.16.04.3 libnm-util-dev - 1.2.6-0ubuntu0.16.04.3 No subscription required Medium CVE-2018-15688 Ubuntu 16.04 LTS It was discovered that Ruby incorrectly handled certain X.509 certificates. An attacker could possibly use this issue to bypass the certificate check. (CVE-2018-16395) It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-16396) Update Instructions: Run `sudo pro fix USN-3808-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libruby2.3 - 2.3.1-2~16.04.11 ruby2.3-tcltk - 2.3.1-2~16.04.11 ruby2.3 - 2.3.1-2~16.04.11 ruby2.3-dev - 2.3.1-2~16.04.11 ruby2.3-doc - 2.3.1-2~16.04.11 No subscription required Medium CVE-2018-16395 CVE-2018-16396 Ubuntu 16.04 LTS Robert Swiecki discovered that OpenSSH incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10708) It was discovered that OpenSSH incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information. (CVE-2018-15473) Update Instructions: Run `sudo pro fix USN-3809-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssh-server-udeb - 1:7.2p2-4ubuntu2.6 ssh-krb5 - 1:7.2p2-4ubuntu2.6 openssh-client - 1:7.2p2-4ubuntu2.6 openssh-server - 1:7.2p2-4ubuntu2.6 openssh-client-ssh1 - 1:7.2p2-4ubuntu2.6 ssh - 1:7.2p2-4ubuntu2.6 ssh-askpass-gnome - 1:7.2p2-4ubuntu2.6 openssh-client-udeb - 1:7.2p2-4ubuntu2.6 openssh-sftp-server - 1:7.2p2-4ubuntu2.6 No subscription required Low CVE-2016-10708 CVE-2018-15473 Ubuntu 16.04 LTS Ivan Gotovchits discovered that ppp incorrectly handled the EAP-TLS protocol. A remote attacker could use this issue to cause ppp to crash, resulting in a denial of service, or possibly bypass authentication. Update Instructions: Run `sudo pro fix USN-3810-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ppp-udeb - 2.4.7-1+2ubuntu1.16.04.1 ppp - 2.4.7-1+2ubuntu1.16.04.1 ppp-dev - 2.4.7-1+2ubuntu1.16.04.1 No subscription required Medium CVE-2018-11574 Ubuntu 16.04 LTS It was discovered that SpamAssassin incorrectly handled certain unclosed tags in emails. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2017-15705) It was discovered that SpamAssassin incorrectly handled the PDFInfo plugin. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2018-11780) It was discovered that SpamAssassin incorrectly handled meta rule syntax. A local attacker could possibly use this issue to execute arbitrary code. (CVE-2018-11781) Update Instructions: Run `sudo pro fix USN-3811-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: spamassassin - 3.4.2-0ubuntu0.16.04.1 sa-compile - 3.4.2-0ubuntu0.16.04.1 spamc - 3.4.2-0ubuntu0.16.04.1 No subscription required Medium CVE-2017-15705 CVE-2018-11780 CVE-2018-11781 Ubuntu 16.04 LTS It was discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16843) Gal Goldshtein discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive CPU usage, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16844) It was discovered that nginx incorrectly handled the ngx_http_mp4_module module. A remote attacker could possibly use this issue with a specially crafted mp4 file to cause nginx to crash, stop responding, or access arbitrary memory. (CVE-2018-16845) Update Instructions: Run `sudo pro fix USN-3812-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nginx-extras - 1.10.3-0ubuntu0.16.04.3 nginx-core - 1.10.3-0ubuntu0.16.04.3 nginx-common - 1.10.3-0ubuntu0.16.04.3 nginx-full - 1.10.3-0ubuntu0.16.04.3 nginx - 1.10.3-0ubuntu0.16.04.3 nginx-doc - 1.10.3-0ubuntu0.16.04.3 nginx-light - 1.10.3-0ubuntu0.16.04.3 No subscription required Medium CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 Ubuntu 16.04 LTS It was discovered that pyOpenSSL incorrectly handled memory when handling X509 objects. A remote attacker could use this issue to cause pyOpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-1000807) It was discovered that pyOpenSSL incorrectly handled memory when performing operations on a PKCS #12 store. A remote attacker could possibly use this issue to cause pyOpenSSL to consume resources, resulting in a denial of service. (CVE-2018-1000808) Update Instructions: Run `sudo pro fix USN-3813-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-openssl - 0.15.1-2ubuntu0.2 python-openssl-doc - 0.15.1-2ubuntu0.2 python-openssl - 0.15.1-2ubuntu0.2 No subscription required Medium CVE-2018-1000807 CVE-2018-1000808 Ubuntu 16.04 LTS It was discovered libmspack incorrectly handled certain malformed CAB files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service. (CVE-2018-18584, CVE-2018-18585) Update Instructions: Run `sudo pro fix USN-3814-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmspack0 - 0.5-1ubuntu0.16.04.3 libmspack-dev - 0.5-1ubuntu0.16.04.3 libmspack-doc - 0.5-1ubuntu0.16.04.3 No subscription required Medium CVE-2018-18584 CVE-2018-18585 Ubuntu 16.04 LTS It was discovered that gettext incorrectly handled certain messages. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3815-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libasprintf-dev - 0.19.7-2ubuntu3.1 gettext - 0.19.7-2ubuntu3.1 gettext-el - 0.19.7-2ubuntu3.1 libgettextpo0 - 0.19.7-2ubuntu3.1 gettext-base - 0.19.7-2ubuntu3.1 libasprintf0v5 - 0.19.7-2ubuntu3.1 libgettextpo-dev - 0.19.7-2ubuntu3.1 autopoint - 0.19.7-2ubuntu3.1 gettext-doc - 0.19.7-2ubuntu3.1 No subscription required Medium CVE-2018-18751 Ubuntu 16.04 LTS Jann Horn discovered that unit_deserialize incorrectly handled status messages above a certain length. A local attacker could potentially exploit this via NotifyAccess to inject arbitrary state across re-execution and obtain root privileges. (CVE-2018-15686) Jann Horn discovered a race condition in chown_one(). A local attacker could potentially exploit this by setting arbitrary permissions on certain files to obtain root privileges. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-15687) It was discovered that systemd-tmpfiles mishandled symlinks in non-terminal path components. A local attacker could potentially exploit this by gaining ownership of certain files to obtain root privileges. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-6954) Update Instructions: Run `sudo pro fix USN-3816-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: systemd-coredump - 229-4ubuntu21.8 systemd - 229-4ubuntu21.8 udev-udeb - 229-4ubuntu21.8 libsystemd0 - 229-4ubuntu21.8 systemd-container - 229-4ubuntu21.8 libnss-myhostname - 229-4ubuntu21.8 libudev1-udeb - 229-4ubuntu21.8 libudev1 - 229-4ubuntu21.8 libsystemd-dev - 229-4ubuntu21.8 systemd-journal-remote - 229-4ubuntu21.8 libpam-systemd - 229-4ubuntu21.8 libnss-mymachines - 229-4ubuntu21.8 libnss-resolve - 229-4ubuntu21.8 systemd-sysv - 229-4ubuntu21.8 udev - 229-4ubuntu21.8 libudev-dev - 229-4ubuntu21.8 No subscription required Medium CVE-2018-15686 CVE-2018-15687 CVE-2018-6954 Ubuntu 16.04 LTS USN-3816-1 fixed several vulnerabilities in systemd. However, the fix for CVE-2018-6954 was not sufficient. This update provides the remaining fixes. We apologize for the inconvenience. Original advisory details: Jann Horn discovered that unit_deserialize incorrectly handled status messages above a certain length. A local attacker could potentially exploit this via NotifyAccess to inject arbitrary state across re-execution and obtain root privileges. (CVE-2018-15686) Jann Horn discovered a race condition in chown_one(). A local attacker could potentially exploit this by setting arbitrary permissions on certain files to obtain root privileges. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-15687) It was discovered that systemd-tmpfiles mishandled symlinks in non-terminal path components. A local attacker could potentially exploit this by gaining ownership of certain files to obtain root privileges. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-6954) Update Instructions: Run `sudo pro fix USN-3816-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: systemd-coredump - 229-4ubuntu21.9 systemd - 229-4ubuntu21.9 udev-udeb - 229-4ubuntu21.9 libsystemd0 - 229-4ubuntu21.9 systemd-container - 229-4ubuntu21.9 libnss-myhostname - 229-4ubuntu21.9 libudev1-udeb - 229-4ubuntu21.9 libudev1 - 229-4ubuntu21.9 libsystemd-dev - 229-4ubuntu21.9 systemd-journal-remote - 229-4ubuntu21.9 libpam-systemd - 229-4ubuntu21.9 libnss-mymachines - 229-4ubuntu21.9 libnss-resolve - 229-4ubuntu21.9 systemd-sysv - 229-4ubuntu21.9 udev - 229-4ubuntu21.9 libudev-dev - 229-4ubuntu21.9 No subscription required Medium CVE-2018-6954 Ubuntu 16.04 LTS USN-3816-1 fixed vulnerabilities in systemd. The fix for CVE-2018-6954 caused a regression in systemd-tmpfiles when running Ubuntu inside a container on some older kernels. This issue only affected Ubuntu 16.04 LTS. In order to continue to support this configuration, the fixes for CVE-2018-6954 have been reverted. We apologize for the inconvenience. Original advisory details: Jann Horn discovered that unit_deserialize incorrectly handled status messages above a certain length. A local attacker could potentially exploit this via NotifyAccess to inject arbitrary state across re-execution and obtain root privileges. (CVE-2018-15686) Jann Horn discovered a race condition in chown_one(). A local attacker could potentially exploit this by setting arbitrary permissions on certain files to obtain root privileges. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-15687) It was discovered that systemd-tmpfiles mishandled symlinks in non-terminal path components. A local attacker could potentially exploit this by gaining ownership of certain files to obtain root privileges. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-6954) Update Instructions: Run `sudo pro fix USN-3816-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: systemd-coredump - 229-4ubuntu21.10 systemd - 229-4ubuntu21.10 udev-udeb - 229-4ubuntu21.10 libsystemd0 - 229-4ubuntu21.10 systemd-container - 229-4ubuntu21.10 libnss-myhostname - 229-4ubuntu21.10 libudev1-udeb - 229-4ubuntu21.10 libudev1 - 229-4ubuntu21.10 libsystemd-dev - 229-4ubuntu21.10 systemd-journal-remote - 229-4ubuntu21.10 libpam-systemd - 229-4ubuntu21.10 libnss-mymachines - 229-4ubuntu21.10 libnss-resolve - 229-4ubuntu21.10 systemd-sysv - 229-4ubuntu21.10 udev - 229-4ubuntu21.10 libudev-dev - 229-4ubuntu21.10 No subscription required None https://launchpad.net/bugs/1804847 Ubuntu 16.04 LTS It was discovered that Python incorrectly handled large amounts of data. A remote attacker could use this issue to cause Python to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2018-1000030) It was discovered that Python incorrectly handled running external commands in the shutil module. A remote attacker could use this issue to cause Python to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-1000802) It was discovered that Python incorrectly used regular expressions vulnerable to catastrophic backtracking. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2018-1060, CVE-2018-1061) It was discovered that Python failed to initialize Expat's hash salt. A remote attacker could possibly use this issue to cause hash collisions, leading to a denial of service. (CVE-2018-14647) Update Instructions: Run `sudo pro fix USN-3817-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python2.7-dev - 2.7.12-1ubuntu0~16.04.4 python2.7-doc - 2.7.12-1ubuntu0~16.04.4 libpython2.7-stdlib - 2.7.12-1ubuntu0~16.04.4 libpython2.7-minimal - 2.7.12-1ubuntu0~16.04.4 libpython2.7 - 2.7.12-1ubuntu0~16.04.4 libpython2.7-testsuite - 2.7.12-1ubuntu0~16.04.4 python2.7 - 2.7.12-1ubuntu0~16.04.4 idle-python2.7 - 2.7.12-1ubuntu0~16.04.4 python2.7-examples - 2.7.12-1ubuntu0~16.04.4 libpython2.7-dev - 2.7.12-1ubuntu0~16.04.4 python2.7-minimal - 2.7.12-1ubuntu0~16.04.4 No subscription required libpython3.5-stdlib - 3.5.2-2ubuntu0~16.04.5 python3.5-venv - 3.5.2-2ubuntu0~16.04.5 python3.5-doc - 3.5.2-2ubuntu0~16.04.5 python3.5-dev - 3.5.2-2ubuntu0~16.04.5 libpython3.5-dev - 3.5.2-2ubuntu0~16.04.5 libpython3.5-minimal - 3.5.2-2ubuntu0~16.04.5 python3.5 - 3.5.2-2ubuntu0~16.04.5 idle-python3.5 - 3.5.2-2ubuntu0~16.04.5 libpython3.5-testsuite - 3.5.2-2ubuntu0~16.04.5 python3.5-examples - 3.5.2-2ubuntu0~16.04.5 python3.5-minimal - 3.5.2-2ubuntu0~16.04.5 libpython3.5 - 3.5.2-2ubuntu0~16.04.5 No subscription required Medium CVE-2018-1000030 CVE-2018-1000802 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647 Ubuntu 16.04 LTS USN-3820-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Felix Wilhelm discovered that the Xen netback driver in the Linux kernel did not properly perform input validation in some situations. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-15471) It was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2017-13168) It was discovered that an integer overflow existed in the CD-ROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-16658) It was discovered that an integer overflow existed in the HID Bluetooth implementation in the Linux kernel that could lead to a buffer overwrite. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-9363) Update Instructions: Run `sudo pro fix USN-3820-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1024-gcp - 4.15.0-1024.25~16.04.2 No subscription required linux-image-unsigned-4.15.0-1031-azure - 4.15.0-1031.32~16.04.1 No subscription required linux-image-4.15.0-39-lowlatency - 4.15.0-39.42~16.04.1 linux-image-unsigned-4.15.0-39-lowlatency - 4.15.0-39.42~16.04.1 linux-image-4.15.0-39-generic - 4.15.0-39.42~16.04.1 linux-image-4.15.0-39-generic-lpae - 4.15.0-39.42~16.04.1 linux-image-unsigned-4.15.0-39-generic - 4.15.0-39.42~16.04.1 No subscription required High CVE-2017-13168 CVE-2018-15471 CVE-2018-16658 CVE-2018-9363 Ubuntu 16.04 LTS Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10880) It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053) Wen Xu discovered that the f2fs filesystem implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13096) Wen Xu and Po-Ning Tseng discovered that the btrfs filesystem implementation in the Linux kernel did not properly handle relocations in some situations. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14609) Wen Xu discovered that the HFS+ filesystem implementation in the Linux kernel did not properly handle malformed catalog data in some situations. An attacker could use this to construct a malicious HFS+ image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14617) Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. (CVE-2018-17972) It was discovered that the KVM implementation in the Linux kernel on ARM 64bit processors did not properly handle some ioctls. An attacker with the privilege to create KVM-based virtual machines could use this to cause a denial of service (host system crash) or execute arbitrary code in the host. (CVE-2018-18021) Update Instructions: Run `sudo pro fix USN-3821-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1037-kvm - 4.4.0-1037.43 No subscription required linux-image-4.4.0-1072-aws - 4.4.0-1072.82 No subscription required linux-image-4.4.0-1100-raspi2 - 4.4.0-1100.108 No subscription required linux-image-4.4.0-1104-snapdragon - 4.4.0-1104.109 No subscription required linux-image-4.4.0-139-generic-lpae - 4.4.0-139.165 linux-image-4.4.0-139-lowlatency - 4.4.0-139.165 linux-image-4.4.0-139-generic - 4.4.0-139.165 linux-image-4.4.0-139-powerpc-e500mc - 4.4.0-139.165 linux-image-4.4.0-139-powerpc64-smp - 4.4.0-139.165 linux-image-4.4.0-139-powerpc64-emb - 4.4.0-139.165 linux-image-extra-4.4.0-139-generic - 4.4.0-139.165 linux-image-4.4.0-139-powerpc-smp - 4.4.0-139.165 No subscription required Medium CVE-2018-10880 CVE-2018-13053 CVE-2018-13096 CVE-2018-14609 CVE-2018-14617 CVE-2018-17972 CVE-2018-18021 Ubuntu 16.04 LTS Jan Ingvoldstad discovered that mod_perl incorrectly handled configuration options to disable being used by unprivileged users, contrary to the documentation. A local attacker could possibly use this issue to execute arbitrary Perl code. Update Instructions: Run `sudo pro fix USN-3825-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-perl2 - 2.0.9-4ubuntu1.2 libapache2-mod-perl2-doc - 2.0.9-4ubuntu1.2 libapache2-mod-perl2-dev - 2.0.9-4ubuntu1.2 No subscription required Medium CVE-2011-2767 Ubuntu 16.04 LTS Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled NE2000 device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-10839) It was discovered that QEMU incorrectly handled the Slirp networking back-end. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-11806) Fakhri Zulkifli discovered that the QEMU guest agent incorrectly handled certain QMP commands. An attacker could possibly use this issue to crash the QEMU guest agent, resulting in a denial of service. (CVE-2018-12617) Li Qiang discovered that QEMU incorrectly handled NVM Express Controller emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16847) Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled RTL8139 device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-17958) Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled PCNET device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-17962) Daniel Shapira discovered that QEMU incorrectly handled large packet sizes. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-17963) It was discovered that QEMU incorrectly handled LSI53C895A device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-18849) Moguofang discovered that QEMU incorrectly handled the IPowerNV LPC controller. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-18954) Zhibin Hu discovered that QEMU incorrectly handled the Plan 9 File System support. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-19364) Update Instructions: Run `sudo pro fix USN-3826-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.5+dfsg-5ubuntu10.33 qemu-user-static - 1:2.5+dfsg-5ubuntu10.33 qemu-system-s390x - 1:2.5+dfsg-5ubuntu10.33 qemu-block-extra - 1:2.5+dfsg-5ubuntu10.33 qemu-kvm - 1:2.5+dfsg-5ubuntu10.33 qemu-user - 1:2.5+dfsg-5ubuntu10.33 qemu-guest-agent - 1:2.5+dfsg-5ubuntu10.33 qemu-system - 1:2.5+dfsg-5ubuntu10.33 qemu-utils - 1:2.5+dfsg-5ubuntu10.33 qemu-system-aarch64 - 1:2.5+dfsg-5ubuntu10.33 qemu-system-mips - 1:2.5+dfsg-5ubuntu10.33 qemu-user-binfmt - 1:2.5+dfsg-5ubuntu10.33 qemu-system-x86 - 1:2.5+dfsg-5ubuntu10.33 qemu-system-arm - 1:2.5+dfsg-5ubuntu10.33 qemu-system-sparc - 1:2.5+dfsg-5ubuntu10.33 qemu - 1:2.5+dfsg-5ubuntu10.33 qemu-system-ppc - 1:2.5+dfsg-5ubuntu10.33 qemu-system-misc - 1:2.5+dfsg-5ubuntu10.33 No subscription required Medium CVE-2018-10839 CVE-2018-11806 CVE-2018-12617 CVE-2018-16847 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18849 CVE-2018-18954 CVE-2018-19364 Ubuntu 16.04 LTS Florian Stuelpner discovered that Samba incorrectly handled CNAME records. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service. (CVE-2018-14629) Alex MacCuish discovered that Samba incorrectly handled memory when configured to accept smart-card authentication. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. (CVE-2018-16841) Garming Sam discovered that Samba incorrectly handled memory when processing LDAP searches. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. (CVE-2018-16851) Update Instructions: Run `sudo pro fix USN-3827-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.16.04.18 samba - 2:4.3.11+dfsg-0ubuntu0.16.04.18 libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.18 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.18 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.18 smbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.18 python-samba - 2:4.3.11+dfsg-0ubuntu0.16.04.18 winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.18 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.16.04.18 samba-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.18 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.16.04.18 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.16.04.18 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.18 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.18 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.18 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.18 samba-common - 2:4.3.11+dfsg-0ubuntu0.16.04.18 registry-tools - 2:4.3.11+dfsg-0ubuntu0.16.04.18 samba-libs - 2:4.3.11+dfsg-0ubuntu0.16.04.18 ctdb - 2:4.3.11+dfsg-0ubuntu0.16.04.18 No subscription required Medium CVE-2018-14629 CVE-2018-16841 CVE-2018-16851 Ubuntu 16.04 LTS It was discovered that Git incorrectly handled layers of tree objects. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-15298) It was discovered that Git incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-19486) Update Instructions: Run `sudo pro fix USN-3829-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:2.7.4-0ubuntu1.6 gitweb - 1:2.7.4-0ubuntu1.6 git-gui - 1:2.7.4-0ubuntu1.6 git-daemon-sysvinit - 1:2.7.4-0ubuntu1.6 git-arch - 1:2.7.4-0ubuntu1.6 git-el - 1:2.7.4-0ubuntu1.6 gitk - 1:2.7.4-0ubuntu1.6 git-all - 1:2.7.4-0ubuntu1.6 git-mediawiki - 1:2.7.4-0ubuntu1.6 git-daemon-run - 1:2.7.4-0ubuntu1.6 git-man - 1:2.7.4-0ubuntu1.6 git-doc - 1:2.7.4-0ubuntu1.6 git-svn - 1:2.7.4-0ubuntu1.6 git-cvs - 1:2.7.4-0ubuntu1.6 git-core - 1:2.7.4-0ubuntu1.6 git-email - 1:2.7.4-0ubuntu1.6 No subscription required Medium CVE-2017-15298 CVE-2018-19486 Ubuntu 16.04 LTS USN-3804-1 fixed vulnerabilities in OpenJDK. Unfortunately, that update introduced a regression when validating JAR files that prevented Java applications from finding classes in some situations. This update fixes the problem. We apologize for the inconvenience. Update Instructions: Run `sudo pro fix USN-3830-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-8-doc - 8u191-b12-0ubuntu0.16.04.1 openjdk-8-jdk - 8u191-b12-0ubuntu0.16.04.1 openjdk-8-jre-headless - 8u191-b12-0ubuntu0.16.04.1 openjdk-8-jre - 8u191-b12-0ubuntu0.16.04.1 openjdk-8-jdk-headless - 8u191-b12-0ubuntu0.16.04.1 openjdk-8-source - 8u191-b12-0ubuntu0.16.04.1 openjdk-8-jre-zero - 8u191-b12-0ubuntu0.16.04.1 openjdk-8-demo - 8u191-b12-0ubuntu0.16.04.1 openjdk-8-jre-jamvm - 8u191-b12-0ubuntu0.16.04.1 No subscription required None https://launchpad.net/bugs/1800792 https://usn.ubuntu.com/usn/usn-3804-1 Ubuntu 16.04 LTS It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service. Update Instructions: Run `sudo pro fix USN-3831-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.16.04.1 ghostscript-x - 9.26~dfsg+0-0ubuntu0.16.04.1 libgs-dev - 9.26~dfsg+0-0ubuntu0.16.04.1 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.16.04.1 libgs9 - 9.26~dfsg+0-0ubuntu0.16.04.1 libgs9-common - 9.26~dfsg+0-0ubuntu0.16.04.1 No subscription required Medium CVE-2018-19409 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477 Ubuntu 16.04 LTS USN-3831-1 fixed vulnerabilities in Ghostscript. Ghostscript 9.26 introduced a regression when used with certain options. This update fixes the problem. Original advisory details: It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service. Update Instructions: Run `sudo pro fix USN-3831-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.16.04.3 ghostscript-x - 9.26~dfsg+0-0ubuntu0.16.04.3 libgs-dev - 9.26~dfsg+0-0ubuntu0.16.04.3 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.16.04.3 libgs9 - 9.26~dfsg+0-0ubuntu0.16.04.3 libgs9-common - 9.26~dfsg+0-0ubuntu0.16.04.3 No subscription required None https://launchpad.net/bugs/1806517 Ubuntu 16.04 LTS Jayakrishna Menon discovered that Perl incorrectly handled Perl_my_setenv. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-18311) Eiichi Tsukata discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-18312) Eiichi Tsukata discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service. (CVE-2018-18313) Jakub Wilk discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-18314) Update Instructions: Run `sudo pro fix USN-3834-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: perl-modules-5.22 - 5.22.1-9ubuntu0.6 libperl-dev - 5.22.1-9ubuntu0.6 perl-doc - 5.22.1-9ubuntu0.6 perl - 5.22.1-9ubuntu0.6 perl-base - 5.22.1-9ubuntu0.6 perl-debug - 5.22.1-9ubuntu0.6 libperl5.22 - 5.22.1-9ubuntu0.6 No subscription required Medium CVE-2018-18311 CVE-2018-18312 CVE-2018-18313 CVE-2018-18314 Ubuntu 16.04 LTS USN-3836-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Jann Horn discovered that the Linux kernel mishandles mapping UID or GID ranges inside nested user namespaces in some situations. A local attacker could use this to bypass access controls on resources outside the namespace. (CVE-2018-18955) Philipp Wendler discovered that the overlayfs implementation in the Linux kernel did not properly verify the directory contents permissions from within a unprivileged user namespace. A local attacker could use this to expose sensitive information (protected file names). (CVE-2018-6559) Update Instructions: Run `sudo pro fix USN-3836-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1025-gcp - 4.15.0-1025.26~16.04.1 No subscription required linux-image-4.15.0-42-generic-lpae - 4.15.0-42.45~16.04.1 linux-image-4.15.0-42-lowlatency - 4.15.0-42.45~16.04.1 linux-image-unsigned-4.15.0-42-generic - 4.15.0-42.45~16.04.1 linux-image-unsigned-4.15.0-42-lowlatency - 4.15.0-42.45~16.04.1 linux-image-4.15.0-42-generic - 4.15.0-42.45~16.04.1 No subscription required Medium CVE-2018-18955 CVE-2018-6559 Ubuntu 16.04 LTS It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-16646, CVE-2018-19058, CVE-2018-19059, CVE-2018-19060) It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2018-19149) Update Instructions: Run `sudo pro fix USN-3837-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpoppler58 - 0.41.0-0ubuntu1.9 poppler-utils - 0.41.0-0ubuntu1.9 libpoppler-qt5-1 - 0.41.0-0ubuntu1.9 libpoppler-cpp-dev - 0.41.0-0ubuntu1.9 libpoppler-cpp0 - 0.41.0-0ubuntu1.9 gir1.2-poppler-0.18 - 0.41.0-0ubuntu1.9 libpoppler-dev - 0.41.0-0ubuntu1.9 libpoppler-glib8 - 0.41.0-0ubuntu1.9 libpoppler-private-dev - 0.41.0-0ubuntu1.9 libpoppler-qt4-dev - 0.41.0-0ubuntu1.9 libpoppler-glib-dev - 0.41.0-0ubuntu1.9 libpoppler-qt4-4 - 0.41.0-0ubuntu1.9 libpoppler-qt5-dev - 0.41.0-0ubuntu1.9 libpoppler-glib-doc - 0.41.0-0ubuntu1.9 No subscription required Medium CVE-2018-16646 CVE-2018-19058 CVE-2018-19059 CVE-2018-19060 CVE-2018-19149 Ubuntu 16.04 LTS USN-3837-1 fixed vulnerabilities in poppler. A regression was reported regarding the previous update. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-16646) It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-19149) Update Instructions: Run `sudo pro fix USN-3837-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpoppler58 - 0.41.0-0ubuntu1.10 poppler-utils - 0.41.0-0ubuntu1.10 libpoppler-qt5-1 - 0.41.0-0ubuntu1.10 libpoppler-cpp-dev - 0.41.0-0ubuntu1.10 libpoppler-cpp0 - 0.41.0-0ubuntu1.10 gir1.2-poppler-0.18 - 0.41.0-0ubuntu1.10 libpoppler-dev - 0.41.0-0ubuntu1.10 libpoppler-glib8 - 0.41.0-0ubuntu1.10 libpoppler-private-dev - 0.41.0-0ubuntu1.10 libpoppler-qt4-dev - 0.41.0-0ubuntu1.10 libpoppler-glib-dev - 0.41.0-0ubuntu1.10 libpoppler-qt4-4 - 0.41.0-0ubuntu1.10 libpoppler-qt5-dev - 0.41.0-0ubuntu1.10 libpoppler-glib-doc - 0.41.0-0ubuntu1.10 No subscription required Low CVE-2018-16646 CVE-2018-19149 Ubuntu 16.04 LTS It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3838-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libraw-doc - 0.17.1-1ubuntu0.4 libraw-bin - 0.17.1-1ubuntu0.4 libraw-dev - 0.17.1-1ubuntu0.4 libraw15 - 0.17.1-1ubuntu0.4 No subscription required Medium CVE-2018-5807 CVE-2018-5810 CVE-2018-5811 CVE-2018-5812 CVE-2018-5813 CVE-2018-5815 CVE-2018-5816 Ubuntu 16.04 LTS It was discovered that WavPack incorrectly handled certain WAV files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-19840, CVE-2018-19841) Update Instructions: Run `sudo pro fix USN-3839-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libwavpack1 - 4.75.2-2ubuntu0.2 libwavpack-dev - 4.75.2-2ubuntu0.2 wavpack - 4.75.2-2ubuntu0.2 No subscription required Medium CVE-2018-19840 CVE-2018-19841 Ubuntu 16.04 LTS Samuel Weiser discovered that OpenSSL incorrectly handled DSA signing. An attacker could possibly use this issue to perform a timing side-channel attack and recover private DSA keys. (CVE-2018-0734) Samuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-0735) Billy Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri, and Alejandro Cabrera Aldaya discovered that Simultaneous Multithreading (SMT) architectures are vulnerable to side-channel leakage. This issue is known as "PortSmash". An attacker could possibly use this issue to perform a timing side-channel attack and recover private keys. (CVE-2018-5407) Update Instructions: Run `sudo pro fix USN-3840-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.2g-1ubuntu4.14 libssl-dev - 1.0.2g-1ubuntu4.14 openssl - 1.0.2g-1ubuntu4.14 libssl-doc - 1.0.2g-1ubuntu4.14 libcrypto1.0.0-udeb - 1.0.2g-1ubuntu4.14 libssl1.0.0-udeb - 1.0.2g-1ubuntu4.14 No subscription required Low CVE-2018-0734 CVE-2018-0735 CVE-2018-5407 Ubuntu 16.04 LTS It was discovered that lxml incorrectly handled certain HTML files. An attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. Update Instructions: Run `sudo pro fix USN-3841-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-lxml - 3.5.0-1ubuntu0.1 python-lxml - 3.5.0-1ubuntu0.1 python-lxml-doc - 3.5.0-1ubuntu0.1 No subscription required Medium CVE-2018-19787 Ubuntu 16.04 LTS Jann Horn discovered that CUPS incorrectly handled session cookie randomness. A remote attacker could possibly use this issue to perform cross-site request forgery (CSRF) attacks. Update Instructions: Run `sudo pro fix USN-3842-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcupscgi1 - 2.1.3-4ubuntu0.6 libcups2-dev - 2.1.3-4ubuntu0.6 cups-bsd - 2.1.3-4ubuntu0.6 libcupsmime1 - 2.1.3-4ubuntu0.6 cups-common - 2.1.3-4ubuntu0.6 cups-core-drivers - 2.1.3-4ubuntu0.6 cups-server-common - 2.1.3-4ubuntu0.6 libcupsimage2 - 2.1.3-4ubuntu0.6 cups-client - 2.1.3-4ubuntu0.6 libcupscgi1-dev - 2.1.3-4ubuntu0.6 cups-ipp-utils - 2.1.3-4ubuntu0.6 libcups2 - 2.1.3-4ubuntu0.6 libcupsmime1-dev - 2.1.3-4ubuntu0.6 cups-ppdc - 2.1.3-4ubuntu0.6 libcupsppdc1 - 2.1.3-4ubuntu0.6 cups - 2.1.3-4ubuntu0.6 libcupsppdc1-dev - 2.1.3-4ubuntu0.6 libcupsimage2-dev - 2.1.3-4ubuntu0.6 cups-daemon - 2.1.3-4ubuntu0.6 No subscription required Medium CVE-2018-4700 Ubuntu 16.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass same-origin restritions, or execute arbitrary code. (CVE-2018-12405, CVE-2018-12406, CVE-2018-12407, CVE-2018-17466, CVE-2018-18492, CVE-2018-18493, CVE-2018-18494, CVE-2018-18498) Multiple security issues were discovered in WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to open privileged pages, or bypass other security restrictions. (CVE-2018-18495, CVE-2018-18497) Update Instructions: Run `sudo pro fix USN-3844-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-nn - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-ne - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-nb - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-fa - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-fi - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-fr - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-fy - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-or - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-kab - 64.0+build3-0ubuntu0.16.04.1 firefox-testsuite - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-oc - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-cs - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-ga - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-gd - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-gn - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-gl - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-gu - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-pa - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-pl - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-cy - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-pt - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-hi - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-uk - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-he - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-hy - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-hr - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-hu - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-as - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-ar - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-ia - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-az - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-id - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-mai - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-af - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-is - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-it - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-an - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-bs - 64.0+build3-0ubuntu0.16.04.1 firefox - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-ro - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-ja - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-ru - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-br - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-zh-hant - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-zh-hans - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-bn - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-be - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-bg - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-sl - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-sk - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-si - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-sw - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-sv - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-sr - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-sq - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-ko - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-kn - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-km - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-kk - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-ka - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-xh - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-ca - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-ku - 64.0+build3-0ubuntu0.16.04.1 firefox-mozsymbols - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-lv - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-lt - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-th - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-hsb - 64.0+build3-0ubuntu0.16.04.1 firefox-dev - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-te - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-cak - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-ta - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-lg - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-tr - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-nso - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-de - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-da - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-ms - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-mr - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-my - 64.0+build3-0ubuntu0.16.04.1 firefox-globalmenu - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-uz - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-ml - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-mn - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-mk - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-ur - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-vi - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-eu - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-et - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-es - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-csb - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-el - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-eo - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-en - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-zu - 64.0+build3-0ubuntu0.16.04.1 firefox-locale-ast - 64.0+build3-0ubuntu0.16.04.1 No subscription required Medium CVE-2018-12405 CVE-2018-12406 CVE-2018-12407 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18495 CVE-2018-18497 CVE-2018-18498 Ubuntu 16.04 LTS Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8784, CVE-2018-8785) Eyal Itkin discovered FreeRDP incorrectly handled bitmaps. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-8786, CVE-2018-8787) Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8788) Eyal Itkin discovered FreeRDP incorrectly handled NTLM authentication. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8789) Update Instructions: Run `sudo pro fix USN-3845-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfreerdp-common1.1.0 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libwinpr-dev - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libfreerdp-client1.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libwinpr-crt0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libfreerdp-primitives1.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libwinpr-pool0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libwinpr-library0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libwinpr-io0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libfreerdp-core1.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libfreerdp-locale1.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libfreerdp-gdi1.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libwinpr-winhttp0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libwinpr-synch0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libwinpr-sysinfo0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libfreerdp-codec1.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libwinpr-rpc0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libfreerdp-dev - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libwinpr-environment0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libfreerdp-cache1.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libwinpr-crypto0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libwinpr-sspi0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libfreerdp-utils1.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libwinpr-credui0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 freerdp-x11 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libwinpr-heap0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libfreerdp-rail1.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libwinpr-thread0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libwinpr-asn1-0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libwinpr-bcrypt0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libxfreerdp-client1.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libwinpr-file0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libwinpr-handle0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libwinpr-interlocked0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libwinpr-sspicli0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libwinpr-utils0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libwinpr-path0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libwinpr-error0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libwinpr-dsparse0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libfreerdp-plugins-standard - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libwinpr-timezone0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libfreerdp-crypto1.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libwinpr-winsock0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libwinpr-pipe0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libwinpr-credentials0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libwinpr-registry0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 libwinpr-input0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 No subscription required Medium CVE-2018-8784 CVE-2018-8785 CVE-2018-8786 CVE-2018-8787 CVE-2018-8788 CVE-2018-8789 Ubuntu 16.04 LTS USN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10902) It was discovered that an integer overrun vulnerability existed in the POSIX timers implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2018-12896) Noam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2018-14734) It was discovered that the YUREX USB device driver for the Linux kernel did not properly restrict user space reads or writes. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-16276) It was discovered that the BPF verifier in the Linux kernel did not correctly compute numeric bounds in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-18445) Kanda Motohiro discovered that writing extended attributes to an XFS file system in the Linux kernel in certain situations could cause an error condition to occur. A local attacker could use this to cause a denial of service. (CVE-2018-18690) It was discovered that an integer overflow vulnerability existed in the CDROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-18710) Update Instructions: Run `sudo pro fix USN-3847-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1026-gcp - 4.15.0-1026.27~16.04.1 No subscription required linux-image-4.15.0-1031-aws - 4.15.0-1031.33~16.04.1 No subscription required linux-image-unsigned-4.15.0-1036-azure - 4.15.0-1036.38~16.04.1 No subscription required linux-image-unsigned-4.15.0-43-generic - 4.15.0-43.46~16.04.1 linux-image-4.15.0-43-generic - 4.15.0-43.46~16.04.1 linux-image-4.15.0-43-lowlatency - 4.15.0-43.46~16.04.1 linux-image-4.15.0-43-generic-lpae - 4.15.0-43.46~16.04.1 linux-image-unsigned-4.15.0-43-lowlatency - 4.15.0-43.46~16.04.1 No subscription required Medium CVE-2018-10902 CVE-2018-12896 CVE-2018-14734 CVE-2018-16276 CVE-2018-18445 CVE-2018-18690 CVE-2018-18710 Ubuntu 16.04 LTS It was discovered that a double free existed in the AMD GPIO driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18174) It was discovered that an integer overrun vulnerability existed in the POSIX timers implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2018-12896) Kanda Motohiro discovered that writing extended attributes to an XFS file system in the Linux kernel in certain situations could cause an error condition to occur. A local attacker could use this to cause a denial of service. (CVE-2018-18690) It was discovered that an integer overflow vulnerability existed in the CDROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-18710) Update Instructions: Run `sudo pro fix USN-3848-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1039-kvm - 4.4.0-1039.45 No subscription required linux-image-4.4.0-1074-aws - 4.4.0-1074.84 No subscription required linux-image-4.4.0-1102-raspi2 - 4.4.0-1102.110 No subscription required linux-image-4.4.0-1106-snapdragon - 4.4.0-1106.111 No subscription required linux-image-extra-4.4.0-141-generic - 4.4.0-141.167 linux-image-4.4.0-141-powerpc-smp - 4.4.0-141.167 linux-image-4.4.0-141-powerpc-e500mc - 4.4.0-141.167 linux-image-4.4.0-141-powerpc64-smp - 4.4.0-141.167 linux-image-4.4.0-141-powerpc64-emb - 4.4.0-141.167 linux-image-4.4.0-141-generic - 4.4.0-141.167 linux-image-4.4.0-141-generic-lpae - 4.4.0-141.167 linux-image-4.4.0-141-lowlatency - 4.4.0-141.167 No subscription required Medium CVE-2017-18174 CVE-2018-12896 CVE-2018-18690 CVE-2018-18710 Ubuntu 16.04 LTS Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. (CVE-2018-0495) It was discovered that NSS incorrectly handled certain v2-compatible ClientHello messages. A remote attacker could possibly use this issue to perform a replay attack. (CVE-2018-12384) It was discovered that NSS incorrectly handled certain padding oracles. A remote attacker could possibly use this issue to perform a variant of the Bleichenbacher attack. (CVE-2018-12404) Update Instructions: Run `sudo pro fix USN-3850-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.28.4-0ubuntu0.16.04.4 libnss3-dev - 2:3.28.4-0ubuntu0.16.04.4 libnss3 - 2:3.28.4-0ubuntu0.16.04.4 libnss3-1d - 2:3.28.4-0ubuntu0.16.04.4 libnss3-tools - 2:3.28.4-0ubuntu0.16.04.4 No subscription required Medium CVE-2018-0495 CVE-2018-12384 CVE-2018-12404 Ubuntu 16.04 LTS It was discovered that Django incorrectly handled the default 404 page. A remote attacker could use this issue to spoof content using a malicious URL. Update Instructions: Run `sudo pro fix USN-3851-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1.8.7-1ubuntu5.7 python-django-doc - 1.8.7-1ubuntu5.7 python-django-common - 1.8.7-1ubuntu5.7 python-django - 1.8.7-1ubuntu5.7 No subscription required Medium CVE-2019-3498 Ubuntu 16.04 LTS It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. CVE-2017-9239 only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-11591, CVE-2017-11683, CVE-2017-14859, CVE-2017-14862, CVE-2017-14864, CVE-2017-17669, CVE-2017-9239, CVE-2018-16336, CVE-2018-1758) Update Instructions: Run `sudo pro fix USN-3852-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exiv2 - 0.25-2.1ubuntu16.04.3 libexiv2-14 - 0.25-2.1ubuntu16.04.3 libexiv2-doc - 0.25-2.1ubuntu16.04.3 libexiv2-dev - 0.25-2.1ubuntu16.04.3 No subscription required Medium CVE-2017-11591 CVE-2017-11683 CVE-2017-14859 CVE-2017-14862 CVE-2017-14864 CVE-2017-17669 CVE-2017-9239 CVE-2018-16336 CVE-2018-17581 Ubuntu 16.04 LTS It was discovered that systemd-journald allocated variable-length buffers for certain message fields on the stack. A local attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2018-16864) It was discovered that systemd-journald allocated variable-length arrays of objects representing message fields on the stack. A local attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2018-16865) An out-of-bounds read was discovered in systemd-journald. A local attacker could potentially exploit this to obtain sensitive information and bypass ASLR protections. (CVE-2018-16866) Update Instructions: Run `sudo pro fix USN-3855-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: systemd-coredump - 229-4ubuntu21.15 systemd - 229-4ubuntu21.15 udev-udeb - 229-4ubuntu21.15 libsystemd0 - 229-4ubuntu21.15 systemd-container - 229-4ubuntu21.15 libnss-myhostname - 229-4ubuntu21.15 libudev1-udeb - 229-4ubuntu21.15 libudev1 - 229-4ubuntu21.15 libsystemd-dev - 229-4ubuntu21.15 systemd-journal-remote - 229-4ubuntu21.15 libpam-systemd - 229-4ubuntu21.15 libnss-mymachines - 229-4ubuntu21.15 libnss-resolve - 229-4ubuntu21.15 systemd-sysv - 229-4ubuntu21.15 udev - 229-4ubuntu21.15 libudev-dev - 229-4ubuntu21.15 No subscription required High CVE-2018-16864 CVE-2018-16865 CVE-2018-16866 Ubuntu 16.04 LTS Fariskhi Vidyan discovered that PEAR Archive_Tar incorrectly handled certain archive paths. A remote attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3857-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php-pear - 1:1.10.1+submodules+notgz-6ubuntu0.1 No subscription required Medium CVE-2018-1000888 Ubuntu 16.04 LTS It was discovered that HAProxy incorrectly handled certain requests. An attacker could possibly use this to expose sensitive information. (CVE-2018-20102) It was discovered that HAProxy incorrectly handled certain requests. A attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20103, CVE-2018-20615) Update Instructions: Run `sudo pro fix USN-3858-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: haproxy - 1.6.3-1ubuntu0.2 haproxy-doc - 1.6.3-1ubuntu0.2 vim-haproxy - 1.6.3-1ubuntu0.2 No subscription required Medium CVE-2018-20102 CVE-2018-20103 CVE-2018-20615 Ubuntu 16.04 LTS It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to cause a denial of service. CVE-2018-1000880 affected only Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-1000877, CVE-2018-1000878, CVE-2018-1000880) It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2017-14502) Update Instructions: Run `sudo pro fix USN-3859-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bsdcpio - 3.1.2-11ubuntu0.16.04.5 libarchive13 - 3.1.2-11ubuntu0.16.04.5 bsdtar - 3.1.2-11ubuntu0.16.04.5 libarchive-dev - 3.1.2-11ubuntu0.16.04.5 No subscription required Medium CVE-2017-14502 CVE-2018-1000877 CVE-2018-1000878 CVE-2018-1000880 Ubuntu 16.04 LTS It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-20544) It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-20545, CVE-2018-20548, CVE-2018-20459) It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to access sensitive information. (CVE-2018-20546, CVE-2018-20547) Update Instructions: Run `sudo pro fix USN-3860-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: caca-utils - 0.99.beta19-2ubuntu0.16.04.1 libcaca-dev - 0.99.beta19-2ubuntu0.16.04.1 libcaca0 - 0.99.beta19-2ubuntu0.16.04.1 No subscription required Medium CVE-2018-20544 CVE-2018-20545 CVE-2018-20546 CVE-2018-20547 CVE-2018-20548 CVE-2018-20549 Ubuntu 16.04 LTS It was discovered that PolicyKit incorrectly handled certain large user UIDs. A local attacker with a large UID could possibly use this issue to perform privileged actions. Update Instructions: Run `sudo pro fix USN-3861-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpolkit-backend-1-0 - 0.105-14.1ubuntu0.4 policykit-1-doc - 0.105-14.1ubuntu0.4 libpolkit-gobject-1-dev - 0.105-14.1ubuntu0.4 libpolkit-agent-1-0 - 0.105-14.1ubuntu0.4 libpolkit-gobject-1-0 - 0.105-14.1ubuntu0.4 policykit-1 - 0.105-14.1ubuntu0.4 gir1.2-polkit-1.0 - 0.105-14.1ubuntu0.4 libpolkit-backend-1-dev - 0.105-14.1ubuntu0.4 libpolkit-agent-1-dev - 0.105-14.1ubuntu0.4 No subscription required Medium CVE-2018-19788 Ubuntu 16.04 LTS It was discovered that Irssi incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3862-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: irssi-dev - 0.8.19-1ubuntu1.8 irssi - 0.8.19-1ubuntu1.8 No subscription required Medium CVE-2019-5882 Ubuntu 16.04 LTS Max Justicz discovered that APT incorrectly handled certain parameters during redirects. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be used to install altered packages. Update Instructions: Run `sudo pro fix USN-3863-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apt-doc - 1.2.29ubuntu0.1 apt-transport-https - 1.2.29ubuntu0.1 libapt-pkg5.0 - 1.2.29ubuntu0.1 libapt-pkg-doc - 1.2.29ubuntu0.1 apt - 1.2.29ubuntu0.1 apt-utils - 1.2.29ubuntu0.1 libapt-inst2.0 - 1.2.29ubuntu0.1 libapt-pkg-dev - 1.2.29ubuntu0.1 No subscription required High CVE-2019-3462 Ubuntu 16.04 LTS It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Update Instructions: Run `sudo pro fix USN-3864-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.6-1ubuntu0.5 libtiffxx5 - 4.0.6-1ubuntu0.5 libtiff5-dev - 4.0.6-1ubuntu0.5 libtiff5 - 4.0.6-1ubuntu0.5 libtiff-tools - 4.0.6-1ubuntu0.5 libtiff-doc - 4.0.6-1ubuntu0.5 No subscription required Medium CVE-2018-10963 CVE-2018-17100 CVE-2018-17101 CVE-2018-18557 CVE-2018-18661 CVE-2018-7456 CVE-2018-8905 Ubuntu 16.04 LTS It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-20481, CVE-2018-20650) Update Instructions: Run `sudo pro fix USN-3865-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpoppler58 - 0.41.0-0ubuntu1.11 poppler-utils - 0.41.0-0ubuntu1.11 libpoppler-qt5-1 - 0.41.0-0ubuntu1.11 libpoppler-cpp-dev - 0.41.0-0ubuntu1.11 libpoppler-cpp0 - 0.41.0-0ubuntu1.11 gir1.2-poppler-0.18 - 0.41.0-0ubuntu1.11 libpoppler-dev - 0.41.0-0ubuntu1.11 libpoppler-glib8 - 0.41.0-0ubuntu1.11 libpoppler-private-dev - 0.41.0-0ubuntu1.11 libpoppler-qt4-dev - 0.41.0-0ubuntu1.11 libpoppler-glib-dev - 0.41.0-0ubuntu1.11 libpoppler-qt4-4 - 0.41.0-0ubuntu1.11 libpoppler-qt5-dev - 0.41.0-0ubuntu1.11 libpoppler-glib-doc - 0.41.0-0ubuntu1.11 No subscription required Medium CVE-2018-20481 CVE-2018-20650 Ubuntu 16.04 LTS Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Update Instructions: Run `sudo pro fix USN-3866-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.16.04.4 ghostscript-x - 9.26~dfsg+0-0ubuntu0.16.04.4 libgs-dev - 9.26~dfsg+0-0ubuntu0.16.04.4 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.16.04.4 libgs9 - 9.26~dfsg+0-0ubuntu0.16.04.4 libgs9-common - 9.26~dfsg+0-0ubuntu0.16.04.4 No subscription required High CVE-2019-6116 Ubuntu 16.04 LTS USN-3866-1 fixed vulnerabilities in Ghostscript. The new Ghostscript version introduced a regression when printing certain page sizes. This update fixes the problem. Original advisory details: Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Update Instructions: Run `sudo pro fix USN-3866-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.16.04.5 ghostscript-x - 9.26~dfsg+0-0ubuntu0.16.04.5 libgs-dev - 9.26~dfsg+0-0ubuntu0.16.04.5 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.16.04.5 libgs9 - 9.26~dfsg+0-0ubuntu0.16.04.5 libgs9-common - 9.26~dfsg+0-0ubuntu0.16.04.5 No subscription required None https://launchpad.net/bugs/1815339 Ubuntu 16.04 LTS USN-3866-2 fixed a regression in Ghostscript. The Ghostscript update introduced a new regression that resulted in certain pages being printed with a blue background. This update fixes the problem. Original advisory details: Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Update Instructions: Run `sudo pro fix USN-3866-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.16.04.7 ghostscript-x - 9.26~dfsg+0-0ubuntu0.16.04.7 libgs-dev - 9.26~dfsg+0-0ubuntu0.16.04.7 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.16.04.7 libgs9 - 9.26~dfsg+0-0ubuntu0.16.04.7 libgs9-common - 9.26~dfsg+0-0ubuntu0.16.04.7 No subscription required None https://launchpad.net/bugs/1817308 Ubuntu 16.04 LTS Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10 have been updated to MySQL 5.7.25. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-25.html https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html Update Instructions: Run `sudo pro fix USN-3867-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.25-0ubuntu0.16.04.2 mysql-source-5.7 - 5.7.25-0ubuntu0.16.04.2 libmysqlclient-dev - 5.7.25-0ubuntu0.16.04.2 mysql-client-core-5.7 - 5.7.25-0ubuntu0.16.04.2 mysql-client-5.7 - 5.7.25-0ubuntu0.16.04.2 libmysqlclient20 - 5.7.25-0ubuntu0.16.04.2 mysql-server-5.7 - 5.7.25-0ubuntu0.16.04.2 mysql-common - 5.7.25-0ubuntu0.16.04.2 mysql-server - 5.7.25-0ubuntu0.16.04.2 mysql-server-core-5.7 - 5.7.25-0ubuntu0.16.04.2 mysql-testsuite - 5.7.25-0ubuntu0.16.04.2 libmysqld-dev - 5.7.25-0ubuntu0.16.04.2 mysql-testsuite-5.7 - 5.7.25-0ubuntu0.16.04.2 No subscription required Medium CVE-2019-2420 CVE-2019-2434 CVE-2019-2455 CVE-2019-2481 CVE-2019-2482 CVE-2019-2486 CVE-2019-2503 CVE-2019-2507 CVE-2019-2510 CVE-2019-2528 CVE-2019-2529 CVE-2019-2531 CVE-2019-2532 CVE-2019-2534 CVE-2019-2537 Ubuntu 16.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same-origin restrictions, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3868-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: thunderbird-locale-es-ar - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-br - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-bn - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-be - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-bg - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-ja - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-sl - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-sk - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-si - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-gnome-support - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-sv - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-sr - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-sq - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-hsb - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-cy - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-cs - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-ca - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-pt-br - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-pa - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-ka - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-ko - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-kk - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-kab - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-pl - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-zh-tw - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-pt - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-nn-no - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-nb-no - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-bn-bd - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-lt - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-en-gb - 1:60.4.0+build2-0ubuntu0.16.04.1 xul-ext-calendar-timezones - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-de - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-da - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-uk - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-globalmenu - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-testsuite - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-dev - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-el - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-en-us - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-rm - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-ms - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-ro - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-eu - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-et - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-zh-hant - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-zh-hans - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-ru - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-mk - 1:60.4.0+build2-0ubuntu0.16.04.1 xul-ext-gdata-provider - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-fr - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-es-es - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-ta-lk - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-fy - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-fi - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-ast - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-nl - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-nn - 1:60.4.0+build2-0ubuntu0.16.04.1 xul-ext-lightning - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-ga-ie - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-fy-nl - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-nb - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-en - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-zh-cn - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-gl - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-ga - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-tr - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-gd - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-ta - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-dsb - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-it - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-hy - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-sv-se - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-hr - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-hu - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-pa-in - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-he - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-ar - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-af - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-pt-pt - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-is - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-vi - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-mozsymbols - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-es - 1:60.4.0+build2-0ubuntu0.16.04.1 thunderbird-locale-id - 1:60.4.0+build2-0ubuntu0.16.04.1 No subscription required Medium CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 CVE-2018-12405 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 Ubuntu 16.04 LTS Christophe Fergeau discovered that Spice incorrectly handled memory. A remote attacker could use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3870-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libspice-server1 - 0.12.6-4ubuntu0.4 libspice-server-dev - 0.12.6-4ubuntu0.4 No subscription required High CVE-2019-3813 Ubuntu 16.04 LTS USN-3871-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10876, CVE-2018-10879) Wen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10877) Wen Xu discovered that an out-of-bounds write vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10878, CVE-2018-10882) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10880) Wen Xu discovered that the ext4 file system implementation in the Linux kernel could possibly perform an out of bounds write when updating the journal for an inline file. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10883) It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information (host machine kernel memory). (CVE-2018-14625) Cfir Cohen discovered that a use-after-free vulnerability existed in the KVM implementation of the Linux kernel, when handling interrupts in environments where nested virtualization is in use (nested KVM virtualization is not enabled by default in Ubuntu kernels). A local attacker in a guest VM could possibly use this to gain administrative privileges in a host machine. (CVE-2018-16882) Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. (CVE-2018-17972) Jann Horn discovered that the mremap() system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service (system crash), expose sensitive information, or possibly execute arbitrary code. (CVE-2018-18281) Wei Wu discovered that the KVM implementation in the Linux kernel did not properly ensure that ioapics were initialized. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-19407) It was discovered that the debug interface for the Linux kernel's HID subsystem did not properly perform bounds checking in some situations. An attacker with access to debugfs could use this to cause a denial of service or possibly gain additional privileges. (CVE-2018-9516) Update Instructions: Run `sudo pro fix USN-3871-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1027-gcp - 4.15.0-1027.28~16.04.1 No subscription required linux-image-4.15.0-1032-aws - 4.15.0-1032.34~16.04.1 No subscription required linux-image-4.15.0-45-generic - 4.15.0-45.48~16.04.1 linux-image-4.15.0-45-lowlatency - 4.15.0-45.48~16.04.1 linux-image-4.15.0-45-generic-lpae - 4.15.0-45.48~16.04.1 No subscription required linux-image-gke - 4.15.0.1027.41 linux-image-gcp - 4.15.0.1027.41 No subscription required linux-image-aws-hwe - 4.15.0.1032.33 No subscription required linux-image-virtual-hwe-16.04 - 4.15.0.45.66 linux-image-generic-hwe-16.04 - 4.15.0.45.66 linux-image-oem - 4.15.0.45.66 linux-image-lowlatency-hwe-16.04 - 4.15.0.45.66 linux-image-generic-lpae-hwe-16.04 - 4.15.0.45.66 No subscription required Medium CVE-2018-10876 CVE-2018-10877 CVE-2018-10878 CVE-2018-10879 CVE-2018-10880 CVE-2018-10882 CVE-2018-10883 CVE-2018-14625 CVE-2018-16882 CVE-2018-17972 CVE-2018-18281 CVE-2018-19407 CVE-2018-9516 Ubuntu 16.04 LTS Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10876, CVE-2018-10879) Wen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10877) Wen Xu discovered that an out-of-bounds write vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10878, CVE-2018-10882) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10880) Wen Xu discovered that the ext4 file system implementation in the Linux kernel could possibly perform an out of bounds write when updating the journal for an inline file. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10883) It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information (host machine kernel memory). (CVE-2018-14625) Cfir Cohen discovered that a use-after-free vulnerability existed in the KVM implementation of the Linux kernel, when handling interrupts in environments where nested virtualization is in use (nested KVM virtualization is not enabled by default in Ubuntu kernels). A local attacker in a guest VM could possibly use this to gain administrative privileges in a host machine. (CVE-2018-16882) Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. (CVE-2018-17972) Jann Horn discovered that the mremap() system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service (system crash), expose sensitive information, or possibly execute arbitrary code. (CVE-2018-18281) Wei Wu discovered that the KVM implementation in the Linux kernel did not properly ensure that ioapics were initialized. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-19407) It was discovered that the debug interface for the Linux kernel's HID subsystem did not properly perform bounds checking in some situations. An attacker with access to debugfs could use this to cause a denial of service or possibly gain additional privileges. (CVE-2018-9516) Update Instructions: Run `sudo pro fix USN-3871-5` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1037-azure - 4.15.0-1037.39~16.04.1 No subscription required linux-image-azure - 4.15.0.1037.42 No subscription required Medium CVE-2018-10876 CVE-2018-10877 CVE-2018-10878 CVE-2018-10879 CVE-2018-10880 CVE-2018-10882 CVE-2018-10883 CVE-2018-14625 CVE-2018-16882 CVE-2018-17972 CVE-2018-18281 CVE-2018-19407 CVE-2018-9516 Ubuntu 16.04 LTS It was discovered that Open vSwitch incorrectly decoded certain packets. A remote attacker could possibly use this issue to cause Open vSwitch to crash, resulting in a denial of service. (CVE-2018-17204) It was discovered that Open vSwitch incorrectly handled processing certain flows. A remote attacker could possibly use this issue to cause Open vSwitch to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-17205) It was discovered that Open vSwitch incorrectly handled BUNDLE action decoding. A remote attacker could possibly use this issue to cause Open vSwitch to crash, resulting in a denial of service. (CVE-2018-17206) Update Instructions: Run `sudo pro fix USN-3873-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openvswitch-switch - 2.5.5-0ubuntu0.16.04.2 openvswitch-pki - 2.5.5-0ubuntu0.16.04.2 ovn-docker - 2.5.5-0ubuntu0.16.04.2 openvswitch-common - 2.5.5-0ubuntu0.16.04.2 openvswitch-testcontroller - 2.5.5-0ubuntu0.16.04.2 openvswitch-vtep - 2.5.5-0ubuntu0.16.04.2 python-openvswitch - 2.5.5-0ubuntu0.16.04.2 openvswitch-ipsec - 2.5.5-0ubuntu0.16.04.2 ovn-host - 2.5.5-0ubuntu0.16.04.2 ovn-common - 2.5.5-0ubuntu0.16.04.2 ovn-central - 2.5.5-0ubuntu0.16.04.2 openvswitch-switch-dpdk - 2.5.5-0ubuntu0.16.04.2 openvswitch-test - 2.5.5-0ubuntu0.16.04.2 No subscription required Medium CVE-2018-17204 CVE-2018-17205 CVE-2018-17206 Ubuntu 16.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, gain additional privileges by escaping the sandbox, or execute arbitrary code. (CVE-2018-18500, CVE-2018-18501, CVE-2018-18502, CVE-2018-18503, CVE-2018-18504, CVE-2018-18505) It was discovered that Firefox allowed PAC files to specify that requests to localhost are sent through the proxy to another server. If proxy auto-detection is enabled, an attacker could potentially exploit this to conduct attacks on local services and tools. (CVE-2018-18506) Update Instructions: Run `sudo pro fix USN-3874-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-nn - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-ne - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-nb - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-fa - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-fi - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-fr - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-fy - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-or - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-kab - 65.0+build2-0ubuntu0.16.04.1 firefox-testsuite - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-oc - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-cs - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-ga - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-gd - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-gn - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-gl - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-gu - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-pa - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-pl - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-cy - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-pt - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-hi - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-uk - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-he - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-hy - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-hr - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-hu - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-as - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-ar - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-ia - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-az - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-id - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-mai - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-af - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-is - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-it - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-an - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-bs - 65.0+build2-0ubuntu0.16.04.1 firefox - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-ro - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-ja - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-ru - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-br - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-zh-hant - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-zh-hans - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-bn - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-be - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-bg - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-sl - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-sk - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-si - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-sw - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-sv - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-sr - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-sq - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-ko - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-kn - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-km - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-kk - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-ka - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-xh - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-ca - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-ku - 65.0+build2-0ubuntu0.16.04.1 firefox-mozsymbols - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-lv - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-lt - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-th - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-hsb - 65.0+build2-0ubuntu0.16.04.1 firefox-dev - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-te - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-cak - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-ta - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-lg - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-tr - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-nso - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-de - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-da - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-ms - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-mr - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-my - 65.0+build2-0ubuntu0.16.04.1 firefox-globalmenu - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-uz - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-ml - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-mn - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-mk - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-ur - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-vi - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-eu - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-et - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-es - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-csb - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-el - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-eo - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-en - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-zu - 65.0+build2-0ubuntu0.16.04.1 firefox-locale-ast - 65.0+build2-0ubuntu0.16.04.1 No subscription required Medium CVE-2018-18500 CVE-2018-18501 CVE-2018-18502 CVE-2018-18503 CVE-2018-18504 CVE-2018-18505 CVE-2018-18506 Ubuntu 16.04 LTS It was discovered that a memory disclosure issue existed in the OpenJDK Library subsystem. An attacker could use this to expose sensitive information and possibly bypass Java sandbox restrictions. (CVE-2019-2422) Update Instructions: Run `sudo pro fix USN-3875-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-8-doc - 8u191-b12-2ubuntu0.16.04.1 openjdk-8-jdk - 8u191-b12-2ubuntu0.16.04.1 openjdk-8-jre-headless - 8u191-b12-2ubuntu0.16.04.1 openjdk-8-jre - 8u191-b12-2ubuntu0.16.04.1 openjdk-8-jdk-headless - 8u191-b12-2ubuntu0.16.04.1 openjdk-8-source - 8u191-b12-2ubuntu0.16.04.1 openjdk-8-jre-zero - 8u191-b12-2ubuntu0.16.04.1 openjdk-8-demo - 8u191-b12-2ubuntu0.16.04.1 openjdk-8-jre-jamvm - 8u191-b12-2ubuntu0.16.04.1 No subscription required Low CVE-2019-2422 Ubuntu 16.04 LTS Chad Seaman discovered that Avahi incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-6519, CVE-2018-1000845) Update Instructions: Run `sudo pro fix USN-3876-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libavahi-compat-libdnssd-dev - 0.6.32~rc+dfsg-1ubuntu2.3 libavahi-ui-gtk3-0 - 0.6.32~rc+dfsg-1ubuntu2.3 libavahi-core7-udeb - 0.6.32~rc+dfsg-1ubuntu2.3 libavahi-qt4-1 - 0.6.32~rc+dfsg-1ubuntu2.3 libavahi-core7 - 0.6.32~rc+dfsg-1ubuntu2.3 libavahi-client3 - 0.6.32~rc+dfsg-1ubuntu2.3 libavahi-core-dev - 0.6.32~rc+dfsg-1ubuntu2.3 libavahi-client-dev - 0.6.32~rc+dfsg-1ubuntu2.3 avahi-ui-utils - 0.6.32~rc+dfsg-1ubuntu2.3 libavahi-gobject-dev - 0.6.32~rc+dfsg-1ubuntu2.3 avahi-dnsconfd - 0.6.32~rc+dfsg-1ubuntu2.3 libavahi-compat-libdnssd1 - 0.6.32~rc+dfsg-1ubuntu2.3 libavahi-common3 - 0.6.32~rc+dfsg-1ubuntu2.3 avahi-daemon - 0.6.32~rc+dfsg-1ubuntu2.3 avahi-discover - 0.6.32~rc+dfsg-1ubuntu2.3 libavahi-common-dev - 0.6.32~rc+dfsg-1ubuntu2.3 libavahi-common-data - 0.6.32~rc+dfsg-1ubuntu2.3 avahi-utils - 0.6.32~rc+dfsg-1ubuntu2.3 libavahi-common3-udeb - 0.6.32~rc+dfsg-1ubuntu2.3 libavahi-ui-gtk3-dev - 0.6.32~rc+dfsg-1ubuntu2.3 libavahi-glib-dev - 0.6.32~rc+dfsg-1ubuntu2.3 libavahi-ui-dev - 0.6.32~rc+dfsg-1ubuntu2.3 libavahi-qt4-dev - 0.6.32~rc+dfsg-1ubuntu2.3 libavahi-gobject0 - 0.6.32~rc+dfsg-1ubuntu2.3 avahi-autoipd - 0.6.32~rc+dfsg-1ubuntu2.3 python-avahi - 0.6.32~rc+dfsg-1ubuntu2.3 libavahi-glib1 - 0.6.32~rc+dfsg-1ubuntu2.3 libavahi-ui0 - 0.6.32~rc+dfsg-1ubuntu2.3 No subscription required Medium CVE-2017-6519 CVE-2018-1000845 Ubuntu 16.04 LTS It was discovered that LibVNCServer incorrectly handled certain operations. A remote attacker able to connect to applications using LibVNCServer could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3877-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvncserver-config - 0.9.10+dfsg-3ubuntu0.16.04.3 libvncserver-dev - 0.9.10+dfsg-3ubuntu0.16.04.3 libvncserver1 - 0.9.10+dfsg-3ubuntu0.16.04.3 libvncclient1 - 0.9.10+dfsg-3ubuntu0.16.04.3 No subscription required Medium CVE-2018-15126 CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20023 CVE-2018-20024 CVE-2018-20748 CVE-2018-20749 CVE-2018-20750 CVE-2018-6307 Ubuntu 16.04 LTS Wen Xu discovered that the ext4 file system implementation in the Linux kernel could possibly perform an out of bounds write when updating the journal for an inline file. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10883) Vasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information. (CVE-2018-16862) Wei Wu discovered that the KVM implementation in the Linux kernel did not properly ensure that ioapics were initialized. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-19407) Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) subsystem. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19824) Hui Peng and Mathias Payer discovered that the USB subsystem in the Linux kernel did not properly handle size checks when handling an extra USB descriptor. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-20169) Update Instructions: Run `sudo pro fix USN-3879-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1040-kvm - 4.4.0-1040.46 No subscription required linux-image-4.4.0-1075-aws - 4.4.0-1075.85 No subscription required linux-image-4.4.0-1103-raspi2 - 4.4.0-1103.111 No subscription required linux-image-4.4.0-1107-snapdragon - 4.4.0-1107.112 No subscription required linux-image-4.4.0-142-powerpc-e500mc - 4.4.0-142.168 linux-image-4.4.0-142-generic - 4.4.0-142.168 linux-image-4.4.0-142-powerpc-smp - 4.4.0-142.168 linux-image-4.4.0-142-generic-lpae - 4.4.0-142.168 linux-image-4.4.0-142-powerpc64-smp - 4.4.0-142.168 linux-image-4.4.0-142-powerpc64-emb - 4.4.0-142.168 linux-image-4.4.0-142-lowlatency - 4.4.0-142.168 No subscription required linux-image-kvm - 4.4.0.1040.39 No subscription required linux-image-aws - 4.4.0.1075.77 No subscription required linux-image-raspi2 - 4.4.0.1103.103 No subscription required linux-image-snapdragon - 4.4.0.1107.99 No subscription required linux-image-generic-lts-wily - 4.4.0.142.148 linux-image-powerpc64-emb-lts-vivid - 4.4.0.142.148 linux-image-powerpc-e500mc - 4.4.0.142.148 linux-image-generic-lpae-lts-xenial - 4.4.0.142.148 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.142.148 linux-image-generic-lpae-lts-utopic - 4.4.0.142.148 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.142.148 linux-image-generic-lts-utopic - 4.4.0.142.148 linux-image-powerpc-e500mc-lts-wily - 4.4.0.142.148 linux-image-generic-lts-vivid - 4.4.0.142.148 linux-image-generic-lpae-lts-wily - 4.4.0.142.148 linux-image-virtual-lts-vivid - 4.4.0.142.148 linux-image-virtual-lts-utopic - 4.4.0.142.148 linux-image-virtual - 4.4.0.142.148 linux-image-powerpc64-emb-lts-wily - 4.4.0.142.148 linux-image-lowlatency-lts-vivid - 4.4.0.142.148 linux-image-powerpc64-smp-lts-utopic - 4.4.0.142.148 linux-image-powerpc64-emb - 4.4.0.142.148 linux-image-powerpc-smp-lts-xenial - 4.4.0.142.148 linux-image-powerpc64-smp-lts-vivid - 4.4.0.142.148 linux-image-lowlatency-lts-wily - 4.4.0.142.148 linux-image-virtual-lts-wily - 4.4.0.142.148 linux-image-generic - 4.4.0.142.148 linux-image-lowlatency-lts-xenial - 4.4.0.142.148 linux-image-powerpc64-smp-lts-xenial - 4.4.0.142.148 linux-image-powerpc64-emb-lts-utopic - 4.4.0.142.148 linux-image-generic-lts-xenial - 4.4.0.142.148 linux-image-powerpc-smp - 4.4.0.142.148 linux-image-generic-lpae-lts-vivid - 4.4.0.142.148 linux-image-generic-lpae - 4.4.0.142.148 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.142.148 linux-image-powerpc64-smp-lts-wily - 4.4.0.142.148 linux-image-powerpc64-emb-lts-xenial - 4.4.0.142.148 linux-image-powerpc-smp-lts-wily - 4.4.0.142.148 linux-image-powerpc64-smp - 4.4.0.142.148 linux-image-lowlatency-lts-utopic - 4.4.0.142.148 linux-image-powerpc-smp-lts-vivid - 4.4.0.142.148 linux-image-lowlatency - 4.4.0.142.148 linux-image-virtual-lts-xenial - 4.4.0.142.148 linux-image-powerpc-smp-lts-utopic - 4.4.0.142.148 No subscription required Medium CVE-2018-10883 CVE-2018-16862 CVE-2018-19407 CVE-2018-19824 CVE-2018-20169 Ubuntu 16.04 LTS It was discovered that Dovecot incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users. Update Instructions: Run `sudo pro fix USN-3881-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dovecot-pgsql - 1:2.2.22-1ubuntu2.9 dovecot-mysql - 1:2.2.22-1ubuntu2.9 dovecot-sieve - 1:2.2.22-1ubuntu2.9 dovecot-core - 1:2.2.22-1ubuntu2.9 dovecot-ldap - 1:2.2.22-1ubuntu2.9 dovecot-sqlite - 1:2.2.22-1ubuntu2.9 dovecot-dev - 1:2.2.22-1ubuntu2.9 dovecot-pop3d - 1:2.2.22-1ubuntu2.9 dovecot-imapd - 1:2.2.22-1ubuntu2.9 dovecot-managesieved - 1:2.2.22-1ubuntu2.9 dovecot-lucene - 1:2.2.22-1ubuntu2.9 mail-stack-delivery - 1:2.2.22-1ubuntu2.9 dovecot-gssapi - 1:2.2.22-1ubuntu2.9 dovecot-solr - 1:2.2.22-1ubuntu2.9 dovecot-lmtpd - 1:2.2.22-1ubuntu2.9 No subscription required Medium CVE-2019-3814 Ubuntu 16.04 LTS Wenxiang Qian discovered that curl incorrectly handled certain NTLM authentication messages. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-16890) Wenxiang Qian discovered that curl incorrectly handled certain NTLMv2 authentication messages. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2019-3822) Brian Carpenter discovered that curl incorrectly handled certain SMTP responses. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service. (CVE-2019-3823) Update Instructions: Run `sudo pro fix USN-3882-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.47.0-1ubuntu2.12 libcurl4-openssl-dev - 7.47.0-1ubuntu2.12 libcurl3-gnutls - 7.47.0-1ubuntu2.12 libcurl4-doc - 7.47.0-1ubuntu2.12 libcurl3-nss - 7.47.0-1ubuntu2.12 libcurl4-nss-dev - 7.47.0-1ubuntu2.12 libcurl3 - 7.47.0-1ubuntu2.12 curl - 7.47.0-1ubuntu2.12 No subscription required Medium CVE-2018-16890 CVE-2019-3822 CVE-2019-3823 Ubuntu 16.04 LTS It was discovered that LibreOffice incorrectly handled certain document files. If a user were tricked into opening a specially crafted document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. (CVE-2018-10119, CVE-2018-10120, CVE-2018-11790) It was discovered that LibreOffice incorrectly handled embedded SMB connections in document files. If a user were tricked in to opening a specially crafted document, a remote attacker could possibly exploit this to obtain sensitive information. (CVE-2018-10583) Alex Inführ discovered that LibreOffice incorrectly handled embedded scripts in document files. If a user were tricked into opening a specially crafted document, a remote attacker could possibly execute arbitrary code. (CVE-2018-16858) Update Instructions: Run `sudo pro fix USN-3883-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libreoffice-mysql-connector - 1.0.2+LibO5.1.6~rc2-0ubuntu1~xenial6 No subscription required libreoffice-wiki-publisher - 1.2.0+LibO5.1.6~rc2-0ubuntu1~xenial6 No subscription required libreoffice-impress - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-sdbc-postgresql - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-officebean - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-base - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-librelogo - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-java-common - 1:5.1.6~rc2-0ubuntu1~xenial6 gir1.2-lokdocview-0.1 - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-subsequentcheckbase - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-style-elementary - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-kde - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-style-galaxy - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-style-hicontrast - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-core - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-script-provider-bsh - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-avmedia-backend-gstreamer - 1:5.1.6~rc2-0ubuntu1~xenial6 libreofficekit-dev - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-script-provider-python - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-common - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-gnome - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-dev - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-gtk3 - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-report-builder - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-base-core - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-draw - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-ogltrans - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-sdbc-hsqldb - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-gtk - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-calc - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-base-drivers - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-style-oxygen - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-style-tango - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-style-human - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-sdbc-firebird - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-pdfimport - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-math - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-writer - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-report-builder-bin - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-dev-doc - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-script-provider-js - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-style-sifr - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-style-breeze - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-l10n-in - 1:5.1.6~rc2-0ubuntu1~xenial6 libreoffice-l10n-za - 1:5.1.6~rc2-0ubuntu1~xenial6 python3-uno - 1:5.1.6~rc2-0ubuntu1~xenial6 No subscription required fonts-opensymbol - 2:102.7+LibO5.1.6~rc2-0ubuntu1~xenial6 No subscription required uno-libs3 - 5.1.6~rc2-0ubuntu1~xenial6 ure - 5.1.6~rc2-0ubuntu1~xenial6 No subscription required Medium CVE-2018-10119 CVE-2018-10120 CVE-2018-10583 CVE-2018-11790 CVE-2018-16858 Ubuntu 16.04 LTS It was discovered that libarchive incorrectly handled certain 7zip files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-1000019, CVE-2019-1000020) Update Instructions: Run `sudo pro fix USN-3884-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bsdcpio - 3.1.2-11ubuntu0.16.04.6 libarchive13 - 3.1.2-11ubuntu0.16.04.6 bsdtar - 3.1.2-11ubuntu0.16.04.6 libarchive-dev - 3.1.2-11ubuntu0.16.04.6 No subscription required Medium CVE-2019-1000019 CVE-2019-1000020 Ubuntu 16.04 LTS Harry Sintonen discovered multiple issues in the OpenSSH scp utility. If a user or automated system were tricked into connecting to an untrusted server, a remote attacker could possibly use these issues to write to arbitrary files, change directory permissions, and spoof client output. Update Instructions: Run `sudo pro fix USN-3885-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssh-server-udeb - 1:7.2p2-4ubuntu2.7 openssh-client - 1:7.2p2-4ubuntu2.7 ssh-askpass-gnome - 1:7.2p2-4ubuntu2.7 openssh-server - 1:7.2p2-4ubuntu2.7 openssh-client-ssh1 - 1:7.2p2-4ubuntu2.7 ssh - 1:7.2p2-4ubuntu2.7 ssh-krb5 - 1:7.2p2-4ubuntu2.7 openssh-client-udeb - 1:7.2p2-4ubuntu2.7 openssh-sftp-server - 1:7.2p2-4ubuntu2.7 No subscription required Medium CVE-2018-20685 CVE-2019-6109 CVE-2019-6111 Ubuntu 16.04 LTS USN-3885-1 fixed vulnerabilities in OpenSSH. It was discovered that the fix for CVE-2019-6111 turned out to be incomplete. This update fixes the problem. Original advisory details: Harry Sintonen discovered multiple issues in the OpenSSH scp utility. If a user or automated system were tricked into connecting to an untrusted server, a remote attacker could possibly use these issues to write to arbitrary files, change directory permissions, and spoof client output. Update Instructions: Run `sudo pro fix USN-3885-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssh-server-udeb - 1:7.2p2-4ubuntu2.8 openssh-client - 1:7.2p2-4ubuntu2.8 ssh-askpass-gnome - 1:7.2p2-4ubuntu2.8 openssh-server - 1:7.2p2-4ubuntu2.8 openssh-client-ssh1 - 1:7.2p2-4ubuntu2.8 ssh - 1:7.2p2-4ubuntu2.8 ssh-krb5 - 1:7.2p2-4ubuntu2.8 openssh-client-udeb - 1:7.2p2-4ubuntu2.8 openssh-sftp-server - 1:7.2p2-4ubuntu2.8 No subscription required Low CVE-2019-6111 Ubuntu 16.04 LTS It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-20551, CVE-2019-7310) Update Instructions: Run `sudo pro fix USN-3886-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpoppler58 - 0.41.0-0ubuntu1.12 poppler-utils - 0.41.0-0ubuntu1.12 libpoppler-qt5-1 - 0.41.0-0ubuntu1.12 libpoppler-cpp-dev - 0.41.0-0ubuntu1.12 libpoppler-cpp0 - 0.41.0-0ubuntu1.12 gir1.2-poppler-0.18 - 0.41.0-0ubuntu1.12 libpoppler-dev - 0.41.0-0ubuntu1.12 libpoppler-glib8 - 0.41.0-0ubuntu1.12 libpoppler-private-dev - 0.41.0-0ubuntu1.12 libpoppler-qt4-dev - 0.41.0-0ubuntu1.12 libpoppler-glib-dev - 0.41.0-0ubuntu1.12 libpoppler-qt4-4 - 0.41.0-0ubuntu1.12 libpoppler-qt5-dev - 0.41.0-0ubuntu1.12 libpoppler-glib-doc - 0.41.0-0ubuntu1.12 No subscription required Medium CVE-2018-20551 CVE-2019-7310 Ubuntu 16.04 LTS Chris Moberly discovered that snapd versions 2.28 through 2.37 incorrectly validated and parsed the remote socket address when performing access controls on its UNIX socket. A local attacker could use this to access privileged socket APIs and obtain administrator privileges. On Ubuntu systems with snaps installed, snapd typically will have already automatically refreshed itself to snapd 2.37.1 which is unaffected. Update Instructions: Run `sudo pro fix USN-3887-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ubuntu-core-snapd-units - 2.34.2ubuntu0.1 ubuntu-core-launcher - 2.34.2ubuntu0.1 snap-confine - 2.34.2ubuntu0.1 ubuntu-snappy-cli - 2.34.2ubuntu0.1 golang-github-snapcore-snapd-dev - 2.34.2ubuntu0.1 snapd-xdg-open - 2.34.2ubuntu0.1 snapd - 2.34.2ubuntu0.1 golang-github-ubuntu-core-snappy-dev - 2.34.2ubuntu0.1 ubuntu-snappy - 2.34.2ubuntu0.1 No subscription required High CVE-2019-7304 https://launchpad.net/bugs/1813365 Ubuntu 16.04 LTS It was discovered that Django incorrectly handled formatting certain numbers. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service. Update Instructions: Run `sudo pro fix USN-3890-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1.8.7-1ubuntu5.8 python-django-doc - 1.8.7-1ubuntu5.8 python-django-common - 1.8.7-1ubuntu5.8 python-django - 1.8.7-1ubuntu5.8 No subscription required Medium CVE-2019-6975 Ubuntu 16.04 LTS It was discovered that systemd incorrectly handled certain D-Bus messages. A local unprivileged attacker could exploit this in order to crash the init process, resulting in a system denial-of-service (kernel panic). Update Instructions: Run `sudo pro fix USN-3891-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: systemd-coredump - 229-4ubuntu21.16 systemd - 229-4ubuntu21.16 udev-udeb - 229-4ubuntu21.16 libsystemd0 - 229-4ubuntu21.16 systemd-container - 229-4ubuntu21.16 libnss-myhostname - 229-4ubuntu21.16 libudev1-udeb - 229-4ubuntu21.16 libudev1 - 229-4ubuntu21.16 libsystemd-dev - 229-4ubuntu21.16 systemd-journal-remote - 229-4ubuntu21.16 libpam-systemd - 229-4ubuntu21.16 libnss-mymachines - 229-4ubuntu21.16 libnss-resolve - 229-4ubuntu21.16 systemd-sysv - 229-4ubuntu21.16 udev - 229-4ubuntu21.16 libudev-dev - 229-4ubuntu21.16 No subscription required Medium CVE-2019-6454 Ubuntu 16.04 LTS Toshifumi Sakaguchi discovered that Bind incorrectly handled memory. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-5744) It was discovered that Bind incorrectly handled certain trust anchors when used with the "managed-keys" feature. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2018-5745) It was discovered that Bind incorrectly handled certain controls for zone transfers, contrary to expectations. (CVE-2019-6465) Update Instructions: Run `sudo pro fix USN-3893-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libisccfg-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.12 libisc160 - 1:9.10.3.dfsg.P4-8ubuntu1.12 libisccc-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.12 libdns162 - 1:9.10.3.dfsg.P4-8ubuntu1.12 libbind-dev - 1:9.10.3.dfsg.P4-8ubuntu1.12 libisc-export160-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.12 liblwres141 - 1:9.10.3.dfsg.P4-8ubuntu1.12 libisccc-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.12 libisccfg-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.12 bind9 - 1:9.10.3.dfsg.P4-8ubuntu1.12 libisc-export160 - 1:9.10.3.dfsg.P4-8ubuntu1.12 libdns-export162-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.12 bind9-doc - 1:9.10.3.dfsg.P4-8ubuntu1.12 libbind-export-dev - 1:9.10.3.dfsg.P4-8ubuntu1.12 libisccc140 - 1:9.10.3.dfsg.P4-8ubuntu1.12 host - 1:9.10.3.dfsg.P4-8ubuntu1.12 libisccfg140 - 1:9.10.3.dfsg.P4-8ubuntu1.12 bind9-host - 1:9.10.3.dfsg.P4-8ubuntu1.12 dnsutils - 1:9.10.3.dfsg.P4-8ubuntu1.12 libdns-export162 - 1:9.10.3.dfsg.P4-8ubuntu1.12 bind9utils - 1:9.10.3.dfsg.P4-8ubuntu1.12 libirs-export141-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.12 libbind9-140 - 1:9.10.3.dfsg.P4-8ubuntu1.12 libirs141 - 1:9.10.3.dfsg.P4-8ubuntu1.12 libirs-export141 - 1:9.10.3.dfsg.P4-8ubuntu1.12 lwresd - 1:9.10.3.dfsg.P4-8ubuntu1.12 No subscription required Medium CVE-2018-5744 CVE-2018-5745 CVE-2019-6465 Ubuntu 16.04 LTS It was discovered that GNOME Keyring incorrectly cleared out credentials supplied to the PAM module. A local attacker could possibly use this issue to discover login credentials. Update Instructions: Run `sudo pro fix USN-3894-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gnome-keyring - 3.18.3-0ubuntu2.1 libpam-gnome-keyring - 3.18.3-0ubuntu2.1 libp11-kit-gnome-keyring - 3.18.3-0ubuntu2.1 No subscription required Medium CVE-2018-20781 Ubuntu 16.04 LTS It was discovered that LDB incorrectly handled certain search expressions. A remote attacker could possibly use this issue to cause the Samba LDAP process to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3895-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-ldb-dev - 2:1.1.24-1ubuntu3.1 python-ldb - 2:1.1.24-1ubuntu3.1 ldb-tools - 2:1.1.24-1ubuntu3.1 python3-ldb - 2:1.1.24-1ubuntu3.1 libldb-dev - 2:1.1.24-1ubuntu3.1 libldb1 - 2:1.1.24-1ubuntu3.1 python3-ldb-dev - 2:1.1.24-1ubuntu3.1 No subscription required Medium CVE-2019-3824 Ubuntu 16.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass same origin protections, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3896-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-nn - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ne - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-nb - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-fa - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-fi - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-fr - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-fy - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-or - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-kab - 65.0.1+build2-0ubuntu0.16.04.1 firefox-testsuite - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-oc - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-cs - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ga - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-gd - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-gn - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-gl - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-gu - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-pa - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-pl - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-cy - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-pt - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-hi - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-uk - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-he - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-hy - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-hr - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-hu - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-as - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ar - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ia - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-az - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-id - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-mai - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-af - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-is - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-it - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-an - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-bs - 65.0.1+build2-0ubuntu0.16.04.1 firefox - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ro - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ja - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ru - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-br - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-zh-hant - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-zh-hans - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-bn - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-be - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-bg - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-sl - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-sk - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-si - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-sw - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-sv - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-sr - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-sq - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ko - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-kn - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-km - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-kk - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ka - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-xh - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ca - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ku - 65.0.1+build2-0ubuntu0.16.04.1 firefox-mozsymbols - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-lv - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-lt - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-th - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-hsb - 65.0.1+build2-0ubuntu0.16.04.1 firefox-dev - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-te - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-cak - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ta - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-lg - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-csb - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-tr - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-nso - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-de - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-da - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ms - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-mr - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-my - 65.0.1+build2-0ubuntu0.16.04.1 firefox-globalmenu - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-uz - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ml - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-mn - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-mk - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ur - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-eu - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-et - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-es - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-vi - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-el - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-eo - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-en - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-zu - 65.0.1+build2-0ubuntu0.16.04.1 firefox-locale-ast - 65.0.1+build2-0ubuntu0.16.04.1 No subscription required Medium CVE-2018-18356 CVE-2018-18511 CVE-2019-5785 Ubuntu 16.04 LTS A use-after-free was discovered in libical. If a user were tricked in to opening a specially crafted ICS calendar file, an attacker could potentially exploit this to cause a denial of service. (CVE-2016-5824) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2018-18356, CVE-2018-18500, CVE-2019-5785) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, gain additional privileges by escaping the sandbox, or execute arbitrary code. (CVE-2018-18501, CVE-2018-18505) An issue was discovered with S/MIME signature verification in some circumstances. An attacker could potentially exploit this by spoofing signatures for arbitrary content. (CVE-2018-18509) Update Instructions: Run `sudo pro fix USN-3897-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: thunderbird-locale-es-ar - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-br - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-bn - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-be - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-bg - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-ja - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-sl - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-sk - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-si - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-gnome-support - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-sv - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-sr - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-sq - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-hsb - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-cy - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-cs - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-ca - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-pt-br - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-pa - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-ka - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-ko - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-kk - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-kab - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-pl - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-zh-tw - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-pt - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-nn-no - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-nb-no - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-bn-bd - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-lt - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-en-gb - 1:60.5.1+build2-0ubuntu0.16.04.1 xul-ext-calendar-timezones - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-de - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-da - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-uk - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-globalmenu - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-testsuite - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-dev - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-el - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-en-us - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-rm - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-ms - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-ro - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-eu - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-et - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-zh-hant - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-zh-hans - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-ru - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-mk - 1:60.5.1+build2-0ubuntu0.16.04.1 xul-ext-gdata-provider - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-fr - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-es-es - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-ta-lk - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-fy - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-fi - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-ast - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-nl - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-nn - 1:60.5.1+build2-0ubuntu0.16.04.1 xul-ext-lightning - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-ga-ie - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-fy-nl - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-nb - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-en - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-zh-cn - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-gl - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-ga - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-tr - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-gd - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-ta - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-dsb - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-it - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-hy - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-sv-se - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-hr - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-hu - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-pa-in - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-he - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-ar - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-af - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-pt-pt - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-is - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-vi - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-mozsymbols - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-es - 1:60.5.1+build2-0ubuntu0.16.04.1 thunderbird-locale-id - 1:60.5.1+build2-0ubuntu0.16.04.1 No subscription required Medium CVE-2016-5824 CVE-2018-18356 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 CVE-2018-18509 CVE-2019-5785 Ubuntu 16.04 LTS Hanno Böck and Damian Poddebniak discovered that NSS incorrectly handled certain CMS functions. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3898-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.28.4-0ubuntu0.16.04.5 libnss3-dev - 2:3.28.4-0ubuntu0.16.04.5 libnss3 - 2:3.28.4-0ubuntu0.16.04.5 libnss3-1d - 2:3.28.4-0ubuntu0.16.04.5 libnss3-tools - 2:3.28.4-0ubuntu0.16.04.5 No subscription required Medium CVE-2018-18508 Ubuntu 16.04 LTS Juraj Somorovsky, Robert Merget, and Nimrod Aviram discovered that certain applications incorrectly used OpenSSL and could be exposed to a padding oracle attack. A remote attacker could possibly use this issue to decrypt data. Update Instructions: Run `sudo pro fix USN-3899-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.2g-1ubuntu4.15 libssl-dev - 1.0.2g-1ubuntu4.15 openssl - 1.0.2g-1ubuntu4.15 libssl-doc - 1.0.2g-1ubuntu4.15 libcrypto1.0.0-udeb - 1.0.2g-1ubuntu4.15 libssl1.0.0-udeb - 1.0.2g-1ubuntu4.15 No subscription required Medium CVE-2019-1559 Ubuntu 16.04 LTS It was discovered that GD incorrectly handled memory when processing certain images. A remote attacker could use this issue with a specially crafted image file to cause GD to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3900-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgd3 - 2.1.1-4ubuntu0.16.04.11 libgd-tools - 2.1.1-4ubuntu0.16.04.11 libgd-dev - 2.1.1-4ubuntu0.16.04.11 No subscription required Medium CVE-2019-6977 CVE-2019-6978 Ubuntu 16.04 LTS USN-3901-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Jann Horn discovered that the userfaultd implementation in the Linux kernel did not properly restrict access to certain ioctls. A local attacker could use this possibly to modify files. (CVE-2018-18397) It was discovered that the crypto subsystem of the Linux kernel leaked uninitialized memory to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-19854) Jann Horn discovered a race condition in the fork() system call in the Linux kernel. A local attacker could use this to gain access to services that cache authorizations. (CVE-2019-6133) Update Instructions: Run `sudo pro fix USN-3901-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1009-oracle - 4.15.0-1009.11~16.04.1 No subscription required linux-image-4.15.0-1028-gcp - 4.15.0-1028.29~16.04.1 No subscription required linux-image-4.15.0-1033-aws - 4.15.0-1033.35~16.04.1 No subscription required linux-image-4.15.0-1040-azure - 4.15.0-1040.44 No subscription required linux-image-4.15.0-46-lowlatency - 4.15.0-46.49~16.04.1 linux-image-4.15.0-46-generic-lpae - 4.15.0-46.49~16.04.1 linux-image-4.15.0-46-generic - 4.15.0-46.49~16.04.1 No subscription required linux-image-oracle - 4.15.0.1009.3 No subscription required linux-image-gke - 4.15.0.1028.42 linux-image-gcp - 4.15.0.1028.42 No subscription required linux-image-aws-hwe - 4.15.0.1033.34 No subscription required linux-image-azure - 4.15.0.1040.44 No subscription required linux-image-virtual-hwe-16.04 - 4.15.0.46.67 linux-image-oem - 4.15.0.46.67 linux-image-lowlatency-hwe-16.04 - 4.15.0.46.67 linux-image-generic-hwe-16.04 - 4.15.0.46.67 linux-image-generic-lpae-hwe-16.04 - 4.15.0.46.67 No subscription required Medium CVE-2018-18397 CVE-2018-19854 CVE-2019-6133 Ubuntu 16.04 LTS It was discovered that the PHP XML-RPC module incorrectly handled decoding XML data. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2019-9020, CVE-2019-9024) It was discovered that the PHP PHAR module incorrectly handled certain filenames. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2019-9021) It was discovered that PHP incorrectly parsed certain DNS responses. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2019-9022) It was discovered that PHP incorrectly handled mbstring regular expressions. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2019-9023) Update Instructions: Run `sudo pro fix USN-3902-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.0-cgi - 7.0.33-0ubuntu0.16.04.2 php7.0-mcrypt - 7.0.33-0ubuntu0.16.04.2 php7.0-xsl - 7.0.33-0ubuntu0.16.04.2 php7.0-fpm - 7.0.33-0ubuntu0.16.04.2 libphp7.0-embed - 7.0.33-0ubuntu0.16.04.2 php7.0-phpdbg - 7.0.33-0ubuntu0.16.04.2 php7.0-curl - 7.0.33-0ubuntu0.16.04.2 php7.0-ldap - 7.0.33-0ubuntu0.16.04.2 php7.0-mbstring - 7.0.33-0ubuntu0.16.04.2 php7.0-gmp - 7.0.33-0ubuntu0.16.04.2 php7.0-sqlite3 - 7.0.33-0ubuntu0.16.04.2 php7.0-gd - 7.0.33-0ubuntu0.16.04.2 php7.0-common - 7.0.33-0ubuntu0.16.04.2 php7.0-enchant - 7.0.33-0ubuntu0.16.04.2 php7.0-odbc - 7.0.33-0ubuntu0.16.04.2 php7.0-cli - 7.0.33-0ubuntu0.16.04.2 php7.0-json - 7.0.33-0ubuntu0.16.04.2 php7.0-pgsql - 7.0.33-0ubuntu0.16.04.2 libapache2-mod-php7.0 - 7.0.33-0ubuntu0.16.04.2 php7.0-mysql - 7.0.33-0ubuntu0.16.04.2 php7.0-dba - 7.0.33-0ubuntu0.16.04.2 php7.0-sybase - 7.0.33-0ubuntu0.16.04.2 php7.0-pspell - 7.0.33-0ubuntu0.16.04.2 php7.0-interbase - 7.0.33-0ubuntu0.16.04.2 php7.0-xml - 7.0.33-0ubuntu0.16.04.2 php7.0-bz2 - 7.0.33-0ubuntu0.16.04.2 php7.0-recode - 7.0.33-0ubuntu0.16.04.2 php7.0-zip - 7.0.33-0ubuntu0.16.04.2 php7.0 - 7.0.33-0ubuntu0.16.04.2 php7.0-tidy - 7.0.33-0ubuntu0.16.04.2 php7.0-soap - 7.0.33-0ubuntu0.16.04.2 php7.0-opcache - 7.0.33-0ubuntu0.16.04.2 php7.0-readline - 7.0.33-0ubuntu0.16.04.2 php7.0-intl - 7.0.33-0ubuntu0.16.04.2 php7.0-imap - 7.0.33-0ubuntu0.16.04.2 php7.0-xmlrpc - 7.0.33-0ubuntu0.16.04.2 php7.0-bcmath - 7.0.33-0ubuntu0.16.04.2 php7.0-dev - 7.0.33-0ubuntu0.16.04.2 php7.0-snmp - 7.0.33-0ubuntu0.16.04.2 No subscription required Medium CVE-2019-9020 CVE-2019-9021 CVE-2019-9022 CVE-2019-9023 CVE-2019-9024 Ubuntu 16.04 LTS It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3905-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpoppler58 - 0.41.0-0ubuntu1.13 poppler-utils - 0.41.0-0ubuntu1.13 libpoppler-qt5-1 - 0.41.0-0ubuntu1.13 libpoppler-cpp-dev - 0.41.0-0ubuntu1.13 libpoppler-cpp0 - 0.41.0-0ubuntu1.13 gir1.2-poppler-0.18 - 0.41.0-0ubuntu1.13 libpoppler-dev - 0.41.0-0ubuntu1.13 libpoppler-glib8 - 0.41.0-0ubuntu1.13 libpoppler-private-dev - 0.41.0-0ubuntu1.13 libpoppler-qt4-dev - 0.41.0-0ubuntu1.13 libpoppler-glib-dev - 0.41.0-0ubuntu1.13 libpoppler-qt4-4 - 0.41.0-0ubuntu1.13 libpoppler-qt5-dev - 0.41.0-0ubuntu1.13 libpoppler-glib-doc - 0.41.0-0ubuntu1.13 No subscription required Medium CVE-2019-9200 Ubuntu 16.04 LTS It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Update Instructions: Run `sudo pro fix USN-3906-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.6-1ubuntu0.6 libtiffxx5 - 4.0.6-1ubuntu0.6 libtiff5-dev - 4.0.6-1ubuntu0.6 libtiff5 - 4.0.6-1ubuntu0.6 libtiff-tools - 4.0.6-1ubuntu0.6 libtiff-doc - 4.0.6-1ubuntu0.6 No subscription required Medium CVE-2018-10779 CVE-2018-12900 CVE-2018-17000 CVE-2018-19210 CVE-2019-6128 CVE-2019-7663 Ubuntu 16.04 LTS It was discovered that WALinuxAgent created swap files with incorrect permissions. A local attacker could possibly use this issue to obtain sensitive information from the swap file. Update Instructions: Run `sudo pro fix USN-3907-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: walinuxagent - 2.2.32-0ubuntu1~16.04.2 No subscription required Medium CVE-2019-0804 Ubuntu 16.04 LTS It was discovered that libvirt incorrectly handled waiting for certain agent events. An attacker inside a guest could possibly use this issue to cause libvirtd to stop responding, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3909-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvirt0 - 1.3.1-1ubuntu10.25 libvirt-dev - 1.3.1-1ubuntu10.25 libvirt-doc - 1.3.1-1ubuntu10.25 libvirt-bin - 1.3.1-1ubuntu10.25 No subscription required Medium CVE-2019-3840 Ubuntu 16.04 LTS It was discovered that the f2fs filesystem implementation in the Linux kernel did not handle the noflush_merge mount option correctly. An attacker could use this to cause a denial of service (system crash). (CVE-2017-18241) It was discovered that the procfs filesystem did not properly handle processes mapping some memory elements onto files. A local attacker could use this to block utilities that examine the procfs filesystem to report operating system state, such as ps(1). (CVE-2018-1120) Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19985) It was discovered that multiple integer overflows existed in the hugetlbfs implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-7740) Jann Horn discovered a race condition in the fork() system call in the Linux kernel. A local attacker could use this to gain access to services that cache authorizations. (CVE-2019-6133) Update Instructions: Run `sudo pro fix USN-3910-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1041-kvm - 4.4.0-1041.47 No subscription required linux-image-4.4.0-1077-aws - 4.4.0-1077.87 No subscription required linux-image-4.4.0-1104-raspi2 - 4.4.0-1104.112 No subscription required linux-image-4.4.0-1108-snapdragon - 4.4.0-1108.113 No subscription required linux-image-4.4.0-143-generic-lpae - 4.4.0-143.169 linux-image-4.4.0-143-powerpc64-emb - 4.4.0-143.169 linux-image-4.4.0-143-powerpc-e500mc - 4.4.0-143.169 linux-image-4.4.0-143-lowlatency - 4.4.0-143.169 linux-image-4.4.0-143-powerpc64-smp - 4.4.0-143.169 linux-image-4.4.0-143-powerpc-smp - 4.4.0-143.169 linux-image-4.4.0-143-generic - 4.4.0-143.169 No subscription required linux-image-kvm - 4.4.0.1041.41 No subscription required linux-image-aws - 4.4.0.1077.80 No subscription required linux-image-raspi2 - 4.4.0.1104.104 No subscription required linux-image-snapdragon - 4.4.0.1108.100 No subscription required linux-image-powerpc64-smp-lts-utopic - 4.4.0.143.151 linux-image-generic-lts-wily - 4.4.0.143.151 linux-image-powerpc64-emb-lts-vivid - 4.4.0.143.151 linux-image-generic-lpae-lts-xenial - 4.4.0.143.151 linux-image-generic-lpae-lts-utopic - 4.4.0.143.151 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.143.151 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.143.151 linux-image-powerpc-e500mc-lts-wily - 4.4.0.143.151 linux-image-generic-lts-vivid - 4.4.0.143.151 linux-image-virtual-lts-utopic - 4.4.0.143.151 linux-image-generic-lpae-lts-wily - 4.4.0.143.151 linux-image-virtual-lts-vivid - 4.4.0.143.151 linux-image-virtual - 4.4.0.143.151 linux-image-powerpc64-emb-lts-wily - 4.4.0.143.151 linux-image-lowlatency-lts-vivid - 4.4.0.143.151 linux-image-generic-lts-utopic - 4.4.0.143.151 linux-image-powerpc64-emb - 4.4.0.143.151 linux-image-powerpc-smp-lts-xenial - 4.4.0.143.151 linux-image-powerpc-e500mc - 4.4.0.143.151 linux-image-powerpc64-smp-lts-vivid - 4.4.0.143.151 linux-image-lowlatency-lts-wily - 4.4.0.143.151 linux-image-generic - 4.4.0.143.151 linux-image-lowlatency-lts-xenial - 4.4.0.143.151 linux-image-powerpc64-smp-lts-xenial - 4.4.0.143.151 linux-image-powerpc64-emb-lts-utopic - 4.4.0.143.151 linux-image-generic-lts-xenial - 4.4.0.143.151 linux-image-powerpc-smp - 4.4.0.143.151 linux-image-generic-lpae-lts-vivid - 4.4.0.143.151 linux-image-generic-lpae - 4.4.0.143.151 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.143.151 linux-image-powerpc64-smp-lts-wily - 4.4.0.143.151 linux-image-powerpc64-emb-lts-xenial - 4.4.0.143.151 linux-image-powerpc-smp-lts-wily - 4.4.0.143.151 linux-image-virtual-lts-wily - 4.4.0.143.151 linux-image-powerpc64-smp - 4.4.0.143.151 linux-image-lowlatency-lts-utopic - 4.4.0.143.151 linux-image-powerpc-smp-lts-vivid - 4.4.0.143.151 linux-image-lowlatency - 4.4.0.143.151 linux-image-virtual-lts-xenial - 4.4.0.143.151 linux-image-powerpc-smp-lts-utopic - 4.4.0.143.151 No subscription required Medium CVE-2017-18241 CVE-2018-1120 CVE-2018-19985 CVE-2018-7740 CVE-2019-6133 Ubuntu 16.04 LTS It was discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3911-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmagic-dev - 1:5.25-2ubuntu1.2 python-magic - 1:5.25-2ubuntu1.2 libmagic1 - 1:5.25-2ubuntu1.2 python3-magic - 1:5.25-2ubuntu1.2 file - 1:5.25-2ubuntu1.2 No subscription required Medium CVE-2019-8904 CVE-2019-8905 CVE-2019-8906 CVE-2019-8907 Ubuntu 16.04 LTS USN-3911-1 fixed vulnerabilities in file. One of the backported security fixes introduced a regression that caused the interpreter string to be truncated. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3911-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmagic-dev - 1:5.25-2ubuntu1.4 python-magic - 1:5.25-2ubuntu1.4 libmagic1 - 1:5.25-2ubuntu1.4 python3-magic - 1:5.25-2ubuntu1.4 file - 1:5.25-2ubuntu1.4 No subscription required None https://launchpad.net/bugs/1835596 Ubuntu 16.04 LTS It was discovered that the GDK-PixBuf library did not properly handle certain BMP images. If an user or automated system were tricked into opening a specially crafted BMP file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3912-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgdk-pixbuf2.0-0 - 2.32.2-1ubuntu1.6 libgdk-pixbuf2.0-common - 2.32.2-1ubuntu1.6 libgdk-pixbuf2.0-dev - 2.32.2-1ubuntu1.6 libgdk-pixbuf2.0-0-udeb - 2.32.2-1ubuntu1.6 libgdk-pixbuf2.0-doc - 2.32.2-1ubuntu1.6 gir1.2-gdkpixbuf-2.0 - 2.32.2-1ubuntu1.6 No subscription required Medium CVE-2017-12447 Ubuntu 16.04 LTS It was discovered that p7zip did not correctly handle certain malformed archives. If a user or automated system were tricked into processing a specially crafted archive with p7zip, then p7zip could be made to crash, possibly leading to abitrary code execution. Update Instructions: Run `sudo pro fix USN-3913-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: p7zip-full - 9.20.1~dfsg.1-4.2ubuntu0.1 p7zip - 9.20.1~dfsg.1-4.2ubuntu0.1 No subscription required Medium CVE-2016-2335 CVE-2017-17969 Ubuntu 16.04 LTS A heap buffer overflow was discovered in NTFS-3G when executing it with a relative mount point path that is too long. A local attacker could potentially exploit this to execute arbitrary code as the administrator. Update Instructions: Run `sudo pro fix USN-3914-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ntfs-3g - 1:2015.3.14AR.1-1ubuntu0.2 ntfs-3g-udeb - 1:2015.3.14AR.1-1ubuntu0.2 ntfs-3g-dev - 1:2015.3.14AR.1-1ubuntu0.2 No subscription required High CVE-2019-9755 Ubuntu 16.04 LTS USN-3914-1 fixed vulnerabilities in NTFS-3G. As an additional hardening measure, this update removes the setuid bit from the ntfs-3g binary. Original advisory details: A heap buffer overflow was discovered in NTFS-3G when executing it with a relative mount point path that is too long. A local attacker could potentially exploit this to execute arbitrary code as the administrator. Update Instructions: Run `sudo pro fix USN-3914-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ntfs-3g - 1:2015.3.14AR.1-1ubuntu0.3 ntfs-3g-udeb - 1:2015.3.14AR.1-1ubuntu0.3 ntfs-3g-dev - 1:2015.3.14AR.1-1ubuntu0.3 No subscription required None https://launchpad.net/bugs/1821250 Ubuntu 16.04 LTS It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Update Instructions: Run `sudo pro fix USN-3915-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.16.04.8 ghostscript-x - 9.26~dfsg+0-0ubuntu0.16.04.8 libgs-dev - 9.26~dfsg+0-0ubuntu0.16.04.8 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.16.04.8 libgs9 - 9.26~dfsg+0-0ubuntu0.16.04.8 libgs9-common - 9.26~dfsg+0-0ubuntu0.16.04.8 No subscription required Medium CVE-2019-3835 CVE-2019-3838 Ubuntu 16.04 LTS The snapd default seccomp filter for strict mode snaps blocks the use of the ioctl() system call when used with TIOCSTI as the second argument to the system call. Jann Horn discovered that this restriction could be circumvented on 64 bit architectures. A malicious snap could exploit this to bypass intended access restrictions to insert characters into the terminal's input queue. On Ubuntu, snapd typically will have already automatically refreshed itself to snapd 2.37.4 which is unaffected. Update Instructions: Run `sudo pro fix USN-3917-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ubuntu-core-snapd-units - 2.37.4ubuntu0.1 ubuntu-core-launcher - 2.37.4ubuntu0.1 snap-confine - 2.37.4ubuntu0.1 ubuntu-snappy-cli - 2.37.4ubuntu0.1 golang-github-snapcore-snapd-dev - 2.37.4ubuntu0.1 snapd-xdg-open - 2.37.4ubuntu0.1 snapd - 2.37.4ubuntu0.1 golang-github-ubuntu-core-snappy-dev - 2.37.4ubuntu0.1 ubuntu-snappy - 2.37.4ubuntu0.1 No subscription required Medium CVE-2019-7303 https://launchpad.net/bugs/1812973 Ubuntu 16.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick the user with confusing permission request prompts, obtain sensitive information, conduct social engineering attacks, or execute arbitrary code. (CVE-2019-9788, CVE-2019-9789, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9795, CVE-2019-9796, CVE-2019-9797, CVE-2019-9799, CVE-2019-9802, CVE-2019-9805, CVE-2019-9806, CVE-2019-9807, CVE-2019-9808, CVE-2019-9809) A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. If a user were tricked in to opening a specially crafted website with Spectre mitigations disabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-9793) It was discovered that Upgrade-Insecure-Requests was incorrectly enforced for same-origin navigation. An attacker could potentially exploit this to conduct machine-in-the-middle (MITM) attacks. (CVE-2019-9803) Update Instructions: Run `sudo pro fix USN-3918-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-nn - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-ne - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-nb - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-fa - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-fi - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-fr - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-fy - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-or - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-kab - 66.0+build3-0ubuntu0.16.04.2 firefox-testsuite - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-oc - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-cs - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-ga - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-gd - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-gn - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-gl - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-gu - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-pa - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-pl - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-cy - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-pt - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-hi - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-uk - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-he - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-hy - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-hr - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-hu - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-as - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-ar - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-ia - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-az - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-id - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-mai - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-af - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-is - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-it - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-an - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-bs - 66.0+build3-0ubuntu0.16.04.2 firefox - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-ro - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-ja - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-ru - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-br - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-zh-hant - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-zh-hans - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-bn - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-be - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-bg - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-sl - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-sk - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-si - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-sw - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-sv - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-sr - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-sq - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-ko - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-kn - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-km - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-kk - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-ka - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-xh - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-ca - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-ku - 66.0+build3-0ubuntu0.16.04.2 firefox-mozsymbols - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-lv - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-lt - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-th - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-hsb - 66.0+build3-0ubuntu0.16.04.2 firefox-dev - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-te - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-cak - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-ta - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-lg - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-tr - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-nso - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-de - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-da - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-ms - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-mr - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-my - 66.0+build3-0ubuntu0.16.04.2 firefox-globalmenu - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-uz - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-ml - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-mn - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-mk - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-ur - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-vi - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-eu - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-et - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-es - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-csb - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-el - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-eo - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-en - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-zu - 66.0+build3-0ubuntu0.16.04.2 firefox-locale-ast - 66.0+build3-0ubuntu0.16.04.2 No subscription required Medium CVE-2019-9788 CVE-2019-9789 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796 CVE-2019-9797 CVE-2019-9799 CVE-2019-9802 CVE-2019-9803 CVE-2019-9805 CVE-2019-9806 CVE-2019-9807 CVE-2019-9808 CVE-2019-9809 Ubuntu 16.04 LTS USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility issues with some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick the user with confusing permission request prompts, obtain sensitive information, conduct social engineering attacks, or execute arbitrary code. (CVE-2019-9788, CVE-2019-9789, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9795, CVE-2019-9796, CVE-2019-9797, CVE-2019-9799, CVE-2019-9802, CVE-2019-9805, CVE-2019-9806, CVE-2019-9807, CVE-2019-9808, CVE-2019-9809) A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. If a user were tricked in to opening a specially crafted website with Spectre mitigations disabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-9793) It was discovered that Upgrade-Insecure-Requests was incorrectly enforced for same-origin navigation. An attacker could potentially exploit this to conduct machine-in-the-middle (MITM) attacks. (CVE-2019-9803) Update Instructions: Run `sudo pro fix USN-3918-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nn - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ne - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nb - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fa - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fi - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fr - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fy - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-or - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kab - 66.0.2+build1-0ubuntu0.16.04.1 firefox-testsuite - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-oc - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cs - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ga - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gd - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gn - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gl - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gu - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pa - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pl - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cy - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pt - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hi - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-uk - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-he - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hy - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hr - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hu - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-as - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ar - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ia - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-az - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-id - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mai - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-af - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-is - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-it - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-an - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bs - 66.0.2+build1-0ubuntu0.16.04.1 firefox - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ro - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ja - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ru - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-br - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zh-hant - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zh-hans - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bn - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-be - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bg - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sl - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sk - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-si - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sw - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sv - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sr - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sq - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ko - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kn - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-km - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kk - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ka - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-xh - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ca - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ku - 66.0.2+build1-0ubuntu0.16.04.1 firefox-mozsymbols - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lv - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lt - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-th - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hsb - 66.0.2+build1-0ubuntu0.16.04.1 firefox-dev - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-te - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cak - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ta - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lg - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-tr - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nso - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-de - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-da - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ms - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mr - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-my - 66.0.2+build1-0ubuntu0.16.04.1 firefox-globalmenu - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-uz - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ml - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mn - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mk - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ur - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-vi - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-eu - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-et - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-es - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-csb - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-el - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-eo - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-en - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zu - 66.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ast - 66.0.2+build1-0ubuntu0.16.04.1 No subscription required None https://launchpad.net/bugs/1822185 Ubuntu 16.04 LTS USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility and performance issues with some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick the user with confusing permission request prompts, obtain sensitive information, conduct social engineering attacks, or execute arbitrary code. (CVE-2019-9788, CVE-2019-9789, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9795, CVE-2019-9796, CVE-2019-9797, CVE-2019-9799, CVE-2019-9802, CVE-2019-9805, CVE-2019-9806, CVE-2019-9807, CVE-2019-9808, CVE-2019-9809) A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. If a user were tricked in to opening a specially crafted website with Spectre mitigations disabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-9793) It was discovered that Upgrade-Insecure-Requests was incorrectly enforced for same-origin navigation. An attacker could potentially exploit this to conduct machine-in-the-middle (MITM) attacks. (CVE-2019-9803) Update Instructions: Run `sudo pro fix USN-3918-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-nn - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ne - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-nb - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-fa - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-fi - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-fr - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-fy - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-or - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-kab - 66.0.3+build1-0ubuntu0.16.04.1 firefox-testsuite - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-oc - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-cs - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ga - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-gd - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-gn - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-gl - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-gu - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-pa - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-pl - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-cy - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-pt - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-hi - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-uk - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-he - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-hy - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-hr - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-hu - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-as - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ar - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ia - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-az - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-id - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-mai - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-af - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-is - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-it - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-an - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-bs - 66.0.3+build1-0ubuntu0.16.04.1 firefox - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ro - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ja - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ru - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-br - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-zh-hant - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-zh-hans - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-bn - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-be - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-bg - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-sl - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-sk - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-si - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-sw - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-sv - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-sr - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-sq - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ko - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-kn - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-km - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-kk - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ka - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-xh - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ca - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ku - 66.0.3+build1-0ubuntu0.16.04.1 firefox-mozsymbols - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-lv - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-lt - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-th - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-hsb - 66.0.3+build1-0ubuntu0.16.04.1 firefox-dev - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-te - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-cak - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ta - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-lg - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-tr - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-nso - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-de - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-da - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ms - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-mr - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-my - 66.0.3+build1-0ubuntu0.16.04.1 firefox-globalmenu - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-uz - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ml - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-mn - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-mk - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ur - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-vi - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-eu - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-et - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-es - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-csb - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-el - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-eo - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-en - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-zu - 66.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ast - 66.0.3+build1-0ubuntu0.16.04.1 No subscription required None https://launchpad.net/bugs/1825051 Ubuntu 16.04 LTS Two security issues were discovered in the JavaScript engine in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit this by causing a denial of service, or executing arbitrary code. Update Instructions: Run `sudo pro fix USN-3919-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nn - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ne - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nb - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fa - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fi - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fr - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fy - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-or - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kab - 66.0.1+build1-0ubuntu0.16.04.1 firefox-testsuite - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-oc - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cs - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ga - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gd - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gn - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gl - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gu - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pa - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pl - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cy - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pt - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hi - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-uk - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-he - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hy - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hr - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hu - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-as - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ar - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ia - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-az - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-id - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mai - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-af - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-is - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-it - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-an - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bs - 66.0.1+build1-0ubuntu0.16.04.1 firefox - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ro - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ja - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ru - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-br - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zh-hant - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zh-hans - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bn - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-be - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bg - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sl - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sk - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-si - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sw - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sv - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sr - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sq - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ko - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kn - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-km - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kk - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ka - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-xh - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ca - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ku - 66.0.1+build1-0ubuntu0.16.04.1 firefox-mozsymbols - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lv - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lt - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-th - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hsb - 66.0.1+build1-0ubuntu0.16.04.1 firefox-dev - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-te - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cak - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ta - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lg - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-csb - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-tr - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nso - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-de - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-da - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ms - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mr - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-my - 66.0.1+build1-0ubuntu0.16.04.1 firefox-globalmenu - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-uz - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ml - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mn - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mk - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ur - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-eu - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-et - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-es - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-vi - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-el - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-eo - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-en - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zu - 66.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ast - 66.0.1+build1-0ubuntu0.16.04.1 No subscription required Medium CVE-2019-9810 CVE-2019-9813 Ubuntu 16.04 LTS It was discovered that XMLTooling incorrectly handled certain XML files with invalid data. An attacker could use this issue to cause XMLTooling to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3921-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xmltooling-schemas - 1.5.6-2ubuntu0.3 libxmltooling6v5 - 1.5.6-2ubuntu0.3 libxmltooling-dev - 1.5.6-2ubuntu0.3 libxmltooling-doc - 1.5.6-2ubuntu0.3 No subscription required Medium CVE-2019-9628 Ubuntu 16.04 LTS It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2019-9637, CVE-2019-9638, CVE-2019-9639, CVE-2019-9640, CVE-2019-9641) Update Instructions: Run `sudo pro fix USN-3922-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.0-cgi - 7.0.33-0ubuntu0.16.04.3 php7.0-mcrypt - 7.0.33-0ubuntu0.16.04.3 php7.0-xsl - 7.0.33-0ubuntu0.16.04.3 php7.0-fpm - 7.0.33-0ubuntu0.16.04.3 libphp7.0-embed - 7.0.33-0ubuntu0.16.04.3 php7.0-phpdbg - 7.0.33-0ubuntu0.16.04.3 php7.0-curl - 7.0.33-0ubuntu0.16.04.3 php7.0-ldap - 7.0.33-0ubuntu0.16.04.3 php7.0-mbstring - 7.0.33-0ubuntu0.16.04.3 php7.0-gmp - 7.0.33-0ubuntu0.16.04.3 php7.0-sqlite3 - 7.0.33-0ubuntu0.16.04.3 php7.0-gd - 7.0.33-0ubuntu0.16.04.3 php7.0-common - 7.0.33-0ubuntu0.16.04.3 php7.0-enchant - 7.0.33-0ubuntu0.16.04.3 php7.0-odbc - 7.0.33-0ubuntu0.16.04.3 php7.0-cli - 7.0.33-0ubuntu0.16.04.3 php7.0-json - 7.0.33-0ubuntu0.16.04.3 php7.0-pgsql - 7.0.33-0ubuntu0.16.04.3 libapache2-mod-php7.0 - 7.0.33-0ubuntu0.16.04.3 php7.0-zip - 7.0.33-0ubuntu0.16.04.3 php7.0-mysql - 7.0.33-0ubuntu0.16.04.3 php7.0-dba - 7.0.33-0ubuntu0.16.04.3 php7.0-sybase - 7.0.33-0ubuntu0.16.04.3 php7.0-pspell - 7.0.33-0ubuntu0.16.04.3 php7.0-xml - 7.0.33-0ubuntu0.16.04.3 php7.0-bz2 - 7.0.33-0ubuntu0.16.04.3 php7.0-recode - 7.0.33-0ubuntu0.16.04.3 php7.0-soap - 7.0.33-0ubuntu0.16.04.3 php7.0 - 7.0.33-0ubuntu0.16.04.3 php7.0-tidy - 7.0.33-0ubuntu0.16.04.3 php7.0-interbase - 7.0.33-0ubuntu0.16.04.3 php7.0-opcache - 7.0.33-0ubuntu0.16.04.3 php7.0-readline - 7.0.33-0ubuntu0.16.04.3 php7.0-intl - 7.0.33-0ubuntu0.16.04.3 php7.0-imap - 7.0.33-0ubuntu0.16.04.3 php7.0-xmlrpc - 7.0.33-0ubuntu0.16.04.3 php7.0-bcmath - 7.0.33-0ubuntu0.16.04.3 php7.0-dev - 7.0.33-0ubuntu0.16.04.3 php7.0-snmp - 7.0.33-0ubuntu0.16.04.3 No subscription required Medium CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 CVE-2019-9641 Ubuntu 16.04 LTS Michael Hanselmann discovered that QEMU incorrectly handled the Media Transfer Protocol (MTP). An attacker inside the guest could use this issue to read or write arbitrary files and cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.10. (CVE-2018-16867) Michael Hanselmann discovered that QEMU incorrectly handled the Media Transfer Protocol (MTP). An attacker inside the guest could use this issue to read arbitrary files, contrary to expectations. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16872) Zhibin Hu discovered that QEMU incorrectly handled the Plan 9 File System support. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-19489) Li Quang and Saar Amar discovered multiple issues in the QEMU PVRDMA device. An attacker inside the guest could use these issues to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.10. These issues were resolved by disabling PVRDMA support in Ubuntu 18.10. (CVE-2018-20123, CVE-2018-20124, CVE-2018-20125, CVE-2018-20126, CVE-2018-20191, CVE-2018-20216) Michael Hanselmann discovered that QEMU incorrectly handled certain i2c commands. A local attacker could possibly use this issue to read QEMU process memory. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2019-3812) It was discovered that QEMU incorrectly handled the Slirp networking back-end. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2019-6778) Update Instructions: Run `sudo pro fix USN-3923-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.5+dfsg-5ubuntu10.36 qemu-user-static - 1:2.5+dfsg-5ubuntu10.36 qemu-system-s390x - 1:2.5+dfsg-5ubuntu10.36 qemu-block-extra - 1:2.5+dfsg-5ubuntu10.36 qemu-kvm - 1:2.5+dfsg-5ubuntu10.36 qemu-user - 1:2.5+dfsg-5ubuntu10.36 qemu-guest-agent - 1:2.5+dfsg-5ubuntu10.36 qemu-system - 1:2.5+dfsg-5ubuntu10.36 qemu-utils - 1:2.5+dfsg-5ubuntu10.36 qemu-system-aarch64 - 1:2.5+dfsg-5ubuntu10.36 qemu - 1:2.5+dfsg-5ubuntu10.36 qemu-user-binfmt - 1:2.5+dfsg-5ubuntu10.36 qemu-system-x86 - 1:2.5+dfsg-5ubuntu10.36 qemu-system-misc - 1:2.5+dfsg-5ubuntu10.36 qemu-system-sparc - 1:2.5+dfsg-5ubuntu10.36 qemu-system-arm - 1:2.5+dfsg-5ubuntu10.36 qemu-system-ppc - 1:2.5+dfsg-5ubuntu10.36 qemu-system-mips - 1:2.5+dfsg-5ubuntu10.36 No subscription required Medium CVE-2018-16867 CVE-2018-16872 CVE-2018-19489 CVE-2018-20123 CVE-2018-20124 CVE-2018-20125 CVE-2018-20126 CVE-2018-20191 CVE-2018-20216 CVE-2019-3812 CVE-2019-6778 Ubuntu 16.04 LTS It was discovered that an out-of-bounds write vulnerability existed in the XMP image handling functionality of the FreeImage library. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could overwrite arbitrary memory, resulting in code execution. Update Instructions: Run `sudo pro fix USN-3925-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfreeimageplus-dev - 3.17.0+ds1-2ubuntu0.1 libfreeimage-dev - 3.17.0+ds1-2ubuntu0.1 libfreeimageplus3 - 3.17.0+ds1-2ubuntu0.1 libfreeimage3 - 3.17.0+ds1-2ubuntu0.1 libfreeimageplus-doc - 3.17.0+ds1-2ubuntu0.1 No subscription required Medium CVE-2016-5684 Ubuntu 16.04 LTS It was discovered that the GPAC MP4Box utility incorrectly handled certain memory operations. If an user or automated system were tricked into opening a specially crafted MP4 file, a remote attacker could use this issue to cause MP4Box to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3926-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gpac-modules-base - 0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1 libgpac-dev - 0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1 libgpac4 - 0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1 gpac - 0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1 No subscription required Medium CVE-2018-1000100 CVE-2018-13005 CVE-2018-13006 CVE-2018-20760 CVE-2018-20761 CVE-2018-20762 CVE-2018-20763 CVE-2018-7752 Ubuntu 16.04 LTS It was discovered that Thunderbird allowed PAC files to specify that requests to localhost are sent through the proxy to another server. If proxy auto-detection is enabled, an attacker could potentially exploit this to conduct attacks on local services and tools. (CVE-2018-18506) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2019-9788, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9795, CVE-2019-9796, CVE-2019-9810, CVE-2019-9813) A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. If a user were tricked in to opening a specially crafted website in a browsing context with Spectre mitigations disabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-9793) Update Instructions: Run `sudo pro fix USN-3927-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-bn - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-fr - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-en-us - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-es-es - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-nb-no - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-br - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-dsb - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-fy - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-kab - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-mk - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-bn-bd - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-hu - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-es-ar - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-be - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-bg - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-ja - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-lt - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-sl - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-en-gb - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-sv-se - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-si - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-gnome-support - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-hr - 1:60.6.1+build2-0ubuntu0.16.04.1 xul-ext-calendar-timezones - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-de - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-en - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-da - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-nl - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-nn - 1:60.6.1+build2-0ubuntu0.16.04.1 xul-ext-lightning - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-ga-ie - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-fy-nl - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-sv - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-pa-in - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-it - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-sr - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-sq - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-he - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-hsb - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-kk - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-ar - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-uk - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-globalmenu - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-zh-cn - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-ta-lk - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-ru - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-cs - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-mozsymbols - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-fi - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-ro - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-af - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-pt-pt - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-sk - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-dev - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-cy - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-hy - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-ca - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-pt-br - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-el - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-nn-no - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-pa - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-rm - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-ms - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-gl - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-ko - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-ga - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-ast - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-tr - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-vi - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-pl - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-gd - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-zh-tw - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-id - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-ka - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-nb - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-pt - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-eu - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-et - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-zh-hant - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-zh-hans - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-is - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-es - 1:60.6.1+build2-0ubuntu0.16.04.1 thunderbird-locale-ta - 1:60.6.1+build2-0ubuntu0.16.04.1 No subscription required Medium CVE-2018-18506 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796 CVE-2019-9810 CVE-2019-9813 Ubuntu 16.04 LTS It was discovered that Dovecot incorrectly handled reading certain headers from the index. A local attacker could possibly use this issue to escalate privileges. Update Instructions: Run `sudo pro fix USN-3928-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dovecot-pgsql - 1:2.2.22-1ubuntu2.10 dovecot-mysql - 1:2.2.22-1ubuntu2.10 dovecot-sieve - 1:2.2.22-1ubuntu2.10 dovecot-core - 1:2.2.22-1ubuntu2.10 dovecot-ldap - 1:2.2.22-1ubuntu2.10 dovecot-sqlite - 1:2.2.22-1ubuntu2.10 dovecot-dev - 1:2.2.22-1ubuntu2.10 dovecot-pop3d - 1:2.2.22-1ubuntu2.10 dovecot-imapd - 1:2.2.22-1ubuntu2.10 dovecot-managesieved - 1:2.2.22-1ubuntu2.10 dovecot-lucene - 1:2.2.22-1ubuntu2.10 mail-stack-delivery - 1:2.2.22-1ubuntu2.10 dovecot-gssapi - 1:2.2.22-1ubuntu2.10 dovecot-solr - 1:2.2.22-1ubuntu2.10 dovecot-lmtpd - 1:2.2.22-1ubuntu2.10 No subscription required Medium CVE-2019-7524 Ubuntu 16.04 LTS USN-3931-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS and for the Linux Azure kernel for Ubuntu 14.04 LTS. M. Vefa Bicakci and Andy Lutomirski discovered that the kernel did not properly set up all arguments to an error handler callback used when running as a paravirtualized guest. An unprivileged attacker in a paravirtualized guest VM could use this to cause a denial of service (guest VM crash). (CVE-2018-14678) It was discovered that the KVM implementation in the Linux kernel on ARM 64bit processors did not properly handle some ioctls. An attacker with the privilege to create KVM-based virtual machines could use this to cause a denial of service (host system crash) or execute arbitrary code in the host. (CVE-2018-18021) Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) subsystem. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19824) Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information leak in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could use this to expose sensitive information (kernel memory). (CVE-2019-3459, CVE-2019-3460) Jann Horn discovered that the KVM implementation in the Linux kernel contained a use-after-free vulnerability. An attacker in a guest VM with access to /dev/kvm could use this to cause a denial of service (guest VM crash). (CVE-2019-6974) Jim Mattson and Felix Wilhelm discovered a use-after-free vulnerability in the KVM subsystem of the Linux kernel, when using nested virtual machines. A local attacker in a guest VM could use this to cause a denial of service (system crash) or possibly execute arbitrary code in the host system. (CVE-2019-7221) Felix Wilhelm discovered that an information leak vulnerability existed in the KVM subsystem of the Linux kernel, when nested virtualization is used. A local attacker could use this to expose sensitive information (host system memory to a guest VM). (CVE-2019-7222) Jann Horn discovered that the eBPF implementation in the Linux kernel was insufficiently hardened against Spectre V1 attacks. A local attacker could use this to expose sensitive information. (CVE-2019-7308) It was discovered that a use-after-free vulnerability existed in the user- space API for crypto (af_alg) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-8912) It was discovered that the Linux kernel did not properly deallocate memory when handling certain errors while reading files. A local attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2019-8980) Jann Horn discovered that the mmap implementation in the Linux kernel did not properly check for the mmap minimum address in some situations. A local attacker could use this to assist exploiting a kernel NULL pointer dereference vulnerability. (CVE-2019-9213) Update Instructions: Run `sudo pro fix USN-3931-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1010-oracle - 4.15.0-1010.12~16.04.1 No subscription required linux-image-4.15.0-1029-gcp - 4.15.0-1029.31~16.04.1 No subscription required linux-image-4.15.0-1035-aws - 4.15.0-1035.37~16.04.1 No subscription required linux-image-4.15.0-1041-azure - 4.15.0-1041.45 No subscription required linux-image-4.15.0-47-generic-lpae - 4.15.0-47.50~16.04.1 linux-image-4.15.0-47-lowlatency - 4.15.0-47.50~16.04.1 linux-image-4.15.0-47-generic - 4.15.0-47.50~16.04.1 No subscription required linux-image-oracle - 4.15.0.1010.4 No subscription required linux-image-gke - 4.15.0.1029.43 linux-image-gcp - 4.15.0.1029.43 No subscription required linux-image-aws-hwe - 4.15.0.1035.35 No subscription required linux-image-azure - 4.15.0.1041.45 No subscription required linux-image-virtual-hwe-16.04 - 4.15.0.47.68 linux-image-lowlatency-hwe-16.04 - 4.15.0.47.68 linux-image-generic-hwe-16.04 - 4.15.0.47.68 linux-image-oem - 4.15.0.47.68 linux-image-generic-lpae-hwe-16.04 - 4.15.0.47.68 No subscription required Medium CVE-2018-14678 CVE-2018-18021 CVE-2018-19824 CVE-2019-3459 CVE-2019-3460 CVE-2019-6974 CVE-2019-7221 CVE-2019-7222 CVE-2019-7308 CVE-2019-8912 CVE-2019-8980 CVE-2019-9213 Ubuntu 16.04 LTS It was discovered that a race condition existed in the f2fs file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2017-18249) Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13097, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14616) Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613) Vasily Averin and Evgenii Shatokhin discovered that a use-after-free vulnerability existed in the NFS41+ subsystem when multiple network namespaces are in use. A local attacker in a container could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-16884) It was discovered that a use-after-free vulnerability existed in the PPP over L2TP implementation in the Linux kernel. A privileged local attacker could use this to possibly execute arbitrary code. (CVE-2018-9517) Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information leak in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could use this to expose sensitive information (kernel memory). (CVE-2019-3459, CVE-2019-3460) Jann Horn discovered that the KVM implementation in the Linux kernel contained a use-after-free vulnerability. An attacker in a guest VM with access to /dev/kvm could use this to cause a denial of service (guest VM crash). (CVE-2019-6974) Jim Mattson and Felix Wilhelm discovered a use-after-free vulnerability in the KVM subsystem of the Linux kernel, when using nested virtual machines. A local attacker in a guest VM could use this to cause a denial of service (system crash) or possibly execute arbitrary code in the host system. (CVE-2019-7221) Felix Wilhelm discovered that an information leak vulnerability existed in the KVM subsystem of the Linux kernel, when nested virtualization is used. A local attacker could use this to expose sensitive information (host system memory to a guest VM). (CVE-2019-7222) Jann Horn discovered that the mmap implementation in the Linux kernel did not properly check for the mmap minimum address in some situations. A local attacker could use this to assist exploiting a kernel NULL pointer dereference vulnerability. (CVE-2019-9213) Muyu Yu discovered that the CAN implementation in the Linux kernel in some situations did not properly restrict the field size when processing outgoing frames. A local attacker with CAP_NET_ADMIN privileges could use this to execute arbitrary code. (CVE-2019-3701) Vladis Dronov discovered that the debug interface for the Linux kernel's HID subsystem did not properly validate passed parameters in some situations. A local privileged attacker could use this to cause a denial of service (infinite loop). (CVE-2019-3819) Update Instructions: Run `sudo pro fix USN-3932-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1043-kvm - 4.4.0-1043.49 No subscription required linux-image-4.4.0-1079-aws - 4.4.0-1079.89 No subscription required linux-image-4.4.0-1106-raspi2 - 4.4.0-1106.114 No subscription required linux-image-4.4.0-1110-snapdragon - 4.4.0-1110.115 No subscription required linux-image-4.4.0-145-powerpc-e500mc - 4.4.0-145.171 linux-image-4.4.0-145-lowlatency - 4.4.0-145.171 linux-image-4.4.0-145-powerpc64-emb - 4.4.0-145.171 linux-image-4.4.0-145-powerpc64-smp - 4.4.0-145.171 linux-image-4.4.0-145-powerpc-smp - 4.4.0-145.171 linux-image-4.4.0-145-generic-lpae - 4.4.0-145.171 linux-image-4.4.0-145-generic - 4.4.0-145.171 No subscription required linux-image-kvm - 4.4.0.1043.43 No subscription required linux-image-aws - 4.4.0.1079.82 No subscription required linux-image-raspi2 - 4.4.0.1106.106 No subscription required linux-image-snapdragon - 4.4.0.1110.102 No subscription required linux-image-powerpc-e500mc-lts-utopic - 4.4.0.145.153 linux-image-generic-lts-wily - 4.4.0.145.153 linux-image-powerpc64-emb-lts-vivid - 4.4.0.145.153 linux-image-powerpc-e500mc - 4.4.0.145.153 linux-image-generic-lpae-lts-xenial - 4.4.0.145.153 linux-image-generic-lpae-lts-utopic - 4.4.0.145.153 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.145.153 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.145.153 linux-image-powerpc-e500mc-lts-wily - 4.4.0.145.153 linux-image-generic-lts-vivid - 4.4.0.145.153 linux-image-generic-lpae-lts-wily - 4.4.0.145.153 linux-image-virtual-lts-vivid - 4.4.0.145.153 linux-image-virtual-lts-utopic - 4.4.0.145.153 linux-image-virtual - 4.4.0.145.153 linux-image-powerpc64-emb-lts-wily - 4.4.0.145.153 linux-image-lowlatency-lts-vivid - 4.4.0.145.153 linux-image-powerpc64-smp-lts-utopic - 4.4.0.145.153 linux-image-powerpc64-emb - 4.4.0.145.153 linux-image-powerpc-smp-lts-xenial - 4.4.0.145.153 linux-image-powerpc64-smp-lts-vivid - 4.4.0.145.153 linux-image-lowlatency-lts-wily - 4.4.0.145.153 linux-image-generic - 4.4.0.145.153 linux-image-lowlatency-lts-xenial - 4.4.0.145.153 linux-image-powerpc64-smp-lts-xenial - 4.4.0.145.153 linux-image-powerpc64-emb-lts-utopic - 4.4.0.145.153 linux-image-generic-lts-xenial - 4.4.0.145.153 linux-image-powerpc-smp - 4.4.0.145.153 linux-image-generic-lts-utopic - 4.4.0.145.153 linux-image-generic-lpae-lts-vivid - 4.4.0.145.153 linux-image-generic-lpae - 4.4.0.145.153 linux-image-powerpc64-smp-lts-wily - 4.4.0.145.153 linux-image-powerpc64-emb-lts-xenial - 4.4.0.145.153 linux-image-powerpc-smp-lts-wily - 4.4.0.145.153 linux-image-virtual-lts-wily - 4.4.0.145.153 linux-image-powerpc64-smp - 4.4.0.145.153 linux-image-lowlatency-lts-utopic - 4.4.0.145.153 linux-image-powerpc-smp-lts-vivid - 4.4.0.145.153 linux-image-lowlatency - 4.4.0.145.153 linux-image-virtual-lts-xenial - 4.4.0.145.153 linux-image-powerpc-smp-lts-utopic - 4.4.0.145.153 No subscription required Medium CVE-2017-18249 CVE-2018-13097 CVE-2018-13099 CVE-2018-13100 CVE-2018-14610 CVE-2018-14611 CVE-2018-14612 CVE-2018-14613 CVE-2018-14614 CVE-2018-14616 CVE-2018-16884 CVE-2018-9517 CVE-2019-3459 CVE-2019-3460 CVE-2019-3701 CVE-2019-3819 CVE-2019-6974 CVE-2019-7221 CVE-2019-7222 CVE-2019-9213 Ubuntu 16.04 LTS It was discovered that PolicyKit incorrectly relied on the fork() system call in the Linux kernel being atomic. A local attacker could possibly use this issue to gain access to services that have cached authorizations. Update Instructions: Run `sudo pro fix USN-3934-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpolkit-backend-1-0 - 0.105-14.1ubuntu0.5 policykit-1-doc - 0.105-14.1ubuntu0.5 libpolkit-gobject-1-dev - 0.105-14.1ubuntu0.5 libpolkit-agent-1-0 - 0.105-14.1ubuntu0.5 libpolkit-gobject-1-0 - 0.105-14.1ubuntu0.5 policykit-1 - 0.105-14.1ubuntu0.5 gir1.2-polkit-1.0 - 0.105-14.1ubuntu0.5 libpolkit-backend-1-dev - 0.105-14.1ubuntu0.5 libpolkit-agent-1-dev - 0.105-14.1ubuntu0.5 No subscription required Medium CVE-2019-6133 Ubuntu 16.04 LTS Tyler Hicks discovered that BusyBox incorrectly handled symlinks inside tar archives. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could overwrite arbitrary files outside of the current directory. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2011-5325) Mathias Krause discovered that BusyBox incorrectly handled kernel module loading restrictions. A local attacker could possibly use this issue to bypass intended restrictions. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9645) It was discovered that BusyBox incorrectly handled certain ZIP archives. If a user or automated system were tricked into processing a specially crafted ZIP archive, a remote attacker could cause BusyBox to crash, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2015-9261) Nico Golde discovered that the BusyBox DHCP client incorrectly handled certain malformed domain names. A remote attacker could possibly use this issue to cause the DHCP client to crash, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-2147) Nico Golde discovered that the BusyBox DHCP client incorrectly handled certain 6RD options. A remote attacker could use this issue to cause the DHCP client to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-2148) It was discovered that BusyBox incorrectly handled certain bzip2 archives. If a user or automated system were tricked into processing a specially crafted bzip2 archive, a remote attacker could cause BusyBox to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-15873) It was discovered that BusyBox incorrectly handled tab completion. A local attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-16544) It was discovered that the BusyBox wget utility incorrectly handled certain responses. A remote attacker could use this issue to cause BusyBox to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-1000517) It was discovered that the BusyBox DHCP utilities incorrectly handled certain memory operations. A remote attacker could possibly use this issue to access sensitive information. (CVE-2018-20679, CVE-2019-5747) Update Instructions: Run `sudo pro fix USN-3935-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: busybox - 1:1.22.0-15ubuntu1.4 udhcpc - 1:1.22.0-15ubuntu1.4 busybox-syslogd - 1:1.22.0-15ubuntu1.4 udhcpd - 1:1.22.0-15ubuntu1.4 busybox-initramfs - 1:1.22.0-15ubuntu1.4 busybox-udeb - 1:1.22.0-15ubuntu1.4 busybox-static - 1:1.22.0-15ubuntu1.4 No subscription required Medium CVE-2011-5325 CVE-2014-9645 CVE-2015-9261 CVE-2016-2147 CVE-2016-2148 CVE-2017-15873 CVE-2017-16544 CVE-2018-1000517 CVE-2018-20679 CVE-2019-5747 Ubuntu 16.04 LTS It was discovered that AdvanceCOMP incorrectly handled certain PNG files. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3936-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: advancecomp - 1.20-1ubuntu0.2 No subscription required Medium CVE-2019-9210 Ubuntu 16.04 LTS Charles Fol discovered that the Apache HTTP Server incorrectly handled the scoreboard shared memory area. A remote attacker able to upload and run scripts could possibly use this issue to execute arbitrary code with root privileges. (CVE-2019-0211) It was discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-17189) It was discovered that the Apache HTTP Server incorrectly handled session expiry times. When used with mod_session_cookie, this may result in the session expiry time to be ignored, contrary to expectations. (CVE-2018-17199) Craig Young discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to process requests incorrectly. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2019-0196) Simon Kappel discovered that the Apache HTTP Server mod_auth_digest module incorrectly handled threads. A remote attacker with valid credentials could possibly use this issue to authenticate using another username, bypassing access control restrictions. (CVE-2019-0217) Bernhard Lorenz discovered that the Apache HTTP Server was inconsistent when processing requests containing multiple consecutive slashes. This could lead to directives such as LocationMatch and RewriteRule to perform contrary to expectations. (CVE-2019-0220) Update Instructions: Run `sudo pro fix USN-3937-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2-data - 2.4.18-2ubuntu3.10 apache2-utils - 2.4.18-2ubuntu3.10 apache2-dev - 2.4.18-2ubuntu3.10 apache2-suexec-pristine - 2.4.18-2ubuntu3.10 apache2-suexec-custom - 2.4.18-2ubuntu3.10 apache2 - 2.4.18-2ubuntu3.10 apache2-doc - 2.4.18-2ubuntu3.10 apache2-bin - 2.4.18-2ubuntu3.10 No subscription required High CVE-2018-17189 CVE-2018-17199 CVE-2019-0196 CVE-2019-0211 CVE-2019-0217 CVE-2019-0220 Ubuntu 16.04 LTS Jann Horn discovered that pam_systemd created logind sessions using some parameters from the environment. A local attacker could exploit this in order to spoof the active session and gain additional PolicyKit privileges. Update Instructions: Run `sudo pro fix USN-3938-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: systemd-coredump - 229-4ubuntu21.21 systemd - 229-4ubuntu21.21 udev-udeb - 229-4ubuntu21.21 libsystemd0 - 229-4ubuntu21.21 systemd-container - 229-4ubuntu21.21 libnss-myhostname - 229-4ubuntu21.21 libudev1-udeb - 229-4ubuntu21.21 libudev1 - 229-4ubuntu21.21 libsystemd-dev - 229-4ubuntu21.21 systemd-journal-remote - 229-4ubuntu21.21 libpam-systemd - 229-4ubuntu21.21 libudev-dev - 229-4ubuntu21.21 libnss-mymachines - 229-4ubuntu21.21 libnss-resolve - 229-4ubuntu21.21 systemd-sysv - 229-4ubuntu21.21 udev - 229-4ubuntu21.21 No subscription required Medium CVE-2019-3842 Ubuntu 16.04 LTS Michael Hanselmann discovered that Samba incorrectly handled registry files. A remote attacker could possibly use this issue to create new registry files outside of the share, contrary to expectations. Update Instructions: Run `sudo pro fix USN-3939-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.16.04.19 samba - 2:4.3.11+dfsg-0ubuntu0.16.04.19 libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.19 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.19 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.19 smbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.19 python-samba - 2:4.3.11+dfsg-0ubuntu0.16.04.19 winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.19 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.16.04.19 samba-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.19 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.16.04.19 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.16.04.19 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.19 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.19 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.19 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.19 samba-common - 2:4.3.11+dfsg-0ubuntu0.16.04.19 registry-tools - 2:4.3.11+dfsg-0ubuntu0.16.04.19 samba-libs - 2:4.3.11+dfsg-0ubuntu0.16.04.19 ctdb - 2:4.3.11+dfsg-0ubuntu0.16.04.19 No subscription required Medium CVE-2019-3880 Ubuntu 16.04 LTS It was discovered that ClamAV incorrectly handled scanning certain PDF documents. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2019-1787) It was discovered that ClamAV incorrectly handled scanning certain OLE2 files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-1788) It was discovered that ClamAV incorrectly handled scanning certain PE files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2019-1789) Update Instructions: Run `sudo pro fix USN-3940-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.100.3+dfsg-0ubuntu0.16.04.1 clamav-testfiles - 0.100.3+dfsg-0ubuntu0.16.04.1 clamav-base - 0.100.3+dfsg-0ubuntu0.16.04.1 clamav - 0.100.3+dfsg-0ubuntu0.16.04.1 libclamav7 - 0.100.3+dfsg-0ubuntu0.16.04.1 clamav-daemon - 0.100.3+dfsg-0ubuntu0.16.04.1 clamav-docs - 0.100.3+dfsg-0ubuntu0.16.04.1 clamav-milter - 0.100.3+dfsg-0ubuntu0.16.04.1 clamav-freshclam - 0.100.3+dfsg-0ubuntu0.16.04.1 clamdscan - 0.100.3+dfsg-0ubuntu0.16.04.1 No subscription required Medium CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 Ubuntu 16.04 LTS Fady Othman discovered that Lua incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3941-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lua5.3 - 5.3.1-1ubuntu2.1 liblua5.3-dev - 5.3.1-1ubuntu2.1 liblua5.3-0 - 5.3.1-1ubuntu2.1 No subscription required Medium CVE-2019-6706 Ubuntu 16.04 LTS It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20483) Kusano Kazuhiko discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-5953) Update Instructions: Run `sudo pro fix USN-3943-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: wget - 1.17.1-1ubuntu1.5 wget-udeb - 1.17.1-1ubuntu1.5 No subscription required Medium CVE-2018-20483 CVE-2019-5953 Ubuntu 16.04 LTS It was discovered that wpa_supplicant and hostapd were vulnerable to a side channel attack against EAP-pwd. A remote attacker could possibly use this issue to recover certain passwords. (CVE-2019-9495) Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly validated received scalar and element values in EAP-pwd-Commit messages. A remote attacker could possibly use this issue to perform a reflection attack and authenticate without the appropriate password. (CVE-2019-9497, CVE-2019-9498, CVE-2019-9499) It was discovered that hostapd incorrectly handled obtaining random numbers. In rare cases where the urandom device isn't available, it would fall back to using a low-quality PRNG. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10743) Update Instructions: Run `sudo pro fix USN-3944-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: hostapd - 1:2.4-0ubuntu6.4 No subscription required wpagui - 2.4-0ubuntu6.4 wpasupplicant - 2.4-0ubuntu6.4 wpasupplicant-udeb - 2.4-0ubuntu6.4 No subscription required Medium CVE-2016-10743 CVE-2019-9495 CVE-2019-9497 CVE-2019-9498 CVE-2019-9499 Ubuntu 16.04 LTS It was discovered that Ruby incorrectly handled certain RubyGems. An attacker could possibly use this issue to execute arbitrary commands. (CVE-2019-8320) It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-8321, CVE-2019-8322, CVE-2019-8323, CVE-2019-8324, CVE-2019-8325) Update Instructions: Run `sudo pro fix USN-3945-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libruby2.3 - 2.3.1-2~16.04.12 ruby2.3-tcltk - 2.3.1-2~16.04.12 ruby2.3 - 2.3.1-2~16.04.12 ruby2.3-dev - 2.3.1-2~16.04.12 ruby2.3-doc - 2.3.1-2~16.04.12 No subscription required Medium CVE-2019-8320 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325 Ubuntu 16.04 LTS It was discovered that rssh incorrectly handled certain command-line arguments and environment variables. An authenticated user could bypass rssh's command restrictions, allowing an attacker to run arbitrary commands. Update Instructions: Run `sudo pro fix USN-3946-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rssh - 2.3.4-4+deb8u2ubuntu0.16.04.2 No subscription required High CVE-2019-1000018 CVE-2019-3463 CVE-2019-3464 Ubuntu 16.04 LTS It was discovered that Libxslt incorrectly handled certain documents. An attacker could possibly use this issue to access sensitive information. Update Instructions: Run `sudo pro fix USN-3947-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxslt1 - 1.1.28-2.1ubuntu0.2 libxslt1-dev - 1.1.28-2.1ubuntu0.2 libxslt1.1 - 1.1.28-2.1ubuntu0.2 xsltproc - 1.1.28-2.1ubuntu0.2 No subscription required Medium CVE-2019-11068 Ubuntu 16.04 LTS Jan Pokorný discovered that Pacemaker incorrectly handled client-server authentication. A local attacker could possibly use this issue to escalate privileges. (CVE-2018-16877) Jan Pokorný discovered that Pacemaker incorrectly handled certain verifications. A local attacker could possibly use this issue to cause a denial of service. (CVE-2018-16878) Jan Pokorný discovered that Pacemaker incorrectly handled certain memory operations. A local attacker could possibly use this issue to obtain sensitive information in log outputs. This issue only applied to Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. (CVE-2019-3885) Update Instructions: Run `sudo pro fix USN-3952-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: pacemaker-remote - 1.1.14-2ubuntu1.6 libcrmcommon-dev - 1.1.14-2ubuntu1.6 pacemaker-resource-agents - 1.1.14-2ubuntu1.6 pacemaker-cli-utils - 1.1.14-2ubuntu1.6 pacemaker-common - 1.1.14-2ubuntu1.6 liblrmd1 - 1.1.14-2ubuntu1.6 libcrmcluster-dev - 1.1.14-2ubuntu1.6 libstonithd-dev - 1.1.14-2ubuntu1.6 libpe-status10 - 1.1.14-2ubuntu1.6 libtransitioner2 - 1.1.14-2ubuntu1.6 libstonithd2 - 1.1.14-2ubuntu1.6 libcrmservice3 - 1.1.14-2ubuntu1.6 libcrmcommon3 - 1.1.14-2ubuntu1.6 libcib-dev - 1.1.14-2ubuntu1.6 pacemaker - 1.1.14-2ubuntu1.6 libcrmservice-dev - 1.1.14-2ubuntu1.6 libpe-rules2 - 1.1.14-2ubuntu1.6 liblrmd-dev - 1.1.14-2ubuntu1.6 libpengine10 - 1.1.14-2ubuntu1.6 libpengine-dev - 1.1.14-2ubuntu1.6 pacemaker-doc - 1.1.14-2ubuntu1.6 libcrmcluster4 - 1.1.14-2ubuntu1.6 libcib4 - 1.1.14-2ubuntu1.6 No subscription required Medium CVE-2018-16877 CVE-2018-16878 CVE-2019-3885 Ubuntu 16.04 LTS It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3953-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.0-cgi - 7.0.33-0ubuntu0.16.04.4 php7.0-mcrypt - 7.0.33-0ubuntu0.16.04.4 php7.0-xsl - 7.0.33-0ubuntu0.16.04.4 php7.0-fpm - 7.0.33-0ubuntu0.16.04.4 libphp7.0-embed - 7.0.33-0ubuntu0.16.04.4 php7.0-phpdbg - 7.0.33-0ubuntu0.16.04.4 php7.0-curl - 7.0.33-0ubuntu0.16.04.4 php7.0-ldap - 7.0.33-0ubuntu0.16.04.4 php7.0-mbstring - 7.0.33-0ubuntu0.16.04.4 php7.0-gmp - 7.0.33-0ubuntu0.16.04.4 php7.0-sqlite3 - 7.0.33-0ubuntu0.16.04.4 php7.0-gd - 7.0.33-0ubuntu0.16.04.4 php7.0-common - 7.0.33-0ubuntu0.16.04.4 php7.0-enchant - 7.0.33-0ubuntu0.16.04.4 php7.0-odbc - 7.0.33-0ubuntu0.16.04.4 php7.0-cli - 7.0.33-0ubuntu0.16.04.4 php7.0-json - 7.0.33-0ubuntu0.16.04.4 php7.0-pgsql - 7.0.33-0ubuntu0.16.04.4 libapache2-mod-php7.0 - 7.0.33-0ubuntu0.16.04.4 php7.0-mysql - 7.0.33-0ubuntu0.16.04.4 php7.0-dba - 7.0.33-0ubuntu0.16.04.4 php7.0-sybase - 7.0.33-0ubuntu0.16.04.4 php7.0-pspell - 7.0.33-0ubuntu0.16.04.4 php7.0-interbase - 7.0.33-0ubuntu0.16.04.4 php7.0-xml - 7.0.33-0ubuntu0.16.04.4 php7.0-bz2 - 7.0.33-0ubuntu0.16.04.4 php7.0-recode - 7.0.33-0ubuntu0.16.04.4 php7.0-zip - 7.0.33-0ubuntu0.16.04.4 php7.0 - 7.0.33-0ubuntu0.16.04.4 php7.0-tidy - 7.0.33-0ubuntu0.16.04.4 php7.0-soap - 7.0.33-0ubuntu0.16.04.4 php7.0-opcache - 7.0.33-0ubuntu0.16.04.4 php7.0-readline - 7.0.33-0ubuntu0.16.04.4 php7.0-intl - 7.0.33-0ubuntu0.16.04.4 php7.0-imap - 7.0.33-0ubuntu0.16.04.4 php7.0-xmlrpc - 7.0.33-0ubuntu0.16.04.4 php7.0-bcmath - 7.0.33-0ubuntu0.16.04.4 php7.0-dev - 7.0.33-0ubuntu0.16.04.4 php7.0-snmp - 7.0.33-0ubuntu0.16.04.4 No subscription required Medium CVE-2019-11034 CVE-2019-11035 Ubuntu 16.04 LTS It was discovered that tcpflow incorrectly handled certain malformed network packets. A remote attacker could send these packets to a target system, causing tcpflow to crash or possibly disclose sensitive information. Update Instructions: Run `sudo pro fix USN-3955-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tcpflow-nox - 1.4.5+repack1-1ubuntu0.1 tcpflow - 1.4.5+repack1-1ubuntu0.1 No subscription required Medium CVE-2018-14938 CVE-2018-18409 Ubuntu 16.04 LTS It was discovered that Bind incorrectly handled limiting the number of simultaneous TCP clients. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. Update Instructions: Run `sudo pro fix USN-3956-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libisccfg-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.14 libisc160 - 1:9.10.3.dfsg.P4-8ubuntu1.14 libisccc-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.14 libdns162 - 1:9.10.3.dfsg.P4-8ubuntu1.14 libbind-dev - 1:9.10.3.dfsg.P4-8ubuntu1.14 libisc-export160-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.14 liblwres141 - 1:9.10.3.dfsg.P4-8ubuntu1.14 libisccc-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.14 libisccfg-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.14 bind9 - 1:9.10.3.dfsg.P4-8ubuntu1.14 libisc-export160 - 1:9.10.3.dfsg.P4-8ubuntu1.14 libdns-export162-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.14 bind9-doc - 1:9.10.3.dfsg.P4-8ubuntu1.14 libbind-export-dev - 1:9.10.3.dfsg.P4-8ubuntu1.14 libisccc140 - 1:9.10.3.dfsg.P4-8ubuntu1.14 host - 1:9.10.3.dfsg.P4-8ubuntu1.14 libisccfg140 - 1:9.10.3.dfsg.P4-8ubuntu1.14 bind9-host - 1:9.10.3.dfsg.P4-8ubuntu1.14 dnsutils - 1:9.10.3.dfsg.P4-8ubuntu1.14 libdns-export162 - 1:9.10.3.dfsg.P4-8ubuntu1.14 bind9utils - 1:9.10.3.dfsg.P4-8ubuntu1.14 libirs-export141-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.14 libbind9-140 - 1:9.10.3.dfsg.P4-8ubuntu1.14 libirs141 - 1:9.10.3.dfsg.P4-8ubuntu1.14 libirs-export141 - 1:9.10.3.dfsg.P4-8ubuntu1.14 lwresd - 1:9.10.3.dfsg.P4-8ubuntu1.14 No subscription required Medium CVE-2018-5743 Ubuntu 16.04 LTS Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04 have been updated to MySQL 5.7.26. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-26.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html Update Instructions: Run `sudo pro fix USN-3957-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.26-0ubuntu0.16.04.1 mysql-source-5.7 - 5.7.26-0ubuntu0.16.04.1 libmysqlclient-dev - 5.7.26-0ubuntu0.16.04.1 mysql-client-core-5.7 - 5.7.26-0ubuntu0.16.04.1 mysql-client-5.7 - 5.7.26-0ubuntu0.16.04.1 libmysqlclient20 - 5.7.26-0ubuntu0.16.04.1 mysql-server-5.7 - 5.7.26-0ubuntu0.16.04.1 mysql-common - 5.7.26-0ubuntu0.16.04.1 mysql-server - 5.7.26-0ubuntu0.16.04.1 mysql-server-core-5.7 - 5.7.26-0ubuntu0.16.04.1 mysql-testsuite - 5.7.26-0ubuntu0.16.04.1 libmysqld-dev - 5.7.26-0ubuntu0.16.04.1 mysql-testsuite-5.7 - 5.7.26-0ubuntu0.16.04.1 No subscription required Medium CVE-2019-2566 CVE-2019-2581 CVE-2019-2592 CVE-2019-2614 CVE-2019-2627 CVE-2019-2628 CVE-2019-2632 CVE-2019-2683 Ubuntu 16.04 LTS It was discovered that GStreamer Base Plugins did not correctly handle certain malformed RTSP streams. If a user were tricked into opening a crafted RTSP stream with a GStreamer application, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3958-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gstreamer0.10-plugins-base-apps - 0.10.36-2ubuntu0.2 libgstreamer-plugins-base0.10-0 - 0.10.36-2ubuntu0.2 gir1.2-gst-plugins-base-0.10 - 0.10.36-2ubuntu0.2 gstreamer0.10-plugins-base - 0.10.36-2ubuntu0.2 libgstreamer-plugins-base0.10-dev - 0.10.36-2ubuntu0.2 gstreamer0.10-alsa - 0.10.36-2ubuntu0.2 gstreamer0.10-x - 0.10.36-2ubuntu0.2 gstreamer0.10-gnomevfs - 0.10.36-2ubuntu0.2 gstreamer0.10-plugins-base-doc - 0.10.36-2ubuntu0.2 No subscription required libgstreamer-plugins-base1.0-dev - 1.8.3-1ubuntu0.3 libgstreamer-plugins-base1.0-0 - 1.8.3-1ubuntu0.3 gstreamer1.0-x - 1.8.3-1ubuntu0.3 gstreamer1.0-plugins-base-doc - 1.8.3-1ubuntu0.3 gstreamer1.0-plugins-base - 1.8.3-1ubuntu0.3 gir1.2-gst-plugins-base-1.0 - 1.8.3-1ubuntu0.3 gstreamer1.0-alsa - 1.8.3-1ubuntu0.3 gstreamer1.0-plugins-base-apps - 1.8.3-1ubuntu0.3 No subscription required High CVE-2019-9928 Ubuntu 16.04 LTS It was discovered that Evince incorrectly handled certain images. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-3959-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-evince-3.0 - 3.18.2-1ubuntu4.4 libevview3-3 - 3.18.2-1ubuntu4.4 evince-common - 3.18.2-1ubuntu4.4 libevince-dev - 3.18.2-1ubuntu4.4 evince - 3.18.2-1ubuntu4.4 libevdocument3-4 - 3.18.2-1ubuntu4.4 evince-gtk - 3.18.2-1ubuntu4.4 No subscription required Medium CVE-2019-11459 Ubuntu 16.04 LTS Florian Weimer discovered that Sudo incorrectly handled the noexec restriction when used with certain applications. A local attacker could possibly use this issue to bypass configured restrictions and execute arbitrary commands. (CVE-2016-7076) It was discovered that Sudo did not properly parse the contents of /proc/[pid]/stat when attempting to determine its controlling tty. A local attacker in some configurations could possibly use this to overwrite any file on the filesystem, bypassing intended permissions. (CVE-2017-1000368) Update Instructions: Run `sudo pro fix USN-3968-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sudo-ldap - 1.8.16-0ubuntu1.6 sudo - 1.8.16-0ubuntu1.6 No subscription required Medium CVE-2016-7076 CVE-2017-1000368 Ubuntu 16.04 LTS It was discovered that wpa_supplicant and hostapd incorrectly handled unexpected fragments when using EAP-pwd. A remote attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3969-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: hostapd - 1:2.4-0ubuntu6.5 No subscription required wpagui - 2.4-0ubuntu6.5 wpasupplicant - 2.4-0ubuntu6.5 wpasupplicant-udeb - 2.4-0ubuntu6.5 No subscription required Medium CVE-2019-11555 Ubuntu 16.04 LTS It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Update Instructions: Run `sudo pro fix USN-3970-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.16.04.9 ghostscript-x - 9.26~dfsg+0-0ubuntu0.16.04.9 libgs-dev - 9.26~dfsg+0-0ubuntu0.16.04.9 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.16.04.9 libgs9 - 9.26~dfsg+0-0ubuntu0.16.04.9 libgs9-common - 9.26~dfsg+0-0ubuntu0.16.04.9 No subscription required Medium CVE-2019-3839 Ubuntu 16.04 LTS It was discovered that PostgreSQL incorrectly handled partition routing. A remote user could possibly use this issue to read arbitrary bytes of server memory. This issue only affected Ubuntu 19.04. (CVE-2019-10129) Dean Rasheed discovered that PostgreSQL incorrectly handled selectivity estimators. A remote attacker could possibly use this issue to bypass row security policies. (CVE-2019-10130) Update Instructions: Run `sudo pro fix USN-3972-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-doc-9.5 - 9.5.17-0ubuntu0.16.04.1 postgresql-plperl-9.5 - 9.5.17-0ubuntu0.16.04.1 postgresql-server-dev-9.5 - 9.5.17-0ubuntu0.16.04.1 postgresql-9.5 - 9.5.17-0ubuntu0.16.04.1 postgresql-plpython-9.5 - 9.5.17-0ubuntu0.16.04.1 libecpg6 - 9.5.17-0ubuntu0.16.04.1 postgresql-client-9.5 - 9.5.17-0ubuntu0.16.04.1 libpq-dev - 9.5.17-0ubuntu0.16.04.1 postgresql-contrib-9.5 - 9.5.17-0ubuntu0.16.04.1 libpgtypes3 - 9.5.17-0ubuntu0.16.04.1 libecpg-dev - 9.5.17-0ubuntu0.16.04.1 postgresql-pltcl-9.5 - 9.5.17-0ubuntu0.16.04.1 libpq5 - 9.5.17-0ubuntu0.16.04.1 postgresql-plpython3-9.5 - 9.5.17-0ubuntu0.16.04.1 libecpg-compat3 - 9.5.17-0ubuntu0.16.04.1 No subscription required Medium CVE-2019-10129 CVE-2019-10130 Ubuntu 16.04 LTS It was discovered that VCFtools improperly handled certain input. If a user was tricked into opening a crafted input file, VCFtools could be made to crash. (CVE-2018-11099, CVE-2018-11129, CVE-2018-11130) Update Instructions: Run `sudo pro fix USN-3974-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vcftools - 0.1.14+dfsg-2ubuntu0.1 No subscription required Medium CVE-2018-11099 CVE-2018-11129 CVE-2018-11130 Ubuntu 16.04 LTS It was discovered that the BigDecimal implementation in OpenJDK performed excessive computation when given certain values. An attacker could use this to cause a denial of service (excessive CPU usage). (CVE-2019-2602) Corwin de Boor and Robert Xiao discovered that the RMI registry implementation in OpenJDK did not properly select the correct skeleton class in some situations. An attacker could use this to possibly escape Java sandbox restrictions. (CVE-2019-2684) Mateusz Jurczyk discovered a vulnerability in the 2D component of OpenJDK. An attacker could use this to possibly escape Java sandbox restrictions. This issue only affected OpenJDK 8 in Ubuntu 16.04 LTS. (CVE-2019-2697) Mateusz Jurczyk discovered a vulnerability in the font layout engine of OpenJDK's 2D component. An attacker could use this to possibly escape Java sandbox restrictions. This issue only affected OpenJDK 8 in Ubuntu 16.04 LTS. (CVE-2019-2698) Update Instructions: Run `sudo pro fix USN-3975-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-8-doc - 8u212-b03-0ubuntu1.16.04.1 openjdk-8-jdk - 8u212-b03-0ubuntu1.16.04.1 openjdk-8-jre-headless - 8u212-b03-0ubuntu1.16.04.1 openjdk-8-jre - 8u212-b03-0ubuntu1.16.04.1 openjdk-8-jdk-headless - 8u212-b03-0ubuntu1.16.04.1 openjdk-8-source - 8u212-b03-0ubuntu1.16.04.1 openjdk-8-jre-zero - 8u212-b03-0ubuntu1.16.04.1 openjdk-8-demo - 8u212-b03-0ubuntu1.16.04.1 openjdk-8-jre-jamvm - 8u212-b03-0ubuntu1.16.04.1 No subscription required Medium CVE-2019-2602 CVE-2019-2684 CVE-2019-2698 CVE-2019-2697 Ubuntu 16.04 LTS Isaac Boukris and Andrew Bartlett discovered that Samba incorrectly checked S4U2Self packets. In certain environments, a remote attacker could possibly use this issue to escalate privileges. Update Instructions: Run `sudo pro fix USN-3976-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.16.04.20 samba - 2:4.3.11+dfsg-0ubuntu0.16.04.20 libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.20 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.20 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.20 ctdb - 2:4.3.11+dfsg-0ubuntu0.16.04.20 smbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.20 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.20 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.16.04.20 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.16.04.20 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.16.04.20 winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.20 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.20 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.20 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.20 python-samba - 2:4.3.11+dfsg-0ubuntu0.16.04.20 samba-common - 2:4.3.11+dfsg-0ubuntu0.16.04.20 registry-tools - 2:4.3.11+dfsg-0ubuntu0.16.04.20 samba-libs - 2:4.3.11+dfsg-0ubuntu0.16.04.20 samba-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.20 No subscription required Medium CVE-2018-16860 Ubuntu 16.04 LTS USN-3976-1 fixed a vulnerability in Samba. The update introduced a regression causing Samba to occasionally crash. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Isaac Boukris and Andrew Bartlett discovered that Samba incorrectly checked S4U2Self packets. In certain environments, a remote attacker could possibly use this issue to escalate privileges. Update Instructions: Run `sudo pro fix USN-3976-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.16.04.21 samba - 2:4.3.11+dfsg-0ubuntu0.16.04.21 libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.21 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.21 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.21 smbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.21 python-samba - 2:4.3.11+dfsg-0ubuntu0.16.04.21 winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.21 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.16.04.21 samba-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.21 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.16.04.21 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.16.04.21 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.21 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.21 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.21 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.21 samba-common - 2:4.3.11+dfsg-0ubuntu0.16.04.21 registry-tools - 2:4.3.11+dfsg-0ubuntu0.16.04.21 samba-libs - 2:4.3.11+dfsg-0ubuntu0.16.04.21 ctdb - 2:4.3.11+dfsg-0ubuntu0.16.04.21 No subscription required None https://launchpad.net/bugs/1827924 Ubuntu 16.04 LTS Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12130) Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12127) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12126) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11091) Update Instructions: Run `sudo pro fix USN-3977-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20190514.0ubuntu0.16.04.1 No subscription required High CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS Ubuntu 16.04 LTS USN-3977-1 provided mitigations for Microarchitectural Data Sampling (MDS) vulnerabilities in Intel Microcode for a large number of Intel processor families. This update provides the corresponding updated microcode mitigations for Intel Cherry Trail and Bay Trail processor families. Original advisory details: Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12130) Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12127) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12126) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11091) Update Instructions: Run `sudo pro fix USN-3977-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20190514.0ubuntu0.16.04.2 No subscription required High CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS Ubuntu 16.04 LTS USN-3977-1 and USN-3977-2 provided mitigations for Microarchitectural Data Sampling (MDS) vulnerabilities in Intel Microcode for a large number of Intel processor families. This update provides the corresponding updated microcode mitigations for the Intel Sandy Bridge processor family Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12130) Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12127) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12126) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11091) Update Instructions: Run `sudo pro fix USN-3977-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20190618.0ubuntu0.16.04.1 No subscription required High CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS Ubuntu 16.04 LTS Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12130) Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12127) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12126) Kurtis Miller discovered that a buffer overflow existed in QEMU when loading a device tree blob. A local attacker could use this to execute arbitrary code. (CVE-2018-20815) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11091) It was discovered that a NULL pointer dereference existed in the sun4u power device implementation in QEMU. A local attacker could use this to cause a denial of service. This issue only affected Ubuntu 18.10 and Ubuntu 19.04. (CVE-2019-5008) William Bowling discovered that an information leak existed in the SLiRP networking implementation of QEMU. An attacker could use this to expose sensitive information. (CVE-2019-9824) Update Instructions: Run `sudo pro fix USN-3978-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.5+dfsg-5ubuntu10.38 qemu-user-static - 1:2.5+dfsg-5ubuntu10.38 qemu-system-s390x - 1:2.5+dfsg-5ubuntu10.38 qemu-block-extra - 1:2.5+dfsg-5ubuntu10.38 qemu-kvm - 1:2.5+dfsg-5ubuntu10.38 qemu-user - 1:2.5+dfsg-5ubuntu10.38 qemu-guest-agent - 1:2.5+dfsg-5ubuntu10.38 qemu-system - 1:2.5+dfsg-5ubuntu10.38 qemu-utils - 1:2.5+dfsg-5ubuntu10.38 qemu-system-aarch64 - 1:2.5+dfsg-5ubuntu10.38 qemu-system-mips - 1:2.5+dfsg-5ubuntu10.38 qemu-user-binfmt - 1:2.5+dfsg-5ubuntu10.38 qemu-system-x86 - 1:2.5+dfsg-5ubuntu10.38 qemu-system-arm - 1:2.5+dfsg-5ubuntu10.38 qemu-system-sparc - 1:2.5+dfsg-5ubuntu10.38 qemu - 1:2.5+dfsg-5ubuntu10.38 qemu-system-ppc - 1:2.5+dfsg-5ubuntu10.38 qemu-system-misc - 1:2.5+dfsg-5ubuntu10.38 No subscription required High CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-20815 CVE-2019-11091 CVE-2019-5008 CVE-2019-9824 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS Ubuntu 16.04 LTS USN-3981-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS and for the Linux Azure kernel for Ubuntu 14.04 LTS. Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12130) Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12127) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12126) Vasily Averin and Evgenii Shatokhin discovered that a use-after-free vulnerability existed in the NFS41+ subsystem when multiple network namespaces are in use. A local attacker in a container could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-16884) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11091) Matteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the cgroups subsystem of the Linux kernel did not properly account for SCTP socket buffers. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-3874) Alex Williamson discovered that the vfio subsystem of the Linux kernel did not properly limit DMA mappings. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-3882) Hugues Anguelkov discovered that the Broadcom Wifi driver in the Linux kernel contained a heap buffer overflow. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-9500) Hugues Anguelkov discovered that the Broadcom Wifi driver in the Linux kernel did not properly prevent remote firmware events from being processed for USB Wifi devices. A physically proximate attacker could use this to send firmware events to the device. (CVE-2019-9503) Update Instructions: Run `sudo pro fix USN-3981-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1013-oracle - 4.15.0-1013.15~16.04.1 No subscription required linux-image-4.15.0-1032-gcp - 4.15.0-1032.34~16.04.1 No subscription required linux-image-4.15.0-1045-azure - 4.15.0-1045.49 No subscription required linux-image-4.15.0-50-generic - 4.15.0-50.54~16.04.1 linux-image-4.15.0-50-lowlatency - 4.15.0-50.54~16.04.1 linux-image-4.15.0-50-generic-lpae - 4.15.0-50.54~16.04.1 No subscription required linux-image-oracle - 4.15.0.1013.7 No subscription required linux-image-gke - 4.15.0.1032.46 linux-image-gcp - 4.15.0.1032.46 No subscription required linux-image-azure - 4.15.0.1045.49 No subscription required linux-image-generic-hwe-16.04 - 4.15.0.50.71 linux-image-oem - 4.15.0.50.71 linux-image-lowlatency-hwe-16.04 - 4.15.0.50.71 linux-image-virtual-hwe-16.04 - 4.15.0.50.71 linux-image-generic-lpae-hwe-16.04 - 4.15.0.50.71 No subscription required High CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-16884 CVE-2019-11091 CVE-2019-3874 CVE-2019-3882 CVE-2019-9500 CVE-2019-9503 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS Ubuntu 16.04 LTS Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12130) Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12127) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12126) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11091) Matteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the cgroups subsystem of the Linux kernel did not properly account for SCTP socket buffers. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-3874) Alex Williamson discovered that the vfio subsystem of the Linux kernel did not properly limit DMA mappings. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-3882) Update Instructions: Run `sudo pro fix USN-3982-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1046-kvm - 4.4.0-1046.52 No subscription required linux-image-4.4.0-1083-aws - 4.4.0-1083.93 No subscription required linux-image-4.4.0-1109-raspi2 - 4.4.0-1109.117 No subscription required linux-image-4.4.0-1113-snapdragon - 4.4.0-1113.118 No subscription required linux-image-4.4.0-148-powerpc-e500mc - 4.4.0-148.174 linux-image-4.4.0-148-powerpc64-smp - 4.4.0-148.174 linux-image-4.4.0-148-lowlatency - 4.4.0-148.174 linux-image-4.4.0-148-generic - 4.4.0-148.174 linux-image-4.4.0-148-powerpc64-emb - 4.4.0-148.174 linux-image-4.4.0-148-powerpc-smp - 4.4.0-148.174 linux-image-4.4.0-148-generic-lpae - 4.4.0-148.174 No subscription required linux-image-kvm - 4.4.0.1046.46 No subscription required linux-image-aws - 4.4.0.1083.86 No subscription required linux-image-raspi2 - 4.4.0.1109.109 No subscription required linux-image-snapdragon - 4.4.0.1113.105 No subscription required linux-image-generic-lts-wily - 4.4.0.148.156 linux-image-powerpc64-emb-lts-vivid - 4.4.0.148.156 linux-image-powerpc-e500mc - 4.4.0.148.156 linux-image-generic-lpae-lts-xenial - 4.4.0.148.156 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.148.156 linux-image-generic-lpae-lts-utopic - 4.4.0.148.156 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.148.156 linux-image-generic-lts-utopic - 4.4.0.148.156 linux-image-powerpc-e500mc-lts-wily - 4.4.0.148.156 linux-image-generic-lts-vivid - 4.4.0.148.156 linux-image-generic-lpae-lts-wily - 4.4.0.148.156 linux-image-lowlatency-lts-utopic - 4.4.0.148.156 linux-image-virtual-lts-utopic - 4.4.0.148.156 linux-image-virtual - 4.4.0.148.156 linux-image-powerpc64-emb-lts-wily - 4.4.0.148.156 linux-image-powerpc64-smp-lts-xenial - 4.4.0.148.156 linux-image-powerpc64-smp-lts-utopic - 4.4.0.148.156 linux-image-powerpc64-emb - 4.4.0.148.156 linux-image-powerpc-smp-lts-xenial - 4.4.0.148.156 linux-image-powerpc64-smp-lts-vivid - 4.4.0.148.156 linux-image-lowlatency-lts-wily - 4.4.0.148.156 linux-image-lowlatency-lts-vivid - 4.4.0.148.156 linux-image-generic - 4.4.0.148.156 linux-image-lowlatency-lts-xenial - 4.4.0.148.156 linux-image-powerpc64-emb-lts-utopic - 4.4.0.148.156 linux-image-generic-lts-xenial - 4.4.0.148.156 linux-image-virtual-lts-wily - 4.4.0.148.156 linux-image-powerpc-smp - 4.4.0.148.156 linux-image-generic-lpae-lts-vivid - 4.4.0.148.156 linux-image-generic-lpae - 4.4.0.148.156 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.148.156 linux-image-powerpc64-smp-lts-wily - 4.4.0.148.156 linux-image-powerpc64-emb-lts-xenial - 4.4.0.148.156 linux-image-powerpc-smp-lts-wily - 4.4.0.148.156 linux-image-powerpc64-smp - 4.4.0.148.156 linux-image-powerpc-smp-lts-utopic - 4.4.0.148.156 linux-image-powerpc-smp-lts-vivid - 4.4.0.148.156 linux-image-lowlatency - 4.4.0.148.156 linux-image-virtual-lts-xenial - 4.4.0.148.156 linux-image-virtual-lts-vivid - 4.4.0.148.156 No subscription required High CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 CVE-2019-3874 CVE-2019-3882 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS Ubuntu 16.04 LTS Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12130) Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12127) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12126) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11091) Update Instructions: Run `sudo pro fix USN-3985-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvirt0 - 1.3.1-1ubuntu10.26 libvirt-dev - 1.3.1-1ubuntu10.26 libvirt-doc - 1.3.1-1ubuntu10.26 libvirt-bin - 1.3.1-1ubuntu10.26 No subscription required High CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS Ubuntu 16.04 LTS It was discovered that Wireshark improperly handled certain input. A remote or local attacker could cause Wireshark to crash by injecting malform packets onto the wire or convincing someone to read a malformed packet trace file. Update Instructions: Run `sudo pro fix USN-3986-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libwsutil-dev - 2.6.8-1~ubuntu16.04.0 wireshark-dev - 2.6.8-1~ubuntu16.04.0 tshark - 2.6.8-1~ubuntu16.04.0 libwireshark-dev - 2.6.8-1~ubuntu16.04.0 libwiretap8 - 2.6.8-1~ubuntu16.04.0 wireshark-qt - 2.6.8-1~ubuntu16.04.0 libwiretap-dev - 2.6.8-1~ubuntu16.04.0 libwscodecs2 - 2.6.8-1~ubuntu16.04.0 wireshark-doc - 2.6.8-1~ubuntu16.04.0 wireshark-common - 2.6.8-1~ubuntu16.04.0 wireshark-gtk - 2.6.8-1~ubuntu16.04.0 libwireshark-data - 2.6.8-1~ubuntu16.04.0 libwireshark11 - 2.6.8-1~ubuntu16.04.0 libwsutil9 - 2.6.8-1~ubuntu16.04.0 wireshark - 2.6.8-1~ubuntu16.04.0 No subscription required Medium CVE-2019-10894 CVE-2019-10895 CVE-2019-10896 CVE-2019-10899 CVE-2019-10901 CVE-2019-10903 CVE-2019-9208 CVE-2019-9209 CVE-2019-9214 Ubuntu 16.04 LTS It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3989-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libraw-doc - 0.17.1-1ubuntu0.5 libraw-bin - 0.17.1-1ubuntu0.5 libraw-dev - 0.17.1-1ubuntu0.5 libraw15 - 0.17.1-1ubuntu0.5 No subscription required Medium CVE-2018-20337 CVE-2018-20363 CVE-2018-20364 CVE-2018-20365 CVE-2018-5817 CVE-2018-5818 CVE-2018-5819 Ubuntu 16.04 LTS It was discovered that urllib3 incorrectly removed Authorization HTTP headers when handled cross-origin redirects. This could result in credentials being sent to unintended hosts. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20060) It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection. (CVE-2019-11236) It was discovered that urllib3 incorrectly handled situations where a desired set of CA certificates were specified. This could result in certificates being accepted by the default CA certificates contrary to expectations. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. (CVE-2019-11324) Update Instructions: Run `sudo pro fix USN-3990-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-urllib3 - 1.13.1-2ubuntu0.16.04.3 python3-urllib3 - 1.13.1-2ubuntu0.16.04.3 No subscription required Medium CVE-2018-20060 CVE-2019-11236 CVE-2019-11324 Ubuntu 16.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, trick the user in to launching local executable binaries, obtain sensitive information, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-11695, CVE-2019-11696, CVE-2019-11699, CVE-2019-11701, CVE-2019-7317, CVE-2019-9800, CVE-2019-9814, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820, CVE-2019-9821) It was discovered that pressing certain key combinations could bypass addon installation prompt delays. If a user opened a specially crafted website, an attacker could potentially exploit this to trick them in to installing a malicious extension. (CVE-2019-11697) It was discovered that history data could be exposed via drag and drop of hyperlinks to and from bookmarks. If a user were tricked in to dragging a specially crafted hyperlink to the bookmark toolbar or sidebar, and subsequently back in to the web content area, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11698) A type confusion bug was discovered with object groups and UnboxedObjects. If a user were tricked in to opening a specially crafted website after enabling the UnboxedObjects feature, an attacker could potentially exploit this to bypass security checks. (CVE-2019-9816) Update Instructions: Run `sudo pro fix USN-3991-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-nn - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-ne - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-nb - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-fa - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-fi - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-fr - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-fy - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-or - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-kab - 67.0+build2-0ubuntu0.16.04.1 firefox-testsuite - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-oc - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-cs - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-ga - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-gd - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-gn - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-gl - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-gu - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-pa - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-pl - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-cy - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-pt - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-hi - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-uk - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-he - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-hy - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-hr - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-hu - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-as - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-ar - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-ia - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-az - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-id - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-mai - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-af - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-is - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-it - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-an - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-bs - 67.0+build2-0ubuntu0.16.04.1 firefox - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-ro - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-ja - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-ru - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-br - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-zh-hant - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-zh-hans - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-bn - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-be - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-bg - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-sl - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-sk - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-si - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-sw - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-sv - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-sr - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-sq - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-ko - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-kn - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-km - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-kk - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-ka - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-xh - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-ca - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-ku - 67.0+build2-0ubuntu0.16.04.1 firefox-mozsymbols - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-lv - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-lt - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-th - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-hsb - 67.0+build2-0ubuntu0.16.04.1 firefox-dev - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-te - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-cak - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-ta - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-lg - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-tr - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-nso - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-de - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-da - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-ms - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-mr - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-my - 67.0+build2-0ubuntu0.16.04.1 firefox-globalmenu - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-uz - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-ml - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-mn - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-mk - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-ur - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-vi - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-eu - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-et - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-es - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-csb - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-el - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-eo - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-en - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-zu - 67.0+build2-0ubuntu0.16.04.1 firefox-locale-ast - 67.0+build2-0ubuntu0.16.04.1 No subscription required Medium CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11695 CVE-2019-11696 CVE-2019-11697 CVE-2019-11698 CVE-2019-11699 CVE-2019-11701 CVE-2019-7317 CVE-2019-9800 CVE-2019-9814 CVE-2019-9816 CVE-2019-9817 CVE-2019-9819 CVE-2019-9820 CVE-2019-9821 Ubuntu 16.04 LTS USN-3991-1 fixed vulnerabilities in Firefox. The update caused a regression which resulted in issues when upgrading between Ubuntu releases. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, trick the user in to launching local executable binaries, obtain sensitive information, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-11695, CVE-2019-11696, CVE-2019-11699, CVE-2019-11701, CVE-2019-7317, CVE-2019-9800, CVE-2019-9814, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820, CVE-2019-9821) It was discovered that pressing certain key combinations could bypass addon installation prompt delays. If a user opened a specially crafted website, an attacker could potentially exploit this to trick them in to installing a malicious extension. (CVE-2019-11697) It was discovered that history data could be exposed via drag and drop of hyperlinks to and from bookmarks. If a user were tricked in to dragging a specially crafted hyperlink to the bookmark toolbar or sidebar, and subsequently back in to the web content area, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11698) A type confusion bug was discovered with object groups and UnboxedObjects. If a user were tricked in to opening a specially crafted website after enabling the UnboxedObjects feature, an attacker could potentially exploit this to bypass security checks. (CVE-2019-9816) Update Instructions: Run `sudo pro fix USN-3991-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nn - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ne - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nb - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fa - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fi - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fr - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fy - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-or - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kab - 67.0.1+build1-0ubuntu0.16.04.1 firefox-testsuite - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-oc - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cs - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ga - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gd - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gn - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gl - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gu - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pa - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pl - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cy - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pt - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hi - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-uk - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-he - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hy - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hr - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hu - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-as - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ar - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ia - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-az - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-id - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mai - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-af - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-is - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-it - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-an - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bs - 67.0.1+build1-0ubuntu0.16.04.1 firefox - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ro - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ja - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ru - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-br - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zh-hant - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zh-hans - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bn - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-be - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bg - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sl - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sk - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-si - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sw - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sv - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sr - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sq - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ko - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kn - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-km - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kk - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ka - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-xh - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ca - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ku - 67.0.1+build1-0ubuntu0.16.04.1 firefox-mozsymbols - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lv - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lt - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-th - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hsb - 67.0.1+build1-0ubuntu0.16.04.1 firefox-dev - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-te - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cak - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ta - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lg - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-csb - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-tr - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nso - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-de - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-da - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ms - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mr - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-my - 67.0.1+build1-0ubuntu0.16.04.1 firefox-globalmenu - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-uz - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ml - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mn - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mk - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ur - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-eu - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-et - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-es - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-vi - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-el - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-eo - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-en - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zu - 67.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ast - 67.0.1+build1-0ubuntu0.16.04.1 No subscription required None https://launchpad.net/bugs/1830096 Ubuntu 16.04 LTS USN-3991-1 fixed vulnerabilities in Firefox, and USN-3991-2 fixed a subsequent regression. The update caused an additional regression that resulted in Firefox failing to load correctly after executing it in safe mode. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, trick the user in to launching local executable binaries, obtain sensitive information, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-11695, CVE-2019-11696, CVE-2019-11699, CVE-2019-11701, CVE-2019-7317, CVE-2019-9800, CVE-2019-9814, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820, CVE-2019-9821) It was discovered that pressing certain key combinations could bypass addon installation prompt delays. If a user opened a specially crafted website, an attacker could potentially exploit this to trick them in to installing a malicious extension. (CVE-2019-11697) It was discovered that history data could be exposed via drag and drop of hyperlinks to and from bookmarks. If a user were tricked in to dragging a specially crafted hyperlink to the bookmark toolbar or sidebar, and subsequently back in to the web content area, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11698) A type confusion bug was discovered with object groups and UnboxedObjects. If a user were tricked in to opening a specially crafted website after enabling the UnboxedObjects feature, an attacker could potentially exploit this to bypass security checks. (CVE-2019-9816) Update Instructions: Run `sudo pro fix USN-3991-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-nn - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-ne - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-nb - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-fa - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-fi - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-fr - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-fy - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-or - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-kab - 67.0.2+build2-0ubuntu0.16.04.1 firefox-testsuite - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-oc - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-cs - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-ga - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-gd - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-gn - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-gl - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-gu - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-pa - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-pl - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-cy - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-pt - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-hi - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-uk - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-he - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-hy - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-hr - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-hu - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-as - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-ar - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-ia - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-az - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-id - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-mai - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-af - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-is - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-it - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-an - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-bs - 67.0.2+build2-0ubuntu0.16.04.1 firefox - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-ro - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-ja - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-ru - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-br - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-zh-hant - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-zh-hans - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-bn - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-be - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-bg - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-sl - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-sk - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-si - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-sw - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-sv - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-sr - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-sq - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-ko - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-kn - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-km - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-kk - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-ka - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-xh - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-ca - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-ku - 67.0.2+build2-0ubuntu0.16.04.1 firefox-mozsymbols - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-lv - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-lt - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-th - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-hsb - 67.0.2+build2-0ubuntu0.16.04.1 firefox-dev - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-te - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-cak - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-ta - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-lg - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-csb - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-tr - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-nso - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-de - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-da - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-ms - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-mr - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-my - 67.0.2+build2-0ubuntu0.16.04.1 firefox-globalmenu - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-uz - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-ml - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-mn - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-mk - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-ur - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-eu - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-et - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-es - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-vi - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-el - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-eo - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-en - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-zu - 67.0.2+build2-0ubuntu0.16.04.1 firefox-locale-ast - 67.0.2+build2-0ubuntu0.16.04.1 No subscription required None https://launchpad.net/bugs/1832907 Ubuntu 16.04 LTS Wenchao Li discovered that curl incorrectly handled memory in the curl_url_set() function. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-5435) It was discovered that curl incorrectly handled memory when receiving data from a TFTP server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-5436) Update Instructions: Run `sudo pro fix USN-3993-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.47.0-1ubuntu2.13 libcurl4-openssl-dev - 7.47.0-1ubuntu2.13 libcurl3-gnutls - 7.47.0-1ubuntu2.13 libcurl4-doc - 7.47.0-1ubuntu2.13 libcurl3-nss - 7.47.0-1ubuntu2.13 libcurl4-nss-dev - 7.47.0-1ubuntu2.13 libcurl3 - 7.47.0-1ubuntu2.13 curl - 7.47.0-1ubuntu2.13 No subscription required Medium CVE-2019-5435 CVE-2019-5436 Ubuntu 16.04 LTS It was discovered that Keepalived incorrectly handled certain HTTP status response codes. A remote attacker could use this issue to cause Keepalived to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3995-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: keepalived - 1:1.2.24-1ubuntu0.16.04.2 No subscription required Medium CVE-2018-19115 Ubuntu 16.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same-origin protections, or execute arbitrary code. (CVE-2019-18511, CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-9797, CVE-2019-9800, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2019-5798, CVE-2019-7317) A type confusion bug was discovered with object groups and UnboxedObjects. If a user were tricked in to opening a specially crafted website in a browsing context after enabling the UnboxedObjects feature, an attacker could potentially exploit this to bypass security checks. (CVE-2019-9816) It was discovered that history data could be exposed via drag and drop of hyperlinks to and from bookmarks. If a user were tricked in to dragging a specially crafted hyperlink to a bookmark toolbar or sidebar, and subsequently back in to the web content area, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11698) Update Instructions: Run `sudo pro fix USN-3997-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-bn - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fr - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-en-us - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-es-es - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nb-no - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-br - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-dsb - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fy - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-kab - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-mk - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-bn-bd - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hu - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-es-ar - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-be - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-bg - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ja - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-lt - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sl - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-en-gb - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sv-se - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-si - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-gnome-support - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hr - 1:60.7.0+build1-0ubuntu0.16.04.1 xul-ext-calendar-timezones - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-de - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-en - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-da - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nl - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nn - 1:60.7.0+build1-0ubuntu0.16.04.1 xul-ext-lightning - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ga-ie - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fy-nl - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sv - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pa-in - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-it - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sr - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sq - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-he - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hsb - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-kk - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ar - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-uk - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-globalmenu - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-cn - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ta-lk - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ru - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-cs - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-mozsymbols - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fi - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ro - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-af - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pt-pt - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sk - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-dev - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-cy - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hy - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ca - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pt-br - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-el - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nn-no - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pa - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-rm - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ms - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-gl - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ko - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ga - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ast - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-tr - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-vi - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pl - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-gd - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-tw - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-id - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ka - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nb - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pt - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-eu - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-et - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-hant - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-hans - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-is - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-es - 1:60.7.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ta - 1:60.7.0+build1-0ubuntu0.16.04.1 No subscription required Medium CVE-2018-18511 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11698 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797 CVE-2019-9800 CVE-2019-9816 CVE-2019-9817 CVE-2019-9819 CVE-2019-9820 Ubuntu 16.04 LTS Marcus Brinkmann discovered that Evolution Data Server did not correctly interpret the output from GPG when decrypting encrypted messages. Under certain circumstances, this could result in displaying clear-text portions of encrypted messages as though they were encrypted. Update Instructions: Run `sudo pro fix USN-3998-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libecal1.2-dev - 3.18.5-1ubuntu1.2 libedataserver-1.2-21 - 3.18.5-1ubuntu1.2 libebackend-1.2-10 - 3.18.5-1ubuntu1.2 libebook1.2-dev - 3.18.5-1ubuntu1.2 libedata-cal1.2-dev - 3.18.5-1ubuntu1.2 libcamel-1.2-54 - 3.18.5-1ubuntu1.2 libebook-contacts-1.2-2 - 3.18.5-1ubuntu1.2 libedata-book1.2-dev - 3.18.5-1ubuntu1.2 libecal-1.2-19 - 3.18.5-1ubuntu1.2 evolution-data-server-online-accounts - 3.18.5-1ubuntu1.2 libebackend1.2-dev - 3.18.5-1ubuntu1.2 libcamel1.2-dev - 3.18.5-1ubuntu1.2 libedataserverui-1.2-1 - 3.18.5-1ubuntu1.2 gir1.2-edataserver-1.2 - 3.18.5-1ubuntu1.2 libedataserver1.2-dev - 3.18.5-1ubuntu1.2 libebook-contacts1.2-dev - 3.18.5-1ubuntu1.2 gir1.2-ebookcontacts-1.2 - 3.18.5-1ubuntu1.2 libedata-book-1.2-25 - 3.18.5-1ubuntu1.2 evolution-data-server - 3.18.5-1ubuntu1.2 evolution-data-server-common - 3.18.5-1ubuntu1.2 libedataserverui1.2-dev - 3.18.5-1ubuntu1.2 evolution-data-server-doc - 3.18.5-1ubuntu1.2 libebook-1.2-16 - 3.18.5-1ubuntu1.2 evolution-data-server-dev - 3.18.5-1ubuntu1.2 gir1.2-ebook-1.2 - 3.18.5-1ubuntu1.2 libedata-cal-1.2-28 - 3.18.5-1ubuntu1.2 No subscription required Medium CVE-2018-15587 Ubuntu 16.04 LTS Eyal Ronen, Kenneth G. Paterson, and Adi Shamir discovered that GnuTLS was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could possibly use this issue to perform plaintext-recovery attacks via analysis of timing data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-10844, CVE-2018-10845, CVE-2018-10846) Tavis Ormandy discovered that GnuTLS incorrectly handled memory when verifying certain X.509 certificates. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. (CVE-2019-3829) It was discovered that GnuTLS incorrectly handled certain post-handshake messages. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.10 and Ubuntu 19.04. (CVE-2019-3836) Update Instructions: Run `sudo pro fix USN-3999-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgnutls30 - 3.4.10-4ubuntu1.5 libgnutls28-dev - 3.4.10-4ubuntu1.5 libgnutlsxx28 - 3.4.10-4ubuntu1.5 gnutls-doc - 3.4.10-4ubuntu1.5 libgnutls-dev - 3.4.10-4ubuntu1.5 gnutls-bin - 3.4.10-4ubuntu1.5 guile-gnutls - 3.4.10-4ubuntu1.5 libgnutls-openssl27 - 3.4.10-4ubuntu1.5 No subscription required Medium CVE-2018-10844 CVE-2018-10845 CVE-2018-10846 CVE-2019-3829 CVE-2019-3836 Ubuntu 16.04 LTS It was discovered that Corosync incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4000-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: corosync-dev - 2.3.5-3ubuntu2.3 corosync-notifyd - 2.3.5-3ubuntu2.3 libcpg4 - 2.3.5-3ubuntu2.3 libcpg-dev - 2.3.5-3ubuntu2.3 libsam4 - 2.3.5-3ubuntu2.3 libcmap4 - 2.3.5-3ubuntu2.3 libquorum-dev - 2.3.5-3ubuntu2.3 libcorosync-common-dev - 2.3.5-3ubuntu2.3 libsam-dev - 2.3.5-3ubuntu2.3 libcmap-dev - 2.3.5-3ubuntu2.3 libcfg-dev - 2.3.5-3ubuntu2.3 libcfg6 - 2.3.5-3ubuntu2.3 corosync-doc - 2.3.5-3ubuntu2.3 libvotequorum-dev - 2.3.5-3ubuntu2.3 libvotequorum7 - 2.3.5-3ubuntu2.3 libcorosync-common4 - 2.3.5-3ubuntu2.3 libtotem-pg-dev - 2.3.5-3ubuntu2.3 libquorum5 - 2.3.5-3ubuntu2.3 corosync - 2.3.5-3ubuntu2.3 libtotem-pg5 - 2.3.5-3ubuntu2.3 No subscription required Medium CVE-2018-1084 Ubuntu 16.04 LTS Jann Horn discovered that libseccomp did not correctly generate 64-bit syscall argument comparisons with arithmetic operators (LT, GT, LE, GE). An attacker could use this to bypass intended access restrictions for argument-filtered system calls. Update Instructions: Run `sudo pro fix USN-4001-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libseccomp-dev - 2.4.1-0ubuntu0.16.04.2 libseccomp2 - 2.4.1-0ubuntu0.16.04.2 seccomp - 2.4.1-0ubuntu0.16.04.2 No subscription required Medium CVE-2019-9893 Ubuntu 16.04 LTS It was discovered that Doxygen incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code and compromise sensitive information. Update Instructions: Run `sudo pro fix USN-4002-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: doxygen-gui - 1.8.11-1ubuntu0.1 doxygen-latex - 1.8.11-1ubuntu0.1 doxygen - 1.8.11-1ubuntu0.1 doxygen-doc - 1.8.11-1ubuntu0.1 No subscription required Medium CVE-2016-10245 Ubuntu 16.04 LTS It was discovered that Qt incorrectly handled certain XML documents. A remote attacker could use this issue with a specially crafted XML document to cause Qt to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-15518) It was discovered that Qt incorrectly handled certain GIF images. A remote attacker could use this issue with a specially crafted GIF image to cause Qt to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-19870) It was discovered that Qt incorrectly handled certain BMP images. A remote attacker could use this issue with a specially crafted BMP image to cause Qt to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-19873) Update Instructions: Run `sudo pro fix USN-4003-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libqt5libqgtk2 - 5.5.1+dfsg-16ubuntu7.6 libqt5opengl5 - 5.5.1+dfsg-16ubuntu7.6 libqt5widgets5 - 5.5.1+dfsg-16ubuntu7.6 libqt5concurrent5 - 5.5.1+dfsg-16ubuntu7.6 libqt5sql5-mysql - 5.5.1+dfsg-16ubuntu7.6 qtbase5-dev - 5.5.1+dfsg-16ubuntu7.6 libqt5sql5-sqlite - 5.5.1+dfsg-16ubuntu7.6 libqt5sql5-psql - 5.5.1+dfsg-16ubuntu7.6 libqt5core5a - 5.5.1+dfsg-16ubuntu7.6 libqt5network5 - 5.5.1+dfsg-16ubuntu7.6 qt5-qmake-arm-linux-gnueabihf - 5.5.1+dfsg-16ubuntu7.6 libqt5sql5 - 5.5.1+dfsg-16ubuntu7.6 libqt5dbus5 - 5.5.1+dfsg-16ubuntu7.6 libqt5gui5 - 5.5.1+dfsg-16ubuntu7.6 libqt5opengl5-dev - 5.5.1+dfsg-16ubuntu7.6 qtbase5-doc-html - 5.5.1+dfsg-16ubuntu7.6 qtbase5-dev-tools - 5.5.1+dfsg-16ubuntu7.6 qt5-qmake - 5.5.1+dfsg-16ubuntu7.6 libqt5sql5-tds - 5.5.1+dfsg-16ubuntu7.6 qtbase5-private-dev - 5.5.1+dfsg-16ubuntu7.6 libqt5printsupport5 - 5.5.1+dfsg-16ubuntu7.6 libqt5xml5 - 5.5.1+dfsg-16ubuntu7.6 qtbase5-examples - 5.5.1+dfsg-16ubuntu7.6 libqt5test5 - 5.5.1+dfsg-16ubuntu7.6 libqt5sql5-odbc - 5.5.1+dfsg-16ubuntu7.6 qt5-default - 5.5.1+dfsg-16ubuntu7.6 No subscription required Medium CVE-2018-15518 CVE-2018-19870 CVE-2018-19873 Ubuntu 16.04 LTS It was discovered that Berkeley DB incorrectly handled certain inputs. An attacker could possibly use this issue to read sensitive information. Update Instructions: Run `sudo pro fix USN-4004-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: db5.3-doc - 5.3.28-11ubuntu0.2 libdb5.3-java-jni - 5.3.28-11ubuntu0.2 libdb5.3-tcl - 5.3.28-11ubuntu0.2 libdb5.3-java-dev - 5.3.28-11ubuntu0.2 libdb5.3-dev - 5.3.28-11ubuntu0.2 db5.3-util - 5.3.28-11ubuntu0.2 libdb5.3-stl-dev - 5.3.28-11ubuntu0.2 libdb5.3-sql - 5.3.28-11ubuntu0.2 libdb5.3++-dev - 5.3.28-11ubuntu0.2 db5.3-sql-util - 5.3.28-11ubuntu0.2 libdb5.3 - 5.3.28-11ubuntu0.2 libdb5.3-stl - 5.3.28-11ubuntu0.2 libdb5.3-java-gcj - 5.3.28-11ubuntu0.2 libdb5.3-sql-dev - 5.3.28-11ubuntu0.2 libdb5.3-java - 5.3.28-11ubuntu0.2 libdb5.3++ - 5.3.28-11ubuntu0.2 No subscription required Medium CVE-2019-8457 Ubuntu 16.04 LTS USN-4007-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Federico Manuel Bento discovered that the Linux kernel did not properly apply Address Space Layout Randomization (ASLR) in some situations for setuid a.out binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in a setuid a.out binary. As a hardening measure, this update disables a.out support. Update Instructions: Run `sudo pro fix USN-4007-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1014-oracle - 4.15.0-1014.16~16.04.1 No subscription required linux-image-4.15.0-1040-aws - 4.15.0-1040.42~16.04.1 No subscription required linux-image-4.15.0-51-generic-lpae - 4.15.0-51.55~16.04.1 linux-image-4.15.0-51-lowlatency - 4.15.0-51.55~16.04.1 linux-image-4.15.0-51-generic - 4.15.0-51.55~16.04.1 No subscription required linux-image-oracle - 4.15.0.1014.8 No subscription required linux-image-aws-hwe - 4.15.0.1040.40 No subscription required linux-image-virtual-hwe-16.04 - 4.15.0.51.72 linux-image-generic-hwe-16.04 - 4.15.0.51.72 linux-image-oem - 4.15.0.51.72 linux-image-lowlatency-hwe-16.04 - 4.15.0.51.72 linux-image-generic-lpae-hwe-16.04 - 4.15.0.51.72 No subscription required Negligible CVE-2019-11191 Ubuntu 16.04 LTS Robert Święcki discovered that the Linux kernel did not properly apply Address Space Layout Randomization (ASLR) in some situations for setuid elf binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in a setuid elf binary. (CVE-2019-11190) It was discovered that a null pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-11810) It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel. The RDS protocol is disabled via blocklist by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service system crash) or possibly execute arbitrary code. (CVE-2019-11815) Federico Manuel Bento discovered that the Linux kernel did not properly apply Address Space Layout Randomization (ASLR) in some situations for setuid a.out binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in a setuid a.out binary. (CVE-2019-11191) As a hardening measure, this update disables a.out support. Update Instructions: Run `sudo pro fix USN-4008-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1047-kvm - 4.4.0-1047.53 No subscription required linux-image-4.4.0-1084-aws - 4.4.0-1084.94 No subscription required linux-image-4.4.0-1110-raspi2 - 4.4.0-1110.118 No subscription required linux-image-4.4.0-1114-snapdragon - 4.4.0-1114.119 No subscription required linux-image-4.4.0-150-lowlatency - 4.4.0-150.176 linux-image-4.4.0-150-generic - 4.4.0-150.176 linux-image-4.4.0-150-powerpc-smp - 4.4.0-150.176 linux-image-4.4.0-150-powerpc64-smp - 4.4.0-150.176 linux-image-4.4.0-150-generic-lpae - 4.4.0-150.176 linux-image-4.4.0-150-powerpc64-emb - 4.4.0-150.176 linux-image-4.4.0-150-powerpc-e500mc - 4.4.0-150.176 No subscription required linux-image-kvm - 4.4.0.1047.47 No subscription required linux-image-aws - 4.4.0.1084.87 No subscription required linux-image-raspi2 - 4.4.0.1110.110 No subscription required linux-image-snapdragon - 4.4.0.1114.106 No subscription required linux-image-powerpc64-smp-lts-utopic - 4.4.0.150.158 linux-image-generic-lts-wily - 4.4.0.150.158 linux-image-powerpc64-emb-lts-vivid - 4.4.0.150.158 linux-image-powerpc-e500mc - 4.4.0.150.158 linux-image-generic-lpae-lts-xenial - 4.4.0.150.158 linux-image-virtual-lts-vivid - 4.4.0.150.158 linux-image-generic-lpae-lts-utopic - 4.4.0.150.158 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.150.158 linux-image-generic-lts-utopic - 4.4.0.150.158 linux-image-powerpc-e500mc-lts-wily - 4.4.0.150.158 linux-image-generic-lts-vivid - 4.4.0.150.158 linux-image-generic-lpae-lts-wily - 4.4.0.150.158 linux-image-powerpc-smp-lts-utopic - 4.4.0.150.158 linux-image-virtual-lts-utopic - 4.4.0.150.158 linux-image-virtual - 4.4.0.150.158 linux-image-powerpc64-emb-lts-wily - 4.4.0.150.158 linux-image-lowlatency-lts-vivid - 4.4.0.150.158 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.150.158 linux-image-powerpc-smp-lts-xenial - 4.4.0.150.158 linux-image-powerpc64-smp-lts-vivid - 4.4.0.150.158 linux-image-lowlatency-lts-wily - 4.4.0.150.158 linux-image-virtual-lts-wily - 4.4.0.150.158 linux-image-generic - 4.4.0.150.158 linux-image-lowlatency-lts-xenial - 4.4.0.150.158 linux-image-powerpc64-smp-lts-xenial - 4.4.0.150.158 linux-image-powerpc64-emb-lts-utopic - 4.4.0.150.158 linux-image-generic-lts-xenial - 4.4.0.150.158 linux-image-powerpc-smp - 4.4.0.150.158 linux-image-generic-lpae-lts-vivid - 4.4.0.150.158 linux-image-generic-lpae - 4.4.0.150.158 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.150.158 linux-image-powerpc64-smp-lts-wily - 4.4.0.150.158 linux-image-powerpc64-emb - 4.4.0.150.158 linux-image-powerpc64-emb-lts-xenial - 4.4.0.150.158 linux-image-powerpc-smp-lts-wily - 4.4.0.150.158 linux-image-powerpc64-smp - 4.4.0.150.158 linux-image-lowlatency-lts-utopic - 4.4.0.150.158 linux-image-powerpc-smp-lts-vivid - 4.4.0.150.158 linux-image-lowlatency - 4.4.0.150.158 linux-image-virtual-lts-xenial - 4.4.0.150.158 No subscription required Medium CVE-2019-11190 CVE-2019-11191 CVE-2019-11810 CVE-2019-11815 Ubuntu 16.04 LTS USN-4008-1 fixed multiple security issues in the Linux kernel. This update provides the corresponding changes to AppArmor policy for correctly operating under the Linux kernel with fixes for CVE-2019-11190. Without these changes, some profile transitions may be unintentionally denied due to missing mmap ('m') rules. Original advisory details: Robert Święcki discovered that the Linux kernel did not properly apply Address Space Layout Randomization (ASLR) in some situations for setuid elf binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in a setuid elf binary. (CVE-2019-11190) It was discovered that a null pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-11810) It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel. The RDS protocol is disabled via blocklist by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11815) Federico Manuel Bento discovered that the Linux kernel did not properly apply Address Space Layout Randomization (ASLR) in some situations for setuid a.out binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in a setuid a.out binary. (CVE-2019-11191) As a hardening measure, this update disables a.out support. Update Instructions: Run `sudo pro fix USN-4008-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apparmor-docs - 2.10.95-0ubuntu2.11 python-apparmor - 2.10.95-0ubuntu2.11 libapparmor-dev - 2.10.95-0ubuntu2.11 libapparmor-perl - 2.10.95-0ubuntu2.11 libapparmor1 - 2.10.95-0ubuntu2.11 apparmor-notify - 2.10.95-0ubuntu2.11 apparmor-profiles - 2.10.95-0ubuntu2.11 python3-libapparmor - 2.10.95-0ubuntu2.11 python-libapparmor - 2.10.95-0ubuntu2.11 libpam-apparmor - 2.10.95-0ubuntu2.11 apparmor-easyprof - 2.10.95-0ubuntu2.11 apparmor - 2.10.95-0ubuntu2.11 python3-apparmor - 2.10.95-0ubuntu2.11 apparmor-utils - 2.10.95-0ubuntu2.11 libapache2-mod-apparmor - 2.10.95-0ubuntu2.11 dh-apparmor - 2.10.95-0ubuntu2.11 No subscription required Low CVE-2019-11190 Ubuntu 16.04 LTS It was discovered that PHP incorrectly handled certain exif tags in images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2019-11036) It was discovered that PHP incorrectly decoding certain MIME headers. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2019-11039) It was discovered that PHP incorrectly handled certain exif tags in images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-11040) Update Instructions: Run `sudo pro fix USN-4009-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.0-cgi - 7.0.33-0ubuntu0.16.04.5 php7.0-mcrypt - 7.0.33-0ubuntu0.16.04.5 php7.0-xsl - 7.0.33-0ubuntu0.16.04.5 php7.0-fpm - 7.0.33-0ubuntu0.16.04.5 libphp7.0-embed - 7.0.33-0ubuntu0.16.04.5 php7.0-cli - 7.0.33-0ubuntu0.16.04.5 php7.0-curl - 7.0.33-0ubuntu0.16.04.5 php7.0-ldap - 7.0.33-0ubuntu0.16.04.5 php7.0-mbstring - 7.0.33-0ubuntu0.16.04.5 php7.0-gmp - 7.0.33-0ubuntu0.16.04.5 php7.0-sqlite3 - 7.0.33-0ubuntu0.16.04.5 php7.0-gd - 7.0.33-0ubuntu0.16.04.5 php7.0-common - 7.0.33-0ubuntu0.16.04.5 php7.0-enchant - 7.0.33-0ubuntu0.16.04.5 php7.0-odbc - 7.0.33-0ubuntu0.16.04.5 php7.0-phpdbg - 7.0.33-0ubuntu0.16.04.5 php7.0-json - 7.0.33-0ubuntu0.16.04.5 php7.0-pgsql - 7.0.33-0ubuntu0.16.04.5 libapache2-mod-php7.0 - 7.0.33-0ubuntu0.16.04.5 php7.0-imap - 7.0.33-0ubuntu0.16.04.5 php7.0-dba - 7.0.33-0ubuntu0.16.04.5 php7.0-sybase - 7.0.33-0ubuntu0.16.04.5 php7.0-pspell - 7.0.33-0ubuntu0.16.04.5 php7.0-interbase - 7.0.33-0ubuntu0.16.04.5 php7.0-xml - 7.0.33-0ubuntu0.16.04.5 php7.0-bz2 - 7.0.33-0ubuntu0.16.04.5 php7.0-recode - 7.0.33-0ubuntu0.16.04.5 php7.0-zip - 7.0.33-0ubuntu0.16.04.5 php7.0 - 7.0.33-0ubuntu0.16.04.5 php7.0-tidy - 7.0.33-0ubuntu0.16.04.5 php7.0-soap - 7.0.33-0ubuntu0.16.04.5 php7.0-opcache - 7.0.33-0ubuntu0.16.04.5 php7.0-readline - 7.0.33-0ubuntu0.16.04.5 php7.0-intl - 7.0.33-0ubuntu0.16.04.5 php7.0-mysql - 7.0.33-0ubuntu0.16.04.5 php7.0-xmlrpc - 7.0.33-0ubuntu0.16.04.5 php7.0-bcmath - 7.0.33-0ubuntu0.16.04.5 php7.0-dev - 7.0.33-0ubuntu0.16.04.5 php7.0-snmp - 7.0.33-0ubuntu0.16.04.5 No subscription required Medium CVE-2019-11036 CVE-2019-11039 CVE-2019-11040 Ubuntu 16.04 LTS Olivier Dony discovered that Jinja incorrectly handled str.format. An attacker could possibly use this issue to escape the sandbox. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-10745) Brian Welch discovered that Jinja incorrectly handled str.format_map. An attacker could possibly use this issue to escape the sandbox. (CVE-2019-10906) Update Instructions: Run `sudo pro fix USN-4011-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-jinja2 - 2.8-1ubuntu0.1 python-jinja2-doc - 2.8-1ubuntu0.1 python3-jinja2 - 2.8-1ubuntu0.1 No subscription required Medium CVE-2016-10745 CVE-2019-10906 Ubuntu 16.04 LTS It was discovered that elfutils incorrectly handled certain malformed files. If a user or automated system were tricked into processing a specially crafted file, elfutils could be made to crash or consume resources, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4012-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libasm1 - 0.165-3ubuntu1.2 libdw-dev - 0.165-3ubuntu1.2 libelf1 - 0.165-3ubuntu1.2 libelf-dev - 0.165-3ubuntu1.2 elfutils - 0.165-3ubuntu1.2 libdw1 - 0.165-3ubuntu1.2 libasm-dev - 0.165-3ubuntu1.2 No subscription required Medium CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7149 CVE-2019-7150 CVE-2019-7665 Ubuntu 16.04 LTS It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4013-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsndfile1 - 1.0.25-10ubuntu0.16.04.2 libsndfile1-dev - 1.0.25-10ubuntu0.16.04.2 sndfile-programs - 1.0.25-10ubuntu0.16.04.2 No subscription required Medium CVE-2017-14245 CVE-2017-14246 CVE-2017-14634 CVE-2017-16942 CVE-2017-6892 CVE-2018-13139 CVE-2018-19432 CVE-2018-19661 CVE-2018-19662 CVE-2018-19758 CVE-2019-3832 Ubuntu 16.04 LTS It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. Update Instructions: Run `sudo pro fix USN-4014-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libglib2.0-0 - 2.48.2-0ubuntu4.2 libglib2.0-0-refdbg - 2.48.2-0ubuntu4.2 libglib2.0-data - 2.48.2-0ubuntu4.2 libglib2.0-udeb - 2.48.2-0ubuntu4.2 libglib2.0-tests - 2.48.2-0ubuntu4.2 libglib2.0-doc - 2.48.2-0ubuntu4.2 libglib2.0-bin - 2.48.2-0ubuntu4.2 libglib2.0-dev - 2.48.2-0ubuntu4.2 No subscription required Medium CVE-2019-12450 Ubuntu 16.04 LTS Joe Vennix discovered that DBus incorrectly handled DBUS_COOKIE_SHA1 authentication. A local attacker could possibly use this issue to bypass authentication and connect to DBus servers with elevated privileges. Update Instructions: Run `sudo pro fix USN-4015-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dbus-1-doc - 1.10.6-1ubuntu3.4 dbus - 1.10.6-1ubuntu3.4 libdbus-1-dev - 1.10.6-1ubuntu3.4 dbus-udeb - 1.10.6-1ubuntu3.4 dbus-user-session - 1.10.6-1ubuntu3.4 libdbus-1-3-udeb - 1.10.6-1ubuntu3.4 dbus-x11 - 1.10.6-1ubuntu3.4 dbus-tests - 1.10.6-1ubuntu3.4 libdbus-1-3 - 1.10.6-1ubuntu3.4 No subscription required Medium CVE-2019-12749 Ubuntu 16.04 LTS It was discovered that Vim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-5953) It was discovered that Vim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-12735) Update Instructions: Run `sudo pro fix USN-4016-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:7.4.1689-3ubuntu1.3 vim-nox-py2 - 2:7.4.1689-3ubuntu1.3 vim-gnome - 2:7.4.1689-3ubuntu1.3 vim-athena-py2 - 2:7.4.1689-3ubuntu1.3 vim-athena - 2:7.4.1689-3ubuntu1.3 vim-gtk - 2:7.4.1689-3ubuntu1.3 vim-gui-common - 2:7.4.1689-3ubuntu1.3 vim - 2:7.4.1689-3ubuntu1.3 vim-gtk3-py2 - 2:7.4.1689-3ubuntu1.3 vim-doc - 2:7.4.1689-3ubuntu1.3 vim-gtk-py2 - 2:7.4.1689-3ubuntu1.3 vim-tiny - 2:7.4.1689-3ubuntu1.3 vim-gnome-py2 - 2:7.4.1689-3ubuntu1.3 vim-gtk3 - 2:7.4.1689-3ubuntu1.3 vim-nox - 2:7.4.1689-3ubuntu1.3 vim-runtime - 2:7.4.1689-3ubuntu1.3 No subscription required Medium CVE-2017-5953 CVE-2019-12735 Ubuntu 16.04 LTS Jonathan Looney discovered that the TCP retransmission queue implementation in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (CVE-2019-11478) Jonathan Looney discovered that an integer overflow existed in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service (system crash). (CVE-2019-11477) Update Instructions: Run `sudo pro fix USN-4017-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1015-oracle - 4.15.0-1015.17~16.04.1 No subscription required linux-image-4.15.0-1034-gcp - 4.15.0-1034.36~16.04.1 No subscription required linux-image-4.15.0-1041-aws - 4.15.0-1041.43~16.04.1 No subscription required linux-image-4.15.0-1047-azure - 4.15.0-1047.51 No subscription required linux-image-4.15.0-52-generic - 4.15.0-52.56~16.04.1 linux-image-4.15.0-52-generic-lpae - 4.15.0-52.56~16.04.1 linux-image-4.15.0-52-lowlatency - 4.15.0-52.56~16.04.1 No subscription required linux-image-oracle - 4.15.0.1015.9 No subscription required linux-image-gcp - 4.15.0.1034.48 linux-image-gke - 4.15.0.1034.48 No subscription required linux-image-aws-hwe - 4.15.0.1041.41 No subscription required linux-image-azure - 4.15.0.1047.51 No subscription required linux-image-generic-hwe-16.04 - 4.15.0.52.73 linux-image-generic-lpae-hwe-16.04 - 4.15.0.52.73 linux-image-oem - 4.15.0.52.73 linux-image-virtual-hwe-16.04 - 4.15.0.52.73 linux-image-lowlatency-hwe-16.04 - 4.15.0.52.73 No subscription required linux-image-4.4.0-1048-kvm - 4.4.0-1048.55 No subscription required linux-image-4.4.0-1085-aws - 4.4.0-1085.96 No subscription required linux-image-4.4.0-1111-raspi2 - 4.4.0-1111.120 No subscription required linux-image-4.4.0-1115-snapdragon - 4.4.0-1115.121 No subscription required linux-image-4.4.0-151-generic-lpae - 4.4.0-151.178 linux-image-4.4.0-151-powerpc64-smp - 4.4.0-151.178 linux-image-4.4.0-151-lowlatency - 4.4.0-151.178 linux-image-4.4.0-151-generic - 4.4.0-151.178 linux-image-4.4.0-151-powerpc-e500mc - 4.4.0-151.178 linux-image-4.4.0-151-powerpc64-emb - 4.4.0-151.178 linux-image-4.4.0-151-powerpc-smp - 4.4.0-151.178 No subscription required linux-image-kvm - 4.4.0.1048.48 No subscription required linux-image-aws - 4.4.0.1085.88 No subscription required linux-image-raspi2 - 4.4.0.1111.111 No subscription required linux-image-snapdragon - 4.4.0.1115.107 No subscription required linux-image-generic-lts-wily - 4.4.0.151.159 linux-image-powerpc64-emb-lts-vivid - 4.4.0.151.159 linux-image-powerpc-e500mc - 4.4.0.151.159 linux-image-generic-lpae-lts-xenial - 4.4.0.151.159 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.151.159 linux-image-generic-lpae-lts-utopic - 4.4.0.151.159 linux-image-generic-lts-utopic - 4.4.0.151.159 linux-image-generic-lts-vivid - 4.4.0.151.159 linux-image-virtual-lts-vivid - 4.4.0.151.159 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.151.159 linux-image-virtual-lts-utopic - 4.4.0.151.159 linux-image-virtual - 4.4.0.151.159 linux-image-powerpc64-emb-lts-wily - 4.4.0.151.159 linux-image-powerpc64-smp-lts-xenial - 4.4.0.151.159 linux-image-powerpc64-smp-lts-utopic - 4.4.0.151.159 linux-image-powerpc64-emb - 4.4.0.151.159 linux-image-powerpc-smp-lts-xenial - 4.4.0.151.159 linux-image-lowlatency-lts-wily - 4.4.0.151.159 linux-image-powerpc64-smp-lts-vivid - 4.4.0.151.159 linux-image-generic - 4.4.0.151.159 linux-image-powerpc-e500mc-lts-wily - 4.4.0.151.159 linux-image-powerpc64-emb-lts-utopic - 4.4.0.151.159 linux-image-generic-lts-xenial - 4.4.0.151.159 linux-image-powerpc-smp - 4.4.0.151.159 linux-image-lowlatency-lts-xenial - 4.4.0.151.159 linux-image-generic-lpae - 4.4.0.151.159 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.151.159 linux-image-lowlatency-lts-vivid - 4.4.0.151.159 linux-image-powerpc64-smp-lts-wily - 4.4.0.151.159 linux-image-powerpc64-emb-lts-xenial - 4.4.0.151.159 linux-image-generic-lpae-lts-vivid - 4.4.0.151.159 linux-image-powerpc-smp-lts-wily - 4.4.0.151.159 linux-image-virtual-lts-wily - 4.4.0.151.159 linux-image-powerpc64-smp - 4.4.0.151.159 linux-image-generic-lpae-lts-wily - 4.4.0.151.159 linux-image-lowlatency-lts-utopic - 4.4.0.151.159 linux-image-powerpc-smp-lts-vivid - 4.4.0.151.159 linux-image-lowlatency - 4.4.0.151.159 linux-image-virtual-lts-xenial - 4.4.0.151.159 linux-image-powerpc-smp-lts-utopic - 4.4.0.151.159 No subscription required High CVE-2019-11477 CVE-2019-11478 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic Ubuntu 16.04 LTS It was discovered that SQLite incorrectly handled certain SQL files. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-2518, CVE-2017-2520) It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20505) It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20346, CVE-2018-20506) It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. (CVE-2019-8457) It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2019-9936) It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2019-9937) It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-6153) It was discovered that SQLite incorrectly handled certain databases. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-10989) It was discovered that SQLite incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-13685) It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-2519) Update Instructions: Run `sudo pro fix USN-4019-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lemon - 3.11.0-1ubuntu1.2 sqlite3-doc - 3.11.0-1ubuntu1.2 libsqlite3-0 - 3.11.0-1ubuntu1.2 libsqlite3-tcl - 3.11.0-1ubuntu1.2 sqlite3 - 3.11.0-1ubuntu1.2 libsqlite3-dev - 3.11.0-1ubuntu1.2 No subscription required Medium CVE-2016-6153 CVE-2017-10989 CVE-2017-13685 CVE-2017-2518 CVE-2017-2519 CVE-2017-2520 CVE-2018-20346 CVE-2018-20505 CVE-2018-20506 CVE-2019-8457 CVE-2019-9936 CVE-2019-9937 Ubuntu 16.04 LTS A type confusion bug was discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit this by causing a denial of service, or executing arbitrary code. Update Instructions: Run `sudo pro fix USN-4020-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-nn - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ne - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-nb - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-fa - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-fi - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-fr - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-fy - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-or - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-kab - 67.0.3+build1-0ubuntu0.16.04.1 firefox-testsuite - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-oc - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-cs - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ga - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-gd - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-gn - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-gl - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-gu - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-pa - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-pl - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-cy - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-pt - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-hi - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-uk - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-he - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-hy - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-hr - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-hu - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-as - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ar - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ia - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-az - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-id - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-mai - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-af - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-is - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-it - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-an - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-bs - 67.0.3+build1-0ubuntu0.16.04.1 firefox - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ro - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ja - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ru - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-br - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-zh-hant - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-zh-hans - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-bn - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-be - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-bg - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-sl - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-sk - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-si - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-sw - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-sv - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-sr - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-sq - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ko - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-kn - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-km - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-kk - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ka - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-xh - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ca - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ku - 67.0.3+build1-0ubuntu0.16.04.1 firefox-mozsymbols - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-lv - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-lt - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-th - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-hsb - 67.0.3+build1-0ubuntu0.16.04.1 firefox-dev - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-te - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-cak - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ta - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-lg - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-csb - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-tr - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-nso - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-de - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-da - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ms - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-mr - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-my - 67.0.3+build1-0ubuntu0.16.04.1 firefox-globalmenu - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-uz - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ml - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-mn - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-mk - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ur - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-eu - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-et - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-es - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-vi - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-el - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-eo - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-en - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-zu - 67.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ast - 67.0.3+build1-0ubuntu0.16.04.1 No subscription required High CVE-2019-11707 Ubuntu 16.04 LTS It was discovered that gunicorn improperly handled certain input. An attacker could potentially use this issue execute a cross-site scripting (XSS) attack. Update Instructions: Run `sudo pro fix USN-4022-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gunicorn3 - 19.4.5-1ubuntu1.1 gunicorn-examples - 19.4.5-1ubuntu1.1 python3-gunicorn - 19.4.5-1ubuntu1.1 python-gunicorn - 19.4.5-1ubuntu1.1 gunicorn - 19.4.5-1ubuntu1.1 No subscription required Low CVE-2018-1000164 Ubuntu 16.04 LTS It was discovered that Mosquitto broker incorrectly handled certain specially crafted input and network packets. A remote attacker could use this to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4023-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mosquitto-dev - 1.4.8-1ubuntu0.16.04.7 libmosquitto-dev - 1.4.8-1ubuntu0.16.04.7 libmosquitto1 - 1.4.8-1ubuntu0.16.04.7 mosquitto - 1.4.8-1ubuntu0.16.04.7 libmosquittopp1 - 1.4.8-1ubuntu0.16.04.7 libmosquittopp-dev - 1.4.8-1ubuntu0.16.04.7 mosquitto-clients - 1.4.8-1ubuntu0.16.04.7 No subscription required Medium CVE-2017-7653 CVE-2017-7654 Ubuntu 16.04 LTS As a security improvement, this update adjusts the AppArmor profile for the Evince thumbnailer to reduce access to the system and adjusts the AppArmor profile for Evince and Evince previewer to limit access to the DBus system bus. Additionally adjust the evince abstraction to disallow writes on parent directories of sensitive files. Update Instructions: Run `sudo pro fix USN-4024-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-evince-3.0 - 3.18.2-1ubuntu4.5 libevview3-3 - 3.18.2-1ubuntu4.5 evince-common - 3.18.2-1ubuntu4.5 libevince-dev - 3.18.2-1ubuntu4.5 evince - 3.18.2-1ubuntu4.5 libevdocument3-4 - 3.18.2-1ubuntu4.5 evince-gtk - 3.18.2-1ubuntu4.5 No subscription required None https://launchpad.net/bugs/1794848 https://launchpad.net/bugs/1788929 Ubuntu 16.04 LTS Multiple memory safety issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4028-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-bn - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-fr - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-en-us - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-es-es - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-nb-no - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-br - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-dsb - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-fy - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-kab - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-mk - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-bn-bd - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-hu - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-es-ar - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-be - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-bg - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ja - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-lt - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-sl - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-en-gb - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-sv-se - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-si - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-gnome-support - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-hr - 1:60.7.1+build1-0ubuntu0.16.04.1 xul-ext-calendar-timezones - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-de - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-en - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-da - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-nl - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-nn - 1:60.7.1+build1-0ubuntu0.16.04.1 xul-ext-lightning - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ga-ie - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-fy-nl - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-sv - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-pa-in - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-it - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-sr - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-sq - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-he - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-hsb - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-kk - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ar - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-uk - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-globalmenu - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-cn - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ta-lk - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ru - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-cs - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-mozsymbols - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-fi - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ro - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-af - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-pt-pt - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-sk - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-dev - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-cy - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-hy - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ca - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-pt-br - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-el - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-nn-no - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-pa - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-rm - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ms - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-gl - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ko - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ga - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ast - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-tr - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-vi - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-pl - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-gd - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-tw - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-id - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ka - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-nb - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-pt - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-eu - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-et - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-hant - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-hans - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-is - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-es - 1:60.7.1+build1-0ubuntu0.16.04.1 thunderbird-locale-ta - 1:60.7.1+build1-0ubuntu0.16.04.1 No subscription required Medium CVE-2019-11703 CVE-2019-11704 CVE-2019-11705 CVE-2019-11706 Ubuntu 16.04 LTS It was discovered that web2py does not properly check denied hosts before verifying passwords. An attacker could possibly use this issue to perform brute-force attacks. (CVE-2016-10321) It was discovered that web2py allows remote attackers to obtain environment variable values. An attacker could possibly use this issue to gain administrative access. (CVE-2016-3952) It was discovered that web2py uses a hardcoded encryption key. An attacker could possibly use this issue to execute arbitrary code. (CVE-2016-3953, CVE-2016-3954, CVE-2016-3957) Update Instructions: Run `sudo pro fix USN-4030-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-gluon - 2.12.3-1ubuntu0.1 python-web2py - 2.12.3-1ubuntu0.1 No subscription required Medium CVE-2016-10321 CVE-2016-3952 CVE-2016-3953 CVE-2016-3954 CVE-2016-3957 Ubuntu 16.04 LTS It was discovered that a sandboxed child process could open arbitrary web content in the parent process via the Prompt:Open IPC message. When combined with another vulnerability, an attacker could potentially exploit this to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4032-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-nn - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-ne - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-nb - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-fa - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-fi - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-fr - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-fy - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-or - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-kab - 67.0.4+build1-0ubuntu0.16.04.1 firefox-testsuite - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-oc - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-cs - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-ga - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-gd - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-gn - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-gl - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-gu - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-pa - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-pl - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-cy - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-pt - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-hi - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-uk - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-he - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-hy - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-hr - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-hu - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-as - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-ar - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-ia - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-az - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-id - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-mai - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-af - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-is - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-it - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-an - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-bs - 67.0.4+build1-0ubuntu0.16.04.1 firefox - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-ro - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-ja - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-ru - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-br - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-zh-hant - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-zh-hans - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-bn - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-be - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-bg - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-sl - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-sk - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-si - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-sw - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-sv - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-sr - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-sq - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-ko - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-kn - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-km - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-kk - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-ka - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-xh - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-ca - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-ku - 67.0.4+build1-0ubuntu0.16.04.1 firefox-mozsymbols - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-lv - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-lt - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-th - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-hsb - 67.0.4+build1-0ubuntu0.16.04.1 firefox-dev - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-te - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-cak - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-ta - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-lg - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-tr - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-nso - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-de - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-da - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-ms - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-mr - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-my - 67.0.4+build1-0ubuntu0.16.04.1 firefox-globalmenu - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-uz - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-ml - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-mn - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-mk - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-ur - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-vi - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-eu - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-et - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-es - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-csb - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-el - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-eo - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-en - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-zu - 67.0.4+build1-0ubuntu0.16.04.1 firefox-locale-ast - 67.0.4+build1-0ubuntu0.16.04.1 No subscription required High CVE-2019-11708 Ubuntu 16.04 LTS It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Due to a large number of issues discovered in GhostScript that prevent it from being used by ImageMagick safely, the update for Ubuntu 18.10 and Ubuntu 19.04 includes a default policy change that disables support for the Postscript and PDF formats in ImageMagick. This policy can be overridden if necessary by using an alternate ImageMagick policy configuration. Update Instructions: Run `sudo pro fix USN-4034-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.8.9.9-7ubuntu5.14 libmagickcore-6.q16-dev - 8:6.8.9.9-7ubuntu5.14 imagemagick - 8:6.8.9.9-7ubuntu5.14 imagemagick-doc - 8:6.8.9.9-7ubuntu5.14 libmagickwand-6.q16-dev - 8:6.8.9.9-7ubuntu5.14 libmagick++-6-headers - 8:6.8.9.9-7ubuntu5.14 libimage-magick-q16-perl - 8:6.8.9.9-7ubuntu5.14 libmagickwand-dev - 8:6.8.9.9-7ubuntu5.14 libimage-magick-perl - 8:6.8.9.9-7ubuntu5.14 libmagick++-dev - 8:6.8.9.9-7ubuntu5.14 imagemagick-6.q16 - 8:6.8.9.9-7ubuntu5.14 libmagick++-6.q16-5v5 - 8:6.8.9.9-7ubuntu5.14 perlmagick - 8:6.8.9.9-7ubuntu5.14 libmagickcore-6-headers - 8:6.8.9.9-7ubuntu5.14 libmagickcore-6-arch-config - 8:6.8.9.9-7ubuntu5.14 libmagick++-6.q16-dev - 8:6.8.9.9-7ubuntu5.14 libmagickcore-6.q16-2-extra - 8:6.8.9.9-7ubuntu5.14 libmagickwand-6-headers - 8:6.8.9.9-7ubuntu5.14 libmagickcore-dev - 8:6.8.9.9-7ubuntu5.14 libmagickwand-6.q16-2 - 8:6.8.9.9-7ubuntu5.14 libmagickcore-6.q16-2 - 8:6.8.9.9-7ubuntu5.14 No subscription required Medium CVE-2017-12805 CVE-2017-12806 CVE-2018-14434 CVE-2018-15607 CVE-2018-16323 CVE-2018-16412 CVE-2018-16413 CVE-2018-16644 CVE-2018-16645 CVE-2018-17965 CVE-2018-17966 CVE-2018-18016 CVE-2018-18023 CVE-2018-18024 CVE-2018-18025 CVE-2018-18544 CVE-2018-20467 CVE-2019-10131 CVE-2019-10649 CVE-2019-10650 CVE-2019-11470 CVE-2019-11472 CVE-2019-11597 CVE-2019-11598 CVE-2019-7175 CVE-2019-7395 CVE-2019-7396 CVE-2019-7397 CVE-2019-7398 CVE-2019-9956 Ubuntu 16.04 LTS It was discovered that Ceph incorrectly handled read only permissions. An authenticated attacker could use this issue to obtain dm-crypt encryption keys. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-14662) It was discovered that Ceph incorrectly handled certain OMAPs holding bucket indices. An authenticated attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-16846) It was discovered that Ceph incorrectly sanitized certain debug logs. A local attacker could possibly use this issue to obtain encryption key information. This issue was only addressed in Ubuntu 18.10 and Ubuntu 19.04. (CVE-2018-16889) It was discovered that Ceph incorrectly handled certain civetweb requests. A remote attacker could possibly use this issue to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.10 and Ubuntu 19.04. (CVE-2019-3821) Update Instructions: Run `sudo pro fix USN-4035-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ceph-fs-common - 10.2.11-0ubuntu0.16.04.2 python-rbd - 10.2.11-0ubuntu0.16.04.2 python-rados - 10.2.11-0ubuntu0.16.04.2 ceph - 10.2.11-0ubuntu0.16.04.2 ceph-test - 10.2.11-0ubuntu0.16.04.2 rbd-mirror - 10.2.11-0ubuntu0.16.04.2 rbd-nbd - 10.2.11-0ubuntu0.16.04.2 librbd-dev - 10.2.11-0ubuntu0.16.04.2 libradosstriper1 - 10.2.11-0ubuntu0.16.04.2 rbd-fuse - 10.2.11-0ubuntu0.16.04.2 librados-dev - 10.2.11-0ubuntu0.16.04.2 libcephfs-jni - 10.2.11-0ubuntu0.16.04.2 libradosstriper-dev - 10.2.11-0ubuntu0.16.04.2 librados2 - 10.2.11-0ubuntu0.16.04.2 libcephfs1 - 10.2.11-0ubuntu0.16.04.2 librgw2 - 10.2.11-0ubuntu0.16.04.2 ceph-mds - 10.2.11-0ubuntu0.16.04.2 radosgw - 10.2.11-0ubuntu0.16.04.2 librbd1 - 10.2.11-0ubuntu0.16.04.2 python-ceph - 10.2.11-0ubuntu0.16.04.2 libcephfs-dev - 10.2.11-0ubuntu0.16.04.2 librgw-dev - 10.2.11-0ubuntu0.16.04.2 python-cephfs - 10.2.11-0ubuntu0.16.04.2 ceph-fuse - 10.2.11-0ubuntu0.16.04.2 ceph-common - 10.2.11-0ubuntu0.16.04.2 libcephfs-java - 10.2.11-0ubuntu0.16.04.2 ceph-resource-agents - 10.2.11-0ubuntu0.16.04.2 No subscription required Medium CVE-2018-14662 CVE-2018-16846 CVE-2018-16889 CVE-2019-3821 Ubuntu 16.04 LTS Erik Olof Gunnar Andersson discovered that OpenStack Neutron incorrectly handled certain security group rules in the iptables firewall module. An authenticated attacker could possibly use this issue to block further application of security group rules for other instances. Update Instructions: Run `sudo pro fix USN-4036-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: neutron-plugin-linuxbridge-agent - 2:8.4.0-0ubuntu7.4 neutron-linuxbridge-agent - 2:8.4.0-0ubuntu7.4 neutron-bgp-dragent - 2:8.4.0-0ubuntu7.4 neutron-metering-agent - 2:8.4.0-0ubuntu7.4 neutron-plugin-ml2 - 2:8.4.0-0ubuntu7.4 neutron-server - 2:8.4.0-0ubuntu7.4 neutron-plugin-openvswitch-agent - 2:8.4.0-0ubuntu7.4 neutron-plugin-sriov-agent - 2:8.4.0-0ubuntu7.4 neutron-l3-agent - 2:8.4.0-0ubuntu7.4 neutron-dhcp-agent - 2:8.4.0-0ubuntu7.4 neutron-sriov-agent - 2:8.4.0-0ubuntu7.4 neutron-openvswitch-agent - 2:8.4.0-0ubuntu7.4 neutron-metadata-agent - 2:8.4.0-0ubuntu7.4 python-neutron - 2:8.4.0-0ubuntu7.4 neutron-common - 2:8.4.0-0ubuntu7.4 neutron-macvtap-agent - 2:8.4.0-0ubuntu7.4 No subscription required Medium CVE-2019-9735 Ubuntu 16.04 LTS The policykit-desktop-privileges Startup Disk Creator policy allowed administrative users to overwrite disks. As a security improvement, this operation now requires authentication. Update Instructions: Run `sudo pro fix USN-4037-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: policykit-desktop-privileges - 0.20ubuntu16.04.1 No subscription required None https://launchpad.net/bugs/1832337 Ubuntu 16.04 LTS Aladdin Mubaied discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3189) It was discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-12900) Update Instructions: Run `sudo pro fix USN-4038-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bzip2 - 1.0.6-8ubuntu0.1 bzip2-doc - 1.0.6-8ubuntu0.1 libbz2-dev - 1.0.6-8ubuntu0.1 libbz2-1.0 - 1.0.6-8ubuntu0.1 No subscription required Medium CVE-2016-3189 CVE-2019-12900 Ubuntu 16.04 LTS USN-4038-1 fixed a vulnerability in bzip2. The update introduced a regression causing bzip2 to incorrect raises CRC errors for some files. We apologize for the inconvenience. Original advisory details: It was discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4038-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bzip2 - 1.0.6-8ubuntu0.2 bzip2-doc - 1.0.6-8ubuntu0.2 libbz2-dev - 1.0.6-8ubuntu0.2 libbz2-1.0 - 1.0.6-8ubuntu0.2 No subscription required None https://launchpad.net/bugs/1834494 Ubuntu 16.04 LTS It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4040-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libexpat1 - 2.1.0-7ubuntu0.16.04.4 expat - 2.1.0-7ubuntu0.16.04.4 libexpat1-dev - 2.1.0-7ubuntu0.16.04.4 lib64expat1-dev - 2.1.0-7ubuntu0.16.04.4 libexpat1-udeb - 2.1.0-7ubuntu0.16.04.4 lib64expat1 - 2.1.0-7ubuntu0.16.04.4 No subscription required Low CVE-2018-20843 Ubuntu 16.04 LTS USN-4017-1 fixed vulnerabilities in the Linux kernel for Ubuntu. Unfortunately, the update introduced a regression that interfered with networking applications that setup very low SO_SNDBUF values. This update fixes the problem. We apologize for the inconvenience. Jonathan Looney discovered that the Linux kernel could be coerced into segmenting responses into multiple TCP segments. A remote attacker could construct an ongoing sequence of requests to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4041-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1017-oracle - 4.15.0-1017.19~16.04.2 No subscription required linux-image-4.15.0-1036-gcp - 4.15.0-1036.38~16.04.1 No subscription required linux-image-4.15.0-1043-aws - 4.15.0-1043.45~16.04.1 No subscription required linux-image-4.15.0-1049-azure - 4.15.0-1049.54 No subscription required linux-image-4.15.0-54-generic-lpae - 4.15.0-54.58~16.04.1 linux-image-4.15.0-54-lowlatency - 4.15.0-54.58~16.04.1 linux-image-4.15.0-54-generic - 4.15.0-54.58~16.04.1 No subscription required linux-image-oracle - 4.15.0.1017.11 No subscription required linux-image-gke - 4.15.0.1036.50 linux-image-gcp - 4.15.0.1036.50 No subscription required linux-image-aws-hwe - 4.15.0.1043.43 No subscription required linux-image-azure - 4.15.0.1049.52 No subscription required linux-image-generic-lpae-hwe-16.04 - 4.15.0.54.75 linux-image-generic-hwe-16.04 - 4.15.0.54.75 linux-image-virtual-hwe-16.04 - 4.15.0.54.75 linux-image-oem - 4.15.0.54.75 linux-image-lowlatency-hwe-16.04 - 4.15.0.54.75 No subscription required linux-image-4.4.0-1051-kvm - 4.4.0-1051.58 No subscription required linux-image-4.4.0-1087-aws - 4.4.0-1087.98 No subscription required linux-image-4.4.0-1114-raspi2 - 4.4.0-1114.123 No subscription required linux-image-4.4.0-1118-snapdragon - 4.4.0-1118.124 No subscription required linux-image-4.4.0-154-generic - 4.4.0-154.181 linux-image-4.4.0-154-powerpc64-emb - 4.4.0-154.181 linux-image-4.4.0-154-powerpc-smp - 4.4.0-154.181 linux-image-4.4.0-154-powerpc64-smp - 4.4.0-154.181 linux-image-4.4.0-154-lowlatency - 4.4.0-154.181 linux-image-4.4.0-154-generic-lpae - 4.4.0-154.181 linux-image-4.4.0-154-powerpc-e500mc - 4.4.0-154.181 No subscription required linux-image-kvm - 4.4.0.1051.51 No subscription required linux-image-aws - 4.4.0.1087.90 No subscription required linux-image-raspi2 - 4.4.0.1114.114 No subscription required linux-image-snapdragon - 4.4.0.1118.110 No subscription required linux-image-generic-lts-wily - 4.4.0.154.162 linux-image-generic-lts-utopic - 4.4.0.154.162 linux-image-powerpc64-emb-lts-vivid - 4.4.0.154.162 linux-image-powerpc-e500mc - 4.4.0.154.162 linux-image-generic-lpae-lts-xenial - 4.4.0.154.162 linux-image-generic-lts-xenial - 4.4.0.154.162 linux-image-generic-lpae-lts-utopic - 4.4.0.154.162 linux-image-powerpc64-smp-lts-vivid - 4.4.0.154.162 linux-image-powerpc-e500mc-lts-wily - 4.4.0.154.162 linux-image-generic-lts-vivid - 4.4.0.154.162 linux-image-virtual-lts-vivid - 4.4.0.154.162 linux-image-virtual-lts-utopic - 4.4.0.154.162 linux-image-virtual - 4.4.0.154.162 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.154.162 linux-image-powerpc64-emb-lts-wily - 4.4.0.154.162 linux-image-powerpc64-smp-lts-xenial - 4.4.0.154.162 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.154.162 linux-image-powerpc64-emb - 4.4.0.154.162 linux-image-powerpc-smp-lts-xenial - 4.4.0.154.162 linux-image-lowlatency-lts-wily - 4.4.0.154.162 linux-image-virtual-lts-wily - 4.4.0.154.162 linux-image-generic - 4.4.0.154.162 linux-image-powerpc64-smp-lts-utopic - 4.4.0.154.162 linux-image-lowlatency-lts-xenial - 4.4.0.154.162 linux-image-lowlatency-lts-vivid - 4.4.0.154.162 linux-image-lowlatency-lts-utopic - 4.4.0.154.162 linux-image-powerpc64-emb-lts-utopic - 4.4.0.154.162 linux-image-powerpc-smp - 4.4.0.154.162 linux-image-generic-lpae-lts-vivid - 4.4.0.154.162 linux-image-generic-lpae - 4.4.0.154.162 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.154.162 linux-image-powerpc64-smp-lts-wily - 4.4.0.154.162 linux-image-powerpc64-emb-lts-xenial - 4.4.0.154.162 linux-image-powerpc-smp-lts-wily - 4.4.0.154.162 linux-image-powerpc64-smp - 4.4.0.154.162 linux-image-generic-lpae-lts-wily - 4.4.0.154.162 linux-image-powerpc-smp-lts-vivid - 4.4.0.154.162 linux-image-lowlatency - 4.4.0.154.162 linux-image-virtual-lts-xenial - 4.4.0.154.162 linux-image-powerpc-smp-lts-utopic - 4.4.0.154.162 No subscription required Medium CVE-2019-11479 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic Ubuntu 16.04 LTS It was discovered that poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service, or possibly execute arbitrary code Update Instructions: Run `sudo pro fix USN-4042-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpoppler58 - 0.41.0-0ubuntu1.14 poppler-utils - 0.41.0-0ubuntu1.14 libpoppler-qt5-1 - 0.41.0-0ubuntu1.14 libpoppler-cpp-dev - 0.41.0-0ubuntu1.14 libpoppler-cpp0 - 0.41.0-0ubuntu1.14 gir1.2-poppler-0.18 - 0.41.0-0ubuntu1.14 libpoppler-dev - 0.41.0-0ubuntu1.14 libpoppler-glib8 - 0.41.0-0ubuntu1.14 libpoppler-private-dev - 0.41.0-0ubuntu1.14 libpoppler-qt4-dev - 0.41.0-0ubuntu1.14 libpoppler-glib-dev - 0.41.0-0ubuntu1.14 libpoppler-qt4-4 - 0.41.0-0ubuntu1.14 libpoppler-qt5-dev - 0.41.0-0ubuntu1.14 libpoppler-glib-doc - 0.41.0-0ubuntu1.14 No subscription required Medium CVE-2017-9865 CVE-2018-18897 CVE-2018-20662 CVE-2019-10018 CVE-2019-10019 CVE-2019-10021 CVE-2019-10023 CVE-2019-10872 CVE-2019-10873 CVE-2019-12293 CVE-2019-9200 CVE-2019-9631 CVE-2019-9903 Ubuntu 16.04 LTS It was discovered that Django incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10 and Ubuntu 19.04. (CVE-2019-12308) Gavin Wahl discovered that Django incorrectly handled HTTP detection when used behind a reverse-proxy. Client requests made via HTTP would cause incorrect API results and would not be redirected to HTTPS, contrary to expectations. (CVE-2019-12781) Update Instructions: Run `sudo pro fix USN-4043-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1.8.7-1ubuntu5.9 python-django-doc - 1.8.7-1ubuntu5.9 python-django-common - 1.8.7-1ubuntu5.9 python-django - 1.8.7-1ubuntu5.9 No subscription required Medium CVE-2019-12308 CVE-2019-12781 Ubuntu 16.04 LTS Fix vulnerability where an authenticated non-admin users could load a module with a crafted name, then escalate privileges and run arbitrary code. Update Instructions: Run `sudo pro fix USN-4044-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: znc - 1.6.3-1ubuntu0.2 znc-python - 1.6.3-1ubuntu0.2 znc-tcl - 1.6.3-1ubuntu0.2 znc-dev - 1.6.3-1ubuntu0.2 znc-perl - 1.6.3-1ubuntu0.2 No subscription required Medium CVE-2019-12816 Ubuntu 16.04 LTS A type confusion bug was discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could exploit this by causing a denial of service, or executing arbirary code. (CVE-2019-11707) It was discovered that a sandboxed child process could open arbitrary web content in the parent process via the Prompt:Open IPC message. When combined with another vulnerability, an attacker could potentially exploit this to execute arbitrary code. (CVE-2019-11708) Update Instructions: Run `sudo pro fix USN-4045-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-bn - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-fr - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-en-us - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-es-es - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-nb-no - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-br - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-dsb - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-fy - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-kab - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-mk - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-bn-bd - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-hu - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-es-ar - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-be - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-bg - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-ja - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-lt - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-sl - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-en-gb - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-sv-se - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-si - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-gnome-support - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-hr - 1:60.7.2+build2-0ubuntu0.16.04.1 xul-ext-calendar-timezones - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-de - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-en - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-da - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-nl - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-nn - 1:60.7.2+build2-0ubuntu0.16.04.1 xul-ext-lightning - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-ga-ie - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-fy-nl - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-sv - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-pa-in - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-it - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-sr - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-sq - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-he - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-hsb - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-kk - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-ar - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-uk - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-globalmenu - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-zh-cn - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-ta-lk - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-ru - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-cs - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-mozsymbols - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-fi - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-ro - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-af - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-pt-pt - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-sk - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-dev - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-cy - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-hy - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-ca - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-pt-br - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-el - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-nn-no - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-pa - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-rm - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-ms - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-gl - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-ko - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-ga - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-ast - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-tr - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-vi - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-pl - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-gd - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-zh-tw - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-id - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-ka - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-nb - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-pt - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-eu - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-et - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-zh-hant - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-zh-hans - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-is - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-es - 1:60.7.2+build2-0ubuntu0.16.04.1 thunderbird-locale-ta - 1:60.7.2+build2-0ubuntu0.16.04.1 No subscription required High CVE-2019-11707 CVE-2019-11708 Ubuntu 16.04 LTS It was discovered that Irssi incorrectly handled certain disconnections. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-7054) It was discovered that Irssi incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2019-13045) Update Instructions: Run `sudo pro fix USN-4046-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: irssi-dev - 0.8.19-1ubuntu1.9 irssi - 0.8.19-1ubuntu1.9 No subscription required Medium CVE-2018-7054 CVE-2019-13045 Ubuntu 16.04 LTS Matthias Gerstner and Ján Tomko discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to check for arbitrary files, or execute arbitrary binaries. In the default installation, attackers would be isolated by the libvirt AppArmor profile. Update Instructions: Run `sudo pro fix USN-4047-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvirt0 - 1.3.1-1ubuntu10.27 libvirt-dev - 1.3.1-1ubuntu10.27 libvirt-doc - 1.3.1-1ubuntu10.27 libvirt-bin - 1.3.1-1ubuntu10.27 No subscription required Medium CVE-2019-10161 CVE-2019-10166 CVE-2019-10167 CVE-2019-10168 Ubuntu 16.04 LTS Aleksa Sarai discovered that Docker was vulnerable to a directory traversal attack. An attacker could use this vulnerability to read and write arbitrary files on the host filesystem as root. Update Instructions: Run `sudo pro fix USN-4048-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: golang-github-docker-docker-dev - 18.09.7-0ubuntu1~16.04.4 docker.io - 18.09.7-0ubuntu1~16.04.4 golang-docker-dev - 18.09.7-0ubuntu1~16.04.4 vim-syntax-docker - 18.09.7-0ubuntu1~16.04.4 docker-doc - 18.09.7-0ubuntu1~16.04.4 No subscription required Medium CVE-2018-15664 CVE-2019-5736 Ubuntu 16.04 LTS It was discovered that GLib created directories and files without properly restricting permissions. An attacker could possibly use this issue to access sensitive information. Update Instructions: Run `sudo pro fix USN-4049-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libglib2.0-0 - 2.48.2-0ubuntu4.3 libglib2.0-0-refdbg - 2.48.2-0ubuntu4.3 libglib2.0-data - 2.48.2-0ubuntu4.3 libglib2.0-udeb - 2.48.2-0ubuntu4.3 libglib2.0-tests - 2.48.2-0ubuntu4.3 libglib2.0-doc - 2.48.2-0ubuntu4.3 libglib2.0-bin - 2.48.2-0ubuntu4.3 libglib2.0-dev - 2.48.2-0ubuntu4.3 No subscription required Medium CVE-2019-13012 Ubuntu 16.04 LTS USN-4049-1 fixed a vulnerability in GLib. The update introduced a regression in Ubuntu 16.04 LTS causing a possibly memory leak. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that GLib created directories and files without properly restricting permissions. An attacker could possibly use this issue to access sensitive information. Update Instructions: Run `sudo pro fix USN-4049-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libglib2.0-0 - 2.48.2-0ubuntu4.4 libglib2.0-0-refdbg - 2.48.2-0ubuntu4.4 libglib2.0-data - 2.48.2-0ubuntu4.4 libglib2.0-udeb - 2.48.2-0ubuntu4.4 libglib2.0-tests - 2.48.2-0ubuntu4.4 libglib2.0-doc - 2.48.2-0ubuntu4.4 libglib2.0-bin - 2.48.2-0ubuntu4.4 libglib2.0-dev - 2.48.2-0ubuntu4.4 No subscription required None https://launchpad.net/bugs/1838890 Ubuntu 16.04 LTS It was discovered that ZeroMQ incorrectly handled certain application metadata. A remote attacker could use this issue to cause ZeroMQ to crash, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4050-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libzmq5 - 4.1.4-7ubuntu0.1 libzmq3-dev - 4.1.4-7ubuntu0.1 No subscription required High CVE-2019-13132 Ubuntu 16.04 LTS Kevin Backhouse discovered a race-condition when reading the user's local Apport configuration. This could be used by a local attacker to cause Apport to include arbitrary files in a resulting crash report. Update Instructions: Run `sudo pro fix USN-4051-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.20.1-0ubuntu2.19 python3-problem-report - 2.20.1-0ubuntu2.19 apport-kde - 2.20.1-0ubuntu2.19 apport-retrace - 2.20.1-0ubuntu2.19 apport-valgrind - 2.20.1-0ubuntu2.19 python3-apport - 2.20.1-0ubuntu2.19 dh-apport - 2.20.1-0ubuntu2.19 apport-gtk - 2.20.1-0ubuntu2.19 apport - 2.20.1-0ubuntu2.19 python-problem-report - 2.20.1-0ubuntu2.19 apport-noui - 2.20.1-0ubuntu2.19 No subscription required Medium CVE-2019-7307 Ubuntu 16.04 LTS Kevin Backhouse discovered Whoopsie incorrectly handled very large crash reports. A local attacker could possibly use this issue to cause a denial of service or expose sensitive information. Update Instructions: Run `sudo pro fix USN-4052-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: whoopsie - 0.2.52.5ubuntu0.1 libwhoopsie0 - 0.2.52.5ubuntu0.1 libwhoopsie-dev - 0.2.52.5ubuntu0.1 No subscription required Medium CVE-2019-11476 Ubuntu 16.04 LTS It was discovered that GVfs incorrectly handled the admin backend. Files created or moved by the admin backend could end up with the wrong ownership information, contrary to expectations. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. (CVE-2019-12447, CVE-2019-12448, CVE-2019-12449) It was discovered that GVfs incorrectly handled authentication on its private D-Bus socket. A local attacker could possibly connect to this socket and issue D-Bus calls. (CVE-2019-12795) Update Instructions: Run `sudo pro fix USN-4053-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gvfs-backends - 1.28.2-1ubuntu1~16.04.3 gvfs-libs - 1.28.2-1ubuntu1~16.04.3 gvfs-daemons - 1.28.2-1ubuntu1~16.04.3 gvfs-bin - 1.28.2-1ubuntu1~16.04.3 gvfs-common - 1.28.2-1ubuntu1~16.04.3 gvfs-fuse - 1.28.2-1ubuntu1~16.04.3 gvfs - 1.28.2-1ubuntu1~16.04.3 No subscription required Medium CVE-2019-12447 CVE-2019-12448 CVE-2019-12449 CVE-2019-12795 Ubuntu 16.04 LTS A sandbox escape was discovered in Firefox. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. (CVE-2019-9811) Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass same origin restrictions, conduct cross-site scripting (XSS) attacks, conduct cross-site request forgery (CSRF) attacks, spoof origin attributes, spoof the addressbar contents, bypass safebrowsing protections, or execute arbitrary code. (CVE-2019-11709, CVE-2019-11710, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713, CVE-2019-11714, CVE-2019-11715, CVE-2019-11716, CVE-2019-11717, CVE-2019-11718, CVE-2019-11719, CVE-2019-11720, CVE-2019-11721, CVE-2019-11723, CVE-2019-11724, CVE-2019-11725, CVE-2019-11727, CVE-2019-11728, CVE-2019-11729) It was discovered that Firefox treats all files in a directory as same origin. If a user were tricked in to downloading a specially crafted HTML file, an attacker could potentially exploit this to obtain sensitive information from local files. (CVE-2019-11730) Update Instructions: Run `sudo pro fix USN-4054-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-nn - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-ne - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-nb - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-fa - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-fi - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-fr - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-fy - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-or - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-kab - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-oc - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-cs - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-ga - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-gd - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-gn - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-gl - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-gu - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-pa - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-pl - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-cy - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-pt - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-hi - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-uk - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-he - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-hy - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-hr - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-hu - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-as - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-ar - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-ia - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-az - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-id - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-mai - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-af - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-is - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-it - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-an - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-bs - 68.0+build3-0ubuntu0.16.04.1 firefox - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-ro - 68.0+build3-0ubuntu0.16.04.1 firefox-geckodriver - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-ja - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-ru - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-br - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-zh-hant - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-zh-hans - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-bn - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-be - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-bg - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-sl - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-sk - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-si - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-sw - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-sv - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-sr - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-sq - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-ko - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-kn - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-km - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-kk - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-ka - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-xh - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-ca - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-ku - 68.0+build3-0ubuntu0.16.04.1 firefox-mozsymbols - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-lv - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-lt - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-th - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-hsb - 68.0+build3-0ubuntu0.16.04.1 firefox-dev - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-te - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-cak - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-ta - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-lg - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-tr - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-nso - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-de - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-da - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-ms - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-mr - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-my - 68.0+build3-0ubuntu0.16.04.1 firefox-globalmenu - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-uz - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-ml - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-mn - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-mk - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-ur - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-vi - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-eu - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-et - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-es - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-csb - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-el - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-eo - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-en - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-zu - 68.0+build3-0ubuntu0.16.04.1 firefox-locale-ast - 68.0+build3-0ubuntu0.16.04.1 No subscription required Medium CVE-2019-9811 CVE-2019-11709 CVE-2019-11710 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11714 CVE-2019-11715 CVE-2019-11716 CVE-2019-11717 CVE-2019-11718 CVE-2019-11719 CVE-2019-11720 CVE-2019-11721 CVE-2019-11723 CVE-2019-11724 CVE-2019-11725 CVE-2019-11727 CVE-2019-11728 CVE-2019-11729 CVE-2019-11730 Ubuntu 16.04 LTS USN-4054-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory details: A sandbox escape was discovered in Firefox. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. (CVE-2019-9811) Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass same origin restrictions, conduct cross-site scripting (XSS) attacks, conduct cross-site request forgery (CSRF) attacks, spoof origin attributes, spoof the addressbar contents, bypass safebrowsing protections, or execute arbitrary code. (CVE-2019-11709, CVE-2019-11710, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713, CVE-2019-11714, CVE-2019-11715, CVE-2019-11716, CVE-2019-11717, CVE-2019-11718, CVE-2019-11719, CVE-2019-11720, CVE-2019-11721, CVE-2019-11723, CVE-2019-11724, CVE-2019-11725, CVE-2019-11727, CVE-2019-11728, CVE-2019-11729) It was discovered that Firefox treats all files in a directory as same origin. If a user were tricked in to downloading a specially crafted HTML file, an attacker could potentially exploit this to obtain sensitive information from local files. (CVE-2019-11730) Update Instructions: Run `sudo pro fix USN-4054-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nn - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ne - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nb - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fa - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fi - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fr - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fy - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-or - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kab - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-oc - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cs - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ga - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gd - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gn - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gl - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gu - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pa - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pl - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cy - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pt - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hi - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-uk - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-he - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hy - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hr - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hu - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-as - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ar - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ia - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-az - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-id - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mai - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-af - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-is - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-it - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-an - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bs - 68.0.1+build1-0ubuntu0.16.04.1 firefox - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ro - 68.0.1+build1-0ubuntu0.16.04.1 firefox-geckodriver - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ja - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ru - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-br - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zh-hant - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zh-hans - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bn - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-be - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bg - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sl - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sk - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-si - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sw - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sv - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sr - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sq - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ko - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kn - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-km - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kk - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ka - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-xh - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ca - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ku - 68.0.1+build1-0ubuntu0.16.04.1 firefox-mozsymbols - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lv - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lt - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-th - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hsb - 68.0.1+build1-0ubuntu0.16.04.1 firefox-dev - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-te - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cak - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ta - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lg - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-csb - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-tr - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nso - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-de - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-da - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ms - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mr - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-my - 68.0.1+build1-0ubuntu0.16.04.1 firefox-globalmenu - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-uz - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ml - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mn - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mk - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ur - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-eu - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-et - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-es - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-vi - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-el - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-eo - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-en - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zu - 68.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ast - 68.0.1+build1-0ubuntu0.16.04.1 No subscription required None https://launchpad.net/bugs/1837941 Ubuntu 16.04 LTS Mike Salvatore discovered that FlightCrew improperly handled certain malformed EPUB files. An attacker could potentially use this vulnerability to cause a denial of service. (CVE-2019-13032) Mike Salvatore discovered that FlightCrew mishandled certain malformed EPUB files. An attacker could use this vulnerability to write arbitrary files to the filesystem. (CVE-2019-13241) Mike Salvatore discovered that the version of Zipios included in FlightCrew mishandled certain malformed ZIP files. An attacker could use this vulnerability to cause a denial of service or consume system resources. (CVE-2019-13453) Update Instructions: Run `sudo pro fix USN-4055-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libflightcrew0v5 - 0.7.2+dfsg-6ubuntu0.1 libflightcrew-dev - 0.7.2+dfsg-6ubuntu0.1 flightcrew - 0.7.2+dfsg-6ubuntu0.1 No subscription required Medium CVE-2019-13032 CVE-2019-13241 CVE-2019-13453 Ubuntu 16.04 LTS It was discovered that Exiv2 incorrectly handled certain PSD files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-19107, CVE-2018-19108) It was discovered that Exiv2 incorrectly handled certain PNG files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-19535, CVE-2019-13112) It was discovered that Exiv2 incorrectly handled certain CRW files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-13110, CVE-2019-13113) It was discovered that incorrectly handled certain HTTP requests. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-13114) Update Instructions: Run `sudo pro fix USN-4056-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exiv2 - 0.25-2.1ubuntu16.04.4 libexiv2-14 - 0.25-2.1ubuntu16.04.4 libexiv2-doc - 0.25-2.1ubuntu16.04.4 libexiv2-dev - 0.25-2.1ubuntu16.04.4 No subscription required Medium CVE-2018-19107 CVE-2018-19108 CVE-2018-19535 CVE-2019-13110 CVE-2019-13112 CVE-2019-13113 CVE-2019-13114 Ubuntu 16.04 LTS Mike Salvatore discovered that Zipios mishandled certain malformed ZIP files. An attacker could use this vulnerability to cause a denial of service or consume system resources. (CVE-2019-13453) Update Instructions: Run `sudo pro fix USN-4057-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libzipios++0v5 - 0.1.5.9+cvs.2007.04.28-5.2ubuntu0.16.04.1 libzipios++-dev - 0.1.5.9+cvs.2007.04.28-5.2ubuntu0.16.04.1 libzipios++-doc - 0.1.5.9+cvs.2007.04.28-5.2ubuntu0.16.04.1 No subscription required Medium CVE-2019-13453 Ubuntu 16.04 LTS It was discovered that Bash incorrectly handled the restricted shell. An attacker could possibly use this issue to escape restrictions and execute any command. Update Instructions: Run `sudo pro fix USN-4058-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bash-builtins - 4.3-14ubuntu1.4 bash-doc - 4.3-14ubuntu1.4 bash - 4.3-14ubuntu1.4 bash-static - 4.3-14ubuntu1.4 No subscription required Low CVE-2019-9924 Ubuntu 16.04 LTS It was discovered that Squid incorrectly handled certain SNMP packets. A remote attacker could possibly use this issue to cause memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-19132) It was discovered that Squid incorrectly handled the cachemgr.cgi web module. A remote attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. (CVE-2019-13345) Update Instructions: Run `sudo pro fix USN-4059-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squid-common - 3.5.12-1ubuntu7.7 squid - 3.5.12-1ubuntu7.7 squid-cgi - 3.5.12-1ubuntu7.7 squid-purge - 3.5.12-1ubuntu7.7 squidclient - 3.5.12-1ubuntu7.7 squid3 - 3.5.12-1ubuntu7.7 No subscription required Medium CVE-2018-19132 CVE-2019-13345 Ubuntu 16.04 LTS Henry Corrigan-Gibbs discovered that NSS incorrectly handled importing certain curve25519 private keys. An attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2019-11719) Hubert Kario discovered that NSS incorrectly handled PKCS#1 v1.5 signatures when using TLSv1.3. An attacker could possibly use this issue to trick NSS into using PKCS#1 v1.5 signatures, contrary to expectations. This issue only applied to Ubuntu 19.04. (CVE-2019-11727) Jonas Allmann discovered that NSS incorrectly handled certain p256-ECDH public keys. An attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. (CVE-2019-11729) Update Instructions: Run `sudo pro fix USN-4060-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.28.4-0ubuntu0.16.04.6 libnss3-dev - 2:3.28.4-0ubuntu0.16.04.6 libnss3 - 2:3.28.4-0ubuntu0.16.04.6 libnss3-1d - 2:3.28.4-0ubuntu0.16.04.6 libnss3-tools - 2:3.28.4-0ubuntu0.16.04.6 No subscription required Medium CVE-2019-11719 CVE-2019-11727 CVE-2019-11729 Ubuntu 16.04 LTS It was discovered that Redis incorrectly handled the hyperloglog data structure. An attacker could use this issue to cause Redis to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4061-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: redis-tools - 2:3.0.6-1ubuntu0.4 redis-server - 2:3.0.6-1ubuntu0.4 redis-sentinel - 2:3.0.6-1ubuntu0.4 No subscription required Medium CVE-2019-10192 CVE-2019-10193 Ubuntu 16.04 LTS Nils Emmerich discovered that LibreOffice incorrectly handled LibreLogo scripts. If a user were tricked into opening a specially crafted document, a remote attacker could cause LibreOffice to execute arbitrary code. (CVE-2019-9848) Matei "Mal" Badanoiu discovered that LibreOffice incorrectly handled stealth mode. Contrary to expectations, bullet graphics could be retrieved from remote locations when running in stealth mode. (CVE-2019-9849) Update Instructions: Run `sudo pro fix USN-4063-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libreoffice-mysql-connector - 1.0.2+LibO5.1.6~rc2-0ubuntu1~xenial8 No subscription required libreoffice-wiki-publisher - 1.2.0+LibO5.1.6~rc2-0ubuntu1~xenial8 No subscription required libreoffice-impress - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-sdbc-postgresql - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-officebean - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-base - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-librelogo - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-java-common - 1:5.1.6~rc2-0ubuntu1~xenial8 gir1.2-lokdocview-0.1 - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-subsequentcheckbase - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-style-elementary - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-kde - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-style-galaxy - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-style-hicontrast - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-core - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-script-provider-bsh - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-avmedia-backend-gstreamer - 1:5.1.6~rc2-0ubuntu1~xenial8 libreofficekit-dev - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-script-provider-python - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-common - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-gnome - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-dev - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-gtk3 - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-report-builder - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-base-core - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-draw - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-ogltrans - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-sdbc-hsqldb - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-gtk - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-calc - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-base-drivers - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-style-oxygen - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-style-tango - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-style-human - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-sdbc-firebird - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-pdfimport - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-math - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-writer - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-report-builder-bin - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-dev-doc - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-script-provider-js - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-style-sifr - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-style-breeze - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-l10n-in - 1:5.1.6~rc2-0ubuntu1~xenial8 libreoffice-l10n-za - 1:5.1.6~rc2-0ubuntu1~xenial8 python3-uno - 1:5.1.6~rc2-0ubuntu1~xenial8 No subscription required fonts-opensymbol - 2:102.7+LibO5.1.6~rc2-0ubuntu1~xenial8 No subscription required uno-libs3 - 5.1.6~rc2-0ubuntu1~xenial8 ure - 5.1.6~rc2-0ubuntu1~xenial8 No subscription required Medium CVE-2019-9848 CVE-2019-9849 Ubuntu 16.04 LTS A sandbox escape was discovered in Thunderbird. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. (CVE-2019-9811) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same origin restrictions, conduct cross-site scripting (XSS) attacks, spoof origin attributes, or execute arbitrary code. (CVE-2019-11709, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713, CVE-2019-11715, CVE-2019-11717) It was discovered that NSS incorrectly handled importing certain curve25519 private keys. An attacker could exploit this issue to cause Thunderbird to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2019-11719) It was discovered that NSS incorrectly handled certain p256-ECDH public keys. An attacker could possibly exploit this issue to cause Thunderbird to crash, resulting in a denial of service. (CVE-2019-11729) It was discovered that Thunderbird treats all files in a directory as same origin. If a user were tricked in to downloading a specially crafted HTML file, an attacker could potentially exploit this to obtain sensitive information from local files. (CVE-2019-11730) Update Instructions: Run `sudo pro fix USN-4064-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-bn - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-fr - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-en-us - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-es-es - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-nb-no - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-br - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-dsb - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-fy - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-kab - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-mk - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-bn-bd - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-hu - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-es-ar - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-be - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-bg - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ja - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-lt - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-sl - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-en-gb - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-sv-se - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-si - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-gnome-support - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-hr - 1:60.8.0+build1-0ubuntu0.16.04.2 xul-ext-calendar-timezones - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-de - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-en - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-da - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-nl - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-nn - 1:60.8.0+build1-0ubuntu0.16.04.2 xul-ext-lightning - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ga-ie - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-fy-nl - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-sv - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-pa-in - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-it - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-sr - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-sq - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-he - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-hsb - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-kk - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ar - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-uk - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-globalmenu - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-zh-cn - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ta-lk - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ru - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-cs - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-mozsymbols - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-fi - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ro - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-af - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-pt-pt - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-sk - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-dev - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-cy - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-hy - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ca - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-pt-br - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-el - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-nn-no - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-pa - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-rm - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ms - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-gl - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ko - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ga - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ast - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-tr - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-vi - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-pl - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-gd - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-zh-tw - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-id - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ka - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-nb - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-pt - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-eu - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-et - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-zh-hant - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-zh-hans - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-is - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-es - 1:60.8.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ta - 1:60.8.0+build1-0ubuntu0.16.04.2 No subscription required Medium CVE-2019-9811 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11719 CVE-2019-11729 CVE-2019-11730 Ubuntu 16.04 LTS It was discovered that Squid incorrectly handled Digest authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2019-12525) It was discovered that Squid incorrectly handled Basic authentication. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-12527) It was discovered that Squid incorrectly handled Basic authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2019-12529) Update Instructions: Run `sudo pro fix USN-4065-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squid-common - 3.5.12-1ubuntu7.8 squid - 3.5.12-1ubuntu7.8 squid-cgi - 3.5.12-1ubuntu7.8 squid-purge - 3.5.12-1ubuntu7.8 squidclient - 3.5.12-1ubuntu7.8 squid3 - 3.5.12-1ubuntu7.8 No subscription required Medium CVE-2019-12525 CVE-2019-12527 CVE-2019-12529 Ubuntu 16.04 LTS It was discovered that libmspack incorrectly handled certain CHM files. A remote attacker could possibly use this issue to access sensitive information. Update Instructions: Run `sudo pro fix USN-4066-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmspack0 - 0.5-1ubuntu0.16.04.4 libmspack-dev - 0.5-1ubuntu0.16.04.4 libmspack-doc - 0.5-1ubuntu0.16.04.4 No subscription required Medium CVE-2019-1010305 Ubuntu 16.04 LTS It was discovered that Evince incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service or to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4067-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-evince-3.0 - 3.18.2-1ubuntu4.6 libevview3-3 - 3.18.2-1ubuntu4.6 evince-common - 3.18.2-1ubuntu4.6 libevince-dev - 3.18.2-1ubuntu4.6 evince - 3.18.2-1ubuntu4.6 libevdocument3-4 - 3.18.2-1ubuntu4.6 evince-gtk - 3.18.2-1ubuntu4.6 No subscription required Medium CVE-2019-1010006 Ubuntu 16.04 LTS USN-4068-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 for Ubuntu 16.04 LTS. Adam Zabrocki discovered that the Intel i915 kernel mode graphics driver in the Linux kernel did not properly restrict mmap() ranges in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11085) It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel. The RDS protocol is disabled via blocklist by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11815) It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833) It was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11884) Update Instructions: Run `sudo pro fix USN-4068-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1037-gcp - 4.15.0-1037.39~16.04.1 No subscription required linux-image-4.15.0-55-generic - 4.15.0-55.60~16.04.2 linux-image-4.15.0-55-lowlatency - 4.15.0-55.60~16.04.2 linux-image-4.15.0-55-generic-lpae - 4.15.0-55.60~16.04.2 No subscription required linux-image-gke - 4.15.0.1037.51 linux-image-gcp - 4.15.0.1037.51 No subscription required linux-image-virtual-hwe-16.04 - 4.15.0.55.76 linux-image-lowlatency-hwe-16.04 - 4.15.0.55.76 linux-image-generic-hwe-16.04 - 4.15.0.55.76 linux-image-oem - 4.15.0.55.76 linux-image-generic-lpae-hwe-16.04 - 4.15.0.55.76 No subscription required Medium CVE-2019-11085 CVE-2019-11815 CVE-2019-11833 CVE-2019-11884 Ubuntu 16.04 LTS Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.04 have been updated to MySQL 5.7.27. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-27.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html Update Instructions: Run `sudo pro fix USN-4070-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.27-0ubuntu0.16.04.1 mysql-source-5.7 - 5.7.27-0ubuntu0.16.04.1 libmysqlclient-dev - 5.7.27-0ubuntu0.16.04.1 mysql-client-core-5.7 - 5.7.27-0ubuntu0.16.04.1 mysql-client-5.7 - 5.7.27-0ubuntu0.16.04.1 libmysqlclient20 - 5.7.27-0ubuntu0.16.04.1 mysql-server-5.7 - 5.7.27-0ubuntu0.16.04.1 mysql-common - 5.7.27-0ubuntu0.16.04.1 mysql-server - 5.7.27-0ubuntu0.16.04.1 mysql-server-core-5.7 - 5.7.27-0ubuntu0.16.04.1 mysql-testsuite - 5.7.27-0ubuntu0.16.04.1 libmysqld-dev - 5.7.27-0ubuntu0.16.04.1 mysql-testsuite-5.7 - 5.7.27-0ubuntu0.16.04.1 No subscription required Medium CVE-2019-2737 CVE-2019-2738 CVE-2019-2739 CVE-2019-2740 CVE-2019-2741 CVE-2019-2757 CVE-2019-2758 CVE-2019-2774 CVE-2019-2778 CVE-2019-2791 CVE-2019-2797 CVE-2019-2805 CVE-2019-2819 Ubuntu 16.04 LTS It was discovered that Patch incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. (CVE-2019-13636) It was discovered that Patch incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-13638) Update Instructions: Run `sudo pro fix USN-4071-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: patch - 2.7.5-1ubuntu0.16.04.2 No subscription required Medium CVE-2019-13636 CVE-2019-13638 Ubuntu 16.04 LTS It was discovered that Ansible failed to properly handle sensitive information. A local attacker could use those vulnerabilities to extract them. (CVE-2017-7481) (CVE-2018-10855) (CVE-2018-16837) (CVE-2018-16876) (CVE-2019-10156) It was discovered that Ansible could load configuration files from the current working directory containing crafted commands. An attacker could run arbitrary code as result. (CVE-2018-10874) (CVE-2018-10875) It was discovered that Ansible fetch module had a path traversal vulnerability. A local attacker could copy and overwrite files outside of the specified destination. (CVE-2019-3828) Update Instructions: Run `sudo pro fix USN-4072-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ansible-node-fireball - 2.0.0.2-2ubuntu1.3 ansible - 2.0.0.2-2ubuntu1.3 ansible-fireball - 2.0.0.2-2ubuntu1.3 No subscription required Medium CVE-2017-7481 CVE-2018-10855 CVE-2018-10874 CVE-2018-10875 CVE-2018-16837 CVE-2018-16876 CVE-2019-10156 CVE-2019-3828 Ubuntu 16.04 LTS It was discovered that libEBML incorrectly handled certain media files. If a user were tricked into opening a specially crafted media file, libEBML could possibly be made to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4073-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libebml4v5 - 1.3.3-1ubuntu0.1 libebml-dev - 1.3.3-1ubuntu0.1 No subscription required Low CVE-2019-13615 Ubuntu 16.04 LTS Jeremy Harris discovered that Exim incorrectly handled sort expansions. In environments where sort expansions are used, a remote attacker could possibly use this issue to execute arbitrary code as root. Update Instructions: Run `sudo pro fix USN-4075-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exim4-dev - 4.86.2-2ubuntu2.4 eximon4 - 4.86.2-2ubuntu2.4 exim4 - 4.86.2-2ubuntu2.4 exim4-daemon-light - 4.86.2-2ubuntu2.4 exim4-config - 4.86.2-2ubuntu2.4 exim4-daemon-heavy - 4.86.2-2ubuntu2.4 exim4-base - 4.86.2-2ubuntu2.4 No subscription required Medium CVE-2019-13917 Ubuntu 16.04 LTS It was discovered that a race condition existed in the Serial Attached SCSI (SAS) implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2018-20836) It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833) It was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11884) It was discovered that the Linux kernel on ARM processors allowed a tracing process to modify a syscall after a seccomp decision had been made on that syscall. A local attacker could possibly use this to bypass seccomp restrictions. (CVE-2019-2054) Hugues Anguelkov discovered that the Broadcom Wifi driver in the Linux kernel did not properly prevent remote firmware events from being processed for USB Wifi devices. A physically proximate attacker could use this to send firmware events to the device. (CVE-2019-9503) It was discovered that an integer overflow existed in the Freescale (PowerPC) hypervisor manager in the Linux kernel. A local attacker with write access to /dev/fsl-hv could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10142) Update Instructions: Run `sudo pro fix USN-4076-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1052-kvm - 4.4.0-1052.59 No subscription required linux-image-4.4.0-1088-aws - 4.4.0-1088.99 No subscription required linux-image-4.4.0-1117-raspi2 - 4.4.0-1117.126 No subscription required linux-image-4.4.0-157-powerpc-e500mc - 4.4.0-157.185 linux-image-4.4.0-157-powerpc64-smp - 4.4.0-157.185 linux-image-4.4.0-157-generic - 4.4.0-157.185 linux-image-4.4.0-157-lowlatency - 4.4.0-157.185 linux-image-4.4.0-157-generic-lpae - 4.4.0-157.185 linux-image-4.4.0-157-powerpc-smp - 4.4.0-157.185 linux-image-4.4.0-157-powerpc64-emb - 4.4.0-157.185 No subscription required linux-image-kvm - 4.4.0.1052.52 No subscription required linux-image-aws - 4.4.0.1088.91 No subscription required linux-image-raspi2 - 4.4.0.1117.117 No subscription required linux-image-virtual - 4.4.0.157.165 linux-image-generic-lts-wily - 4.4.0.157.165 linux-image-powerpc64-emb-lts-vivid - 4.4.0.157.165 linux-image-powerpc-e500mc - 4.4.0.157.165 linux-image-generic-lpae-lts-xenial - 4.4.0.157.165 linux-image-generic-lts-xenial - 4.4.0.157.165 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.157.165 linux-image-generic-lpae-lts-utopic - 4.4.0.157.165 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.157.165 linux-image-generic-lts-utopic - 4.4.0.157.165 linux-image-powerpc-e500mc-lts-wily - 4.4.0.157.165 linux-image-generic-lts-vivid - 4.4.0.157.165 linux-image-generic-lpae-lts-wily - 4.4.0.157.165 linux-image-virtual-lts-vivid - 4.4.0.157.165 linux-image-virtual-lts-utopic - 4.4.0.157.165 linux-image-powerpc64-emb-lts-wily - 4.4.0.157.165 linux-image-lowlatency-lts-vivid - 4.4.0.157.165 linux-image-powerpc64-smp-lts-utopic - 4.4.0.157.165 linux-image-powerpc64-emb - 4.4.0.157.165 linux-image-powerpc-smp-lts-xenial - 4.4.0.157.165 linux-image-lowlatency-lts-wily - 4.4.0.157.165 linux-image-virtual-lts-wily - 4.4.0.157.165 linux-image-generic - 4.4.0.157.165 linux-image-lowlatency-lts-xenial - 4.4.0.157.165 linux-image-powerpc64-smp-lts-xenial - 4.4.0.157.165 linux-image-powerpc64-emb-lts-utopic - 4.4.0.157.165 linux-image-powerpc64-smp-lts-vivid - 4.4.0.157.165 linux-image-powerpc-smp - 4.4.0.157.165 linux-image-generic-lpae-lts-vivid - 4.4.0.157.165 linux-image-generic-lpae - 4.4.0.157.165 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.157.165 linux-image-powerpc64-smp-lts-wily - 4.4.0.157.165 linux-image-powerpc64-emb-lts-xenial - 4.4.0.157.165 linux-image-powerpc-smp-lts-wily - 4.4.0.157.165 linux-image-powerpc64-smp - 4.4.0.157.165 linux-image-lowlatency-lts-utopic - 4.4.0.157.165 linux-image-powerpc-smp-lts-vivid - 4.4.0.157.165 linux-image-lowlatency - 4.4.0.157.165 linux-image-virtual-lts-xenial - 4.4.0.157.165 linux-image-powerpc-smp-lts-utopic - 4.4.0.157.165 No subscription required Medium CVE-2018-20836 CVE-2019-10142 CVE-2019-11833 CVE-2019-11884 CVE-2019-2054 CVE-2019-9503 Ubuntu 16.04 LTS It was discovered that tmpreaper incorrectly handled certain mount operations. A local attacker could possibly use this issue to create arbitrary files, leading to privilege escalation. Update Instructions: Run `sudo pro fix USN-4077-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tmpreaper - 1.6.13+nmu1+deb9u1build0.16.04.1 No subscription required Medium CVE-2019-3461 Ubuntu 16.04 LTS It was discovered that OpenLDAP incorrectly handled rootDN delegation. A database administrator could use this issue to request authorization as an identity from another database, contrary to expectations. (CVE-2019-13057) It was discovered that OpenLDAP incorrectly handled SASL authentication and session encryption. After a first SASL bind was completed, it was possible to obtain access by performing simple binds, contrary to expectations. (CVE-2019-13565) Update Instructions: Run `sudo pro fix USN-4078-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ldap-utils - 2.4.42+dfsg-2ubuntu3.6 libldap2-dev - 2.4.42+dfsg-2ubuntu3.6 libldap-2.4-2 - 2.4.42+dfsg-2ubuntu3.6 slapd-smbk5pwd - 2.4.42+dfsg-2ubuntu3.6 slapd - 2.4.42+dfsg-2ubuntu3.6 No subscription required Medium CVE-2019-13057 CVE-2019-13565 Ubuntu 16.04 LTS It was discovered that SoX incorrectly handled certain MP3 files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-8354, CVE-2019-8355, CVE-2019-8356, CVE-2019-8357) Update Instructions: Run `sudo pro fix USN-4079-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsox-fmt-mp3 - 14.4.1-5+deb8u4ubuntu0.1 libsox-fmt-pulse - 14.4.1-5+deb8u4ubuntu0.1 libsox-fmt-ao - 14.4.1-5+deb8u4ubuntu0.1 sox - 14.4.1-5+deb8u4ubuntu0.1 libsox2 - 14.4.1-5+deb8u4ubuntu0.1 libsox-fmt-base - 14.4.1-5+deb8u4ubuntu0.1 libsox-fmt-all - 14.4.1-5+deb8u4ubuntu0.1 libsox-dev - 14.4.1-5+deb8u4ubuntu0.1 libsox-fmt-alsa - 14.4.1-5+deb8u4ubuntu0.1 libsox-fmt-oss - 14.4.1-5+deb8u4ubuntu0.1 No subscription required Medium CVE-2019-8354 CVE-2019-8355 CVE-2019-8356 CVE-2019-8357 Ubuntu 16.04 LTS Keegan Ryan discovered that the ECC implementation in OpenJDK was not sufficiently resilient to side-channel attacks. An attacker could possibly use this to expose sensitive information. (CVE-2019-2745) It was discovered that OpenJDK did not sufficiently validate serial streams before deserializing suppressed exceptions in some situations. An attacker could use this to specially craft an object that, when deserialized, would cause a denial of service. (CVE-2019-2762) It was discovered that in some situations OpenJDK did not properly bound the amount of memory allocated during object deserialization. An attacker could use this to specially craft an object that, when deserialized, would cause a denial of service (excessive memory consumption). (CVE-2019-2769) It was discovered that OpenJDK did not properly restrict privileges in certain situations. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2019-2786) Jonathan Birch discovered that the Networking component of OpenJDK did not properly validate URLs in some situations. An attacker could use this to bypass restrictions on characters in URLs. (CVE-2019-2816) Nati Nimni discovered that the Java Cryptography Extension component in OpenJDK did not properly perform array bounds checking in some situations. An attacker could use this to cause a denial of service. (CVE-2019-2842) It was discovered that OpenJDK incorrectly handled certain memory operations. If a user or automated system were tricked into opening a specially crafted PNG file, a remote attacker could use this issue to cause OpenJDK to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-7317) Update Instructions: Run `sudo pro fix USN-4080-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-8-doc - 8u222-b10-1ubuntu1~16.04.1 openjdk-8-jdk - 8u222-b10-1ubuntu1~16.04.1 openjdk-8-jre-headless - 8u222-b10-1ubuntu1~16.04.1 openjdk-8-jre - 8u222-b10-1ubuntu1~16.04.1 openjdk-8-jdk-headless - 8u222-b10-1ubuntu1~16.04.1 openjdk-8-source - 8u222-b10-1ubuntu1~16.04.1 openjdk-8-jre-zero - 8u222-b10-1ubuntu1~16.04.1 openjdk-8-demo - 8u222-b10-1ubuntu1~16.04.1 openjdk-8-jre-jamvm - 8u222-b10-1ubuntu1~16.04.1 No subscription required Medium CVE-2019-2745 CVE-2019-2762 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-2842 CVE-2019-7317 Ubuntu 16.04 LTS Ace Olszowka discovered that Subversion incorrectly handled certain svnserve requests. A remote attacker could possibly use this issue to cause svnserver to crash, resulting in a denial of service. (CVE-2018-11782) Tomas Bortoli discovered that Subversion incorrectly handled certain svnserve requests. A remote attacker could possibly use this issue to cause svnserver to crash, resulting in a denial of service. (CVE-2019-0203) Update Instructions: Run `sudo pro fix USN-4082-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsvn-dev - 1.9.3-2ubuntu1.3 ruby-svn - 1.9.3-2ubuntu1.3 subversion-tools - 1.9.3-2ubuntu1.3 libapache2-svn - 1.9.3-2ubuntu1.3 libapache2-mod-svn - 1.9.3-2ubuntu1.3 python-subversion - 1.9.3-2ubuntu1.3 libsvn-java - 1.9.3-2ubuntu1.3 subversion - 1.9.3-2ubuntu1.3 libsvn-doc - 1.9.3-2ubuntu1.3 libsvn1 - 1.9.3-2ubuntu1.3 libsvn-perl - 1.9.3-2ubuntu1.3 libsvn-ruby1.8 - 1.9.3-2ubuntu1.3 No subscription required Medium CVE-2018-11782 CVE-2019-0203 Ubuntu 16.04 LTS It was discovered that Django incorrectly handled the Truncator function. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service. (CVE-2019-14232) It was discovered that Django incorrectly handled the strip_tags function. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service. (CVE-2019-14233) It was discovered that Django incorrectly handled certain lookups in the PostgreSQL support. A remote attacker could possibly use this issue to perform SQL injection attacks. (CVE-2019-14234) It was discovered that Django incorrectly handled certain invalid UTF-8 octet sequences. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service. (CVE-2019-14235) Update Instructions: Run `sudo pro fix USN-4084-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1.8.7-1ubuntu5.10 python-django-doc - 1.8.7-1ubuntu5.10 python-django-common - 1.8.7-1ubuntu5.10 python-django - 1.8.7-1ubuntu5.10 No subscription required Medium CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235 Ubuntu 16.04 LTS Mike Salvatore discovered that Sigil mishandled certain malformed EPUB files. An attacker could use this vulnerability to write arbitrary files to the filesystem. Update Instructions: Run `sudo pro fix USN-4085-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sigil - 0.9.5+dfsg-0ubuntu1+esm1 sigil-data - 0.9.5+dfsg-0ubuntu1+esm1 No subscription required Medium CVE-2019-14452 Ubuntu 16.04 LTS It was discovered that Rack incorrectly handled carefully crafted requests. A remote attacker could use this issue to execute a cross-site scripting (XSS) attack. Update Instructions: Run `sudo pro fix USN-4089-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby-rack - 1.6.4-3ubuntu0.1 No subscription required Medium CVE-2018-16471 Ubuntu 16.04 LTS Tom Lane discovered that PostgreSQL did not properly restrict functions declared as "SECURITY DEFINER". An attacker could use this to execute arbitrary SQL with the permissions of the function owner. (CVE-2019-10208) Andreas Seltenreich discovered that PostgreSQL did not properly handle user-defined hash equality operators. An attacker could use this to expose sensitive information (arbitrary PostgreSQL server memory). This issue only affected Ubuntu 19.04. (CVE-2019-10209) Update Instructions: Run `sudo pro fix USN-4090-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-doc-9.5 - 9.5.19-0ubuntu0.16.04.1 postgresql-plperl-9.5 - 9.5.19-0ubuntu0.16.04.1 postgresql-server-dev-9.5 - 9.5.19-0ubuntu0.16.04.1 postgresql-9.5 - 9.5.19-0ubuntu0.16.04.1 postgresql-plpython-9.5 - 9.5.19-0ubuntu0.16.04.1 libecpg6 - 9.5.19-0ubuntu0.16.04.1 postgresql-client-9.5 - 9.5.19-0ubuntu0.16.04.1 libpq5 - 9.5.19-0ubuntu0.16.04.1 postgresql-contrib-9.5 - 9.5.19-0ubuntu0.16.04.1 libpgtypes3 - 9.5.19-0ubuntu0.16.04.1 libecpg-dev - 9.5.19-0ubuntu0.16.04.1 postgresql-pltcl-9.5 - 9.5.19-0ubuntu0.16.04.1 libpq-dev - 9.5.19-0ubuntu0.16.04.1 postgresql-plpython3-9.5 - 9.5.19-0ubuntu0.16.04.1 libecpg-compat3 - 9.5.19-0ubuntu0.16.04.1 No subscription required Medium CVE-2019-10208 CVE-2019-10209 Ubuntu 16.04 LTS Netanel Fisher discovered that the font handler in Ghostscript did not properly restrict privileged calls when '-dSAFER' restrictions were in effect. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files. Update Instructions: Run `sudo pro fix USN-4092-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.16.04.10 ghostscript-x - 9.26~dfsg+0-0ubuntu0.16.04.10 libgs-dev - 9.26~dfsg+0-0ubuntu0.16.04.10 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.16.04.10 libgs9 - 9.26~dfsg+0-0ubuntu0.16.04.10 libgs9-common - 9.26~dfsg+0-0ubuntu0.16.04.10 No subscription required Medium CVE-2019-10216 Ubuntu 16.04 LTS It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13093) Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13097, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14616, CVE-2018-13096, CVE-2018-13098, CVE-2018-14615) Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613, CVE-2018-14609) Wen Xu discovered that the HFS+ filesystem implementation in the Linux kernel did not properly handle malformed catalog data in some situations. An attacker could use this to construct a malicious HFS+ image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14617) Vasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information. (CVE-2018-16862) Hui Peng and Mathias Payer discovered that the USB subsystem in the Linux kernel did not properly handle size checks when handling an extra USB descriptor. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-20169) It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-20856) Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. (CVE-2018-5383) It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126) Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-1125) It was discovered that the PowerPC dlpar implementation in the Linux kernel did not properly check for allocation errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12614) It was discovered that a NULL pointer dereference vulnerabilty existed in the Near-field communication (NFC) implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12818) It was discovered that the MDIO bus devices subsystem in the Linux kernel improperly dropped a device reference in an error condition, leading to a use-after-free. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12819) It was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-12984) Jann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13233) Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272) It was discovered that the Empia EM28xx DVB USB device driver implementation in the Linux kernel contained a use-after-free vulnerability when disconnecting the device. An attacker could use this to cause a denial of service (system crash). (CVE-2019-2024) It was discovered that the USB video device class implementation in the Linux kernel did not properly validate control bits, resulting in an out of bounds buffer read. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2019-2101) It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846) It was discovered that the Appletalk IP encapsulation driver in the Linux kernel did not properly prevent kernel addresses from being copied to user space. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information. (CVE-2018-20511) Update Instructions: Run `sudo pro fix USN-4094-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1021-oracle - 4.15.0-1021.23~16.04.1 No subscription required linux-image-4.15.0-1040-gcp - 4.15.0-1040.42~16.04.1 No subscription required linux-image-4.15.0-58-generic-lpae - 4.15.0-58.64~16.04.1 linux-image-4.15.0-58-lowlatency - 4.15.0-58.64~16.04.1 linux-image-4.15.0-58-generic - 4.15.0-58.64~16.04.1 No subscription required linux-image-oracle - 4.15.0.1021.15 No subscription required linux-image-gke - 4.15.0.1040.54 linux-image-gcp - 4.15.0.1040.54 No subscription required linux-image-virtual-hwe-16.04 - 4.15.0.58.79 linux-image-oem - 4.15.0.58.79 linux-image-lowlatency-hwe-16.04 - 4.15.0.58.79 linux-image-generic-lpae-hwe-16.04 - 4.15.0.58.79 linux-image-generic-hwe-16.04 - 4.15.0.58.79 No subscription required Medium CVE-2018-13053 CVE-2018-13093 CVE-2018-13096 CVE-2018-13097 CVE-2018-13098 CVE-2018-13099 CVE-2018-13100 CVE-2018-14609 CVE-2018-14610 CVE-2018-14611 CVE-2018-14612 CVE-2018-14613 CVE-2018-14614 CVE-2018-14615 CVE-2018-14616 CVE-2018-14617 CVE-2018-16862 CVE-2018-20169 CVE-2018-20511 CVE-2018-20856 CVE-2018-5383 CVE-2019-10126 CVE-2019-1125 CVE-2019-12614 CVE-2019-12818 CVE-2019-12819 CVE-2019-12984 CVE-2019-13233 CVE-2019-13272 CVE-2019-2024 CVE-2019-2101 CVE-2019-3846 Ubuntu 16.04 LTS Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. (CVE-2018-5383) It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126) Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-1125) Jann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2019-11599) It was discovered that the PowerPC dlpar implementation in the Linux kernel did not properly check for allocation errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12614) Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272) It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846) Update Instructions: Run `sudo pro fix USN-4095-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1054-kvm - 4.4.0-1054.61 No subscription required linux-image-4.4.0-1090-aws - 4.4.0-1090.101 No subscription required linux-image-4.4.0-1118-raspi2 - 4.4.0-1118.127 No subscription required linux-image-4.4.0-1122-snapdragon - 4.4.0-1122.128 No subscription required linux-image-4.4.0-159-generic - 4.4.0-159.187 linux-image-4.4.0-159-powerpc64-smp - 4.4.0-159.187 linux-image-4.4.0-159-lowlatency - 4.4.0-159.187 linux-image-4.4.0-159-powerpc-smp - 4.4.0-159.187 linux-image-4.4.0-159-powerpc64-emb - 4.4.0-159.187 linux-image-4.4.0-159-powerpc-e500mc - 4.4.0-159.187 linux-image-4.4.0-159-generic-lpae - 4.4.0-159.187 No subscription required linux-image-kvm - 4.4.0.1054.54 No subscription required linux-image-aws - 4.4.0.1090.94 No subscription required linux-image-raspi2 - 4.4.0.1118.118 No subscription required linux-image-snapdragon - 4.4.0.1122.114 No subscription required linux-image-powerpc64-smp-lts-utopic - 4.4.0.159.167 linux-image-generic-lts-wily - 4.4.0.159.167 linux-image-generic-lpae-lts-xenial - 4.4.0.159.167 linux-image-powerpc64-emb-lts-vivid - 4.4.0.159.167 linux-image-powerpc-e500mc - 4.4.0.159.167 linux-image-generic-lpae-lts-utopic - 4.4.0.159.167 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.159.167 linux-image-generic-lts-utopic - 4.4.0.159.167 linux-image-powerpc-e500mc-lts-wily - 4.4.0.159.167 linux-image-generic-lts-vivid - 4.4.0.159.167 linux-image-generic-lpae-lts-wily - 4.4.0.159.167 linux-image-virtual-lts-vivid - 4.4.0.159.167 linux-image-virtual-lts-utopic - 4.4.0.159.167 linux-image-virtual - 4.4.0.159.167 linux-image-powerpc64-emb-lts-wily - 4.4.0.159.167 linux-image-lowlatency-lts-vivid - 4.4.0.159.167 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.159.167 linux-image-powerpc64-emb - 4.4.0.159.167 linux-image-powerpc-smp-lts-xenial - 4.4.0.159.167 linux-image-powerpc64-smp-lts-vivid - 4.4.0.159.167 linux-image-lowlatency-lts-wily - 4.4.0.159.167 linux-image-virtual-lts-wily - 4.4.0.159.167 linux-image-generic - 4.4.0.159.167 linux-image-lowlatency-lts-xenial - 4.4.0.159.167 linux-image-powerpc64-smp-lts-xenial - 4.4.0.159.167 linux-image-powerpc64-emb-lts-utopic - 4.4.0.159.167 linux-image-generic-lts-xenial - 4.4.0.159.167 linux-image-powerpc-smp - 4.4.0.159.167 linux-image-generic-lpae-lts-vivid - 4.4.0.159.167 linux-image-generic-lpae - 4.4.0.159.167 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.159.167 linux-image-powerpc64-smp-lts-wily - 4.4.0.159.167 linux-image-powerpc64-emb-lts-xenial - 4.4.0.159.167 linux-image-powerpc-smp-lts-wily - 4.4.0.159.167 linux-image-powerpc64-smp - 4.4.0.159.167 linux-image-lowlatency-lts-utopic - 4.4.0.159.167 linux-image-powerpc-smp-lts-vivid - 4.4.0.159.167 linux-image-lowlatency - 4.4.0.159.167 linux-image-virtual-lts-xenial - 4.4.0.159.167 linux-image-powerpc-smp-lts-utopic - 4.4.0.159.167 No subscription required Medium CVE-2018-5383 CVE-2019-10126 CVE-2019-1125 CVE-2019-11599 CVE-2019-12614 CVE-2019-13272 CVE-2019-3846 CVE-2019-9503 Ubuntu 16.04 LTS Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory). Update Instructions: Run `sudo pro fix USN-4096-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1045-aws - 4.15.0-1045.47~16.04.1 No subscription required linux-image-aws-hwe - 4.15.0.1045.45 No subscription required Medium CVE-2019-1125 Ubuntu 16.04 LTS It was discovered that PHP incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2019-11041, CVE-2019-11042) Update Instructions: Run `sudo pro fix USN-4097-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.0-cgi - 7.0.33-0ubuntu0.16.04.6 php7.0-mcrypt - 7.0.33-0ubuntu0.16.04.6 php7.0-xsl - 7.0.33-0ubuntu0.16.04.6 php7.0-fpm - 7.0.33-0ubuntu0.16.04.6 libphp7.0-embed - 7.0.33-0ubuntu0.16.04.6 php7.0-phpdbg - 7.0.33-0ubuntu0.16.04.6 php7.0-curl - 7.0.33-0ubuntu0.16.04.6 php7.0-ldap - 7.0.33-0ubuntu0.16.04.6 php7.0-mbstring - 7.0.33-0ubuntu0.16.04.6 php7.0-gmp - 7.0.33-0ubuntu0.16.04.6 php7.0-sqlite3 - 7.0.33-0ubuntu0.16.04.6 php7.0-gd - 7.0.33-0ubuntu0.16.04.6 php7.0-common - 7.0.33-0ubuntu0.16.04.6 php7.0-enchant - 7.0.33-0ubuntu0.16.04.6 php7.0-odbc - 7.0.33-0ubuntu0.16.04.6 php7.0-cli - 7.0.33-0ubuntu0.16.04.6 php7.0-json - 7.0.33-0ubuntu0.16.04.6 php7.0-pgsql - 7.0.33-0ubuntu0.16.04.6 libapache2-mod-php7.0 - 7.0.33-0ubuntu0.16.04.6 php7.0-mysql - 7.0.33-0ubuntu0.16.04.6 php7.0-dba - 7.0.33-0ubuntu0.16.04.6 php7.0-sybase - 7.0.33-0ubuntu0.16.04.6 php7.0-pspell - 7.0.33-0ubuntu0.16.04.6 php7.0-interbase - 7.0.33-0ubuntu0.16.04.6 php7.0-xml - 7.0.33-0ubuntu0.16.04.6 php7.0-bz2 - 7.0.33-0ubuntu0.16.04.6 php7.0-recode - 7.0.33-0ubuntu0.16.04.6 php7.0-zip - 7.0.33-0ubuntu0.16.04.6 php7.0 - 7.0.33-0ubuntu0.16.04.6 php7.0-tidy - 7.0.33-0ubuntu0.16.04.6 php7.0-soap - 7.0.33-0ubuntu0.16.04.6 php7.0-opcache - 7.0.33-0ubuntu0.16.04.6 php7.0-readline - 7.0.33-0ubuntu0.16.04.6 php7.0-intl - 7.0.33-0ubuntu0.16.04.6 php7.0-imap - 7.0.33-0ubuntu0.16.04.6 php7.0-xmlrpc - 7.0.33-0ubuntu0.16.04.6 php7.0-bcmath - 7.0.33-0ubuntu0.16.04.6 php7.0-dev - 7.0.33-0ubuntu0.16.04.6 php7.0-snmp - 7.0.33-0ubuntu0.16.04.6 No subscription required Medium CVE-2019-11041 CVE-2019-11042 Ubuntu 16.04 LTS Jonathan Looney discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to consume resources, leading to a denial of service. Update Instructions: Run `sudo pro fix USN-4099-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nginx-extras - 1.10.3-0ubuntu0.16.04.4 nginx-core - 1.10.3-0ubuntu0.16.04.4 nginx-common - 1.10.3-0ubuntu0.16.04.4 nginx-full - 1.10.3-0ubuntu0.16.04.4 nginx - 1.10.3-0ubuntu0.16.04.4 nginx-doc - 1.10.3-0ubuntu0.16.04.4 nginx-light - 1.10.3-0ubuntu0.16.04.4 No subscription required Medium CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 Ubuntu 16.04 LTS It was discovered that KConfig and KDE libraries have a vulnerability where an attacker could hide malicious code under desktop and configuration files. (CVE-2019-14744) It was discovered that KConfig allows remote attackers to write to arbitrary files via a ../ in a filename in an archive file. (CVE-2016-6232) Update Instructions: Run `sudo pro fix USN-4100-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libktexteditor4 - 4:4.14.16-0ubuntu3.3 libkde3support4 - 4:4.14.16-0ubuntu3.3 libkutils4 - 4:4.14.16-0ubuntu3.3 libkdeui5 - 4:4.14.16-0ubuntu3.3 libkprintutils4 - 4:4.14.16-0ubuntu3.3 kdelibs5-data - 4:4.14.16-0ubuntu3.3 kdelibs-bin - 4:4.14.16-0ubuntu3.3 libsolid4 - 4:4.14.16-0ubuntu3.3 libkdeclarative5 - 4:4.14.16-0ubuntu3.3 libknotifyconfig4 - 4:4.14.16-0ubuntu3.3 kdelibs5-plugins - 4:4.14.16-0ubuntu3.3 libkdnssd4 - 4:4.14.16-0ubuntu3.3 libkhtml5 - 4:4.14.16-0ubuntu3.3 libkfile4 - 4:4.14.16-0ubuntu3.3 libkemoticons4 - 4:4.14.16-0ubuntu3.3 libkunitconversion4 - 4:4.14.16-0ubuntu3.3 libkidletime4 - 4:4.14.16-0ubuntu3.3 libkmediaplayer4 - 4:4.14.16-0ubuntu3.3 libplasma3 - 4:4.14.16-0ubuntu3.3 libkdecore5 - 4:4.14.16-0ubuntu3.3 libkntlm4 - 4:4.14.16-0ubuntu3.3 libkpty4 - 4:4.14.16-0ubuntu3.3 libknewstuff3-4 - 4:4.14.16-0ubuntu3.3 libkparts4 - 4:4.14.16-0ubuntu3.3 libkdewebkit5 - 4:4.14.16-0ubuntu3.3 libkrosscore4 - 4:4.14.16-0ubuntu3.3 kdelibs5-dev - 4:4.14.16-0ubuntu3.3 libkio5 - 4:4.14.16-0ubuntu3.3 libkcmutils4 - 4:4.14.16-0ubuntu3.3 libknewstuff2-4 - 4:4.14.16-0ubuntu3.3 libkdesu5 - 4:4.14.16-0ubuntu3.3 libkrossui4 - 4:4.14.16-0ubuntu3.3 libkimproxy4 - 4:4.14.16-0ubuntu3.3 libthreadweaver4 - 4:4.14.16-0ubuntu3.3 libkjsembed4 - 4:4.14.16-0ubuntu3.3 kdoctools - 4:4.14.16-0ubuntu3.3 libkjsapi4 - 4:4.14.16-0ubuntu3.3 No subscription required libkf5configgui5 - 5.18.0-0ubuntu1.1 libkf5config-bin - 5.18.0-0ubuntu1.1 libkf5config-bin-dev - 5.18.0-0ubuntu1.1 libkf5configcore5 - 5.18.0-0ubuntu1.1 libkf5config-dev - 5.18.0-0ubuntu1.1 libkf5config-data - 5.18.0-0ubuntu1.1 No subscription required Medium CVE-2016-6232 CVE-2019-14744 Ubuntu 16.04 LTS It was discovered that passwords could be copied to the clipboard from the "Saved Logins" dialog without entering the master password, even when a master password has been set. A local attacker could potentially exploit this to obtain saved passwords. Update Instructions: Run `sudo pro fix USN-4101-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nn - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ne - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nb - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fa - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fi - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fr - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fy - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-or - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kab - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-oc - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cs - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ga - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gd - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gn - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gl - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gu - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pa - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pl - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cy - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pt - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hi - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-uk - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-he - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hy - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hr - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hu - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-as - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ar - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ia - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-az - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-id - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mai - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-af - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-is - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-it - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-an - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bs - 68.0.2+build1-0ubuntu0.16.04.1 firefox - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ro - 68.0.2+build1-0ubuntu0.16.04.1 firefox-geckodriver - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ja - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ru - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-br - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zh-hant - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zh-hans - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bn - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-be - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bg - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sl - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sk - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-si - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sw - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sv - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sr - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sq - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ko - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kn - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-km - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kk - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ka - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-xh - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ca - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ku - 68.0.2+build1-0ubuntu0.16.04.1 firefox-mozsymbols - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lv - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lt - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-th - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hsb - 68.0.2+build1-0ubuntu0.16.04.1 firefox-dev - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-te - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cak - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ta - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lg - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-tr - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nso - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-de - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-da - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ms - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mr - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-my - 68.0.2+build1-0ubuntu0.16.04.1 firefox-globalmenu - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-uz - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ml - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mn - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mk - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ur - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-vi - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-eu - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-et - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-es - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-csb - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-el - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-eo - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-en - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zu - 68.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ast - 68.0.2+build1-0ubuntu0.16.04.1 No subscription required Medium CVE-2019-11733 Ubuntu 16.04 LTS It was discovered that LibreOffice incorrectly handled LibreLogo scripts. If a user were tricked into opening a specially crafted document, a remote attacker could cause LibreOffice to execute arbitrary code. (CVE-2019-9850, CVE-2019-9851) It was discovered that LibreOffice incorrectly handled embedded scripts in document files. If a user were tricked into opening a specially crafted document, a remote attacker could possibly execute arbitrary code. (CVE-2019-9852) Update Instructions: Run `sudo pro fix USN-4102-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libreoffice-mysql-connector - 1.0.2+LibO5.1.6~rc2-0ubuntu1~xenial9 No subscription required libreoffice-wiki-publisher - 1.2.0+LibO5.1.6~rc2-0ubuntu1~xenial9 No subscription required libreoffice-impress - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-sdbc-postgresql - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-officebean - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-base - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-librelogo - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-java-common - 1:5.1.6~rc2-0ubuntu1~xenial9 gir1.2-lokdocview-0.1 - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-subsequentcheckbase - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-style-elementary - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-kde - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-style-galaxy - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-style-hicontrast - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-core - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-script-provider-bsh - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-avmedia-backend-gstreamer - 1:5.1.6~rc2-0ubuntu1~xenial9 libreofficekit-dev - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-script-provider-python - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-common - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-gnome - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-dev - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-gtk3 - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-report-builder - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-base-core - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-draw - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-ogltrans - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-sdbc-hsqldb - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-gtk - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-calc - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-base-drivers - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-style-oxygen - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-style-tango - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-style-human - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-sdbc-firebird - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-pdfimport - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-math - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-writer - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-report-builder-bin - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-dev-doc - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-script-provider-js - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-style-sifr - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-style-breeze - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-l10n-in - 1:5.1.6~rc2-0ubuntu1~xenial9 libreoffice-l10n-za - 1:5.1.6~rc2-0ubuntu1~xenial9 python3-uno - 1:5.1.6~rc2-0ubuntu1~xenial9 No subscription required fonts-opensymbol - 2:102.7+LibO5.1.6~rc2-0ubuntu1~xenial9 No subscription required uno-libs3 - 5.1.6~rc2-0ubuntu1~xenial9 ure - 5.1.6~rc2-0ubuntu1~xenial9 No subscription required Medium CVE-2019-9850 CVE-2019-9851 CVE-2019-9852 Ubuntu 16.04 LTS Jasiel Spelman discovered that a double free existed in the docker-credential- helpers dependency of Docker. A local attacker could use this to cause a denial of service (crash) or possibly execute arbitrary code. Original advisory details: Jasiel Spelman discovered that a double free existed in docker-credential- helpers. A local attacker could use this to cause a denial of service (crash) or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4103-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: golang-github-docker-docker-dev - 18.09.7-0ubuntu1~16.04.5 docker.io - 18.09.7-0ubuntu1~16.04.5 golang-docker-dev - 18.09.7-0ubuntu1~16.04.5 vim-syntax-docker - 18.09.7-0ubuntu1~16.04.5 docker-doc - 18.09.7-0ubuntu1~16.04.5 No subscription required Low CVE-2019-1020014 Ubuntu 16.04 LTS Donny Davis discovered that the Nova Compute service could return configuration or other information in response to a failed API request in some situations. A remote attacker could use this to expose sensitive information. Update Instructions: Run `sudo pro fix USN-4104-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nova-api - 2:13.1.4-0ubuntu4.5 nova-common - 2:13.1.4-0ubuntu4.5 nova-compute-xen - 2:13.1.4-0ubuntu4.5 nova-api-os-compute - 2:13.1.4-0ubuntu4.5 nova-novncproxy - 2:13.1.4-0ubuntu4.5 nova-serialproxy - 2:13.1.4-0ubuntu4.5 nova-api-os-volume - 2:13.1.4-0ubuntu4.5 nova-compute-lxc - 2:13.1.4-0ubuntu4.5 nova-consoleauth - 2:13.1.4-0ubuntu4.5 python-nova - 2:13.1.4-0ubuntu4.5 nova-network - 2:13.1.4-0ubuntu4.5 nova-api-metadata - 2:13.1.4-0ubuntu4.5 nova-compute-libvirt - 2:13.1.4-0ubuntu4.5 nova-compute-kvm - 2:13.1.4-0ubuntu4.5 nova-xvpvncproxy - 2:13.1.4-0ubuntu4.5 nova-doc - 2:13.1.4-0ubuntu4.5 nova-conductor - 2:13.1.4-0ubuntu4.5 nova-volume - 2:13.1.4-0ubuntu4.5 nova-compute-vmware - 2:13.1.4-0ubuntu4.5 nova-spiceproxy - 2:13.1.4-0ubuntu4.5 nova-scheduler - 2:13.1.4-0ubuntu4.5 nova-console - 2:13.1.4-0ubuntu4.5 nova-ajax-console-proxy - 2:13.1.4-0ubuntu4.5 nova-cert - 2:13.1.4-0ubuntu4.5 nova-compute - 2:13.1.4-0ubuntu4.5 nova-compute-qemu - 2:13.1.4-0ubuntu4.5 nova-cells - 2:13.1.4-0ubuntu4.5 No subscription required Medium CVE-2019-14433 Ubuntu 16.04 LTS Stephan Zeisberg discovered that the CUPS SNMP backend incorrectly handled encoded ASN.1 inputs. A remote attacker could possibly use this issue to cause CUPS to crash by providing specially crafted network traffic. (CVE-2019-8696, CVE-2019-8675) It was discovered that CUPS did not properly handle client disconnection events. A local attacker could possibly use this issue to cause a denial of service or disclose memory from the CUPS server. Update Instructions: Run `sudo pro fix USN-4105-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcupscgi1 - 2.1.3-4ubuntu0.10 libcups2-dev - 2.1.3-4ubuntu0.10 cups-bsd - 2.1.3-4ubuntu0.10 cups-common - 2.1.3-4ubuntu0.10 cups-core-drivers - 2.1.3-4ubuntu0.10 cups-server-common - 2.1.3-4ubuntu0.10 libcupsimage2 - 2.1.3-4ubuntu0.10 cups-client - 2.1.3-4ubuntu0.10 libcupscgi1-dev - 2.1.3-4ubuntu0.10 libcupsimage2-dev - 2.1.3-4ubuntu0.10 cups-ipp-utils - 2.1.3-4ubuntu0.10 libcups2 - 2.1.3-4ubuntu0.10 libcupsmime1-dev - 2.1.3-4ubuntu0.10 cups-ppdc - 2.1.3-4ubuntu0.10 libcupsppdc1 - 2.1.3-4ubuntu0.10 libcupsmime1 - 2.1.3-4ubuntu0.10 libcupsppdc1-dev - 2.1.3-4ubuntu0.10 cups - 2.1.3-4ubuntu0.10 cups-daemon - 2.1.3-4ubuntu0.10 No subscription required Medium CVE-2019-8675 CVE-2019-8696 Ubuntu 16.04 LTS Mike Salvatore discovered that NLTK mishandled crafted ZIP archives during extraction. A remote attacker could use this vulnerability to write arbitrary files to the filesystem Update Instructions: Run `sudo pro fix USN-4106-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-nltk - 3.1-1ubuntu0.1 python3-nltk - 3.1-1ubuntu0.1 No subscription required Medium CVE-2019-14751 Ubuntu 16.04 LTS It was discovered that GIFLIB incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2016-3977) It was discovered that GIFLIB incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-11490, CVE-2019-15133) Update Instructions: Run `sudo pro fix USN-4107-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgif7 - 5.1.4-0.3~16.04.1 libgif-dev - 5.1.4-0.3~16.04.1 giflib-tools - 5.1.4-0.3~16.04.1 No subscription required Medium CVE-2016-3977 CVE-2018-11490 CVE-2019-15133 Ubuntu 16.04 LTS Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4110-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dovecot-pgsql - 1:2.2.22-1ubuntu2.11 dovecot-mysql - 1:2.2.22-1ubuntu2.11 dovecot-sieve - 1:2.2.22-1ubuntu2.11 dovecot-core - 1:2.2.22-1ubuntu2.11 dovecot-ldap - 1:2.2.22-1ubuntu2.11 dovecot-sqlite - 1:2.2.22-1ubuntu2.11 dovecot-dev - 1:2.2.22-1ubuntu2.11 dovecot-pop3d - 1:2.2.22-1ubuntu2.11 dovecot-imapd - 1:2.2.22-1ubuntu2.11 dovecot-managesieved - 1:2.2.22-1ubuntu2.11 dovecot-lucene - 1:2.2.22-1ubuntu2.11 mail-stack-delivery - 1:2.2.22-1ubuntu2.11 dovecot-gssapi - 1:2.2.22-1ubuntu2.11 dovecot-solr - 1:2.2.22-1ubuntu2.11 dovecot-lmtpd - 1:2.2.22-1ubuntu2.11 No subscription required High CVE-2019-11500 Ubuntu 16.04 LTS USN-4110-1 fixed a vulnerability in Dovecot. The update introduced a regression causing a wrong check. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4110-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dovecot-pgsql - 1:2.2.22-1ubuntu2.12 dovecot-mysql - 1:2.2.22-1ubuntu2.12 dovecot-sieve - 1:2.2.22-1ubuntu2.12 dovecot-core - 1:2.2.22-1ubuntu2.12 dovecot-ldap - 1:2.2.22-1ubuntu2.12 dovecot-sqlite - 1:2.2.22-1ubuntu2.12 dovecot-dev - 1:2.2.22-1ubuntu2.12 dovecot-pop3d - 1:2.2.22-1ubuntu2.12 dovecot-imapd - 1:2.2.22-1ubuntu2.12 dovecot-managesieved - 1:2.2.22-1ubuntu2.12 dovecot-lucene - 1:2.2.22-1ubuntu2.12 mail-stack-delivery - 1:2.2.22-1ubuntu2.12 dovecot-gssapi - 1:2.2.22-1ubuntu2.12 dovecot-solr - 1:2.2.22-1ubuntu2.12 dovecot-lmtpd - 1:2.2.22-1ubuntu2.12 No subscription required High CVE-2019-11500 Ubuntu 16.04 LTS Hiroki Matsukuma discovered that the PDF interpreter in Ghostscript did not properly restrict privileged calls when ‘-dSAFER’ restrictions were in effect. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files. (CVE-2019-14811, CVE-2019-14812, CVE-2019-14813, CVE-2019-14817) Update Instructions: Run `sudo pro fix USN-4111-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.16.04.11 ghostscript-x - 9.26~dfsg+0-0ubuntu0.16.04.11 libgs-dev - 9.26~dfsg+0-0ubuntu0.16.04.11 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.16.04.11 libgs9 - 9.26~dfsg+0-0ubuntu0.16.04.11 libgs9-common - 9.26~dfsg+0-0ubuntu0.16.04.11 No subscription required Medium CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 CVE-2019-14817 Ubuntu 16.04 LTS Stefan Eissing discovered that the HTTP/2 implementation in Apache did not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in some situations. A remote attacker could use this to cause a denial of service (daemon crash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-0197) Craig Young discovered that a memory overwrite error existed in Apache when performing HTTP/2 very early pushes in some situations. A remote attacker could use this to cause a denial of service (daemon crash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10081) Craig Young discovered that a read-after-free error existed in the HTTP/2 implementation in Apache during connection shutdown. A remote attacker could use this to possibly cause a denial of service (daemon crash) or possibly expose sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10082) Matei Badanoiu discovered that the mod_proxy component of Apache did not properly filter URLs when reporting errors in some configurations. A remote attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. (CVE-2019-10092) Daniel McCarney discovered that mod_remoteip component of Apache contained a stack buffer overflow when parsing headers from a trusted intermediary proxy in some situations. A remote attacker controlling a trusted proxy could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-10097) Yukitsugu Sasaki discovered that the mod_rewrite component in Apache was vulnerable to open redirects in some situations. A remote attacker could use this to possibly expose sensitive information or bypass intended restrictions. (CVE-2019-10098) Jonathan Looney discovered that the HTTP/2 implementation in Apache did not properly limit the amount of buffering for client connections in some situations. A remote attacker could use this to cause a denial of service (unresponsive daemon). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-9517) Update Instructions: Run `sudo pro fix USN-4113-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2-data - 2.4.18-2ubuntu3.12 apache2-utils - 2.4.18-2ubuntu3.12 apache2-dev - 2.4.18-2ubuntu3.12 apache2-suexec-pristine - 2.4.18-2ubuntu3.12 apache2-suexec-custom - 2.4.18-2ubuntu3.12 apache2 - 2.4.18-2ubuntu3.12 apache2-doc - 2.4.18-2ubuntu3.12 apache2-bin - 2.4.18-2ubuntu3.12 No subscription required Medium CVE-2019-0197 CVE-2019-10081 CVE-2019-10082 CVE-2019-10092 CVE-2019-10097 CVE-2019-10098 CVE-2019-9517 Ubuntu 16.04 LTS USN-4113-1 fixed vulnerabilities in the Apache HTTP server. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Stefan Eissing discovered that the HTTP/2 implementation in Apache did not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in some situations. A remote attacker could use this to cause a denial of service (daemon crash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-0197) Craig Young discovered that a memory overwrite error existed in Apache when performing HTTP/2 very early pushes in some situations. A remote attacker could use this to cause a denial of service (daemon crash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10081) Craig Young discovered that a read-after-free error existed in the HTTP/2 implementation in Apache during connection shutdown. A remote attacker could use this to possibly cause a denial of service (daemon crash) or possibly expose sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10082) Matei Badanoiu discovered that the mod_proxy component of Apache did not properly filter URLs when reporting errors in some configurations. A remote attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. (CVE-2019-10092) Daniel McCarney discovered that mod_remoteip component of Apache contained a stack buffer overflow when parsing headers from a trusted intermediary proxy in some situations. A remote attacker controlling a trusted proxy could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-10097) Yukitsugu Sasaki discovered that the mod_rewrite component in Apache was vulnerable to open redirects in some situations. A remote attacker could use this to possibly expose sensitive information or bypass intended restrictions. (CVE-2019-10098) Jonathan Looney discovered that the HTTP/2 implementation in Apache did not properly limit the amount of buffering for client connections in some situations. A remote attacker could use this to cause a denial of service (unresponsive daemon). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-9517) Update Instructions: Run `sudo pro fix USN-4113-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2-data - 2.4.18-2ubuntu3.13 apache2-utils - 2.4.18-2ubuntu3.13 apache2-dev - 2.4.18-2ubuntu3.13 apache2-suexec-pristine - 2.4.18-2ubuntu3.13 apache2-suexec-custom - 2.4.18-2ubuntu3.13 apache2 - 2.4.18-2ubuntu3.13 apache2-doc - 2.4.18-2ubuntu3.13 apache2-bin - 2.4.18-2ubuntu3.13 No subscription required None https://launchpad.net/bugs/1842701 Ubuntu 16.04 LTS Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19985) Zhipeng Xie discovered that an infinite loop could be triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784) It was discovered that the Intel Wi-Fi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (Wi-Fi disconnect). (CVE-2019-0136) It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207) Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. (CVE-2019-10638) Amit Klein and Benny Pinkas discovered that the location of kernel addresses could be exposed by the implementation of connection-less network protocols in the Linux kernel. A remote attacker could possibly use this to assist in the exploitation of another vulnerability in the Linux kernel. (CVE-2019-10639) It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487) Jann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2019-11599) It was discovered that a null pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-11810) It was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13631) Praveen Pandey discovered that the Linux kernel did not properly validate sent signals in some situations on PowerPC systems with transactional memory disabled. A local attacker could use this to cause a denial of service. (CVE-2019-13648) It was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14283) It was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284) Tuba Yavuz discovered that a race condition existed in the DesignWare USB3 DRD Controller device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-14763) It was discovered that an out-of-bounds read existed in the QLogic QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-15090) It was discovered that the Raremono AM/FM/SW radio device driver in the Linux kernel did not properly allocate memory, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2019-15211) It was discovered at a double-free error existed in the USB Rio 500 device driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-15212) It was discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel, leading to a potential use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15214) It was discovered that a race condition existed in the CPiA2 video4linux device driver for the Linux kernel, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15215) It was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15220) It was discovered that a use-after-free vulnerability existed in the AppleTalk implementation in the Linux kernel if an error occurs during initialization. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-15292) Jason Wang discovered that an infinite loop vulnerability existed in the virtio net driver in the Linux kernel. A local attacker in a guest VM could possibly use this to cause a denial of service in the host system. (CVE-2019-3900) Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered that the Bluetooth protocol BR/EDR specification did not properly require sufficiently strong encryption key lengths. A physically proximate attacker could use this to expose sensitive information. (CVE-2019-9506) It was discovered that a race condition existed in the USB YUREX device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15216) It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel made improper assumptions about the device characteristics. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2019-15218) It was discovered that the Line 6 POD USB device driver in the Linux kernel did not properly validate data size information from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15221) Muyu Yu discovered that the CAN implementation in the Linux kernel in some situations did not properly restrict the field size when processing outgoing frames. A local attacker with CAP_NET_ADMIN privileges could use this to execute arbitrary code. (CVE-2019-3701) Vladis Dronov discovered that the debug interface for the Linux kernel's HID subsystem did not properly validate passed parameters in some situations. A local privileged attacker could use this to cause a denial of service (infinite loop). (CVE-2019-3819) Update Instructions: Run `sudo pro fix USN-4115-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1022-oracle - 4.15.0-1022.25~16.04.1 No subscription required linux-image-4.15.0-1041-gcp - 4.15.0-1041.43 No subscription required linux-image-4.15.0-1056-azure - 4.15.0-1056.61 No subscription required linux-image-4.15.0-60-generic-lpae - 4.15.0-60.67~16.04.1 linux-image-4.15.0-60-lowlatency - 4.15.0-60.67~16.04.1 linux-image-4.15.0-60-generic - 4.15.0-60.67~16.04.1 No subscription required linux-image-oracle - 4.15.0.1022.16 No subscription required linux-image-gke - 4.15.0.1041.55 linux-image-gcp - 4.15.0.1041.55 No subscription required linux-image-azure - 4.15.0.1056.59 No subscription required linux-image-virtual-hwe-16.04 - 4.15.0.60.81 linux-image-generic-hwe-16.04 - 4.15.0.60.81 linux-image-oem - 4.15.0.60.81 linux-image-lowlatency-hwe-16.04 - 4.15.0.60.81 linux-image-generic-lpae-hwe-16.04 - 4.15.0.60.81 No subscription required Medium CVE-2018-19985 CVE-2018-20784 CVE-2019-0136 CVE-2019-10207 CVE-2019-10638 CVE-2019-10639 CVE-2019-11487 CVE-2019-11599 CVE-2019-11810 CVE-2019-13631 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284 CVE-2019-14763 CVE-2019-15090 CVE-2019-15211 CVE-2019-15212 CVE-2019-15214 CVE-2019-15215 CVE-2019-15216 CVE-2019-15218 CVE-2019-15220 CVE-2019-15221 CVE-2019-15292 CVE-2019-3701 CVE-2019-3819 CVE-2019-3900 CVE-2019-9506 Ubuntu 16.04 LTS USN 4115-1 fixed vulnerabilities in the Linux 4.15 kernel for Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. Unfortunately, as part of the update, a regression was introduced that caused a kernel crash when handling fragmented packets in some situations. This update addresses the issue. We apologize for the inconvenience. Original advisory details: Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19985) Zhipeng Xie discovered that an infinite loop could triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784) It was discovered that the Intel Wi-Fi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (Wi-Fi disconnect). (CVE-2019-0136) It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207) Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. (CVE-2019-10638) Amit Klein and Benny Pinkas discovered that the location of kernel addresses could be exposed by the implementation of connection-less network protocols in the Linux kernel. A remote attacker could possibly use this to assist in the exploitation of another vulnerability in the Linux kernel. (CVE-2019-10639) It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487) Jann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2019-11599) It was discovered that a null pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-11810) It was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13631) Praveen Pandey discovered that the Linux kernel did not properly validate sent signals in some situations on PowerPC systems with transactional memory disabled. A local attacker could use this to cause a denial of service. (CVE-2019-13648) It was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14283) It was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284) Tuba Yavuz discovered that a race condition existed in the DesignWare USB3 DRD Controller device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-14763) It was discovered that an out-of-bounds read existed in the QLogic QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-15090) It was discovered that the Raremono AM/FM/SW radio device driver in the Linux kernel did not properly allocate memory, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2019-15211) It was discovered at a double-free error existed in the USB Rio 500 device driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-15212) It was discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel, leading to a potential use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15214) It was discovered that a race condition existed in the CPiA2 video4linux device driver for the Linux kernel, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15215) It was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15220) It was discovered that a use-after-free vulnerability existed in the AppleTalk implementation in the Linux kernel if an error occurs during initialization. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-15292) Jason Wang discovered that an infinite loop vulnerability existed in the virtio net driver in the Linux kernel. A local attacker in a guest VM could possibly use this to cause a denial of service in the host system. (CVE-2019-3900) Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered that the Bluetooth protocol BR/EDR specification did not properly require sufficiently strong encryption key lengths. A physically proximate attacker could use this to expose sensitive information. (CVE-2019-9506) It was discovered that a race condition existed in the USB YUREX device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15216) It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel made improper assumptions about the device characteristics. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2019-15218) It was discovered that the Line 6 POD USB device driver in the Linux kernel did not properly validate data size information from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15221) Muyu Yu discovered that the CAN implementation in the Linux kernel in some situations did not properly restrict the field size when processing outgoing frames. A local attacker with CAP_NET_ADMIN privileges could use this to execute arbitrary code. (CVE-2019-3701) Vladis Dronov discovered that the debug interface for the Linux kernel's HID subsystem did not properly validate passed parameters in some situations. A local privileged attacker could use this to cause a denial of service (infinite loop). (CVE-2019-3819) Update Instructions: Run `sudo pro fix USN-4115-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1023-oracle - 4.15.0-1023.26~16.04.1 No subscription required linux-image-4.15.0-1042-gcp - 4.15.0-1042.44 No subscription required linux-image-4.15.0-1048-aws - 4.15.0-1048.50~16.04.1 No subscription required linux-image-4.15.0-1057-azure - 4.15.0-1057.62 No subscription required linux-image-4.15.0-62-generic-lpae - 4.15.0-62.69~16.04.1 linux-image-4.15.0-62-lowlatency - 4.15.0-62.69~16.04.1 linux-image-4.15.0-62-generic - 4.15.0-62.69~16.04.1 No subscription required linux-image-oracle - 4.15.0.1023.17 No subscription required linux-image-gke - 4.15.0.1042.56 linux-image-gcp - 4.15.0.1042.56 No subscription required linux-image-aws-hwe - 4.15.0.1048.48 No subscription required linux-image-azure - 4.15.0.1057.60 No subscription required linux-image-lowlatency-hwe-16.04 - 4.15.0.62.82 linux-image-virtual-hwe-16.04 - 4.15.0.62.82 linux-image-generic-hwe-16.04 - 4.15.0.62.82 linux-image-oem - 4.15.0.62.82 linux-image-generic-lpae-hwe-16.04 - 4.15.0.62.82 No subscription required None https://launchpad.net/bugs/1842447 Ubuntu 16.04 LTS It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-20856) Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. (CVE-2019-10638) Praveen Pandey discovered that the Linux kernel did not properly validate sent signals in some situations on PowerPC systems with transactional memory disabled. A local attacker could use this to cause a denial of service. (CVE-2019-13648) It was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14283) It was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284) Jason Wang discovered that an infinite loop vulnerability existed in the virtio net driver in the Linux kernel. A local attacker in a guest VM could possibly use this to cause a denial of service in the host system. (CVE-2019-3900) Update Instructions: Run `sudo pro fix USN-4116-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1056-kvm - 4.4.0-1056.63 No subscription required linux-image-4.4.0-1092-aws - 4.4.0-1092.103 No subscription required linux-image-4.4.0-1120-raspi2 - 4.4.0-1120.129 No subscription required linux-image-4.4.0-1124-snapdragon - 4.4.0-1124.130 No subscription required linux-image-4.4.0-161-generic - 4.4.0-161.189 linux-image-4.4.0-161-powerpc-e500mc - 4.4.0-161.189 linux-image-4.4.0-161-powerpc64-smp - 4.4.0-161.189 linux-image-4.4.0-161-powerpc-smp - 4.4.0-161.189 linux-image-4.4.0-161-generic-lpae - 4.4.0-161.189 linux-image-4.4.0-161-powerpc64-emb - 4.4.0-161.189 linux-image-4.4.0-161-lowlatency - 4.4.0-161.189 No subscription required linux-image-kvm - 4.4.0.1056.56 No subscription required linux-image-aws - 4.4.0.1092.96 No subscription required linux-image-raspi2 - 4.4.0.1120.120 No subscription required linux-image-snapdragon - 4.4.0.1124.116 No subscription required linux-image-generic-lts-wily - 4.4.0.161.169 linux-image-powerpc64-emb-lts-vivid - 4.4.0.161.169 linux-image-powerpc-e500mc - 4.4.0.161.169 linux-image-generic-lpae-lts-xenial - 4.4.0.161.169 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.161.169 linux-image-generic-lpae-lts-utopic - 4.4.0.161.169 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.161.169 linux-image-generic-lts-utopic - 4.4.0.161.169 linux-image-powerpc-e500mc-lts-wily - 4.4.0.161.169 linux-image-generic-lts-vivid - 4.4.0.161.169 linux-image-generic-lpae-lts-wily - 4.4.0.161.169 linux-image-virtual-lts-vivid - 4.4.0.161.169 linux-image-virtual-lts-utopic - 4.4.0.161.169 linux-image-virtual - 4.4.0.161.169 linux-image-powerpc64-emb-lts-wily - 4.4.0.161.169 linux-image-lowlatency-lts-vivid - 4.4.0.161.169 linux-image-powerpc64-smp-lts-utopic - 4.4.0.161.169 linux-image-powerpc64-emb - 4.4.0.161.169 linux-image-powerpc-smp-lts-xenial - 4.4.0.161.169 linux-image-powerpc64-smp-lts-vivid - 4.4.0.161.169 linux-image-lowlatency-lts-wily - 4.4.0.161.169 linux-image-generic - 4.4.0.161.169 linux-image-lowlatency-lts-xenial - 4.4.0.161.169 linux-image-powerpc64-smp-lts-xenial - 4.4.0.161.169 linux-image-powerpc64-emb-lts-utopic - 4.4.0.161.169 linux-image-generic-lts-xenial - 4.4.0.161.169 linux-image-virtual-lts-wily - 4.4.0.161.169 linux-image-powerpc-smp - 4.4.0.161.169 linux-image-generic-lpae-lts-vivid - 4.4.0.161.169 linux-image-generic-lpae - 4.4.0.161.169 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.161.169 linux-image-powerpc64-smp-lts-wily - 4.4.0.161.169 linux-image-powerpc64-emb-lts-xenial - 4.4.0.161.169 linux-image-powerpc-smp-lts-wily - 4.4.0.161.169 linux-image-powerpc64-smp - 4.4.0.161.169 linux-image-lowlatency-lts-utopic - 4.4.0.161.169 linux-image-powerpc-smp-lts-vivid - 4.4.0.161.169 linux-image-lowlatency - 4.4.0.161.169 linux-image-virtual-lts-xenial - 4.4.0.161.169 linux-image-powerpc-smp-lts-utopic - 4.4.0.161.169 No subscription required Medium CVE-2018-20856 CVE-2019-10638 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284 CVE-2019-3900 Ubuntu 16.04 LTS It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13093) Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13096, CVE-2018-13097, CVE-2018-13098, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14615, CVE-2018-14616) Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14609, CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613) Wen Xu discovered that the HFS+ filesystem implementation in the Linux kernel did not properly handle malformed catalog data in some situations. An attacker could use this to construct a malicious HFS+ image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14617) Vasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information. (CVE-2018-16862) Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19985) Hui Peng and Mathias Payer discovered that the USB subsystem in the Linux kernel did not properly handle size checks when handling an extra USB descriptor. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-20169) Zhipeng Xie discovered that an infinite loop could be triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784) It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-20856) Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. (CVE-2018-5383) It was discovered that the Intel Wi-Fi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (Wi-Fi disconnect). (CVE-2019-0136) It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126) It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207) Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. (CVE-2019-10638) Amit Klein and Benny Pinkas discovered that the location of kernel addresses could be exposed by the implementation of connection-less network protocols in the Linux kernel. A remote attacker could possibly use this to assist in the exploitation of another vulnerability in the Linux kernel. (CVE-2019-10639) Adam Zabrocki discovered that the Intel i915 kernel mode graphics driver in the Linux kernel did not properly restrict mmap() ranges in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11085) It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487) Jann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2019-11599) It was discovered that a null pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-11810) It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel. The RDS protocol is disabled via blocklist by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11815) It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833) It was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11884) It was discovered that a NULL pointer dereference vulnerabilty existed in the Near-field communication (NFC) implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12818) It was discovered that the MDIO bus devices subsystem in the Linux kernel improperly dropped a device reference in an error condition, leading to a use-after-free. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12819) It was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-12984) Jann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13233) Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272) It was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13631) It was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14283) It was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284) Tuba Yavuz discovered that a race condition existed in the DesignWare USB3 DRD Controller device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-14763) It was discovered that an out-of-bounds read existed in the QLogic QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-15090) It was discovered that the Raremono AM/FM/SW radio device driver in the Linux kernel did not properly allocate memory, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2019-15211) It was discovered at a double-free error existed in the USB Rio 500 device driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-15212) It was discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel, leading to a potential use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15214) It was discovered that a race condition existed in the CPiA2 video4linux device driver for the Linux kernel, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15215) It was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15220) It was discovered that a use-after-free vulnerability existed in the AppleTalk implementation in the Linux kernel if an error occurs during initialization. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-15292) It was discovered that the Empia EM28xx DVB USB device driver implementation in the Linux kernel contained a use-after-free vulnerability when disconnecting the device. An attacker could use this to cause a denial of service (system crash). (CVE-2019-2024) It was discovered that the USB video device class implementation in the Linux kernel did not properly validate control bits, resulting in an out of bounds buffer read. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2019-2101) It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846) Jason Wang discovered that an infinite loop vulnerability existed in the virtio net driver in the Linux kernel. A local attacker in a guest VM could possibly use this to cause a denial of service in the host system. (CVE-2019-3900) Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered that the Bluetooth protocol BR/EDR specification did not properly require sufficiently strong encryption key lengths. A physically proximate attacker could use this to expose sensitive information. (CVE-2019-9506) It was discovered that the Appletalk IP encapsulation driver in the Linux kernel did not properly prevent kernel addresses from being copied to user space. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information. (CVE-2018-20511) It was discovered that a race condition existed in the USB YUREX device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15216) It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel made improper assumptions about the device characteristics. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2019-15218) It was discovered that the Line 6 POD USB device driver in the Linux kernel did not properly validate data size information from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15221) Muyu Yu discovered that the CAN implementation in the Linux kernel in some situations did not properly restrict the field size when processing outgoing frames. A local attacker with CAP_NET_ADMIN privileges could use this to execute arbitrary code. (CVE-2019-3701) Vladis Dronov discovered that the debug interface for the Linux kernel's HID subsystem did not properly validate passed parameters in some situations. A local privileged attacker could use this to cause a denial of service (infinite loop). (CVE-2019-3819) Update Instructions: Run `sudo pro fix USN-4118-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1047-aws - 4.15.0-1047.49~16.04.1 No subscription required linux-image-aws-hwe - 4.15.0.1047.47 No subscription required Medium CVE-2018-13053 CVE-2018-13093 CVE-2018-13096 CVE-2018-13097 CVE-2018-13098 CVE-2018-13099 CVE-2018-13100 CVE-2018-14609 CVE-2018-14610 CVE-2018-14611 CVE-2018-14612 CVE-2018-14613 CVE-2018-14614 CVE-2018-14615 CVE-2018-14616 CVE-2018-14617 CVE-2018-16862 CVE-2018-19985 CVE-2018-20169 CVE-2018-20511 CVE-2018-20784 CVE-2018-20856 CVE-2018-5383 CVE-2019-0136 CVE-2019-10126 CVE-2019-10207 CVE-2019-10638 CVE-2019-10639 CVE-2019-11085 CVE-2019-11487 CVE-2019-11599 CVE-2019-11810 CVE-2019-11815 CVE-2019-11833 CVE-2019-11884 CVE-2019-12818 CVE-2019-12819 CVE-2019-12984 CVE-2019-13233 CVE-2019-13272 CVE-2019-13631 CVE-2019-14283 CVE-2019-14284 CVE-2019-14763 CVE-2019-15090 CVE-2019-15211 CVE-2019-15212 CVE-2019-15214 CVE-2019-15215 CVE-2019-15216 CVE-2019-15218 CVE-2019-15220 CVE-2019-15221 CVE-2019-15292 CVE-2019-2024 CVE-2019-2101 CVE-2019-3701 CVE-2019-3819 CVE-2019-3846 CVE-2019-3900 CVE-2019-9506 Ubuntu 16.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, bypass Content Security Policy (CSP) protections, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, cause a denial of service, or execute arbitrary code. (CVE-2019-5849, CVE-2019-11734, CVE-2019-11735, CVE-2019-11737, CVE-2019-11738, CVE-2019-11740, CVE-2019-11742, CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11748, CVE-2019-11749, CVE-2019-11750, CVE-2019-11752) It was discovered that a compromised content process could log in to a malicious Firefox Sync account. An attacker could potentially exploit this, in combination with another vulnerability, to disable the sandbox. (CVE-2019-9812) It was discovered that addons.mozilla.org and accounts.firefox.com could be loaded in to the same content process. An attacker could potentially exploit this, in combination with another vulnerability that allowed a cross-site scripting (XSS) attack, to modify browser settings. (CVE-2019-11741) It was discovered that the "Forget about this site" feature in the history pane removes HTTP Strict Transport Security (HSTS) settings for sites on the pre-load list. An attacker could potentially exploit this to bypass the protections offered by HSTS. (CVE-2019-11747) Update Instructions: Run `sudo pro fix USN-4122-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-nn - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-ne - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-nb - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-fa - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-fi - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-fr - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-fy - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-or - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-kab - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-oc - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-cs - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-ga - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-gd - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-gn - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-gl - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-gu - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-pa - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-pl - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-cy - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-pt - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-hi - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-uk - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-he - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-hy - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-hr - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-hu - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-as - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-ar - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-ia - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-az - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-id - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-mai - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-af - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-is - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-it - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-an - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-bs - 69.0+build2-0ubuntu0.16.04.4 firefox - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-ro - 69.0+build2-0ubuntu0.16.04.4 firefox-geckodriver - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-ja - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-ru - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-br - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-zh-hant - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-zh-hans - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-bn - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-be - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-bg - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-sl - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-sk - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-si - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-sw - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-sv - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-sr - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-sq - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-ko - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-kn - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-km - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-kk - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-ka - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-xh - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-ca - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-ku - 69.0+build2-0ubuntu0.16.04.4 firefox-mozsymbols - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-lv - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-lt - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-th - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-hsb - 69.0+build2-0ubuntu0.16.04.4 firefox-dev - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-te - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-cak - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-ta - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-lg - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-csb - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-tr - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-nso - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-de - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-da - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-ms - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-mr - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-my - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-uz - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-ml - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-mn - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-mk - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-ur - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-eu - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-et - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-es - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-vi - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-el - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-eo - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-en - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-zu - 69.0+build2-0ubuntu0.16.04.4 firefox-locale-ast - 69.0+build2-0ubuntu0.16.04.4 No subscription required Medium CVE-2019-5849 CVE-2019-9812 CVE-2019-11734 CVE-2019-11735 CVE-2019-11737 CVE-2019-11738 CVE-2019-11740 CVE-2019-11741 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11747 CVE-2019-11748 CVE-2019-11749 CVE-2019-11750 CVE-2019-11752 Ubuntu 16.04 LTS USN-4122-1 fixed vulnerabilities in Firefox. The update caused a regression that resulted in a crash when changing YouTube playback speed in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, bypass Content Security Policy (CSP) protections, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, cause a denial of service, or execute arbitrary code. (CVE-2019-5849, CVE-2019-11734, CVE-2019-11735, CVE-2019-11737, CVE-2019-11738, CVE-2019-11740, CVE-2019-11742, CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11748, CVE-2019-11749, CVE-2019-11750, CVE-2019-11752) It was discovered that a compromised content process could log in to a malicious Firefox Sync account. An attacker could potentially exploit this, in combination with another vulnerability, to disable the sandbox. (CVE-2019-9812) It was discovered that addons.mozilla.org and accounts.firefox.com could be loaded in to the same content process. An attacker could potentially exploit this, in combination with another vulnerability that allowed a cross-site scripting (XSS) attack, to modify browser settings. (CVE-2019-11741) It was discovered that the "Forget about this site" feature in the history pane removes HTTP Strict Transport Security (HSTS) settings for sites on the pre-load list. An attacker could potentially exploit this to bypass the protections offered by HSTS. (CVE-2019-11747) Update Instructions: Run `sudo pro fix USN-4122-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nn - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ne - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nb - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fa - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fi - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fr - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fy - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-or - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kab - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-oc - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cs - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ga - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gd - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gn - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gl - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gu - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pa - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pl - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cy - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pt - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hi - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-uk - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-he - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hy - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hr - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hu - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-as - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ar - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ia - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-az - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-id - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mai - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-af - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-is - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-it - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-an - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bs - 69.0.2+build1-0ubuntu0.16.04.1 firefox - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ro - 69.0.2+build1-0ubuntu0.16.04.1 firefox-geckodriver - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ja - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ru - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-br - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zh-hant - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zh-hans - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bn - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-be - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bg - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sl - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sk - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-si - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sw - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sv - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sr - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sq - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ko - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kn - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-km - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kk - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ka - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-xh - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ca - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ku - 69.0.2+build1-0ubuntu0.16.04.1 firefox-mozsymbols - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lv - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lt - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-th - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hsb - 69.0.2+build1-0ubuntu0.16.04.1 firefox-dev - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-te - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cak - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ta - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lg - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-tr - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nso - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-de - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-da - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ms - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mr - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-my - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-uz - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ml - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mn - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mk - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ur - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-vi - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-eu - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-et - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-es - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-csb - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-el - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-eo - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-en - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zu - 69.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ast - 69.0.2+build1-0ubuntu0.16.04.1 No subscription required None https://launchpad.net/bugs/1847354 Ubuntu 16.04 LTS It was discovered that Exim incorrectly handled certain decoding operations. A remote attacker could possibly use this issue to execute arbitrary commands. Update Instructions: Run `sudo pro fix USN-4124-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exim4-dev - 4.86.2-2ubuntu2.5 eximon4 - 4.86.2-2ubuntu2.5 exim4 - 4.86.2-2ubuntu2.5 exim4-daemon-light - 4.86.2-2ubuntu2.5 exim4-config - 4.86.2-2ubuntu2.5 exim4-daemon-heavy - 4.86.2-2ubuntu2.5 exim4-base - 4.86.2-2ubuntu2.5 No subscription required High CVE-2019-15846 https://launchpad.net/bugs/1843041 Ubuntu 16.04 LTS It was discovered that Memcached incorrectly handled certain UNIX sockets. An attacker could possibly use this issue to access sensitive information. Update Instructions: Run `sudo pro fix USN-4125-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: memcached - 1.4.25-2ubuntu1.5 No subscription required Medium CVE-2019-15026 Ubuntu 16.04 LTS It was discovered that FreeType incorrectly handled certain font files. An attacker could possibly use this issue to access sensitive information. Update Instructions: Run `sudo pro fix USN-4126-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfreetype6-dev - 2.6.1-0.1ubuntu2.4 libfreetype6-udeb - 2.6.1-0.1ubuntu2.4 freetype2-demos - 2.6.1-0.1ubuntu2.4 libfreetype6 - 2.6.1-0.1ubuntu2.4 No subscription required Medium CVE-2015-9383 Ubuntu 16.04 LTS It was discovered that Python incorrectly handled certain pickle files. An attacker could possibly use this issue to consume memory, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-20406) It was discovered that Python incorrectly validated the domain when handling cookies. An attacker could possibly trick Python into sending cookies to the wrong domain. (CVE-2018-20852) Jonathan Birch and Panayiotis Panayiotou discovered that Python incorrectly handled Unicode encoding during NFKC normalization. An attacker could possibly use this issue to obtain sensitive information. (CVE-2019-9636, CVE-2019-10160) Colin Read and Nicolas Edet discovered that Python incorrectly handled parsing certain X509 certificates. An attacker could possibly use this issue to cause Python to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-5010) It was discovered that Python incorrectly handled certain urls. A remote attacker could possibly use this issue to perform CRLF injection attacks. (CVE-2019-9740, CVE-2019-9947) Sihoon Lee discovered that Python incorrectly handled the local_file: scheme. A remote attacker could possibly use this issue to bypass blocklist meschanisms. (CVE-2019-9948) Update Instructions: Run `sudo pro fix USN-4127-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python2.7-dev - 2.7.12-1ubuntu0~16.04.8 python2.7-doc - 2.7.12-1ubuntu0~16.04.8 libpython2.7-stdlib - 2.7.12-1ubuntu0~16.04.8 libpython2.7-minimal - 2.7.12-1ubuntu0~16.04.8 libpython2.7 - 2.7.12-1ubuntu0~16.04.8 libpython2.7-testsuite - 2.7.12-1ubuntu0~16.04.8 python2.7 - 2.7.12-1ubuntu0~16.04.8 idle-python2.7 - 2.7.12-1ubuntu0~16.04.8 python2.7-examples - 2.7.12-1ubuntu0~16.04.8 libpython2.7-dev - 2.7.12-1ubuntu0~16.04.8 python2.7-minimal - 2.7.12-1ubuntu0~16.04.8 No subscription required libpython3.5-stdlib - 3.5.2-2ubuntu0~16.04.8 python3.5-venv - 3.5.2-2ubuntu0~16.04.8 python3.5-doc - 3.5.2-2ubuntu0~16.04.8 python3.5-dev - 3.5.2-2ubuntu0~16.04.8 libpython3.5-dev - 3.5.2-2ubuntu0~16.04.8 libpython3.5-minimal - 3.5.2-2ubuntu0~16.04.8 python3.5 - 3.5.2-2ubuntu0~16.04.8 idle-python3.5 - 3.5.2-2ubuntu0~16.04.8 libpython3.5-testsuite - 3.5.2-2ubuntu0~16.04.8 python3.5-examples - 3.5.2-2ubuntu0~16.04.8 python3.5-minimal - 3.5.2-2ubuntu0~16.04.8 libpython3.5 - 3.5.2-2ubuntu0~16.04.8 No subscription required Medium CVE-2018-20406 CVE-2018-20852 CVE-2019-10160 CVE-2019-5010 CVE-2019-9636 CVE-2019-9740 CVE-2019-9947 CVE-2019-9948 Ubuntu 16.04 LTS It was discovered that the Tomcat 8 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. (CVE-2019-0221) It was discovered that Tomcat 8 did not address HTTP/2 connection window exhaustion on write while addressing CVE-2019-0199. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-10072) Update Instructions: Run `sudo pro fix USN-4128-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tomcat8-docs - 8.0.32-1ubuntu1.10 tomcat8-user - 8.0.32-1ubuntu1.10 libservlet3.1-java - 8.0.32-1ubuntu1.10 libservlet3.1-java-doc - 8.0.32-1ubuntu1.10 tomcat8-examples - 8.0.32-1ubuntu1.10 tomcat8-admin - 8.0.32-1ubuntu1.10 libtomcat8-java - 8.0.32-1ubuntu1.10 tomcat8-common - 8.0.32-1ubuntu1.10 tomcat8 - 8.0.32-1ubuntu1.10 No subscription required Medium CVE-2019-0221 CVE-2019-10072 Ubuntu 16.04 LTS Thomas Vegas discovered that curl incorrectly handled memory when using Kerberos over FTP. A remote attacker could use this issue to crash curl, resulting in a denial of service. (CVE-2019-5481) Thomas Vegas discovered that curl incorrectly handled memory during TFTP transfers. A remote attacker could use this issue to crash curl, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-5482) Update Instructions: Run `sudo pro fix USN-4129-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.47.0-1ubuntu2.14 libcurl4-openssl-dev - 7.47.0-1ubuntu2.14 libcurl3-gnutls - 7.47.0-1ubuntu2.14 libcurl4-doc - 7.47.0-1ubuntu2.14 libcurl3-nss - 7.47.0-1ubuntu2.14 libcurl4-nss-dev - 7.47.0-1ubuntu2.14 libcurl3 - 7.47.0-1ubuntu2.14 curl - 7.47.0-1ubuntu2.14 No subscription required Medium CVE-2019-5481 CVE-2019-5482 Ubuntu 16.04 LTS It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-4132-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libexpat1 - 2.1.0-7ubuntu0.16.04.5 expat - 2.1.0-7ubuntu0.16.04.5 libexpat1-dev - 2.1.0-7ubuntu0.16.04.5 lib64expat1-dev - 2.1.0-7ubuntu0.16.04.5 libexpat1-udeb - 2.1.0-7ubuntu0.16.04.5 lib64expat1 - 2.1.0-7ubuntu0.16.04.5 No subscription required Medium CVE-2019-15903 Ubuntu 16.04 LTS It was discovered that Wireshark improperly handled certain input. A remote or local attacker could cause Wireshark to crash by injecting malformed packets onto the wire or convincing someone to read a malformed packet trace file. Update Instructions: Run `sudo pro fix USN-4133-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libwsutil-dev - 2.6.10-1~ubuntu16.04.0 wireshark-dev - 2.6.10-1~ubuntu16.04.0 tshark - 2.6.10-1~ubuntu16.04.0 libwireshark-dev - 2.6.10-1~ubuntu16.04.0 wireshark-qt - 2.6.10-1~ubuntu16.04.0 libwiretap-dev - 2.6.10-1~ubuntu16.04.0 wireshark-gtk - 2.6.10-1~ubuntu16.04.0 libwscodecs2 - 2.6.10-1~ubuntu16.04.0 wireshark-doc - 2.6.10-1~ubuntu16.04.0 wireshark-common - 2.6.10-1~ubuntu16.04.0 libwiretap8 - 2.6.10-1~ubuntu16.04.0 libwireshark-data - 2.6.10-1~ubuntu16.04.0 libwireshark11 - 2.6.10-1~ubuntu16.04.0 libwsutil9 - 2.6.10-1~ubuntu16.04.0 wireshark - 2.6.10-1~ubuntu16.04.0 No subscription required Medium CVE-2019-12295 CVE-2019-13619 Ubuntu 16.04 LTS Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user. Update Instructions: Run `sudo pro fix USN-4134-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ibus-wayland - 1.5.11-1ubuntu2.2 ibus-doc - 1.5.11-1ubuntu2.2 gir1.2-ibus-1.0 - 1.5.11-1ubuntu2.2 ibus - 1.5.11-1ubuntu2.2 ibus-gtk - 1.5.11-1ubuntu2.2 ibus-gtk3 - 1.5.11-1ubuntu2.2 libibus-1.0-5 - 1.5.11-1ubuntu2.2 libibus-1.0-dev - 1.5.11-1ubuntu2.2 No subscription required Medium CVE-2019-14822 Ubuntu 16.04 LTS USN-4134-1 fixed a vulnerability in IBus. The security fix introduced a regression when being used with Qt applications. This update reverts the security fix pending further investigation. Original advisory details: Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user. Update Instructions: Run `sudo pro fix USN-4134-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ibus-gtk - 1.5.11-1ubuntu2.3 ibus-wayland - 1.5.11-1ubuntu2.3 ibus - 1.5.11-1ubuntu2.3 libibus-1.0-5 - 1.5.11-1ubuntu2.3 gir1.2-ibus-1.0 - 1.5.11-1ubuntu2.3 libibus-1.0-dev - 1.5.11-1ubuntu2.3 ibus-gtk3 - 1.5.11-1ubuntu2.3 ibus-doc - 1.5.11-1ubuntu2.3 No subscription required None https://launchpad.net/bugs/1844853 Ubuntu 16.04 LTS USN-4134-1 fixed a vulnerability in IBus. The update caused a regression in some Qt applications and the fix was subsequently reverted in USN-4134-2. The regression has since been resolved and so this update fixes the original vulnerability. We apologize for the inconvenience. Original advisory details: Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user. Update Instructions: Run `sudo pro fix USN-4134-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ibus-wayland - 1.5.11-1ubuntu2.4 ibus-doc - 1.5.11-1ubuntu2.4 gir1.2-ibus-1.0 - 1.5.11-1ubuntu2.4 ibus - 1.5.11-1ubuntu2.4 ibus-gtk - 1.5.11-1ubuntu2.4 ibus-gtk3 - 1.5.11-1ubuntu2.4 libibus-1.0-5 - 1.5.11-1ubuntu2.4 libibus-1.0-dev - 1.5.11-1ubuntu2.4 No subscription required Medium CVE-2019-14822 Ubuntu 16.04 LTS Peter Pi discovered a buffer overflow in the virtio network backend (vhost_net) implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host OS. (CVE-2019-14835) It was discovered that the Linux kernel on PowerPC architectures did not properly handle Facility Unavailable exceptions in some situations. A local attacker could use this to expose sensitive information. (CVE-2019-15030) It was discovered that the Linux kernel on PowerPC architectures did not properly handle exceptions on interrupts in some situations. A local attacker could use this to expose sensitive information. (CVE-2019-15031) Update Instructions: Run `sudo pro fix USN-4135-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1025-oracle - 4.15.0-1025.28~16.04.1 No subscription required linux-image-4.15.0-1044-gcp - 4.15.0-1044.46 No subscription required linux-image-4.15.0-1050-aws - 4.15.0-1050.52~16.04.1 No subscription required linux-image-4.15.0-1059-azure - 4.15.0-1059.64 No subscription required linux-image-4.15.0-64-lowlatency - 4.15.0-64.73~16.04.1 linux-image-4.15.0-64-generic - 4.15.0-64.73~16.04.1 linux-image-4.15.0-64-generic-lpae - 4.15.0-64.73~16.04.1 No subscription required linux-image-oracle - 4.15.0.1025.18 No subscription required linux-image-gke - 4.15.0.1044.58 linux-image-gcp - 4.15.0.1044.58 No subscription required linux-image-aws-hwe - 4.15.0.1050.50 No subscription required linux-image-azure - 4.15.0.1059.62 No subscription required linux-image-generic-hwe-16.04 - 4.15.0.64.84 linux-image-generic-lpae-hwe-16.04 - 4.15.0.64.84 linux-image-virtual-hwe-16.04 - 4.15.0.64.84 linux-image-oem - 4.15.0.64.84 linux-image-lowlatency-hwe-16.04 - 4.15.0.64.84 No subscription required linux-image-4.4.0-1058-kvm - 4.4.0-1058.65 No subscription required linux-image-4.4.0-1094-aws - 4.4.0-1094.105 No subscription required linux-image-4.4.0-1122-raspi2 - 4.4.0-1122.131 No subscription required linux-image-4.4.0-1126-snapdragon - 4.4.0-1126.132 No subscription required linux-image-4.4.0-164-lowlatency - 4.4.0-164.192 linux-image-4.4.0-164-powerpc64-emb - 4.4.0-164.192 linux-image-4.4.0-164-powerpc-smp - 4.4.0-164.192 linux-image-4.4.0-164-generic-lpae - 4.4.0-164.192 linux-image-4.4.0-164-generic - 4.4.0-164.192 linux-image-4.4.0-164-powerpc-e500mc - 4.4.0-164.192 linux-image-4.4.0-164-powerpc64-smp - 4.4.0-164.192 No subscription required linux-image-kvm - 4.4.0.1058.58 No subscription required linux-image-aws - 4.4.0.1094.98 No subscription required linux-image-raspi2 - 4.4.0.1122.122 No subscription required linux-image-snapdragon - 4.4.0.1126.118 No subscription required linux-image-powerpc64-smp-lts-utopic - 4.4.0.164.172 linux-image-generic-lts-wily - 4.4.0.164.172 linux-image-generic-lpae-lts-xenial - 4.4.0.164.172 linux-image-powerpc-e500mc - 4.4.0.164.172 linux-image-generic-lpae-lts-utopic - 4.4.0.164.172 linux-image-generic-lts-utopic - 4.4.0.164.172 linux-image-powerpc-e500mc-lts-wily - 4.4.0.164.172 linux-image-generic-lts-vivid - 4.4.0.164.172 linux-image-generic-lpae-lts-wily - 4.4.0.164.172 linux-image-virtual-lts-vivid - 4.4.0.164.172 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.164.172 linux-image-virtual-lts-utopic - 4.4.0.164.172 linux-image-virtual - 4.4.0.164.172 linux-image-powerpc64-emb-lts-wily - 4.4.0.164.172 linux-image-lowlatency-lts-vivid - 4.4.0.164.172 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.164.172 linux-image-powerpc-smp-lts-xenial - 4.4.0.164.172 linux-image-lowlatency-lts-wily - 4.4.0.164.172 linux-image-powerpc64-smp-lts-vivid - 4.4.0.164.172 linux-image-generic - 4.4.0.164.172 linux-image-lowlatency-lts-xenial - 4.4.0.164.172 linux-image-powerpc64-smp-lts-xenial - 4.4.0.164.172 linux-image-powerpc64-emb-lts-utopic - 4.4.0.164.172 linux-image-generic-lts-xenial - 4.4.0.164.172 linux-image-powerpc-smp - 4.4.0.164.172 linux-image-powerpc64-emb-lts-vivid - 4.4.0.164.172 linux-image-generic-lpae-lts-vivid - 4.4.0.164.172 linux-image-generic-lpae - 4.4.0.164.172 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.164.172 linux-image-powerpc64-smp-lts-wily - 4.4.0.164.172 linux-image-powerpc64-emb - 4.4.0.164.172 linux-image-powerpc64-emb-lts-xenial - 4.4.0.164.172 linux-image-powerpc-smp-lts-wily - 4.4.0.164.172 linux-image-virtual-lts-wily - 4.4.0.164.172 linux-image-powerpc64-smp - 4.4.0.164.172 linux-image-lowlatency-lts-utopic - 4.4.0.164.172 linux-image-powerpc-smp-lts-vivid - 4.4.0.164.172 linux-image-lowlatency - 4.4.0.164.172 linux-image-virtual-lts-xenial - 4.4.0.164.172 linux-image-powerpc-smp-lts-utopic - 4.4.0.164.172 No subscription required High CVE-2019-14835 CVE-2019-15030 CVE-2019-15031 Ubuntu 16.04 LTS It was discovered that wpa_supplicant incorrectly handled certain management frames. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4136-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: hostapd - 1:2.4-0ubuntu6.6 No subscription required wpagui - 2.4-0ubuntu6.6 wpasupplicant - 2.4-0ubuntu6.6 wpasupplicant-udeb - 2.4-0ubuntu6.6 No subscription required Medium CVE-2019-16275 Ubuntu 16.04 LTS It was discovered that LibreOffice incorrectly handled embedded scripts in document files. If a user were tricked into opening a specially crafted document, a remote attacker could possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4138-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libreoffice-mysql-connector - 1.0.2+LibO5.1.6~rc2-0ubuntu1~xenial10 No subscription required libreoffice-wiki-publisher - 1.2.0+LibO5.1.6~rc2-0ubuntu1~xenial10 No subscription required libreoffice-impress - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-sdbc-postgresql - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-officebean - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-base - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-librelogo - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-java-common - 1:5.1.6~rc2-0ubuntu1~xenial10 gir1.2-lokdocview-0.1 - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-subsequentcheckbase - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-style-elementary - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-kde - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-style-galaxy - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-style-hicontrast - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-core - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-script-provider-bsh - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-avmedia-backend-gstreamer - 1:5.1.6~rc2-0ubuntu1~xenial10 libreofficekit-dev - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-script-provider-python - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-common - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-gnome - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-dev - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-gtk3 - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-report-builder - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-base-core - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-draw - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-ogltrans - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-sdbc-hsqldb - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-gtk - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-calc - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-base-drivers - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-style-oxygen - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-style-tango - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-style-human - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-sdbc-firebird - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-pdfimport - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-math - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-writer - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-report-builder-bin - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-dev-doc - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-script-provider-js - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-style-sifr - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-style-breeze - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-l10n-in - 1:5.1.6~rc2-0ubuntu1~xenial10 libreoffice-l10n-za - 1:5.1.6~rc2-0ubuntu1~xenial10 python3-uno - 1:5.1.6~rc2-0ubuntu1~xenial10 No subscription required fonts-opensymbol - 2:102.7+LibO5.1.6~rc2-0ubuntu1~xenial10 No subscription required uno-libs3 - 5.1.6~rc2-0ubuntu1~xenial10 ure - 5.1.6~rc2-0ubuntu1~xenial10 No subscription required Medium CVE-2019-9854 Ubuntu 16.04 LTS It was discovered that File Roller incorrectly handled certain TAR files. An attacker could possibly use this issue to overwrite sensitive files during extraction. Update Instructions: Run `sudo pro fix USN-4139-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: file-roller - 3.16.5-0ubuntu1.3 No subscription required Medium CVE-2019-16680 Ubuntu 16.04 LTS It was discovered that no user notification was given when pointer lock is enabled. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to hijack the mouse pointer and confuse users. Update Instructions: Run `sudo pro fix USN-4140-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nn - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ne - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nb - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fa - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fi - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fr - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fy - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-or - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kab - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-oc - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cs - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ga - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gd - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gn - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gl - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gu - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pa - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pl - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cy - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pt - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hi - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-uk - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-he - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hy - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hr - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hu - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-as - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ar - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ia - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-az - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-id - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mai - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-af - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-is - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-it - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-an - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bs - 69.0.1+build1-0ubuntu0.16.04.1 firefox - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ro - 69.0.1+build1-0ubuntu0.16.04.1 firefox-geckodriver - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ja - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ru - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-br - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zh-hant - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zh-hans - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bn - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-be - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bg - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sl - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sk - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-si - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sw - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sv - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sr - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sq - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ko - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kn - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-km - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kk - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ka - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-xh - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ca - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ku - 69.0.1+build1-0ubuntu0.16.04.1 firefox-mozsymbols - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lv - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lt - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-th - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hsb - 69.0.1+build1-0ubuntu0.16.04.1 firefox-dev - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-te - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cak - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ta - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lg - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-tr - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nso - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-de - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-da - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ms - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mr - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-my - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-uz - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ml - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mn - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mk - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ur - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-vi - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-eu - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-et - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-es - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-csb - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-el - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-eo - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-en - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zu - 69.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ast - 69.0.1+build1-0ubuntu0.16.04.1 No subscription required Medium CVE-2019-11754 Ubuntu 16.04 LTS It was discovered that e2fsprogs incorrectly handled certain ext4 partitions. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4142-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libss2 - 1.42.13-1ubuntu1.1 e2fslibs-dev - 1.42.13-1ubuntu1.1 e2fsprogs - 1.42.13-1ubuntu1.1 e2fsck-static - 1.42.13-1ubuntu1.1 e2fslibs - 1.42.13-1ubuntu1.1 e2fsprogs-udeb - 1.42.13-1ubuntu1.1 libcomerr2 - 1.42.13-1ubuntu1.1 No subscription required ss-dev - 2.0-1.42.13-1ubuntu1.1 No subscription required comerr-dev - 2.1-1.42.13-1ubuntu1.1 No subscription required Medium CVE-2019-5094 Ubuntu 16.04 LTS It was discovered that SDL 2.0 mishandled crafted image files resulting in an integer overflow. If a user were tricked into opening a malicious file, SDL 2.0 could be caused to crash or potentially run arbitrary code. (CVE-2017-2888) It was discovered that SDL 2.0 mishandled crafted image files. If a user were tricked into opening a malicious file, SDL 2.0 could be caused to crash or potentially run arbitrary code. (CVE-2019-7635, CVE-2019-7636, CVE-2019-7637, CVE-2019-7638) Update Instructions: Run `sudo pro fix USN-4143-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsdl2-dev - 2.0.4+dfsg1-2ubuntu2.16.04.2 libsdl2-doc - 2.0.4+dfsg1-2ubuntu2.16.04.2 libsdl2-2.0-0 - 2.0.4+dfsg1-2ubuntu2.16.04.2 No subscription required Medium CVE-2017-2888 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 Ubuntu 16.04 LTS It was discovered that the XFS file system in the Linux kernel did not properly handle mount failures in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2018-20976) Benjamin Moody discovered that the XFS file system in the Linux kernel did not properly handle an error condition when out of disk quota. A local attacker could possibly use this to cause a denial of service. (CVE-2019-15538) Update Instructions: Run `sudo pro fix USN-4144-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1026-oracle - 4.15.0-1026.29~16.04.1 No subscription required linux-image-4.15.0-1051-aws - 4.15.0-1051.53~16.04.1 No subscription required linux-image-4.15.0-1060-azure - 4.15.0-1060.65 No subscription required linux-image-4.15.0-65-lowlatency - 4.15.0-65.74~16.04.1 linux-image-4.15.0-65-generic-lpae - 4.15.0-65.74~16.04.1 linux-image-4.15.0-65-generic - 4.15.0-65.74~16.04.1 No subscription required linux-image-oracle - 4.15.0.1026.19 No subscription required linux-image-aws-hwe - 4.15.0.1051.51 No subscription required linux-image-azure - 4.15.0.1060.63 No subscription required linux-image-generic-hwe-16.04 - 4.15.0.65.85 linux-image-oem - 4.15.0.65.85 linux-image-lowlatency-hwe-16.04 - 4.15.0.65.85 linux-image-virtual-hwe-16.04 - 4.15.0.65.85 linux-image-generic-lpae-hwe-16.04 - 4.15.0.65.85 No subscription required Medium CVE-2018-20976 CVE-2019-15538 Ubuntu 16.04 LTS It was discovered that a race condition existed in the GFS2 file system in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2016-10905) It was discovered that the IPv6 implementation in the Linux kernel did not properly validate socket options in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18509) It was discovered that the USB gadget Midi driver in the Linux kernel contained a double-free vulnerability when handling certain error conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-20961) It was discovered that the XFS file system in the Linux kernel did not properly handle mount failures in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2018-20976) It was discovered that the Intel Wi-Fi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (Wi-Fi disconnect). (CVE-2019-0136) It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207) It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487) It was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13631) It was discovered that the Raremono AM/FM/SW radio device driver in the Linux kernel did not properly allocate memory, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2019-15211) It was discovered that a race condition existed in the CPiA2 video4linux device driver for the Linux kernel, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15215) It was discovered that the Atheros mobile chipset driver in the Linux kernel did not properly validate data in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2019-15926) Update Instructions: Run `sudo pro fix USN-4145-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1059-kvm - 4.4.0-1059.66 No subscription required linux-image-4.4.0-1095-aws - 4.4.0-1095.106 No subscription required linux-image-4.4.0-1123-raspi2 - 4.4.0-1123.132 No subscription required linux-image-4.4.0-1127-snapdragon - 4.4.0-1127.135 No subscription required linux-image-4.4.0-165-lowlatency - 4.4.0-165.193 linux-image-4.4.0-165-generic-lpae - 4.4.0-165.193 linux-image-4.4.0-165-powerpc64-emb - 4.4.0-165.193 linux-image-4.4.0-165-powerpc-smp - 4.4.0-165.193 linux-image-4.4.0-165-powerpc64-smp - 4.4.0-165.193 linux-image-4.4.0-165-powerpc-e500mc - 4.4.0-165.193 linux-image-4.4.0-165-generic - 4.4.0-165.193 No subscription required linux-image-kvm - 4.4.0.1059.59 No subscription required linux-image-aws - 4.4.0.1095.99 No subscription required linux-image-raspi2 - 4.4.0.1123.123 No subscription required linux-image-snapdragon - 4.4.0.1127.119 No subscription required linux-image-generic-lts-wily - 4.4.0.165.173 linux-image-powerpc64-emb-lts-vivid - 4.4.0.165.173 linux-image-generic-lpae-lts-xenial - 4.4.0.165.173 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.165.173 linux-image-generic-lpae-lts-utopic - 4.4.0.165.173 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.165.173 linux-image-generic-lts-utopic - 4.4.0.165.173 linux-image-powerpc-e500mc-lts-wily - 4.4.0.165.173 linux-image-generic-lts-vivid - 4.4.0.165.173 linux-image-virtual-lts-utopic - 4.4.0.165.173 linux-image-generic-lpae-lts-wily - 4.4.0.165.173 linux-image-lowlatency - 4.4.0.165.173 linux-image-virtual-lts-vivid - 4.4.0.165.173 linux-image-virtual - 4.4.0.165.173 linux-image-lowlatency-lts-vivid - 4.4.0.165.173 linux-image-powerpc64-smp-lts-utopic - 4.4.0.165.173 linux-image-powerpc-smp-lts-xenial - 4.4.0.165.173 linux-image-powerpc-e500mc - 4.4.0.165.173 linux-image-powerpc64-smp-lts-vivid - 4.4.0.165.173 linux-image-powerpc64-emb-lts-wily - 4.4.0.165.173 linux-image-lowlatency-lts-wily - 4.4.0.165.173 linux-image-generic - 4.4.0.165.173 linux-image-lowlatency-lts-xenial - 4.4.0.165.173 linux-image-powerpc64-smp-lts-xenial - 4.4.0.165.173 linux-image-powerpc64-emb-lts-utopic - 4.4.0.165.173 linux-image-generic-lts-xenial - 4.4.0.165.173 linux-image-virtual-lts-wily - 4.4.0.165.173 linux-image-powerpc-smp - 4.4.0.165.173 linux-image-generic-lpae-lts-vivid - 4.4.0.165.173 linux-image-generic-lpae - 4.4.0.165.173 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.165.173 linux-image-powerpc64-smp-lts-wily - 4.4.0.165.173 linux-image-powerpc64-emb - 4.4.0.165.173 linux-image-powerpc64-emb-lts-xenial - 4.4.0.165.173 linux-image-powerpc-smp-lts-wily - 4.4.0.165.173 linux-image-powerpc64-smp - 4.4.0.165.173 linux-image-lowlatency-lts-utopic - 4.4.0.165.173 linux-image-powerpc-smp-lts-vivid - 4.4.0.165.173 linux-image-virtual-lts-xenial - 4.4.0.165.173 linux-image-powerpc-smp-lts-utopic - 4.4.0.165.173 No subscription required Medium CVE-2016-10905 CVE-2017-18509 CVE-2018-20961 CVE-2018-20976 CVE-2019-0136 CVE-2019-10207 CVE-2019-11487 CVE-2019-13631 CVE-2019-15211 CVE-2019-15215 CVE-2019-15926 Ubuntu 16.04 LTS It was discovered that ClamAV incorrectly handled unpacking ZIP files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2019-12625) It was discovered that ClamAV incorrectly handled unpacking bzip2 files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-12900) Update Instructions: Run `sudo pro fix USN-4146-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.101.4+dfsg-0ubuntu0.16.04.1 clamav-testfiles - 0.101.4+dfsg-0ubuntu0.16.04.1 clamav-base - 0.101.4+dfsg-0ubuntu0.16.04.1 clamav - 0.101.4+dfsg-0ubuntu0.16.04.1 clamav-daemon - 0.101.4+dfsg-0ubuntu0.16.04.1 clamav-milter - 0.101.4+dfsg-0ubuntu0.16.04.1 clamav-docs - 0.101.4+dfsg-0ubuntu0.16.04.1 clamav-freshclam - 0.101.4+dfsg-0ubuntu0.16.04.1 libclamav9 - 0.101.4+dfsg-0ubuntu0.16.04.1 clamdscan - 0.101.4+dfsg-0ubuntu0.16.04.1 No subscription required Medium CVE-2019-12625 CVE-2019-12900 Ubuntu 16.04 LTS It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-12596) Brandon Perry discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-9110, CVE-2017-9112, CVE-2017-9116) Brandon Perry discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2017-9111, CVE-2017-9113, CVE-2017-9115) Tan Jie discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2018-18444) Update Instructions: Run `sudo pro fix USN-4148-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libopenexr-dev - 2.2.0-10ubuntu2.1 openexr - 2.2.0-10ubuntu2.1 libopenexr22 - 2.2.0-10ubuntu2.1 openexr-doc - 2.2.0-10ubuntu2.1 No subscription required Medium CVE-2017-12596 CVE-2017-9110 CVE-2017-9111 CVE-2017-9112 CVE-2017-9113 CVE-2017-9115 CVE-2017-9116 CVE-2018-18444 Ubuntu 16.04 LTS It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to obtain sensitive information, conduct cross-site scripting (XSS) attack, scause a denial of service, or execute arbitrary code. (CVE-2019-11740, CVE-2019-11742, CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11752) Update Instructions: Run `sudo pro fix USN-4150-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-bn - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-fr - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-en-us - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-es-es - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-nb-no - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-br - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-dsb - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-fy - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-it - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-mk - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-bn-bd - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-hu - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-es-ar - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-be - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-bg - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ja - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-lt - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-sl - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-en-gb - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-sv-se - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-si - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-gnome-support - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-hr - 1:60.9.0+build1-0ubuntu0.16.04.2 xul-ext-calendar-timezones - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-de - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-da - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-nl - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ast - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-nn - 1:60.9.0+build1-0ubuntu0.16.04.2 xul-ext-lightning - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ga-ie - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-fy-nl - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-pa - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-sv - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-pa-in - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-sr - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-sq - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-he - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-hsb - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-kk - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ar - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-uk - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-globalmenu - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-zh-cn - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ta-lk - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ru - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-cs - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-hy - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-fi - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-af - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-pt-pt - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-sk - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-dev - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-vi - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-cy - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ca - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ms - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-pt-br - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-el - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-nn-no - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-en - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-rm - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ka - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-gl - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ko - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-is - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ro - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-tr - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-kab - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-pl - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-gd - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-zh-tw - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-id - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-mozsymbols - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-nb - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-pt - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-eu - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-et - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-zh-hant - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-zh-hans - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ga - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-es - 1:60.9.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ta - 1:60.9.0+build1-0ubuntu0.16.04.2 No subscription required Medium CVE-2019-11739 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752 Ubuntu 16.04 LTS It was discovered that Python incorrectly parsed certain email addresses. A remote attacker could possibly use this issue to trick Python applications into accepting email addresses that should be denied. (CVE-2019-16056) It was discovered that the Python documentation XML-RPC server incorrectly handled certain fields. A remote attacker could use this issue to execute a cross-site scripting (XSS) attack. (CVE-2019-16935) Update Instructions: Run `sudo pro fix USN-4151-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python2.7-dev - 2.7.12-1ubuntu0~16.04.9 python2.7-doc - 2.7.12-1ubuntu0~16.04.9 libpython2.7-stdlib - 2.7.12-1ubuntu0~16.04.9 libpython2.7-minimal - 2.7.12-1ubuntu0~16.04.9 libpython2.7 - 2.7.12-1ubuntu0~16.04.9 libpython2.7-testsuite - 2.7.12-1ubuntu0~16.04.9 python2.7 - 2.7.12-1ubuntu0~16.04.9 idle-python2.7 - 2.7.12-1ubuntu0~16.04.9 python2.7-examples - 2.7.12-1ubuntu0~16.04.9 libpython2.7-dev - 2.7.12-1ubuntu0~16.04.9 python2.7-minimal - 2.7.12-1ubuntu0~16.04.9 No subscription required libpython3.5-stdlib - 3.5.2-2ubuntu0~16.04.9 python3.5-venv - 3.5.2-2ubuntu0~16.04.9 python3.5-doc - 3.5.2-2ubuntu0~16.04.9 python3.5-dev - 3.5.2-2ubuntu0~16.04.9 libpython3.5-dev - 3.5.2-2ubuntu0~16.04.9 libpython3.5-minimal - 3.5.2-2ubuntu0~16.04.9 python3.5 - 3.5.2-2ubuntu0~16.04.9 idle-python3.5 - 3.5.2-2ubuntu0~16.04.9 libpython3.5-testsuite - 3.5.2-2ubuntu0~16.04.9 python3.5-examples - 3.5.2-2ubuntu0~16.04.9 python3.5-minimal - 3.5.2-2ubuntu0~16.04.9 libpython3.5 - 3.5.2-2ubuntu0~16.04.9 No subscription required Medium CVE-2019-16056 CVE-2019-16935 Ubuntu 16.04 LTS Joe Vennix discovered that Sudo incorrectly handled certain user IDs. An attacker could potentially exploit this to execute arbitrary commands as the root user. Update Instructions: Run `sudo pro fix USN-4154-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sudo-ldap - 1.8.16-0ubuntu1.8 sudo - 1.8.16-0ubuntu1.8 No subscription required Medium CVE-2019-14287 Ubuntu 16.04 LTS It was discovered that Aspell incorrectly handled certain inputs. An attacker could potentially access sensitive information. Update Instructions: Run `sudo pro fix USN-4155-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libaspell15 - 0.60.7~20110707-3ubuntu0.1 aspell-doc - 0.60.7~20110707-3ubuntu0.1 aspell - 0.60.7~20110707-3ubuntu0.1 libpspell-dev - 0.60.7~20110707-3ubuntu0.1 libaspell-dev - 0.60.7~20110707-3ubuntu0.1 No subscription required Medium CVE-2019-17544 Ubuntu 16.04 LTS It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4156-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsdl1.2debian - 1.2.15+dfsg1-3ubuntu0.1 libsdl1.2-dev - 1.2.15+dfsg1-3ubuntu0.1 No subscription required Medium CVE-2019-13616 CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 Ubuntu 16.04 LTS It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Update Instructions: Run `sudo pro fix USN-4158-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.6-1ubuntu0.7 libtiff-tools - 4.0.6-1ubuntu0.7 libtiff5-dev - 4.0.6-1ubuntu0.7 libtiff5 - 4.0.6-1ubuntu0.7 libtiffxx5 - 4.0.6-1ubuntu0.7 libtiff-doc - 4.0.6-1ubuntu0.7 No subscription required Medium CVE-2019-14973 CVE-2019-17546 Ubuntu 16.04 LTS It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4159-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exiv2 - 0.25-2.1ubuntu16.04.5 libexiv2-14 - 0.25-2.1ubuntu16.04.5 libexiv2-doc - 0.25-2.1ubuntu16.04.5 libexiv2-dev - 0.25-2.1ubuntu16.04.5 No subscription required Medium CVE-2019-17402 Ubuntu 16.04 LTS It was discovered that UW IMAP incorrectly handled inputs. A remote attacker could possibly use this issue to execute arbitrary OS commands. Update Instructions: Run `sudo pro fix USN-4160-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc-client2007e - 8:2007f~dfsg-4+deb8u1build0.16.04.1 uw-mailutils - 8:2007f~dfsg-4+deb8u1build0.16.04.1 libc-client2007e-dev - 8:2007f~dfsg-4+deb8u1build0.16.04.1 mlock - 8:2007f~dfsg-4+deb8u1build0.16.04.1 No subscription required Medium CVE-2018-19518 Ubuntu 16.04 LTS It was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handle detach operations correctly, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-21008) Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14814, CVE-2019-14815, CVE-2019-14816) Matt Delco discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform bounds checking when handling coalesced MMIO write operations. A local attacker with write access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-14821) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel did not properly validate device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15117) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel improperly performed recursion while handling device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15118) It was discovered that the Technisat DVB-S/S2 USB device driver in the Linux kernel contained a buffer overread. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2019-15505) Brad Spengler discovered that a Spectre mitigation was improperly implemented in the ptrace susbsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information. (CVE-2019-15902) It was discovered that the SMB networking file system implementation in the Linux kernel contained a buffer overread. An attacker could use this to expose sensitive information (kernel memory). (CVE-2019-15918) Update Instructions: Run `sudo pro fix USN-4162-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1027-oracle - 4.15.0-1027.30~16.04.1 No subscription required linux-image-4.15.0-1047-gcp - 4.15.0-1047.50 No subscription required linux-image-4.15.0-1052-aws - 4.15.0-1052.54~16.04.1 No subscription required linux-image-4.15.0-1061-azure - 4.15.0-1061.66 No subscription required linux-image-4.15.0-66-lowlatency - 4.15.0-66.75~16.04.1 linux-image-4.15.0-66-generic - 4.15.0-66.75~16.04.1 linux-image-4.15.0-66-generic-lpae - 4.15.0-66.75~16.04.1 No subscription required linux-image-oracle - 4.15.0.1027.20 No subscription required linux-image-gke - 4.15.0.1047.61 linux-image-gcp - 4.15.0.1047.61 No subscription required linux-image-aws-hwe - 4.15.0.1052.52 No subscription required linux-image-azure - 4.15.0.1061.64 No subscription required linux-image-virtual-hwe-16.04 - 4.15.0.66.86 linux-image-generic-hwe-16.04 - 4.15.0.66.86 linux-image-oem - 4.15.0.66.86 linux-image-lowlatency-hwe-16.04 - 4.15.0.66.86 linux-image-generic-lpae-hwe-16.04 - 4.15.0.66.86 No subscription required Medium CVE-2018-21008 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14821 CVE-2019-15117 CVE-2019-15118 CVE-2019-15505 CVE-2019-15902 CVE-2019-15918 Ubuntu 16.04 LTS It was discovered that a race condition existed in the ARC EMAC ethernet driver for the Linux kernel, resulting in a use-after-free vulnerability. An attacker could use this to cause a denial of service (system crash). (CVE-2016-10906) It was discovered that a race condition existed in the Serial Attached SCSI (SAS) implementation in the Linux kernel when handling certain error conditions. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18232) It was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handle detach operations correctly, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-21008) Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14814, CVE-2019-14816) Matt Delco discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform bounds checking when handling coalesced MMIO write operations. A local attacker with write access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-14821) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel did not properly validate device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15117) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel improperly performed recursion while handling device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15118) It was discovered that the Technisat DVB-S/S2 USB device driver in the Linux kernel contained a buffer overread. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2019-15505) Brad Spengler discovered that a Spectre mitigation was improperly implemented in the ptrace susbsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information. (CVE-2019-15902) Update Instructions: Run `sudo pro fix USN-4163-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1060-kvm - 4.4.0-1060.67 No subscription required linux-image-4.4.0-1096-aws - 4.4.0-1096.107 No subscription required linux-image-4.4.0-1124-raspi2 - 4.4.0-1124.133 No subscription required linux-image-4.4.0-1128-snapdragon - 4.4.0-1128.136 No subscription required linux-image-4.4.0-166-powerpc64-emb - 4.4.0-166.195 linux-image-4.4.0-166-powerpc-smp - 4.4.0-166.195 linux-image-4.4.0-166-powerpc64-smp - 4.4.0-166.195 linux-image-4.4.0-166-generic-lpae - 4.4.0-166.195 linux-image-4.4.0-166-generic - 4.4.0-166.195 linux-image-4.4.0-166-lowlatency - 4.4.0-166.195 linux-image-4.4.0-166-powerpc-e500mc - 4.4.0-166.195 No subscription required linux-image-kvm - 4.4.0.1060.60 No subscription required linux-image-aws - 4.4.0.1096.100 No subscription required linux-image-raspi2 - 4.4.0.1124.124 No subscription required linux-image-snapdragon - 4.4.0.1128.120 No subscription required linux-image-generic-lts-wily - 4.4.0.166.174 linux-image-powerpc64-emb-lts-vivid - 4.4.0.166.174 linux-image-powerpc-e500mc - 4.4.0.166.174 linux-image-generic-lpae-lts-xenial - 4.4.0.166.174 linux-image-powerpc-smp-lts-wily - 4.4.0.166.174 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.166.174 linux-image-generic-lpae-lts-utopic - 4.4.0.166.174 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.166.174 linux-image-generic-lts-utopic - 4.4.0.166.174 linux-image-powerpc-e500mc-lts-wily - 4.4.0.166.174 linux-image-generic-lts-vivid - 4.4.0.166.174 linux-image-generic-lpae-lts-wily - 4.4.0.166.174 linux-image-virtual-lts-vivid - 4.4.0.166.174 linux-image-virtual-lts-utopic - 4.4.0.166.174 linux-image-virtual - 4.4.0.166.174 linux-image-powerpc64-emb-lts-wily - 4.4.0.166.174 linux-image-powerpc64-smp-lts-xenial - 4.4.0.166.174 linux-image-powerpc64-smp-lts-utopic - 4.4.0.166.174 linux-image-powerpc64-emb - 4.4.0.166.174 linux-image-powerpc-smp-lts-xenial - 4.4.0.166.174 linux-image-powerpc64-smp-lts-vivid - 4.4.0.166.174 linux-image-lowlatency-lts-wily - 4.4.0.166.174 linux-image-lowlatency-lts-vivid - 4.4.0.166.174 linux-image-generic - 4.4.0.166.174 linux-image-lowlatency-lts-xenial - 4.4.0.166.174 linux-image-powerpc64-emb-lts-utopic - 4.4.0.166.174 linux-image-generic-lts-xenial - 4.4.0.166.174 linux-image-powerpc-smp - 4.4.0.166.174 linux-image-generic-lpae-lts-vivid - 4.4.0.166.174 linux-image-generic-lpae - 4.4.0.166.174 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.166.174 linux-image-powerpc64-smp-lts-wily - 4.4.0.166.174 linux-image-powerpc64-emb-lts-xenial - 4.4.0.166.174 linux-image-virtual-lts-wily - 4.4.0.166.174 linux-image-powerpc64-smp - 4.4.0.166.174 linux-image-lowlatency-lts-utopic - 4.4.0.166.174 linux-image-powerpc-smp-lts-vivid - 4.4.0.166.174 linux-image-lowlatency - 4.4.0.166.174 linux-image-virtual-lts-xenial - 4.4.0.166.174 linux-image-powerpc-smp-lts-utopic - 4.4.0.166.174 No subscription required Medium CVE-2016-10906 CVE-2017-18232 CVE-2018-21008 CVE-2019-14814 CVE-2019-14816 CVE-2019-14821 CVE-2019-15117 CVE-2019-15118 CVE-2019-15505 CVE-2019-15902 Ubuntu 16.04 LTS It was discovered that Libxslt incorrectly handled certain documents. An attacker could possibly use this issue to access sensitive information. This issue not affected Ubuntu 19.10. (CVE-2019-13117, CVE-2019-13118) It was discovered that Libxslt incorrectly handled certain documents. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-18197) Update Instructions: Run `sudo pro fix USN-4164-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxslt1 - 1.1.28-2.1ubuntu0.3 libxslt1-dev - 1.1.28-2.1ubuntu0.3 libxslt1.1 - 1.1.28-2.1ubuntu0.3 xsltproc - 1.1.28-2.1ubuntu0.3 No subscription required Medium CVE-2019-13117 CVE-2019-13118 CVE-2019-18197 Ubuntu 16.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, bypass content security policy (CSP) protections, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4165-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-nn - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-ne - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-nb - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-fa - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-fi - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-fr - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-fy - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-or - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-kab - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-oc - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-cs - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-ga - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-gd - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-gn - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-gl - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-gu - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-pa - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-pl - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-cy - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-pt - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-hi - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-uk - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-he - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-hy - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-hr - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-hu - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-as - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-ar - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-ia - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-az - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-id - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-mai - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-af - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-is - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-it - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-an - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-bs - 70.0+build2-0ubuntu0.16.04.1 firefox - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-ro - 70.0+build2-0ubuntu0.16.04.1 firefox-geckodriver - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-ja - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-ru - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-br - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-zh-hant - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-zh-hans - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-bn - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-be - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-bg - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-sl - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-sk - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-si - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-sw - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-sv - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-sr - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-sq - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-ko - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-kn - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-km - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-kk - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-ka - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-xh - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-ca - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-ku - 70.0+build2-0ubuntu0.16.04.1 firefox-mozsymbols - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-lv - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-lt - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-th - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-hsb - 70.0+build2-0ubuntu0.16.04.1 firefox-dev - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-te - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-cak - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-ta - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-lg - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-tr - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-nso - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-de - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-da - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-ms - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-mr - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-my - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-uz - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-ml - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-mn - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-mk - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-ur - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-vi - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-eu - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-et - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-es - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-csb - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-el - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-eo - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-en - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-zu - 70.0+build2-0ubuntu0.16.04.1 firefox-locale-ast - 70.0+build2-0ubuntu0.16.04.1 No subscription required High CVE-2018-6156 CVE-2019-11757 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-11765 CVE-2019-15903 CVE-2019-17000 CVE-2019-17001 CVE-2019-17002 Ubuntu 16.04 LTS USN-4165-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, bypass content security policy (CSP) protections, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4165-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nn - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ne - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nb - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fa - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fi - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fr - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fy - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-or - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kab - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-oc - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cs - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ga - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gd - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gn - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gl - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gu - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pa - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pl - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cy - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pt - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hi - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-uk - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-he - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hy - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hr - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hu - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-as - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ar - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ia - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-az - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-id - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mai - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-af - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-is - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-it - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-an - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bs - 70.0.1+build1-0ubuntu0.16.04.1 firefox - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ro - 70.0.1+build1-0ubuntu0.16.04.1 firefox-geckodriver - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ja - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ru - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-br - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zh-hant - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zh-hans - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bn - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-be - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bg - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sl - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sk - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-si - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sw - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sv - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sr - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sq - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ko - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kn - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-km - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kk - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ka - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-xh - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ca - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ku - 70.0.1+build1-0ubuntu0.16.04.1 firefox-mozsymbols - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lv - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lt - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-th - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hsb - 70.0.1+build1-0ubuntu0.16.04.1 firefox-dev - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-te - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cak - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ta - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lg - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-csb - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-tr - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nso - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-de - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-da - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ms - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mr - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-my - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-uz - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ml - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mn - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mk - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ur - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-eu - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-et - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-es - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-vi - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-el - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-eo - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-en - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zu - 70.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ast - 70.0.1+build1-0ubuntu0.16.04.1 No subscription required None https://launchpad.net/bugs/1851445 Ubuntu 16.04 LTS It was discovered that PHP incorrectly handled certain paths when being used in FastCGI configurations. A remote attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4166-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.0-cgi - 7.0.33-0ubuntu0.16.04.7 php7.0-mcrypt - 7.0.33-0ubuntu0.16.04.7 php7.0-xsl - 7.0.33-0ubuntu0.16.04.7 php7.0-fpm - 7.0.33-0ubuntu0.16.04.7 libphp7.0-embed - 7.0.33-0ubuntu0.16.04.7 php7.0-phpdbg - 7.0.33-0ubuntu0.16.04.7 php7.0-curl - 7.0.33-0ubuntu0.16.04.7 php7.0-ldap - 7.0.33-0ubuntu0.16.04.7 php7.0-mbstring - 7.0.33-0ubuntu0.16.04.7 php7.0-gmp - 7.0.33-0ubuntu0.16.04.7 php7.0-sqlite3 - 7.0.33-0ubuntu0.16.04.7 php7.0-gd - 7.0.33-0ubuntu0.16.04.7 php7.0-common - 7.0.33-0ubuntu0.16.04.7 php7.0-enchant - 7.0.33-0ubuntu0.16.04.7 php7.0-odbc - 7.0.33-0ubuntu0.16.04.7 php7.0-cli - 7.0.33-0ubuntu0.16.04.7 php7.0-json - 7.0.33-0ubuntu0.16.04.7 php7.0-pgsql - 7.0.33-0ubuntu0.16.04.7 libapache2-mod-php7.0 - 7.0.33-0ubuntu0.16.04.7 php7.0-mysql - 7.0.33-0ubuntu0.16.04.7 php7.0-dba - 7.0.33-0ubuntu0.16.04.7 php7.0-sybase - 7.0.33-0ubuntu0.16.04.7 php7.0-pspell - 7.0.33-0ubuntu0.16.04.7 php7.0-interbase - 7.0.33-0ubuntu0.16.04.7 php7.0-xml - 7.0.33-0ubuntu0.16.04.7 php7.0-bz2 - 7.0.33-0ubuntu0.16.04.7 php7.0-recode - 7.0.33-0ubuntu0.16.04.7 php7.0-zip - 7.0.33-0ubuntu0.16.04.7 php7.0 - 7.0.33-0ubuntu0.16.04.7 php7.0-tidy - 7.0.33-0ubuntu0.16.04.7 php7.0-soap - 7.0.33-0ubuntu0.16.04.7 php7.0-opcache - 7.0.33-0ubuntu0.16.04.7 php7.0-readline - 7.0.33-0ubuntu0.16.04.7 php7.0-intl - 7.0.33-0ubuntu0.16.04.7 php7.0-imap - 7.0.33-0ubuntu0.16.04.7 php7.0-xmlrpc - 7.0.33-0ubuntu0.16.04.7 php7.0-bcmath - 7.0.33-0ubuntu0.16.04.7 php7.0-dev - 7.0.33-0ubuntu0.16.04.7 php7.0-snmp - 7.0.33-0ubuntu0.16.04.7 No subscription required Medium CVE-2019-11043 Ubuntu 16.04 LTS Michael Hanselmann discovered that the Samba client code incorrectly handled path separators. If a user were tricked into connecting to a malicious server, a remote attacker could use this issue to cause the client to access local pathnames instead of network pathnames. (CVE-2019-10218) Simon Fonteneau and Björn Baumbach discovered that Samba incorrectly handled the check password script. This issue could possibly bypass custom password complexity checks, contrary to expectations. This issue only affected Ubuntu 18.04 LTS, Ubuntu 19.04, and Ubuntu 19.10. (CVE-2019-14833) Adam Xu discovered that Samba incorrectly handled the dirsync LDAP control. A remote attacker with "get changes" permissions could possibly use this issue to cause Samba to crash, resulting in a denial of service. (CVE-2019-14847) Update Instructions: Run `sudo pro fix USN-4167-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.16.04.23 samba - 2:4.3.11+dfsg-0ubuntu0.16.04.23 libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.23 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.23 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.23 smbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.23 python-samba - 2:4.3.11+dfsg-0ubuntu0.16.04.23 winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.23 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.16.04.23 samba-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.23 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.16.04.23 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.16.04.23 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.23 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.23 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.23 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.23 samba-common - 2:4.3.11+dfsg-0ubuntu0.16.04.23 registry-tools - 2:4.3.11+dfsg-0ubuntu0.16.04.23 samba-libs - 2:4.3.11+dfsg-0ubuntu0.16.04.23 ctdb - 2:4.3.11+dfsg-0ubuntu0.16.04.23 No subscription required Medium CVE-2019-10218 CVE-2019-14833 CVE-2019-14847 Ubuntu 16.04 LTS It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4169-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bsdcpio - 3.1.2-11ubuntu0.16.04.7 libarchive13 - 3.1.2-11ubuntu0.16.04.7 bsdtar - 3.1.2-11ubuntu0.16.04.7 libarchive-dev - 3.1.2-11ubuntu0.16.04.7 No subscription required Medium CVE-2019-18408 Ubuntu 16.04 LTS Kevin Backhouse discovered Whoopsie incorrectly handled very large crash reports. A local attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute code as the whoopsie user. Update Instructions: Run `sudo pro fix USN-4170-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: whoopsie - 0.2.52.5ubuntu0.2 libwhoopsie0 - 0.2.52.5ubuntu0.2 libwhoopsie-dev - 0.2.52.5ubuntu0.2 No subscription required Medium CVE-2019-11484 Ubuntu 16.04 LTS USN-4170-1 fixed a vulnerability in Whoopsie. The update caused Whoopsie to crash when sending reports. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Kevin Backhouse discovered Whoopsie incorrectly handled very large crash reports. A local attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute code as the whoopsie user. Update Instructions: Run `sudo pro fix USN-4170-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: whoopsie - 0.2.52.5ubuntu0.3 libwhoopsie0 - 0.2.52.5ubuntu0.3 libwhoopsie-dev - 0.2.52.5ubuntu0.3 No subscription required None https://launchpad.net/bugs/1850608 Ubuntu 16.04 LTS USN-4170-1 fixed a vulnerability in Whoopsie and USN-4170-2 fixed a subsequent regression. That update was incomplete and could still result in Whoopsie potentially crashing when uploading crash reports on some architectures. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Kevin Backhouse discovered Whoopsie incorrectly handled very large crash reports. A local attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute code as the whoopsie user. Update Instructions: Run `sudo pro fix USN-4170-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: whoopsie - 0.2.52.5ubuntu0.4 libwhoopsie0 - 0.2.52.5ubuntu0.4 libwhoopsie-dev - 0.2.52.5ubuntu0.4 No subscription required None https://launchpad.net/bugs/1850608 Ubuntu 16.04 LTS Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. (CVE-2019-11481) Sander Bos discovered a race-condition in Apport during core dump creation. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-11482) Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-11483) Sander Bos discovered Apport mishandled lock-file creation. This could be used by a local attacker to cause a denial of service against Apport. (CVE-2019-11485) Kevin Backhouse discovered Apport read various process-specific files with elevated privileges during crash dump generation. This could could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-15790) Update Instructions: Run `sudo pro fix USN-4171-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.20.1-0ubuntu2.20 python3-problem-report - 2.20.1-0ubuntu2.20 apport-kde - 2.20.1-0ubuntu2.20 apport-retrace - 2.20.1-0ubuntu2.20 apport-valgrind - 2.20.1-0ubuntu2.20 python3-apport - 2.20.1-0ubuntu2.20 dh-apport - 2.20.1-0ubuntu2.20 apport-gtk - 2.20.1-0ubuntu2.20 apport - 2.20.1-0ubuntu2.20 python-problem-report - 2.20.1-0ubuntu2.20 apport-noui - 2.20.1-0ubuntu2.20 No subscription required Medium CVE-2019-11481 CVE-2019-11482 CVE-2019-11483 CVE-2019-11485 CVE-2019-15790 Ubuntu 16.04 LTS USN-4171-1 fixed vulnerabilities in Apport. The update caused a regression in the Python Apport library. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. (CVE-2019-11481) Sander Bos discovered a race-condition in Apport during core dump creation. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-11482) Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-11483) Sander Bos discovered Apport mishandled lock-file creation. This could be used by a local attacker to cause a denial of service against Apport. (CVE-2019-11485) Kevin Backhouse discovered Apport read various process-specific files with elevated privileges during crash dump generation. This could could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-15790) Update Instructions: Run `sudo pro fix USN-4171-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.20.1-0ubuntu2.21 python3-problem-report - 2.20.1-0ubuntu2.21 apport-kde - 2.20.1-0ubuntu2.21 apport-retrace - 2.20.1-0ubuntu2.21 apport-valgrind - 2.20.1-0ubuntu2.21 python3-apport - 2.20.1-0ubuntu2.21 dh-apport - 2.20.1-0ubuntu2.21 apport-gtk - 2.20.1-0ubuntu2.21 apport - 2.20.1-0ubuntu2.21 python-problem-report - 2.20.1-0ubuntu2.21 apport-noui - 2.20.1-0ubuntu2.21 No subscription required None https://launchpad.net/bugs/1850929 Ubuntu 16.04 LTS USN-4171-1 fixed vulnerabilities in Apport. This caused a regression in autopkgtest and python2 compatibility. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. (CVE-2019-11481) Sander Bos discovered a race-condition in Apport during core dump creation. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-11482) Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-11483) Sander Bos discovered Apport mishandled lock-file creation. This could be used by a local attacker to cause a denial of service against Apport. (CVE-2019-11485) Kevin Backhouse discovered Apport read various process-specific files with elevated privileges during crash dump generation. This could could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-15790) Update Instructions: Run `sudo pro fix USN-4171-5` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.20.1-0ubuntu2.22 python3-problem-report - 2.20.1-0ubuntu2.22 apport-kde - 2.20.1-0ubuntu2.22 apport-retrace - 2.20.1-0ubuntu2.22 apport-valgrind - 2.20.1-0ubuntu2.22 python3-apport - 2.20.1-0ubuntu2.22 dh-apport - 2.20.1-0ubuntu2.22 apport-gtk - 2.20.1-0ubuntu2.22 apport - 2.20.1-0ubuntu2.22 python-problem-report - 2.20.1-0ubuntu2.22 apport-noui - 2.20.1-0ubuntu2.22 No subscription required None https://launchpad.net/bugs/1851806 https://launchpad.net/bugs/1854237 Ubuntu 16.04 LTS USN-4171-1 fixed vulnerabilities in Apport. The update caused a regression when handling configuration files. This update fixes the problem, and also introduces further hardening measures. Original advisory details: Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. (CVE-2019-11481) Sander Bos discovered a race-condition in Apport during core dump creation. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-11482) Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-11483) Sander Bos discovered Apport mishandled lock-file creation. This could be used by a local attacker to cause a denial of service against Apport. (CVE-2019-11485) Kevin Backhouse discovered Apport read various process-specific files with elevated privileges during crash dump generation. This could could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-15790) Update Instructions: Run `sudo pro fix USN-4171-6` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.20.1-0ubuntu2.27 python3-problem-report - 2.20.1-0ubuntu2.27 apport-kde - 2.20.1-0ubuntu2.27 apport-retrace - 2.20.1-0ubuntu2.27 apport-valgrind - 2.20.1-0ubuntu2.27 python3-apport - 2.20.1-0ubuntu2.27 dh-apport - 2.20.1-0ubuntu2.27 apport-gtk - 2.20.1-0ubuntu2.27 apport - 2.20.1-0ubuntu2.27 python-problem-report - 2.20.1-0ubuntu2.27 apport-noui - 2.20.1-0ubuntu2.27 No subscription required None https://launchpad.net/bugs/1903332 Ubuntu 16.04 LTS It was discovered that file incorrectly handled certain malformed files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4172-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmagic-dev - 1:5.25-2ubuntu1.3 python-magic - 1:5.25-2ubuntu1.3 libmagic1 - 1:5.25-2ubuntu1.3 python3-magic - 1:5.25-2ubuntu1.3 file - 1:5.25-2ubuntu1.3 No subscription required Medium CVE-2019-18218 Ubuntu 16.04 LTS It was discovered that HAproxy incorrectly handled certain HTTP requests. An attacker could possibly use this issue to a privilege escalation (Request Smuggling). Update Instructions: Run `sudo pro fix USN-4174-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: haproxy - 1.6.3-1ubuntu0.3 haproxy-doc - 1.6.3-1ubuntu0.3 vim-haproxy - 1.6.3-1ubuntu0.3 No subscription required Medium CVE-2019-18277 Ubuntu 16.04 LTS It was discovered that Nokogiri incorrectly handled inputs. A remote attacker could possibly use this issue to execute arbitrary OS commands. Update Instructions: Run `sudo pro fix USN-4175-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby-nokogiri - 1.6.7.2-3ubuntu0.1 No subscription required Medium CVE-2019-5477 Ubuntu 16.04 LTS Thomas Habets discovered that GNU cpio incorrectly handled certain inputs. An attacker could possibly use this issue to privilege escalation. Update Instructions: Run `sudo pro fix USN-4176-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cpio - 2.11+dfsg-5ubuntu1.1 No subscription required Medium CVE-2019-14866 Ubuntu 16.04 LTS Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that certain Intel Xeon processors did not properly restrict access to a voltage modulation interface. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2019-11139) Update Instructions: Run `sudo pro fix USN-4182-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20191112-0ubuntu0.16.04.2 No subscription required High CVE-2019-11135 CVE-2019-11139 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/TAA_MCEPSC_i915 Ubuntu 16.04 LTS USN-4182-1 provided updated Intel Processor Microcode. A regression was discovered that caused some Skylake processors to hang after a warm reboot. This update reverts the microcode for that specific processor family. We apologize for the inconvenience. Original advisory details: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that certain Intel Xeon processors did not properly restrict access to a voltage modulation interface. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2019-11139) Update Instructions: Run `sudo pro fix USN-4182-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20191115.1ubuntu0.16.04.2 No subscription required None https://launchpad.net/bugs/1854764 Ubuntu 16.04 LTS Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory information. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2019-0155) Deepak Gupta discovered that on certain Intel processors, the Linux kernel did not properly perform invalidation on page table updates by virtual guest operating systems. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2018-12207) It was discovered that the Intel i915 graphics chipsets could cause a system hang when userspace performed a read from GT memory mapped input output (MMIO) when the product is in certain low power states. A local attacker could use this to cause a denial of service. (CVE-2019-0154) Hui Peng discovered that the Atheros AR6004 USB Wi-Fi device driver for the Linux kernel did not properly validate endpoint descriptors returned by the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15098) Ori Nimron discovered that the AX25 network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17052) Ori Nimron discovered that the IEEE 802.15.4 Low-Rate Wireless network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17053) Ori Nimron discovered that the Appletalk network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17054) Ori Nimron discovered that the modular ISDN network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17055) Ori Nimron discovered that the Near field Communication (NFC) network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17056) Nico Waisman discovered that a buffer overflow existed in the Realtek Wi-Fi driver for the Linux kernel when handling Notice of Absence frames. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-17666) Update Instructions: Run `sudo pro fix USN-4185-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1029-oracle - 4.15.0-1029.32~16.04.1 No subscription required linux-image-4.15.0-1049-gcp - 4.15.0-1049.52 No subscription required linux-image-4.15.0-1054-aws - 4.15.0-1054.56~16.04.1 No subscription required linux-image-4.15.0-1063-azure - 4.15.0-1063.68 No subscription required linux-image-4.15.0-69-generic - 4.15.0-69.78~16.04.1 linux-image-4.15.0-69-lowlatency - 4.15.0-69.78~16.04.1 linux-image-4.15.0-69-generic-lpae - 4.15.0-69.78~16.04.1 No subscription required linux-image-oracle - 4.15.0.1029.22 No subscription required linux-image-gke - 4.15.0.1049.63 linux-image-gcp - 4.15.0.1049.63 No subscription required linux-image-aws-hwe - 4.15.0.1054.54 No subscription required linux-image-azure - 4.15.0.1063.66 No subscription required linux-image-generic-hwe-16.04 - 4.15.0.69.89 linux-image-lowlatency-hwe-16.04 - 4.15.0.69.89 linux-image-oem - 4.15.0.69.89 linux-image-virtual-hwe-16.04 - 4.15.0.69.89 linux-image-generic-lpae-hwe-16.04 - 4.15.0.69.89 No subscription required High CVE-2018-12207 CVE-2019-0154 CVE-2019-0155 CVE-2019-11135 CVE-2019-15098 CVE-2019-17052 CVE-2019-17053 CVE-2019-17054 CVE-2019-17055 CVE-2019-17056 CVE-2019-17666 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/TAA_MCEPSC_i915 Ubuntu 16.04 LTS USN-4185-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. Also, the update introduced a regression that broke KVM guests where extended page tables (EPT) are disabled or not supported. This update addresses both issues. We apologize for the inconvenience. Original advisory details: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory information. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2019-0155) Deepak Gupta discovered that on certain Intel processors, the Linux kernel did not properly perform invalidation on page table updates by virtual guest operating systems. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2018-12207) It was discovered that the Intel i915 graphics chipsets could cause a system hang when userspace performed a read from GT memory mapped input output (MMIO) when the product is in certain low power states. A local attacker could use this to cause a denial of service. (CVE-2019-0154) Hui Peng discovered that the Atheros AR6004 USB Wi-Fi device driver for the Linux kernel did not properly validate endpoint descriptors returned by the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15098) Ori Nimron discovered that the AX25 network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17052) Ori Nimron discovered that the IEEE 802.15.4 Low-Rate Wireless network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17053) Ori Nimron discovered that the Appletalk network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17054) Ori Nimron discovered that the modular ISDN network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17055) Ori Nimron discovered that the Near field Communication (NFC) network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17056) Nico Waisman discovered that a buffer overflow existed in the Realtek Wi-Fi driver for the Linux kernel when handling Notice of Absence frames. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-17666) Update Instructions: Run `sudo pro fix USN-4185-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-70-generic - 4.15.0-70.79~16.04.1 linux-image-4.15.0-70-lowlatency - 4.15.0-70.79~16.04.1 linux-image-4.15.0-70-generic-lpae - 4.15.0-70.79~16.04.1 No subscription required linux-image-virtual-hwe-16.04 - 4.15.0.70.90 linux-image-generic-hwe-16.04 - 4.15.0.70.90 linux-image-oem - 4.15.0.70.90 linux-image-lowlatency-hwe-16.04 - 4.15.0.70.90 linux-image-generic-lpae-hwe-16.04 - 4.15.0.70.90 No subscription required High CVE-2019-0155 https://bugs.launchpad.net/bugs/1851709 https://bugs.launchpad.net/bugs/1852141 Ubuntu 16.04 LTS Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory information. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2019-0155) Deepak Gupta discovered that on certain Intel processors, the Linux kernel did not properly perform invalidation on page table updates by virtual guest operating systems. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2018-12207) It was discovered that the Intel i915 graphics chipsets could cause a system hang when userspace performed a read from GT memory mapped input output (MMIO) when the product is in certain low power states. A local attacker could use this to cause a denial of service. (CVE-2019-0154) Hui Peng discovered that the Atheros AR6004 USB Wi-Fi device driver for the Linux kernel did not properly validate endpoint descriptors returned by the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15098) It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-16746) Ori Nimron discovered that the AX25 network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17052) Ori Nimron discovered that the IEEE 802.15.4 Low-Rate Wireless network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17053) Ori Nimron discovered that the Appletalk network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17054) Ori Nimron discovered that the modular ISDN network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17055) Ori Nimron discovered that the Near field Communication (NFC) network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17056) Nico Waisman discovered that a buffer overflow existed in the Realtek Wi-Fi driver for the Linux kernel when handling Notice of Absence frames. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-17666) Maddie Stone discovered that the Binder IPC Driver implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-2215) Update Instructions: Run `sudo pro fix USN-4186-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1062-kvm - 4.4.0-1062.69 No subscription required linux-image-4.4.0-1098-aws - 4.4.0-1098.109 No subscription required linux-image-4.4.0-168-powerpc64-emb - 4.4.0-168.197 linux-image-4.4.0-168-powerpc-smp - 4.4.0-168.197 linux-image-4.4.0-168-powerpc64-smp - 4.4.0-168.197 linux-image-4.4.0-168-generic - 4.4.0-168.197 linux-image-4.4.0-168-generic-lpae - 4.4.0-168.197 linux-image-4.4.0-168-lowlatency - 4.4.0-168.197 linux-image-4.4.0-168-powerpc-e500mc - 4.4.0-168.197 No subscription required linux-image-kvm - 4.4.0.1062.62 No subscription required linux-image-aws - 4.4.0.1098.102 No subscription required linux-image-generic-lts-wily - 4.4.0.168.176 linux-image-powerpc-e500mc - 4.4.0.168.176 linux-image-generic-lpae-lts-xenial - 4.4.0.168.176 linux-image-generic-lpae-lts-utopic - 4.4.0.168.176 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.168.176 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.168.176 linux-image-powerpc-e500mc-lts-wily - 4.4.0.168.176 linux-image-generic-lts-vivid - 4.4.0.168.176 linux-image-generic-lpae-lts-wily - 4.4.0.168.176 linux-image-virtual-lts-vivid - 4.4.0.168.176 linux-image-virtual-lts-utopic - 4.4.0.168.176 linux-image-virtual - 4.4.0.168.176 linux-image-powerpc64-emb-lts-wily - 4.4.0.168.176 linux-image-lowlatency-lts-vivid - 4.4.0.168.176 linux-image-generic-lts-utopic - 4.4.0.168.176 linux-image-powerpc64-emb - 4.4.0.168.176 linux-image-powerpc-smp-lts-xenial - 4.4.0.168.176 linux-image-powerpc64-smp-lts-vivid - 4.4.0.168.176 linux-image-lowlatency-lts-wily - 4.4.0.168.176 linux-image-generic - 4.4.0.168.176 linux-image-powerpc64-smp-lts-utopic - 4.4.0.168.176 linux-image-lowlatency-lts-xenial - 4.4.0.168.176 linux-image-powerpc64-smp-lts-xenial - 4.4.0.168.176 linux-image-powerpc64-emb-lts-utopic - 4.4.0.168.176 linux-image-generic-lts-xenial - 4.4.0.168.176 linux-image-virtual-lts-wily - 4.4.0.168.176 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.168.176 linux-image-powerpc-smp - 4.4.0.168.176 linux-image-powerpc64-emb-lts-vivid - 4.4.0.168.176 linux-image-generic-lpae-lts-vivid - 4.4.0.168.176 linux-image-generic-lpae - 4.4.0.168.176 linux-image-powerpc64-smp-lts-wily - 4.4.0.168.176 linux-image-powerpc64-emb-lts-xenial - 4.4.0.168.176 linux-image-powerpc-smp-lts-wily - 4.4.0.168.176 linux-image-powerpc64-smp - 4.4.0.168.176 linux-image-lowlatency-lts-utopic - 4.4.0.168.176 linux-image-powerpc-smp-lts-vivid - 4.4.0.168.176 linux-image-lowlatency - 4.4.0.168.176 linux-image-virtual-lts-xenial - 4.4.0.168.176 linux-image-powerpc-smp-lts-utopic - 4.4.0.168.176 No subscription required High CVE-2018-12207 CVE-2019-0154 CVE-2019-0155 CVE-2019-11135 CVE-2019-15098 CVE-2019-16746 CVE-2019-17052 CVE-2019-17053 CVE-2019-17054 CVE-2019-17055 CVE-2019-17056 CVE-2019-17666 CVE-2019-2215 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/TAA_MCEPSC_i915 Ubuntu 16.04 LTS USN-4186-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. This update addresses the issue. We apologize for the inconvenience. Original advisory details: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory information. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2019-0155) Deepak Gupta discovered that on certain Intel processors, the Linux kernel did not properly perform invalidation on page table updates by virtual guest operating systems. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2018-12207) It was discovered that the Intel i915 graphics chipsets could cause a system hang when userspace performed a read from GT memory mapped input output (MMIO) when the product is in certain low power states. A local attacker could use this to cause a denial of service. (CVE-2019-0154) Hui Peng discovered that the Atheros AR6004 USB Wi-Fi device driver for the Linux kernel did not properly validate endpoint descriptors returned by the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15098) It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-16746) Ori Nimron discovered that the AX25 network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17052) Ori Nimron discovered that the IEEE 802.15.4 Low-Rate Wireless network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17053) Ori Nimron discovered that the Appletalk network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17054) Ori Nimron discovered that the modular ISDN network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17055) Ori Nimron discovered that the Near field Communication (NFC) network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17056) Nico Waisman discovered that a buffer overflow existed in the Realtek Wi-Fi driver for the Linux kernel when handling Notice of Absence frames. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-17666) Maddie Stone discovered that the Binder IPC Driver implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-2215) Update Instructions: Run `sudo pro fix USN-4186-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-169-generic - 4.4.0-169.198 linux-image-4.4.0-169-powerpc64-emb - 4.4.0-169.198 linux-image-4.4.0-169-powerpc64-smp - 4.4.0-169.198 linux-image-4.4.0-169-generic-lpae - 4.4.0-169.198 linux-image-4.4.0-169-powerpc-smp - 4.4.0-169.198 linux-image-4.4.0-169-powerpc-e500mc - 4.4.0-169.198 linux-image-4.4.0-169-lowlatency - 4.4.0-169.198 No subscription required linux-image-powerpc64-smp-lts-utopic - 4.4.0.169.177 linux-image-generic-lts-wily - 4.4.0.169.177 linux-image-powerpc64-emb-lts-vivid - 4.4.0.169.177 linux-image-powerpc-e500mc - 4.4.0.169.177 linux-image-generic-lpae-lts-xenial - 4.4.0.169.177 linux-image-generic-lpae-lts-utopic - 4.4.0.169.177 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.169.177 linux-image-generic-lts-utopic - 4.4.0.169.177 linux-image-powerpc-e500mc-lts-wily - 4.4.0.169.177 linux-image-generic-lts-vivid - 4.4.0.169.177 linux-image-generic-lpae-lts-wily - 4.4.0.169.177 linux-image-virtual-lts-vivid - 4.4.0.169.177 linux-image-virtual-lts-utopic - 4.4.0.169.177 linux-image-virtual - 4.4.0.169.177 linux-image-powerpc64-emb-lts-wily - 4.4.0.169.177 linux-image-lowlatency-lts-vivid - 4.4.0.169.177 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.169.177 linux-image-powerpc64-emb - 4.4.0.169.177 linux-image-powerpc-smp-lts-xenial - 4.4.0.169.177 linux-image-powerpc64-smp-lts-vivid - 4.4.0.169.177 linux-image-lowlatency-lts-wily - 4.4.0.169.177 linux-image-generic - 4.4.0.169.177 linux-image-lowlatency-lts-xenial - 4.4.0.169.177 linux-image-powerpc64-smp-lts-xenial - 4.4.0.169.177 linux-image-powerpc64-emb-lts-utopic - 4.4.0.169.177 linux-image-generic-lts-xenial - 4.4.0.169.177 linux-image-virtual-lts-wily - 4.4.0.169.177 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.169.177 linux-image-powerpc-smp - 4.4.0.169.177 linux-image-generic-lpae-lts-vivid - 4.4.0.169.177 linux-image-generic-lpae - 4.4.0.169.177 linux-image-powerpc64-smp-lts-wily - 4.4.0.169.177 linux-image-powerpc64-emb-lts-xenial - 4.4.0.169.177 linux-image-powerpc-smp-lts-wily - 4.4.0.169.177 linux-image-powerpc64-smp - 4.4.0.169.177 linux-image-lowlatency-lts-utopic - 4.4.0.169.177 linux-image-powerpc-smp-lts-vivid - 4.4.0.169.177 linux-image-lowlatency - 4.4.0.169.177 linux-image-virtual-lts-xenial - 4.4.0.169.177 linux-image-powerpc-smp-lts-utopic - 4.4.0.169.177 No subscription required High CVE-2019-0155 https://bugs.launchpad.net/bugs/1852141 Ubuntu 16.04 LTS It was discovered that libjpeg-turbo incorrectly handled certain BMP images. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-14498) It was discovered that libjpeg-turbo incorrectly handled certain JPEG images. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 19.04. (CVE-2018-19664) It was discovered that libjpeg-turbo incorrectly handled certain BMP images. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2018-20330) It was discovered that libjpeg-turbo incorrectly handled certain JPEG images. An attacker could possibly cause a denial of service or execute arbitrary code. (CVE-2019-2201) Update Instructions: Run `sudo pro fix USN-4190-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjpeg-turbo8 - 1.4.2-0ubuntu3.3 libjpeg-turbo-test - 1.4.2-0ubuntu3.3 libjpeg-turbo8-dev - 1.4.2-0ubuntu3.3 libturbojpeg - 1.4.2-0ubuntu3.3 libjpeg-turbo-progs - 1.4.2-0ubuntu3.3 No subscription required Medium CVE-2018-14498 CVE-2018-19664 CVE-2018-20330 CVE-2019-2201 Ubuntu 16.04 LTS It was discovered that the LSI SCSI adapter emulator implementation in QEMU did not properly validate executed scripts. A local attacker could use this to cause a denial of service. (CVE-2019-12068) Sergej Schumilo, Cornelius Aschermann and Simon Wörner discovered that the qxl paravirtual graphics driver implementation in QEMU contained a null pointer dereference. A local attacker in a guest could use this to cause a denial of service. (CVE-2019-12155) Riccardo Schirone discovered that the QEMU bridge helper did not properly validate network interface names. A local attacker could possibly use this to bypass ACL restrictions. (CVE-2019-13164) It was discovered that a heap-based buffer overflow existed in the SLiRP networking implementation of QEMU. A local attacker in a guest could use this to cause a denial of service or possibly execute arbitrary code in the host. (CVE-2019-14378) It was discovered that a use-after-free vulnerability existed in the SLiRP networking implementation of QEMU. A local attacker in a guest could use this to cause a denial of service. (CVE-2019-15890) Update Instructions: Run `sudo pro fix USN-4191-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.5+dfsg-5ubuntu10.42 qemu-user-static - 1:2.5+dfsg-5ubuntu10.42 qemu-system-s390x - 1:2.5+dfsg-5ubuntu10.42 qemu-block-extra - 1:2.5+dfsg-5ubuntu10.42 qemu-kvm - 1:2.5+dfsg-5ubuntu10.42 qemu-user - 1:2.5+dfsg-5ubuntu10.42 qemu-guest-agent - 1:2.5+dfsg-5ubuntu10.42 qemu-system - 1:2.5+dfsg-5ubuntu10.42 qemu-utils - 1:2.5+dfsg-5ubuntu10.42 qemu-system-aarch64 - 1:2.5+dfsg-5ubuntu10.42 qemu-system-mips - 1:2.5+dfsg-5ubuntu10.42 qemu-user-binfmt - 1:2.5+dfsg-5ubuntu10.42 qemu-system-x86 - 1:2.5+dfsg-5ubuntu10.42 qemu-system-arm - 1:2.5+dfsg-5ubuntu10.42 qemu-system-sparc - 1:2.5+dfsg-5ubuntu10.42 qemu - 1:2.5+dfsg-5ubuntu10.42 qemu-system-ppc - 1:2.5+dfsg-5ubuntu10.42 qemu-system-misc - 1:2.5+dfsg-5ubuntu10.42 No subscription required Medium CVE-2019-12068 CVE-2019-12155 CVE-2019-13164 CVE-2019-14378 CVE-2019-15890 Ubuntu 16.04 LTS It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-4192-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.8.9.9-7ubuntu5.15 libmagickcore-6.q16-dev - 8:6.8.9.9-7ubuntu5.15 imagemagick - 8:6.8.9.9-7ubuntu5.15 imagemagick-doc - 8:6.8.9.9-7ubuntu5.15 libmagickwand-6.q16-dev - 8:6.8.9.9-7ubuntu5.15 libmagick++-6-headers - 8:6.8.9.9-7ubuntu5.15 libimage-magick-q16-perl - 8:6.8.9.9-7ubuntu5.15 libmagickwand-dev - 8:6.8.9.9-7ubuntu5.15 libimage-magick-perl - 8:6.8.9.9-7ubuntu5.15 libmagick++-dev - 8:6.8.9.9-7ubuntu5.15 imagemagick-6.q16 - 8:6.8.9.9-7ubuntu5.15 libmagick++-6.q16-5v5 - 8:6.8.9.9-7ubuntu5.15 perlmagick - 8:6.8.9.9-7ubuntu5.15 libmagickcore-6-headers - 8:6.8.9.9-7ubuntu5.15 libmagickcore-6-arch-config - 8:6.8.9.9-7ubuntu5.15 libmagick++-6.q16-dev - 8:6.8.9.9-7ubuntu5.15 libmagickcore-6.q16-2-extra - 8:6.8.9.9-7ubuntu5.15 libmagickwand-6-headers - 8:6.8.9.9-7ubuntu5.15 libmagickcore-dev - 8:6.8.9.9-7ubuntu5.15 libmagickwand-6.q16-2 - 8:6.8.9.9-7ubuntu5.15 libmagickcore-6.q16-2 - 8:6.8.9.9-7ubuntu5.15 No subscription required Medium CVE-2019-12974 CVE-2019-12975 CVE-2019-12976 CVE-2019-12977 CVE-2019-12978 CVE-2019-12979 CVE-2019-13135 CVE-2019-13137 CVE-2019-13295 CVE-2019-13297 CVE-2019-13300 CVE-2019-13301 CVE-2019-13304 CVE-2019-13305 CVE-2019-13306 CVE-2019-13307 CVE-2019-13308 CVE-2019-13309 CVE-2019-13310 CVE-2019-13311 CVE-2019-13391 CVE-2019-13454 CVE-2019-14981 CVE-2019-15139 CVE-2019-15140 CVE-2019-16708 CVE-2019-16709 CVE-2019-16710 CVE-2019-16711 CVE-2019-16713 Ubuntu 16.04 LTS Paul Manfred and Lukas Schauer discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Update Instructions: Run `sudo pro fix USN-4193-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.16.04.12 ghostscript-x - 9.26~dfsg+0-0ubuntu0.16.04.12 libgs-dev - 9.26~dfsg+0-0ubuntu0.16.04.12 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.16.04.12 libgs9 - 9.26~dfsg+0-0ubuntu0.16.04.12 libgs9-common - 9.26~dfsg+0-0ubuntu0.16.04.12 No subscription required High CVE-2019-14869 Ubuntu 16.04 LTS Rich Mirch discovered that the postgresql-common pg_ctlcluster script incorrectly handled directory creation. A local attacker could possibly use this issue to escalate privileges. Update Instructions: Run `sudo pro fix USN-4194-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-server-dev-all - 173ubuntu0.3 postgresql-client-common - 173ubuntu0.3 postgresql-common - 173ubuntu0.3 No subscription required postgresql - 9.5+173ubuntu0.3 postgresql-contrib - 9.5+173ubuntu0.3 postgresql-doc - 9.5+173ubuntu0.3 postgresql-client - 9.5+173ubuntu0.3 No subscription required Medium CVE-2019-3466 Ubuntu 16.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.18 in Ubuntu 19.10. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.04 have been updated to MySQL 5.7.28. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-28.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-18.html https://www.oracle.com/security-alerts/cpuoct2019.html Update Instructions: Run `sudo pro fix USN-4195-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.28-0ubuntu0.16.04.2 mysql-source-5.7 - 5.7.28-0ubuntu0.16.04.2 libmysqlclient-dev - 5.7.28-0ubuntu0.16.04.2 mysql-client-core-5.7 - 5.7.28-0ubuntu0.16.04.2 mysql-client-5.7 - 5.7.28-0ubuntu0.16.04.2 libmysqlclient20 - 5.7.28-0ubuntu0.16.04.2 mysql-server-5.7 - 5.7.28-0ubuntu0.16.04.2 mysql-common - 5.7.28-0ubuntu0.16.04.2 mysql-server - 5.7.28-0ubuntu0.16.04.2 mysql-server-core-5.7 - 5.7.28-0ubuntu0.16.04.2 mysql-testsuite - 5.7.28-0ubuntu0.16.04.2 libmysqld-dev - 5.7.28-0ubuntu0.16.04.2 mysql-testsuite-5.7 - 5.7.28-0ubuntu0.16.04.2 No subscription required Medium CVE-2019-2910 CVE-2019-2911 CVE-2019-2914 CVE-2019-2920 CVE-2019-2922 CVE-2019-2923 CVE-2019-2924 CVE-2019-2938 CVE-2019-2946 CVE-2019-2948 CVE-2019-2950 CVE-2019-2957 CVE-2019-2960 CVE-2019-2963 CVE-2019-2966 CVE-2019-2967 CVE-2019-2968 CVE-2019-2969 CVE-2019-2974 CVE-2019-2982 CVE-2019-2991 CVE-2019-2993 CVE-2019-2997 CVE-2019-2998 CVE-2019-3003 CVE-2019-3004 CVE-2019-3009 CVE-2019-3011 CVE-2019-3018 Ubuntu 16.04 LTS It was discovered that python-ecdsa incorrectly handled certain signatures. A remote attacker could possibly use this issue to cause python-ecdsa to generate unexpected exceptions, resulting in a denial of service. (CVE-2019-14853) It was discovered that python-ecdsa incorrectly verified DER encoding in signatures. A remote attacker could use this issue to perform certain malleability attacks. (CVE-2019-14859) Update Instructions: Run `sudo pro fix USN-4196-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-ecdsa - 0.13-2ubuntu0.16.04.1 python3-ecdsa - 0.13-2ubuntu0.16.04.1 No subscription required Medium CVE-2019-14853 CVE-2019-14859 Ubuntu 16.04 LTS It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, a remote attacker could cause applications to hang or crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4198-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libdjvulibre21 - 3.5.27.1-5ubuntu0.1 libdjvulibre-text - 3.5.27.1-5ubuntu0.1 djvulibre-desktop - 3.5.27.1-5ubuntu0.1 djview3 - 3.5.27.1-5ubuntu0.1 djvuserve - 3.5.27.1-5ubuntu0.1 libdjvulibre-dev - 3.5.27.1-5ubuntu0.1 djview - 3.5.27.1-5ubuntu0.1 djvulibre-bin - 3.5.27.1-5ubuntu0.1 No subscription required Medium CVE-2019-15142 CVE-2019-15143 CVE-2019-15144 CVE-2019-15145 CVE-2019-18804 Ubuntu 16.04 LTS It was discovered that libvpx did not properly handle certain malformed WebM media files. If an application using libvpx opened a specially crafted WebM file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4199-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvpx-dev - 1.5.0-2ubuntu1.1 vpx-tools - 1.5.0-2ubuntu1.1 libvpx-doc - 1.5.0-2ubuntu1.1 libvpx3 - 1.5.0-2ubuntu1.1 No subscription required Medium CVE-2017-13194 CVE-2019-2126 CVE-2019-9232 CVE-2019-9325 CVE-2019-9371 CVE-2019-9433 Ubuntu 16.04 LTS It was discovered that Redmine incorrectly handle certain inputs that could cause textile formatting errors. An attacker could possibly use this issue to cause a XSS attack. (CVE-2019-17427) It was discovered that an SQL injection could allow users to access protected information via a crafted object query. (CVE-2019-18890) Update Instructions: Run `sudo pro fix USN-4200-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: redmine-sqlite - 3.2.1-2ubuntu0.2 redmine - 3.2.1-2ubuntu0.2 redmine-mysql - 3.2.1-2ubuntu0.2 redmine-pgsql - 3.2.1-2ubuntu0.2 No subscription required Medium CVE-2019-17427 CVE-2019-18890 Ubuntu 16.04 LTS It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this issue to pass path matching what can lead to an unauthorized access. (CVE-2019-15845) It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could use this issue to cause a denial of service. (CVE-2019-16201) It was discovered that Ruby incorrectly handled certain HTTP headers. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-16254) It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-16255) Update Instructions: Run `sudo pro fix USN-4201-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libruby2.3 - 2.3.1-2~ubuntu16.04.14 ruby2.3 - 2.3.1-2~ubuntu16.04.14 ruby2.3-dev - 2.3.1-2~ubuntu16.04.14 ruby2.3-doc - 2.3.1-2~ubuntu16.04.14 ruby2.3-tcltk - 2.3.1-2~ubuntu16.04.14 No subscription required Medium CVE-2019-15845 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255 Ubuntu 16.04 LTS It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4203-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.28.4-0ubuntu0.16.04.8 libnss3-dev - 2:3.28.4-0ubuntu0.16.04.8 libnss3 - 2:3.28.4-0ubuntu0.16.04.8 libnss3-1d - 2:3.28.4-0ubuntu0.16.04.8 libnss3-tools - 2:3.28.4-0ubuntu0.16.04.8 No subscription required Medium CVE-2019-11745 Ubuntu 16.04 LTS Riccardo Schirone discovered that psutil incorrectly handled certain reference counting operations. An attacker could use this issue to cause psutil to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4204-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-psutil-doc - 3.4.2-1ubuntu0.1 python-psutil - 3.4.2-1ubuntu0.1 python3-psutil - 3.4.2-1ubuntu0.1 No subscription required Medium CVE-2019-18874 Ubuntu 16.04 LTS It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM. (CVE-2018-8740) It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-16168) It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to mishandles some expressions. This issue only affected Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-19242) It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-19244) It was discovered that SQLite incorrectly handled certain SQL commands. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-5018) It was discovered that SQLite incorrectly handled certain commands. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-5827) Update Instructions: Run `sudo pro fix USN-4205-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lemon - 3.11.0-1ubuntu1.3 sqlite3-doc - 3.11.0-1ubuntu1.3 libsqlite3-0 - 3.11.0-1ubuntu1.3 libsqlite3-tcl - 3.11.0-1ubuntu1.3 sqlite3 - 3.11.0-1ubuntu1.3 libsqlite3-dev - 3.11.0-1ubuntu1.3 No subscription required Medium CVE-2018-8740 CVE-2019-16168 CVE-2019-19242 CVE-2019-19244 CVE-2019-5018 CVE-2019-5827 Ubuntu 16.04 LTS It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-10794, CVE-2017-10799, CVE-2017-11102, CVE-2017-11140, CVE-2017-11403, CVE-2017-11636, CVE-2017-11637, CVE-2017-13147, CVE-2017-14042, CVE-2017-6335) Update Instructions: Run `sudo pro fix USN-4206-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgraphics-magick-perl - 1.3.23-1ubuntu0.2 libgraphicsmagick-q16-3 - 1.3.23-1ubuntu0.2 libgraphicsmagick1-dev - 1.3.23-1ubuntu0.2 graphicsmagick - 1.3.23-1ubuntu0.2 graphicsmagick-imagemagick-compat - 1.3.23-1ubuntu0.2 graphicsmagick-libmagick-dev-compat - 1.3.23-1ubuntu0.2 libgraphicsmagick++1-dev - 1.3.23-1ubuntu0.2 libgraphicsmagick++-q16-12 - 1.3.23-1ubuntu0.2 No subscription required Medium CVE-2017-10794 CVE-2017-10799 CVE-2017-11102 CVE-2017-11140 CVE-2017-11403 CVE-2017-11636 CVE-2017-11637 CVE-2017-13147 CVE-2017-14042 CVE-2017-6335 Ubuntu 16.04 LTS It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-16746) Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-17133) It was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19060) It was discovered that the Intel OPA Gen1 Infiniband Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19065) It was discovered that the Cascoda CA8210 SPI 802.15.4 wireless controller driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19075) Nicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux kernel performed DMA from a kernel stack. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-17075) Update Instructions: Run `sudo pro fix USN-4210-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1030-oracle - 4.15.0-1030.33~16.04.1 No subscription required linux-image-4.15.0-1050-gcp - 4.15.0-1050.53 No subscription required linux-image-4.15.0-1056-aws - 4.15.0-1056.58~16.04.1 No subscription required linux-image-4.15.0-72-generic-lpae - 4.15.0-72.81~16.04.1 linux-image-4.15.0-72-lowlatency - 4.15.0-72.81~16.04.1 linux-image-4.15.0-72-generic - 4.15.0-72.81~16.04.1 No subscription required linux-image-oracle - 4.15.0.1030.23 No subscription required linux-image-gke - 4.15.0.1050.64 linux-image-gcp - 4.15.0.1050.64 No subscription required linux-image-aws-hwe - 4.15.0.1056.56 No subscription required linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.72.92 linux-image-virtual-hwe-16.04-edge - 4.15.0.72.92 linux-image-oem - 4.15.0.72.92 linux-image-lowlatency-hwe-16.04 - 4.15.0.72.92 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.72.92 linux-image-generic-hwe-16.04-edge - 4.15.0.72.92 linux-image-generic-hwe-16.04 - 4.15.0.72.92 linux-image-virtual-hwe-16.04 - 4.15.0.72.92 linux-image-generic-lpae-hwe-16.04 - 4.15.0.72.92 No subscription required Medium CVE-2019-16746 CVE-2019-17075 CVE-2019-17133 CVE-2019-19060 CVE-2019-19065 CVE-2019-19075 Ubuntu 16.04 LTS Zhipeng Xie discovered that an infinite loop could be triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784) Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-17133) Nicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux kernel performed DMA from a kernel stack. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-17075) Update Instructions: Run `sudo pro fix USN-4211-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1063-kvm - 4.4.0-1063.70 No subscription required linux-image-4.4.0-1099-aws - 4.4.0-1099.110 No subscription required linux-image-4.4.0-1126-raspi2 - 4.4.0-1126.135 No subscription required linux-image-4.4.0-1130-snapdragon - 4.4.0-1130.138 No subscription required linux-image-4.4.0-170-powerpc64-emb - 4.4.0-170.199 linux-image-4.4.0-170-powerpc-smp - 4.4.0-170.199 linux-image-4.4.0-170-powerpc-e500mc - 4.4.0-170.199 linux-image-4.4.0-170-generic - 4.4.0-170.199 linux-image-4.4.0-170-lowlatency - 4.4.0-170.199 linux-image-4.4.0-170-powerpc64-smp - 4.4.0-170.199 linux-image-4.4.0-170-generic-lpae - 4.4.0-170.199 No subscription required linux-image-kvm - 4.4.0.1063.63 No subscription required linux-image-aws - 4.4.0.1099.103 No subscription required linux-image-raspi2 - 4.4.0.1126.126 No subscription required linux-image-snapdragon - 4.4.0.1130.122 No subscription required linux-image-powerpc64-smp-lts-utopic - 4.4.0.170.178 linux-image-generic-lts-wily - 4.4.0.170.178 linux-image-powerpc64-emb-lts-vivid - 4.4.0.170.178 linux-image-powerpc-e500mc - 4.4.0.170.178 linux-image-generic-lpae-lts-xenial - 4.4.0.170.178 linux-image-generic-lpae-lts-utopic - 4.4.0.170.178 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.170.178 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.170.178 linux-image-powerpc-e500mc-lts-wily - 4.4.0.170.178 linux-image-generic-lts-vivid - 4.4.0.170.178 linux-image-generic-lpae-lts-wily - 4.4.0.170.178 linux-image-virtual-lts-vivid - 4.4.0.170.178 linux-image-virtual-lts-utopic - 4.4.0.170.178 linux-image-virtual - 4.4.0.170.178 linux-image-powerpc64-emb-lts-wily - 4.4.0.170.178 linux-image-lowlatency-lts-vivid - 4.4.0.170.178 linux-image-generic-lts-utopic - 4.4.0.170.178 linux-image-powerpc64-emb - 4.4.0.170.178 linux-image-powerpc-smp-lts-xenial - 4.4.0.170.178 linux-image-powerpc64-smp-lts-vivid - 4.4.0.170.178 linux-image-lowlatency-lts-wily - 4.4.0.170.178 linux-image-generic - 4.4.0.170.178 linux-image-lowlatency-lts-xenial - 4.4.0.170.178 linux-image-powerpc64-smp-lts-xenial - 4.4.0.170.178 linux-image-powerpc64-emb-lts-utopic - 4.4.0.170.178 linux-image-generic-lts-xenial - 4.4.0.170.178 linux-image-powerpc-smp - 4.4.0.170.178 linux-image-generic-lpae-lts-vivid - 4.4.0.170.178 linux-image-generic-lpae - 4.4.0.170.178 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.170.178 linux-image-powerpc64-smp-lts-wily - 4.4.0.170.178 linux-image-powerpc64-emb-lts-xenial - 4.4.0.170.178 linux-image-powerpc-smp-lts-wily - 4.4.0.170.178 linux-image-virtual-lts-wily - 4.4.0.170.178 linux-image-powerpc64-smp - 4.4.0.170.178 linux-image-lowlatency-lts-utopic - 4.4.0.170.178 linux-image-powerpc-smp-lts-vivid - 4.4.0.170.178 linux-image-lowlatency - 4.4.0.170.178 linux-image-virtual-lts-xenial - 4.4.0.170.178 linux-image-powerpc-smp-lts-utopic - 4.4.0.170.178 No subscription required Medium CVE-2018-20784 CVE-2019-17075 CVE-2019-17133 Ubuntu 16.04 LTS Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks and access restricted servers. This issue was only addressed in Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-12523) Jeriko One discovered that Squid incorrectly handed URN responses. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-12526) Alex Rousskov discovered that Squid incorrectly handled certain strings. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 19.04. (CVE-2019-12854) Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain input. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue was only addressed in Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-18676) Kristoffer Danielsson discovered that Squid incorrectly handled certain messages. This issue could result in traffic being redirected to origins it should not be delivered to. (CVE-2019-18677) Régis Leroy discovered that Squid incorrectly handled certain HTTP request headers. A remote attacker could use this to smuggle HTTP requests and corrupt caches with arbitrary content. (CVE-2019-18678) David Fifield discovered that Squid incorrectly handled HTTP Digest Authentication. A remote attacker could possibly use this issue to obtain pointer contents and bypass ASLR protections. (CVE-2019-18679) Update Instructions: Run `sudo pro fix USN-4213-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squid-common - 3.5.12-1ubuntu7.9 squid - 3.5.12-1ubuntu7.9 squid-cgi - 3.5.12-1ubuntu7.9 squid-purge - 3.5.12-1ubuntu7.9 squidclient - 3.5.12-1ubuntu7.9 squid3 - 3.5.12-1ubuntu7.9 No subscription required Medium CVE-2019-12523 CVE-2019-12526 CVE-2019-12854 CVE-2019-18676 CVE-2019-18677 CVE-2019-18678 CVE-2019-18679 Ubuntu 16.04 LTS USN-4214-1 fixed a vulnerability in RabbitMQ. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4214-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: librabbitmq4 - 0.7.1-1ubuntu0.2 amqp-tools - 0.7.1-1ubuntu0.2 librabbitmq-dev - 0.7.1-1ubuntu0.2 No subscription required Medium CVE-2019-18609 Ubuntu 16.04 LTS It was discovered that NSS incorrectly handled certain certificates. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4215-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.28.4-0ubuntu0.16.04.9 libnss3-dev - 2:3.28.4-0ubuntu0.16.04.9 libnss3 - 2:3.28.4-0ubuntu0.16.04.9 libnss3-1d - 2:3.28.4-0ubuntu0.16.04.9 libnss3-tools - 2:3.28.4-0ubuntu0.16.04.9 No subscription required Medium CVE-2019-17007 Ubuntu 16.04 LTS USN-4216-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4216-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-nn - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-ne - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-nb - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-fa - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-fi - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-fr - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-fy - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-or - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-kab - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-oc - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-cs - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-ga - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-gd - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-gn - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-gl - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-gu - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-pa - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-pl - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-cy - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-pt - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-hi - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-uk - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-he - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-hy - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-hr - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-hu - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-as - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-ar - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-ia - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-az - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-id - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-mai - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-af - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-is - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-it - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-an - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-bs - 71.0+build5-0ubuntu0.16.04.1 firefox - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-ro - 71.0+build5-0ubuntu0.16.04.1 firefox-geckodriver - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-ja - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-ru - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-br - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-zh-hant - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-zh-hans - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-bn - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-be - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-bg - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-sl - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-sk - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-si - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-sw - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-sv - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-sr - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-sq - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-ko - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-kn - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-km - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-kk - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-ka - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-xh - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-ca - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-ku - 71.0+build5-0ubuntu0.16.04.1 firefox-mozsymbols - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-lv - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-lt - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-th - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-hsb - 71.0+build5-0ubuntu0.16.04.1 firefox-dev - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-te - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-cak - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-ta - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-lg - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-csb - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-tr - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-nso - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-de - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-da - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-ms - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-mr - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-my - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-uz - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-ml - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-mn - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-mk - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-ur - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-eu - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-et - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-es - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-vi - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-el - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-eo - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-en - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-zu - 71.0+build5-0ubuntu0.16.04.1 firefox-locale-ast - 71.0+build5-0ubuntu0.16.04.1 No subscription required Medium CVE-2019-11745 CVE-2019-11756 CVE-2019-17005 CVE-2019-17008 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 CVE-2019-17013 CVE-2019-17014 Ubuntu 16.04 LTS Andreas Oster discovered that the Samba DNS management server incorrectly handled certain records. An authenticated attacker could possibly use this issue to crash Samba, resulting in a denial of service. (CVE-2019-14861) Isaac Boukris discovered that Samba did not enforce the Kerberos DelegationNotAllowed feature restriction, contrary to expectations. (CVE-2019-14870) Update Instructions: Run `sudo pro fix USN-4217-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.16.04.24 samba - 2:4.3.11+dfsg-0ubuntu0.16.04.24 registry-tools - 2:4.3.11+dfsg-0ubuntu0.16.04.24 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.24 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.24 smbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.24 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.24 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.16.04.24 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.16.04.24 samba-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.24 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.16.04.24 winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.24 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.24 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.24 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.24 python-samba - 2:4.3.11+dfsg-0ubuntu0.16.04.24 samba-common - 2:4.3.11+dfsg-0ubuntu0.16.04.24 ctdb - 2:4.3.11+dfsg-0ubuntu0.16.04.24 samba-libs - 2:4.3.11+dfsg-0ubuntu0.16.04.24 libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.24 No subscription required Medium CVE-2019-14861 CVE-2019-14870 Ubuntu 16.04 LTS It was discovered that libssh incorrectly handled certain scp commands. If a user or automated system were tricked into using a specially-crafted scp command, a remote attacker could execute arbitrary commands on the server. Update Instructions: Run `sudo pro fix USN-4219-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssh-gcrypt-dev - 0.6.3-4.3ubuntu0.5 libssh-doc - 0.6.3-4.3ubuntu0.5 libssh-gcrypt-4 - 0.6.3-4.3ubuntu0.5 libssh-4 - 0.6.3-4.3ubuntu0.5 libssh-dev - 0.6.3-4.3ubuntu0.5 No subscription required Medium CVE-2019-14889 Ubuntu 16.04 LTS Joern Schneeweisz and Nicolas Joly discovered that Git contained various security flaws. An attacker could possibly use these issues to overwrite arbitrary paths, execute arbitrary code, and overwrite files in the .git directory. Update Instructions: Run `sudo pro fix USN-4220-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:2.7.4-0ubuntu1.7 gitweb - 1:2.7.4-0ubuntu1.7 git-gui - 1:2.7.4-0ubuntu1.7 git-daemon-sysvinit - 1:2.7.4-0ubuntu1.7 git-arch - 1:2.7.4-0ubuntu1.7 git-el - 1:2.7.4-0ubuntu1.7 gitk - 1:2.7.4-0ubuntu1.7 git-all - 1:2.7.4-0ubuntu1.7 git-mediawiki - 1:2.7.4-0ubuntu1.7 git-daemon-run - 1:2.7.4-0ubuntu1.7 git-man - 1:2.7.4-0ubuntu1.7 git-doc - 1:2.7.4-0ubuntu1.7 git-svn - 1:2.7.4-0ubuntu1.7 git-cvs - 1:2.7.4-0ubuntu1.7 git-core - 1:2.7.4-0ubuntu1.7 git-email - 1:2.7.4-0ubuntu1.7 No subscription required Medium CVE-2019-1348 CVE-2019-1349 CVE-2019-1350 CVE-2019-1351 CVE-2019-1352 CVE-2019-1353 CVE-2019-1354 CVE-2019-1387 CVE-2019-19604 Ubuntu 16.04 LTS It was discovered that libpcap did not properly validate PHB headers in some situations. An attacker could use this to cause a denial of service (memory exhaustion). Update Instructions: Run `sudo pro fix USN-4221-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpcap-dev - 1.7.4-2ubuntu0.1 libpcap0.8-dev - 1.7.4-2ubuntu0.1 libpcap0.8 - 1.7.4-2ubuntu0.1 No subscription required Medium CVE-2019-15165 Ubuntu 16.04 LTS It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. Update Instructions: Run `sudo pro fix USN-4222-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgraphics-magick-perl - 1.3.23-1ubuntu0.3 libgraphicsmagick-q16-3 - 1.3.23-1ubuntu0.3 libgraphicsmagick1-dev - 1.3.23-1ubuntu0.3 graphicsmagick - 1.3.23-1ubuntu0.3 graphicsmagick-imagemagick-compat - 1.3.23-1ubuntu0.3 graphicsmagick-libmagick-dev-compat - 1.3.23-1ubuntu0.3 libgraphicsmagick++1-dev - 1.3.23-1ubuntu0.3 libgraphicsmagick++-q16-12 - 1.3.23-1ubuntu0.3 No subscription required Medium CVE-2017-11638 CVE-2017-11641 CVE-2017-11642 CVE-2017-11643 CVE-2017-12935 CVE-2017-12936 CVE-2017-12937 CVE-2017-13063 CVE-2017-13064 CVE-2017-13065 CVE-2017-13134 CVE-2017-13737 CVE-2017-13775 CVE-2017-13776 CVE-2017-13777 Ubuntu 16.04 LTS Jan Jancar, Petr Svenda, and Vladimir Sedlacek discovered that a side- channel vulnerability existed in the ECDSA implementation in OpenJDK. An Attacker could use this to expose sensitive information. (CVE-2019-2894) It was discovered that the Socket implementation in OpenJDK did not properly restrict the creation of subclasses with a custom Socket implementation. An attacker could use this to specially create a Java class that could possibly bypass Java sandbox restrictions. (CVE-2019-2945) Rob Hamm discovered that the Kerberos implementation in OpenJDK did not properly handle proxy credentials. An attacker could possibly use this to impersonate another user. (CVE-2019-2949) It was discovered that a NULL pointer dereference existed in the font handling implementation in OpenJDK. An attacker could use this to cause a denial of service (application crash). (CVE-2019-2962) It was discovered that the Concurrency subsystem in OpenJDK did not properly bound stack consumption when compiling regular expressions. An attacker could use this to cause a denial of service (application crash). (CVE-2019-2964) It was discovered that the JAXP subsystem in OpenJDK did not properly handle XPath expressions in some situations. An attacker could use this to cause a denial of service (application crash). (CVE-2019-2973, CVE-2019-2981) It was discovered that the Nashorn JavaScript subcomponent in OpenJDK did not properly handle regular expressions in some situations. An attacker could use this to cause a denial of service (application crash). (CVE-2019-2975) It was discovered that the String class in OpenJDK contained an out-of- bounds access vulnerability. An attacker could use this to cause a denial of service (application crash) or possibly expose sensitive information. This issue only affected OpenJDK 11 in Ubuntu 18.04 LTS, Ubuntu 19.04, and Ubuntu 19.10. (CVE-2019-2977) It was discovered that the Jar URL handler in OpenJDK did not properly handled nested Jar URLs in some situations. An attacker could use this to cause a denial of service (application crash). (CVE-2019-2978) It was discovered that the Serialization component of OpenJDK did not properly handle deserialization of certain object attributes. An attacker could use this to cause a denial of service (application crash). (CVE-2019-2983) It was discovered that the FreetypeFontScaler class in OpenJDK did not properly validate dimensions of glyph bitmap images read from font files. An attacker could specially craft a font file that could cause a denial of service (application crash). (CVE-2019-2987) It was discovered that a buffer overflow existed in the SunGraphics2D class in OpenJDK. An attacker could possibly use this to cause a denial of service (excessive memory consumption or application crash). (CVE-2019-2988) It was discovered that the Networking component in OpenJDK did not properly handle certain responses from HTTP proxies. An attacker controlling a malicious HTTP proxy could possibly use this to inject content into a proxied HTTP connection. (CVE-2019-2989) It was discovered that the font handling implementation in OpenJDK did not properly validate TrueType font files in some situations. An attacker could specially craft a font file that could cause a denial of service (excessive memory consumption). (CVE-2019-2992) It was discovered that the JavaDoc generator in OpenJDK did not properly filter out some HTML elements properly, including documentation comments in Java source code. An attacker could possibly use this to craft a Cross-Site Scripting attack. (CVE-2019-2999) Update Instructions: Run `sudo pro fix USN-4223-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-8-doc - 8u232-b09-0ubuntu1~16.04.1 openjdk-8-jdk - 8u232-b09-0ubuntu1~16.04.1 openjdk-8-jre-headless - 8u232-b09-0ubuntu1~16.04.1 openjdk-8-jre - 8u232-b09-0ubuntu1~16.04.1 openjdk-8-jdk-headless - 8u232-b09-0ubuntu1~16.04.1 openjdk-8-source - 8u232-b09-0ubuntu1~16.04.1 openjdk-8-jre-zero - 8u232-b09-0ubuntu1~16.04.1 openjdk-8-demo - 8u232-b09-0ubuntu1~16.04.1 openjdk-8-jre-jamvm - 8u232-b09-0ubuntu1~16.04.1 No subscription required Medium CVE-2019-2894 CVE-2019-2945 CVE-2019-2949 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2975 CVE-2019-2977 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 Ubuntu 16.04 LTS Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with an email address. An attacker could possibly use this to obtain password reset tokens and hijack accounts. Update Instructions: Run `sudo pro fix USN-4224-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1.8.7-1ubuntu5.11 python-django-doc - 1.8.7-1ubuntu5.11 python-django-common - 1.8.7-1ubuntu5.11 python-django - 1.8.7-1ubuntu5.11 No subscription required High CVE-2019-19844 Ubuntu 16.04 LTS It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895, CVE-2019-14901) It was discovered that a heap-based buffer overflow existed in the Marvell Libertas WLAN Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14896, CVE-2019-14897) It was discovered that the Fujitsu ES network device driver for the Linux kernel did not properly check for errors in some situations, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service. (CVE-2019-16231) It was discovered that the QLogic Fibre Channel driver in the Linux kernel did not properly check for error, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16233) Anthony Steinhauser discovered that the Linux kernel did not properly perform Spectre_RSB mitigations to all processors for PowerPC architecture systems in some situations. A local attacker could use this to expose sensitive information. (CVE-2019-18660) It was discovered that the Mellanox Technologies Innova driver in the Linux kernel did not properly deallocate memory in certain failure conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19045) It was discovered that Geschwister Schneider USB CAN interface driver in the Linux kernel did not properly deallocate memory in certain failure conditions. A physically proximate attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19052) It was discovered that the AMD Display Engine Driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attack could use this to cause a denial of service (memory exhaustion). (CVE-2019-19083) It was discovered that the driver for memoryless force-feedback input devices in the Linux kernel contained a use-after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2019-19524) It was discovered that the Microchip CAN BUS Analyzer driver in the Linux kernel contained a use-after-free vulnerability on device disconnect. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19529) It was discovered that the PEAK-System Technik USB driver in the Linux kernel did not properly sanitize memory before sending it to the device. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2019-19534) Tristan Madani discovered that the ALSA timer implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19807) Update Instructions: Run `sudo pro fix USN-4227-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1031-oracle - 4.15.0-1031.34~16.04.1 No subscription required linux-image-4.15.0-1052-gcp - 4.15.0-1052.56 No subscription required linux-image-4.15.0-1057-aws - 4.15.0-1057.59~16.04.1 No subscription required linux-image-4.15.0-1066-azure - 4.15.0-1066.71 No subscription required linux-image-4.15.0-74-lowlatency - 4.15.0-74.83~16.04.1 linux-image-4.15.0-74-generic - 4.15.0-74.83~16.04.1 linux-image-4.15.0-74-generic-lpae - 4.15.0-74.83~16.04.1 No subscription required linux-image-oracle - 4.15.0.1031.24 No subscription required linux-image-gke - 4.15.0.1052.66 linux-image-gcp - 4.15.0.1052.66 No subscription required linux-image-aws-hwe - 4.15.0.1057.57 No subscription required linux-image-azure-edge - 4.15.0.1066.69 linux-image-azure - 4.15.0.1066.69 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.74.94 linux-image-lowlatency-hwe-16.04 - 4.15.0.74.94 linux-image-generic-hwe-16.04-edge - 4.15.0.74.94 linux-image-generic-lpae-hwe-16.04 - 4.15.0.74.94 linux-image-virtual-hwe-16.04 - 4.15.0.74.94 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.74.94 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.74.94 linux-image-oem - 4.15.0.74.94 linux-image-generic-hwe-16.04 - 4.15.0.74.94 No subscription required Medium CVE-2019-14895 CVE-2019-14896 CVE-2019-14897 CVE-2019-14901 CVE-2019-16231 CVE-2019-16233 CVE-2019-18660 CVE-2019-19045 CVE-2019-19052 CVE-2019-19083 CVE-2019-19524 CVE-2019-19529 CVE-2019-19534 CVE-2019-19807 Ubuntu 16.04 LTS It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895, CVE-2019-14901) It was discovered that a heap-based buffer overflow existed in the Marvell Libertas WLAN Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14896, CVE-2019-14897) Anthony Steinhauser discovered that the Linux kernel did not properly perform Spectre_RSB mitigations to all processors for PowerPC architecture systems in some situations. A local attacker could use this to expose sensitive information. (CVE-2019-18660) It was discovered that Geschwister Schneider USB CAN interface driver in the Linux kernel did not properly deallocate memory in certain failure conditions. A physically proximate attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19052) It was discovered that the driver for memoryless force-feedback input devices in the Linux kernel contained a use-after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2019-19524) It was discovered that the PEAK-System Technik USB driver in the Linux kernel did not properly sanitize memory before sending it to the device. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2019-19534) Update Instructions: Run `sudo pro fix USN-4228-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1064-kvm - 4.4.0-1064.71 No subscription required linux-image-4.4.0-1100-aws - 4.4.0-1100.111 No subscription required linux-image-4.4.0-1127-raspi2 - 4.4.0-1127.136 No subscription required linux-image-4.4.0-1131-snapdragon - 4.4.0-1131.139 No subscription required linux-image-4.4.0-171-generic-lpae - 4.4.0-171.200 linux-image-4.4.0-171-generic - 4.4.0-171.200 linux-image-4.4.0-171-lowlatency - 4.4.0-171.200 linux-image-4.4.0-171-powerpc-e500mc - 4.4.0-171.200 linux-image-4.4.0-171-powerpc64-smp - 4.4.0-171.200 linux-image-4.4.0-171-powerpc64-emb - 4.4.0-171.200 linux-image-4.4.0-171-powerpc-smp - 4.4.0-171.200 No subscription required linux-image-kvm - 4.4.0.1064.64 No subscription required linux-image-aws - 4.4.0.1100.104 No subscription required linux-image-raspi2 - 4.4.0.1127.127 No subscription required linux-image-snapdragon - 4.4.0.1131.123 No subscription required linux-image-powerpc64-smp-lts-utopic - 4.4.0.171.179 linux-image-generic-lts-wily - 4.4.0.171.179 linux-image-generic-lts-utopic - 4.4.0.171.179 linux-image-powerpc-e500mc - 4.4.0.171.179 linux-image-generic-lpae-lts-xenial - 4.4.0.171.179 linux-image-generic-lpae-lts-utopic - 4.4.0.171.179 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.171.179 linux-image-powerpc-e500mc-lts-wily - 4.4.0.171.179 linux-image-generic-lts-vivid - 4.4.0.171.179 linux-image-generic-lpae-lts-wily - 4.4.0.171.179 linux-image-virtual-lts-vivid - 4.4.0.171.179 linux-image-virtual-lts-utopic - 4.4.0.171.179 linux-image-virtual - 4.4.0.171.179 linux-image-powerpc64-emb-lts-wily - 4.4.0.171.179 linux-image-lowlatency-lts-vivid - 4.4.0.171.179 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.171.179 linux-image-powerpc64-emb - 4.4.0.171.179 linux-image-powerpc-smp-lts-xenial - 4.4.0.171.179 linux-image-powerpc64-smp-lts-vivid - 4.4.0.171.179 linux-image-lowlatency-lts-wily - 4.4.0.171.179 linux-image-generic - 4.4.0.171.179 linux-image-lowlatency-lts-xenial - 4.4.0.171.179 linux-image-powerpc64-smp-lts-xenial - 4.4.0.171.179 linux-image-powerpc64-emb-lts-utopic - 4.4.0.171.179 linux-image-generic-lts-xenial - 4.4.0.171.179 linux-image-virtual-lts-wily - 4.4.0.171.179 linux-image-powerpc-smp - 4.4.0.171.179 linux-image-powerpc64-emb-lts-vivid - 4.4.0.171.179 linux-image-generic-lpae-lts-vivid - 4.4.0.171.179 linux-image-generic-lpae - 4.4.0.171.179 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.171.179 linux-image-powerpc64-smp-lts-wily - 4.4.0.171.179 linux-image-powerpc64-emb-lts-xenial - 4.4.0.171.179 linux-image-powerpc-smp-lts-wily - 4.4.0.171.179 linux-image-powerpc64-smp - 4.4.0.171.179 linux-image-lowlatency-lts-utopic - 4.4.0.171.179 linux-image-powerpc-smp-lts-vivid - 4.4.0.171.179 linux-image-lowlatency - 4.4.0.171.179 linux-image-virtual-lts-xenial - 4.4.0.171.179 linux-image-powerpc-smp-lts-utopic - 4.4.0.171.179 No subscription required Medium CVE-2019-14895 CVE-2019-14896 CVE-2019-14897 CVE-2019-14901 CVE-2019-18660 CVE-2019-19052 CVE-2019-19524 CVE-2019-19534 Ubuntu 16.04 LTS It was discovered that ntpq and ntpdc incorrectly handled some arguments. An attacker could possibly use this issue to cause ntpq or ntpdc to crash, execute arbitrary code, or escalate to higher privileges. Update Instructions: Run `sudo pro fix USN-4229-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ntp - 1:4.2.8p4+dfsg-3ubuntu5.10 ntp-doc - 1:4.2.8p4+dfsg-3ubuntu5.10 ntpdate - 1:4.2.8p4+dfsg-3ubuntu5.10 No subscription required Negligible CVE-2018-12327 Ubuntu 16.04 LTS It was discovered that ClamAV incorrectly handled certain MIME messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4230-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.102.1+dfsg-0ubuntu0.16.04.2 clamav-testfiles - 0.102.1+dfsg-0ubuntu0.16.04.2 clamav-base - 0.102.1+dfsg-0ubuntu0.16.04.2 clamav - 0.102.1+dfsg-0ubuntu0.16.04.2 clamav-daemon - 0.102.1+dfsg-0ubuntu0.16.04.2 clamav-docs - 0.102.1+dfsg-0ubuntu0.16.04.2 clamav-milter - 0.102.1+dfsg-0ubuntu0.16.04.2 clamav-freshclam - 0.102.1+dfsg-0ubuntu0.16.04.2 libclamav9 - 0.102.1+dfsg-0ubuntu0.16.04.2 clamdscan - 0.102.1+dfsg-0ubuntu0.16.04.2 No subscription required Medium CVE-2019-15961 Ubuntu 16.04 LTS It was discovered that NSS incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4231-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.28.4-0ubuntu0.16.04.10 libnss3-dev - 2:3.28.4-0ubuntu0.16.04.10 libnss3 - 2:3.28.4-0ubuntu0.16.04.10 libnss3-1d - 2:3.28.4-0ubuntu0.16.04.10 libnss3-tools - 2:3.28.4-0ubuntu0.16.04.10 No subscription required Medium CVE-2019-17006 Ubuntu 16.04 LTS It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. Update Instructions: Run `sudo pro fix USN-4232-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgraphics-magick-perl - 1.3.23-1ubuntu0.4 libgraphicsmagick-q16-3 - 1.3.23-1ubuntu0.4 libgraphicsmagick1-dev - 1.3.23-1ubuntu0.4 graphicsmagick - 1.3.23-1ubuntu0.4 graphicsmagick-imagemagick-compat - 1.3.23-1ubuntu0.4 graphicsmagick-libmagick-dev-compat - 1.3.23-1ubuntu0.4 libgraphicsmagick++-q16-12 - 1.3.23-1ubuntu0.4 libgraphicsmagick++1-dev - 1.3.23-1ubuntu0.4 No subscription required Medium CVE-2017-14165 CVE-2017-14314 CVE-2017-14504 CVE-2017-14649 CVE-2017-14733 CVE-2017-14994 CVE-2017-14997 CVE-2017-15277 CVE-2017-15930 CVE-2017-16352 CVE-2017-16353 Ubuntu 16.04 LTS As a security improvement, this update marks SHA1 as being untrusted for digital signature operations. Update Instructions: Run `sudo pro fix USN-4233-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgnutls30 - 3.4.10-4ubuntu1.6 libgnutls28-dev - 3.4.10-4ubuntu1.6 libgnutlsxx28 - 3.4.10-4ubuntu1.6 gnutls-doc - 3.4.10-4ubuntu1.6 libgnutls-dev - 3.4.10-4ubuntu1.6 gnutls-bin - 3.4.10-4ubuntu1.6 guile-gnutls - 3.4.10-4ubuntu1.6 libgnutls-openssl27 - 3.4.10-4ubuntu1.6 No subscription required None https://launchpad.net/bugs/1858691 Ubuntu 16.04 LTS USN-4233-1 disabled SHA1 being used for digital signature operations in GnuTLS. In certain network environments, certificates using SHA1 may still be in use. This update adds the %VERIFY_ALLOW_BROKEN and %VERIFY_ALLOW_SIGN_WITH_SHA1 priority strings that can be used to temporarily re-enable SHA1 until certificates can be replaced with a stronger algorithm. Original advisory details: As a security improvement, this update marks SHA1 as being untrusted for digital signature operations. Update Instructions: Run `sudo pro fix USN-4233-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgnutls30 - 3.4.10-4ubuntu1.7 libgnutls28-dev - 3.4.10-4ubuntu1.7 libgnutlsxx28 - 3.4.10-4ubuntu1.7 gnutls-doc - 3.4.10-4ubuntu1.7 libgnutls-dev - 3.4.10-4ubuntu1.7 gnutls-bin - 3.4.10-4ubuntu1.7 guile-gnutls - 3.4.10-4ubuntu1.7 libgnutls-openssl27 - 3.4.10-4ubuntu1.7 No subscription required None https://launchpad.net/bugs/1860656 Ubuntu 16.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass Content Security Policy (CSP) restrictions, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4234-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nn - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ne - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nb - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fa - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fi - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fr - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fy - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-or - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kab - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-oc - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cs - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ga - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gd - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gn - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gl - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gu - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pa - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pl - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cy - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pt - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hi - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-uk - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-he - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hy - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hr - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hu - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-as - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ar - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ia - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-az - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-id - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mai - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-af - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-is - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-it - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-an - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bs - 72.0.1+build1-0ubuntu0.16.04.1 firefox - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ro - 72.0.1+build1-0ubuntu0.16.04.1 firefox-geckodriver - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ja - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ru - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-br - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zh-hant - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zh-hans - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bn - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-be - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bg - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sl - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sk - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-si - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sw - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sv - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sr - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sq - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ko - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kn - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-km - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kk - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ka - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-xh - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ca - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ku - 72.0.1+build1-0ubuntu0.16.04.1 firefox-mozsymbols - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lv - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lt - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-th - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hsb - 72.0.1+build1-0ubuntu0.16.04.1 firefox-dev - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-te - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cak - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ta - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lg - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-tr - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nso - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-de - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-da - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ms - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mr - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-my - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-uz - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ml - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mn - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mk - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ur - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-vi - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-eu - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-et - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-es - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-csb - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-el - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-eo - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-en - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zu - 72.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ast - 72.0.1+build1-0ubuntu0.16.04.1 No subscription required Medium CVE-2019-17016 CVE-2019-17017 CVE-2019-17020 CVE-2019-17022 CVE-2019-17023 CVE-2019-17024 CVE-2019-17025 CVE-2019-17026 Ubuntu 16.04 LTS USN-4234-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass Content Security Policy (CSP) restrictions, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4234-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nn - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ne - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nb - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fa - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fi - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fr - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fy - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-or - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kab - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-oc - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cs - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ga - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gd - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gn - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gl - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gu - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pa - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pl - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cy - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pt - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hi - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-uk - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-he - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hy - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hr - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hu - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-as - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ar - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ia - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-az - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-id - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mai - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-af - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-is - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-it - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-an - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bs - 72.0.2+build1-0ubuntu0.16.04.1 firefox - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ro - 72.0.2+build1-0ubuntu0.16.04.1 firefox-geckodriver - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ja - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ru - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-br - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zh-hant - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zh-hans - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bn - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-be - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bg - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sl - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sk - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-si - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sw - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sv - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sr - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sq - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ko - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kn - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-km - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kk - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ka - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-xh - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ca - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ku - 72.0.2+build1-0ubuntu0.16.04.1 firefox-mozsymbols - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lv - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lt - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-th - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hsb - 72.0.2+build1-0ubuntu0.16.04.1 firefox-dev - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-te - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cak - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ta - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lg - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-tr - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nso - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-de - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-da - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ms - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mr - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-my - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-uz - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ml - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mn - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mk - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ur - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-vi - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-eu - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-et - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-es - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-csb - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-el - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-eo - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-en - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zu - 72.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ast - 72.0.2+build1-0ubuntu0.16.04.1 No subscription required None https://launchpad.net/bugs/1856707 Ubuntu 16.04 LTS Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly handled certain error_page configurations. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks and access resources contrary to expectations. Update Instructions: Run `sudo pro fix USN-4235-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nginx-extras - 1.10.3-0ubuntu0.16.04.5 nginx-core - 1.10.3-0ubuntu0.16.04.5 nginx-common - 1.10.3-0ubuntu0.16.04.5 nginx-full - 1.10.3-0ubuntu0.16.04.5 nginx - 1.10.3-0ubuntu0.16.04.5 nginx-doc - 1.10.3-0ubuntu0.16.04.5 nginx-light - 1.10.3-0ubuntu0.16.04.5 No subscription required Medium CVE-2019-20372 Ubuntu 16.04 LTS USN-4236-1 fixed a vulnerability in Libgcrypt. This update provides the corresponding fix for Ubuntu 16.04 LTS. Original advisory details: It was discovered that Libgcrypt was susceptible to a ECDSA timing attack. An attacker could possibly use this attack to recover sensitive information. Update Instructions: Run `sudo pro fix USN-4236-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgcrypt11-dev - 1.5.4-3+really1.6.5-2ubuntu0.6 No subscription required libgcrypt20 - 1.6.5-2ubuntu0.6 libgcrypt20-doc - 1.6.5-2ubuntu0.6 libgcrypt20-udeb - 1.6.5-2ubuntu0.6 libgcrypt20-dev - 1.6.5-2ubuntu0.6 No subscription required Medium CVE-2019-13627 Ubuntu 16.04 LTS It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code. (CVE-2018-11805) It was discovered that SpamAssassin incorrectly handled certain messages. A remote attacker could possibly use this issue to cause SpamAssassin to consume resources, resulting in a denial of service. (CVE-2019-12420) Update Instructions: Run `sudo pro fix USN-4237-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: spamassassin - 3.4.2-0ubuntu0.16.04.2 sa-compile - 3.4.2-0ubuntu0.16.04.2 spamc - 3.4.2-0ubuntu0.16.04.2 No subscription required Medium CVE-2018-11805 CVE-2019-12420 Ubuntu 16.04 LTS It was discovered that SDL_image incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. Update Instructions: Run `sudo pro fix USN-4238-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsdl-image1.2 - 1.2.12-5+deb9u1ubuntu0.16.04.1 libsdl-image1.2-dev - 1.2.12-5+deb9u1ubuntu0.16.04.1 No subscription required Medium CVE-2018-3977 CVE-2019-12216 CVE-2019-12217 CVE-2019-12218 CVE-2019-12219 CVE-2019-12220 CVE-2019-12221 CVE-2019-12222 CVE-2019-13616 CVE-2019-5051 CVE-2019-5052 CVE-2019-7635 Ubuntu 16.04 LTS It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, 16.04 LTS, 18.04 LTS, 19.04 and 19.10. (CVE-2019-11045) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2019-11046) It was discovered that PHP incorrectly handled certain images. An attacker could possibly use this issue to access sensitive information. (CVE-2019-11047, CVE-2019-11050) Update Instructions: Run `sudo pro fix USN-4239-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.0-cgi - 7.0.33-0ubuntu0.16.04.9 php7.0-mcrypt - 7.0.33-0ubuntu0.16.04.9 php7.0-xsl - 7.0.33-0ubuntu0.16.04.9 php7.0-fpm - 7.0.33-0ubuntu0.16.04.9 libphp7.0-embed - 7.0.33-0ubuntu0.16.04.9 php7.0-phpdbg - 7.0.33-0ubuntu0.16.04.9 php7.0-curl - 7.0.33-0ubuntu0.16.04.9 php7.0-ldap - 7.0.33-0ubuntu0.16.04.9 php7.0-mbstring - 7.0.33-0ubuntu0.16.04.9 php7.0-gmp - 7.0.33-0ubuntu0.16.04.9 php7.0-sqlite3 - 7.0.33-0ubuntu0.16.04.9 php7.0-gd - 7.0.33-0ubuntu0.16.04.9 php7.0-common - 7.0.33-0ubuntu0.16.04.9 php7.0-enchant - 7.0.33-0ubuntu0.16.04.9 php7.0-odbc - 7.0.33-0ubuntu0.16.04.9 php7.0-cli - 7.0.33-0ubuntu0.16.04.9 php7.0-json - 7.0.33-0ubuntu0.16.04.9 php7.0-pgsql - 7.0.33-0ubuntu0.16.04.9 libapache2-mod-php7.0 - 7.0.33-0ubuntu0.16.04.9 php7.0-zip - 7.0.33-0ubuntu0.16.04.9 php7.0-mysql - 7.0.33-0ubuntu0.16.04.9 php7.0-dba - 7.0.33-0ubuntu0.16.04.9 php7.0-sybase - 7.0.33-0ubuntu0.16.04.9 php7.0-pspell - 7.0.33-0ubuntu0.16.04.9 php7.0-xml - 7.0.33-0ubuntu0.16.04.9 php7.0-bz2 - 7.0.33-0ubuntu0.16.04.9 php7.0-recode - 7.0.33-0ubuntu0.16.04.9 php7.0-soap - 7.0.33-0ubuntu0.16.04.9 php7.0 - 7.0.33-0ubuntu0.16.04.9 php7.0-tidy - 7.0.33-0ubuntu0.16.04.9 php7.0-interbase - 7.0.33-0ubuntu0.16.04.9 php7.0-opcache - 7.0.33-0ubuntu0.16.04.9 php7.0-readline - 7.0.33-0ubuntu0.16.04.9 php7.0-intl - 7.0.33-0ubuntu0.16.04.9 php7.0-imap - 7.0.33-0ubuntu0.16.04.9 php7.0-xmlrpc - 7.0.33-0ubuntu0.16.04.9 php7.0-bcmath - 7.0.33-0ubuntu0.16.04.9 php7.0-dev - 7.0.33-0ubuntu0.16.04.9 php7.0-snmp - 7.0.33-0ubuntu0.16.04.9 No subscription required Low CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11050 Ubuntu 16.04 LTS It was discovered that Kamailio incorrectly handled a specially crafted file. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. Update Instructions: Run `sudo pro fix USN-4240-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: kamailio-purple-modules - 4.3.4-1.1ubuntu2.1 kamailio-lua-modules - 4.3.4-1.1ubuntu2.1 kamailio-postgres-modules - 4.3.4-1.1ubuntu2.1 kamailio-perl-modules - 4.3.4-1.1ubuntu2.1 kamailio-mysql-modules - 4.3.4-1.1ubuntu2.1 kamailio-radius-modules - 4.3.4-1.1ubuntu2.1 kamailio-extra-modules - 4.3.4-1.1ubuntu2.1 kamailio - 4.3.4-1.1ubuntu2.1 kamailio-cpl-modules - 4.3.4-1.1ubuntu2.1 kamailio-mono-modules - 4.3.4-1.1ubuntu2.1 kamailio-kazoo-modules - 4.3.4-1.1ubuntu2.1 kamailio-cnxcc-modules - 4.3.4-1.1ubuntu2.1 kamailio-snmpstats-modules - 4.3.4-1.1ubuntu2.1 kamailio-carrierroute-modules - 4.3.4-1.1ubuntu2.1 kamailio-tls-modules - 4.3.4-1.1ubuntu2.1 kamailio-xmpp-modules - 4.3.4-1.1ubuntu2.1 kamailio-presence-modules - 4.3.4-1.1ubuntu2.1 kamailio-json-modules - 4.3.4-1.1ubuntu2.1 kamailio-dnssec-modules - 4.3.4-1.1ubuntu2.1 kamailio-geoip-modules - 4.3.4-1.1ubuntu2.1 kamailio-sqlite-modules - 4.3.4-1.1ubuntu2.1 kamailio-ldap-modules - 4.3.4-1.1ubuntu2.1 kamailio-websocket-modules - 4.3.4-1.1ubuntu2.1 kamailio-ims-modules - 4.3.4-1.1ubuntu2.1 kamailio-python-modules - 4.3.4-1.1ubuntu2.1 kamailio-redis-modules - 4.3.4-1.1ubuntu2.1 kamailio-erlang-modules - 4.3.4-1.1ubuntu2.1 kamailio-autheph-modules - 4.3.4-1.1ubuntu2.1 kamailio-outbound-modules - 4.3.4-1.1ubuntu2.1 kamailio-java-modules - 4.3.4-1.1ubuntu2.1 kamailio-berkeley-modules - 4.3.4-1.1ubuntu2.1 kamailio-utils-modules - 4.3.4-1.1ubuntu2.1 kamailio-unixodbc-modules - 4.3.4-1.1ubuntu2.1 kamailio-sctp-modules - 4.3.4-1.1ubuntu2.1 kamailio-xml-modules - 4.3.4-1.1ubuntu2.1 kamailio-berkeley-bin - 4.3.4-1.1ubuntu2.1 kamailio-memcached-modules - 4.3.4-1.1ubuntu2.1 No subscription required High CVE-2018-8828 Ubuntu 16.04 LTS It was discovered that Sysstat incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-16167) It was discovered that Sysstat incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-19725) Update Instructions: Run `sudo pro fix USN-4242-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: isag - 11.2.0-1ubuntu0.3 sysstat - 11.2.0-1ubuntu0.3 No subscription required Medium CVE-2019-16167 CVE-2019-19725 Ubuntu 16.04 LTS It was discovered that libbsd incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. (CVE-2016-2090) It was discovered that libbsd incorrectly handled certain strings. An attacker could possibly use this issue to access sensitive information. (CVE-2019-20367) Update Instructions: Run `sudo pro fix USN-4243-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libbsd-dev - 0.8.2-1ubuntu0.1 libbsd0-udeb - 0.8.2-1ubuntu0.1 libbsd0 - 0.8.2-1ubuntu0.1 No subscription required Medium CVE-2016-2090 CVE-2019-20367 Ubuntu 16.04 LTS It was discovered that Samba did not automatically replicate ACLs set to inherit down a subtree on AD Directory, contrary to expectations. This issue was only addressed in Ubuntu 18.04 LTS, Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-14902) Robert Święcki discovered that Samba incorrectly handled certain character conversions when the log level is set to 3 or above. In certain environments, a remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. (CVE-2019-14907) Christian Naumer discovered that Samba incorrectly handled DNS zone scavenging. This issue could possibly result in some incorrect data being written to the DB. This issue only applied to Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-19344) Update Instructions: Run `sudo pro fix USN-4244-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.16.04.25 samba - 2:4.3.11+dfsg-0ubuntu0.16.04.25 libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.25 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.25 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.25 smbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.25 python-samba - 2:4.3.11+dfsg-0ubuntu0.16.04.25 winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.25 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.16.04.25 samba-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.25 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.16.04.25 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.16.04.25 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.25 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.25 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.25 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.25 samba-common - 2:4.3.11+dfsg-0ubuntu0.16.04.25 registry-tools - 2:4.3.11+dfsg-0ubuntu0.16.04.25 samba-libs - 2:4.3.11+dfsg-0ubuntu0.16.04.25 ctdb - 2:4.3.11+dfsg-0ubuntu0.16.04.25 No subscription required Medium CVE-2019-14902 CVE-2019-14907 CVE-2019-19344 Ubuntu 16.04 LTS It was discovered that PySAML2 incorrectly handled certain SAML files. An attacker could possibly use this issue to bypass signature verification with arbitrary data. Update Instructions: Run `sudo pro fix USN-4245-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-pysaml2-doc - 3.0.0-3ubuntu1.16.04.4 python-pysaml2 - 3.0.0-3ubuntu1.16.04.4 python3-pysaml2 - 3.0.0-3ubuntu1.16.04.4 No subscription required Medium CVE-2020-5390 Ubuntu 16.04 LTS It was discovered that zlib incorrectly handled pointer arithmetic. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841) It was discovered that zlib incorrectly handled vectors involving left shifts of negative integers. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9842) It was discovered that zlib incorrectly handled vectors involving big-endian CRC calculation. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9843) Update Instructions: Run `sudo pro fix USN-4246-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libx32z1-dev - 1:1.2.8.dfsg-2ubuntu4.3 lib64z1 - 1:1.2.8.dfsg-2ubuntu4.3 zlib1g-udeb - 1:1.2.8.dfsg-2ubuntu4.3 libx32z1 - 1:1.2.8.dfsg-2ubuntu4.3 lib64z1-dev - 1:1.2.8.dfsg-2ubuntu4.3 lib32z1 - 1:1.2.8.dfsg-2ubuntu4.3 zlib1g - 1:1.2.8.dfsg-2ubuntu4.3 lib32z1-dev - 1:1.2.8.dfsg-2ubuntu4.3 zlib1g-dev - 1:1.2.8.dfsg-2ubuntu4.3 No subscription required Low CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 Ubuntu 16.04 LTS It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be used to install altered packages. (CVE-2019-15795) It was discovered that python-apt could install packages from untrusted repositories, contrary to expectations. (CVE-2019-15796) Update Instructions: Run `sudo pro fix USN-4247-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-apt - 1.1.0~beta1ubuntu0.16.04.7 python-apt - 1.1.0~beta1ubuntu0.16.04.7 python-apt-common - 1.1.0~beta1ubuntu0.16.04.7 python-apt-dev - 1.1.0~beta1ubuntu0.16.04.7 python-apt-doc - 1.1.0~beta1ubuntu0.16.04.7 No subscription required Medium CVE-2019-15795 CVE-2019-15796 Ubuntu 16.04 LTS USN-4247-1 fixed vulnerabilities in python-apt. The updated packages caused a regression when attempting to upgrade to a new Ubuntu release. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be used to install altered packages. (CVE-2019-15795) It was discovered that python-apt could install packages from untrusted repositories, contrary to expectations. (CVE-2019-15796) Update Instructions: Run `sudo pro fix USN-4247-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-apt - 1.1.0~beta1ubuntu0.16.04.8 python-apt - 1.1.0~beta1ubuntu0.16.04.8 python-apt-common - 1.1.0~beta1ubuntu0.16.04.8 python-apt-dev - 1.1.0~beta1ubuntu0.16.04.8 python-apt-doc - 1.1.0~beta1ubuntu0.16.04.8 No subscription required None https://launchpad.net/bugs/1860606 Ubuntu 16.04 LTS It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. Update Instructions: Run `sudo pro fix USN-4248-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgraphics-magick-perl - 1.3.23-1ubuntu0.5 libgraphicsmagick-q16-3 - 1.3.23-1ubuntu0.5 libgraphicsmagick1-dev - 1.3.23-1ubuntu0.5 graphicsmagick - 1.3.23-1ubuntu0.5 graphicsmagick-imagemagick-compat - 1.3.23-1ubuntu0.5 graphicsmagick-libmagick-dev-compat - 1.3.23-1ubuntu0.5 libgraphicsmagick++1-dev - 1.3.23-1ubuntu0.5 libgraphicsmagick++-q16-12 - 1.3.23-1ubuntu0.5 No subscription required Medium CVE-2017-16545 CVE-2017-16547 CVE-2017-16669 CVE-2017-17498 CVE-2017-17500 CVE-2017-17501 CVE-2017-17502 CVE-2017-17503 CVE-2017-17782 CVE-2017-17783 Ubuntu 16.04 LTS It was discovered that e2fsprogs incorrectly handled certain ext4 partitions. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4249-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libss2 - 1.42.13-1ubuntu1.2 e2fslibs-dev - 1.42.13-1ubuntu1.2 e2fsprogs - 1.42.13-1ubuntu1.2 e2fsck-static - 1.42.13-1ubuntu1.2 e2fslibs - 1.42.13-1ubuntu1.2 e2fsprogs-udeb - 1.42.13-1ubuntu1.2 libcomerr2 - 1.42.13-1ubuntu1.2 No subscription required ss-dev - 2.0-1.42.13-1ubuntu1.2 No subscription required comerr-dev - 2.1-1.42.13-1ubuntu1.2 No subscription required Medium CVE-2019-5188 Ubuntu 16.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.19 in Ubuntu 19.10. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.29. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-29.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-19.html https://www.oracle.com/security-alerts/cpujan2020.html Update Instructions: Run `sudo pro fix USN-4250-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.29-0ubuntu0.16.04.1 mysql-source-5.7 - 5.7.29-0ubuntu0.16.04.1 libmysqlclient-dev - 5.7.29-0ubuntu0.16.04.1 mysql-client-core-5.7 - 5.7.29-0ubuntu0.16.04.1 mysql-client-5.7 - 5.7.29-0ubuntu0.16.04.1 libmysqlclient20 - 5.7.29-0ubuntu0.16.04.1 mysql-server-5.7 - 5.7.29-0ubuntu0.16.04.1 mysql-common - 5.7.29-0ubuntu0.16.04.1 mysql-server - 5.7.29-0ubuntu0.16.04.1 mysql-server-core-5.7 - 5.7.29-0ubuntu0.16.04.1 mysql-testsuite - 5.7.29-0ubuntu0.16.04.1 libmysqld-dev - 5.7.29-0ubuntu0.16.04.1 mysql-testsuite-5.7 - 5.7.29-0ubuntu0.16.04.1 No subscription required Medium CVE-2020-2570 CVE-2020-2572 CVE-2020-2573 CVE-2020-2574 CVE-2020-2577 CVE-2020-2579 CVE-2020-2584 CVE-2020-2588 CVE-2020-2589 CVE-2020-2627 CVE-2020-2660 CVE-2020-2679 CVE-2020-2686 CVE-2020-2694 Ubuntu 16.04 LTS It was discovered that Tomcat incorrectly handled the RMI registry when configured with the JMX Remote Lifecycle Listener. A local attacker could possibly use this issue to obtain credentials and gain complete control over the Tomcat instance. (CVE-2019-12418) It was discovered that Tomcat incorrectly handled FORM authentication. A remote attacker could possibly use this issue to perform a session fixation attack. (CVE-2019-17563) Update Instructions: Run `sudo pro fix USN-4251-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tomcat8-docs - 8.0.32-1ubuntu1.11 tomcat8-user - 8.0.32-1ubuntu1.11 libservlet3.1-java - 8.0.32-1ubuntu1.11 libservlet3.1-java-doc - 8.0.32-1ubuntu1.11 tomcat8-examples - 8.0.32-1ubuntu1.11 tomcat8-admin - 8.0.32-1ubuntu1.11 libtomcat8-java - 8.0.32-1ubuntu1.11 tomcat8-common - 8.0.32-1ubuntu1.11 tomcat8 - 8.0.32-1ubuntu1.11 No subscription required Medium CVE-2019-12418 CVE-2019-17563 Ubuntu 16.04 LTS Multiple security issues were discovered in tcpdump. A remote attacker could use these issues to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4252-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tcpdump - 4.9.3-0ubuntu0.16.04.1 No subscription required Medium CVE-2017-16808 CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 CVE-2018-19519 CVE-2019-1010220 CVE-2019-15166 CVE-2019-15167 Ubuntu 16.04 LTS It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that a race condition existed in the Virtual Video Test Driver in the Linux kernel. An attacker with write access to /dev/video0 on a system with the vivid module loaded could possibly use this to gain administrative privileges. (CVE-2019-18683) It was discovered that the btrfs file system in the Linux kernel did not properly validate metadata, leading to a NULL pointer dereference. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service (system crash). (CVE-2019-18885) It was discovered that multiple memory leaks existed in the Marvell WiFi-Ex Driver for the Linux kernel. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19057) It was discovered that the crypto subsystem in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19062) It was discovered that the Realtek rtlwifi USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19063) Dan Carpenter discovered that the AppleTalk networking subsystem of the Linux kernel did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-19227) It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly handle ioctl requests to get emulated CPUID features. An attacker with access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-19332) It was discovered that the B2C2 FlexCop USB device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15291) Update Instructions: Run `sudo pro fix USN-4254-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1065-kvm - 4.4.0-1065.72 No subscription required linux-image-4.4.0-1101-aws - 4.4.0-1101.112 No subscription required linux-image-4.4.0-1128-raspi2 - 4.4.0-1128.137 No subscription required linux-image-4.4.0-1132-snapdragon - 4.4.0-1132.140 No subscription required linux-image-4.4.0-173-powerpc64-smp - 4.4.0-173.203 linux-image-4.4.0-173-lowlatency - 4.4.0-173.203 linux-image-4.4.0-173-generic - 4.4.0-173.203 linux-image-4.4.0-173-powerpc64-emb - 4.4.0-173.203 linux-image-4.4.0-173-powerpc-smp - 4.4.0-173.203 linux-image-4.4.0-173-generic-lpae - 4.4.0-173.203 linux-image-4.4.0-173-powerpc-e500mc - 4.4.0-173.203 No subscription required linux-image-kvm - 4.4.0.1065.65 No subscription required linux-image-aws - 4.4.0.1101.105 No subscription required linux-image-raspi2 - 4.4.0.1128.128 No subscription required linux-image-snapdragon - 4.4.0.1132.124 No subscription required linux-image-generic-lts-wily - 4.4.0.173.181 linux-image-powerpc64-emb-lts-vivid - 4.4.0.173.181 linux-image-powerpc-e500mc - 4.4.0.173.181 linux-image-generic-lpae-lts-xenial - 4.4.0.173.181 linux-image-generic-lts-xenial - 4.4.0.173.181 linux-image-generic-lpae-lts-utopic - 4.4.0.173.181 linux-image-powerpc64-smp-lts-vivid - 4.4.0.173.181 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.173.181 linux-image-generic-lts-utopic - 4.4.0.173.181 linux-image-powerpc-e500mc-lts-wily - 4.4.0.173.181 linux-image-generic-lts-vivid - 4.4.0.173.181 linux-image-generic-lpae-lts-wily - 4.4.0.173.181 linux-image-virtual-lts-vivid - 4.4.0.173.181 linux-image-virtual-lts-utopic - 4.4.0.173.181 linux-image-virtual - 4.4.0.173.181 linux-image-powerpc64-emb-lts-wily - 4.4.0.173.181 linux-image-lowlatency-lts-vivid - 4.4.0.173.181 linux-image-powerpc64-smp-lts-utopic - 4.4.0.173.181 linux-image-powerpc64-emb - 4.4.0.173.181 linux-image-powerpc-smp-lts-xenial - 4.4.0.173.181 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.173.181 linux-image-lowlatency-lts-wily - 4.4.0.173.181 linux-image-virtual-lts-wily - 4.4.0.173.181 linux-image-generic - 4.4.0.173.181 linux-image-powerpc64-smp-lts-xenial - 4.4.0.173.181 linux-image-powerpc64-emb-lts-utopic - 4.4.0.173.181 linux-image-powerpc-smp - 4.4.0.173.181 linux-image-lowlatency-lts-xenial - 4.4.0.173.181 linux-image-generic-lpae - 4.4.0.173.181 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.173.181 linux-image-powerpc64-smp-lts-wily - 4.4.0.173.181 linux-image-powerpc64-emb-lts-xenial - 4.4.0.173.181 linux-image-generic-lpae-lts-vivid - 4.4.0.173.181 linux-image-powerpc-smp-lts-wily - 4.4.0.173.181 linux-image-powerpc64-smp - 4.4.0.173.181 linux-image-lowlatency-lts-utopic - 4.4.0.173.181 linux-image-powerpc-smp-lts-vivid - 4.4.0.173.181 linux-image-lowlatency - 4.4.0.173.181 linux-image-virtual-lts-xenial - 4.4.0.173.181 linux-image-powerpc-smp-lts-utopic - 4.4.0.173.181 No subscription required Medium CVE-2019-14615 CVE-2019-15291 CVE-2019-18683 CVE-2019-18885 CVE-2019-19057 CVE-2019-19062 CVE-2019-19063 CVE-2019-19227 CVE-2019-19332 Ubuntu 16.04 LTS USN-4255-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that a race condition can lead to a use-after-free while destroying GEM contexts in the i915 driver for the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-7053) Update Instructions: Run `sudo pro fix USN-4255-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1058-aws - 4.15.0-1058.60~16.04.1 No subscription required linux-image-4.15.0-76-generic-lpae - 4.15.0-76.86~16.04.1 linux-image-4.15.0-76-generic - 4.15.0-76.86~16.04.1 linux-image-4.15.0-76-lowlatency - 4.15.0-76.86~16.04.1 No subscription required linux-image-aws-hwe - 4.15.0.1058.58 No subscription required linux-image-virtual-hwe-16.04 - 4.15.0.76.96 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.76.96 linux-image-virtual-hwe-16.04-edge - 4.15.0.76.96 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.76.96 linux-image-oem - 4.15.0.76.96 linux-image-lowlatency-hwe-16.04 - 4.15.0.76.96 linux-image-generic-hwe-16.04 - 4.15.0.76.96 linux-image-generic-lpae-hwe-16.04 - 4.15.0.76.96 linux-image-generic-hwe-16.04-edge - 4.15.0.76.96 No subscription required Medium CVE-2019-14615 CVE-2020-7053 Ubuntu 16.04 LTS It was discovered that Cyrus SASL incorrectly handled certain LDAP packets. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. Update Instructions: Run `sudo pro fix USN-4256-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsasl2-2 - 2.1.26.dfsg1-14ubuntu0.2 libsasl2-modules-gssapi-heimdal - 2.1.26.dfsg1-14ubuntu0.2 sasl2-bin - 2.1.26.dfsg1-14ubuntu0.2 libsasl2-modules-gssapi-mit - 2.1.26.dfsg1-14ubuntu0.2 libsasl2-dev - 2.1.26.dfsg1-14ubuntu0.2 libsasl2-modules-sql - 2.1.26.dfsg1-14ubuntu0.2 cyrus-sasl2-doc - 2.1.26.dfsg1-14ubuntu0.2 libsasl2-modules - 2.1.26.dfsg1-14ubuntu0.2 libsasl2-modules-otp - 2.1.26.dfsg1-14ubuntu0.2 libsasl2-modules-ldap - 2.1.26.dfsg1-14ubuntu0.2 libsasl2-modules-db - 2.1.26.dfsg1-14ubuntu0.2 No subscription required Medium CVE-2019-19906 Ubuntu 16.04 LTS It was discovered that OpenJDK incorrectly handled exceptions during deserialization in BeanContextSupport. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. (CVE-2020-2583) It was discovered that OpenJDK incorrectly validated properties of SASL messages included in Kerberos GSSAPI. An unauthenticated remote attacker with network access via Kerberos could possibly use this issue to insert, modify or obtain sensitive information. (CVE-2020-2590) It was discovered that OpenJDK incorrectly validated URLs. An attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2020-2593) It was discovered that OpenJDK Security component still used MD5 algorithm. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2020-2601) It was discovered that OpenJDK incorrectly handled the application of serialization filters. An attacker could possibly use this issue to bypass the intended filter during serialization. (CVE-2020-2604) Bo Zhang and Long Kuan discovered that OpenJDK incorrectly handled X.509 certificates. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-2654) Bengt Jonsson, Juraj Somorovsky, Kostis Sagonas, Paul Fiterau Brostean and Robert Merget discovered that OpenJDK incorrectly handled CertificateVerify TLS handshake messages. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11. (CVE-2020-2655) It was discovered that OpenJDK incorrectly enforced the limit of datagram sockets that can be created by a code running within a Java sandbox. An attacker could possibly use this issue to bypass the sandbox restrictions causing a denial of service. This issue only affected OpenJDK 8. (CVE-2020-2659) Update Instructions: Run `sudo pro fix USN-4257-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-8-doc - 8u242-b08-0ubuntu3~16.04 openjdk-8-jdk - 8u242-b08-0ubuntu3~16.04 openjdk-8-jre-headless - 8u242-b08-0ubuntu3~16.04 openjdk-8-jre - 8u242-b08-0ubuntu3~16.04 openjdk-8-jdk-headless - 8u242-b08-0ubuntu3~16.04 openjdk-8-source - 8u242-b08-0ubuntu3~16.04 openjdk-8-jre-zero - 8u242-b08-0ubuntu3~16.04 openjdk-8-demo - 8u242-b08-0ubuntu3~16.04 openjdk-8-jre-jamvm - 8u242-b08-0ubuntu3~16.04 No subscription required Medium CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2655 CVE-2020-2659 Ubuntu 16.04 LTS Michael Stepankin and Olga Barinova discovered that Apache Solr was vulnerable to an XXE attack. An attacker could use this vulnerability to remotely execute code. Update Instructions: Run `sudo pro fix USN-4259-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblucene3-java-doc - 3.6.2+dfsg-8ubuntu0.1 solr-tomcat - 3.6.2+dfsg-8ubuntu0.1 libsolr-java - 3.6.2+dfsg-8ubuntu0.1 solr-jetty - 3.6.2+dfsg-8ubuntu0.1 liblucene3-contrib-java - 3.6.2+dfsg-8ubuntu0.1 liblucene3-java - 3.6.2+dfsg-8ubuntu0.1 solr-common - 3.6.2+dfsg-8ubuntu0.1 No subscription required High CVE-2017-12629 Ubuntu 16.04 LTS Joe Vennix discovered that Sudo incorrectly handled memory operations when the pwfeedback option is enabled. A local attacker could possibly use this issue to obtain unintended access to the administrator account. Update Instructions: Run `sudo pro fix USN-4263-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sudo-ldap - 1.8.16-0ubuntu1.9 sudo - 1.8.16-0ubuntu1.9 No subscription required Low CVE-2019-18634 Ubuntu 16.04 LTS It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code. Update Instructions: Run `sudo pro fix USN-4265-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: spamassassin - 3.4.2-0ubuntu0.16.04.3 sa-compile - 3.4.2-0ubuntu0.16.04.3 spamc - 3.4.2-0ubuntu0.16.04.3 No subscription required Medium CVE-2020-1930 CVE-2020-1931 Ubuntu 16.04 LTS It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. Update Instructions: Run `sudo pro fix USN-4266-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgraphics-magick-perl - 1.3.23-1ubuntu0.6 libgraphicsmagick-q16-3 - 1.3.23-1ubuntu0.6 libgraphicsmagick1-dev - 1.3.23-1ubuntu0.6 graphicsmagick - 1.3.23-1ubuntu0.6 graphicsmagick-imagemagick-compat - 1.3.23-1ubuntu0.6 graphicsmagick-libmagick-dev-compat - 1.3.23-1ubuntu0.6 libgraphicsmagick++1-dev - 1.3.23-1ubuntu0.6 libgraphicsmagick++-q16-12 - 1.3.23-1ubuntu0.6 No subscription required Medium CVE-2017-17912 CVE-2017-17913 CVE-2017-17915 CVE-2017-18219 CVE-2017-18229 CVE-2017-18230 CVE-2017-18231 Ubuntu 16.04 LTS It was discovered that mbedtls has a bounds-check bypass through an integer overflow that can be used by an attacked to execute arbitrary code or cause a denial of service. (CVE-2017-18187) It was discovered that mbedtls has a vulnerability where an attacker could execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session. (CVE-2018-0487) It was discovered that mbedtls has a vulnerability where an attacker could execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session. (CVE-2018-0488) It was discovered that mbedtls has a vulnerability that allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. (CVE-2018-0497) It was discovered that mbedtls has a vulnerability that allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack. (CVE-2018-0498) Update Instructions: Run `sudo pro fix USN-4267-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmbedtls-doc - 2.2.1-2ubuntu0.3 libmbedtls-dev - 2.2.1-2ubuntu0.3 libmbedtls10 - 2.2.1-2ubuntu0.3 libmbedcrypto0 - 2.2.1-2ubuntu0.3 libmbedx509-0 - 2.2.1-2ubuntu0.3 No subscription required High CVE-2017-18187 CVE-2018-0487 CVE-2018-0488 CVE-2018-0497 CVE-2018-0498 Ubuntu 16.04 LTS It was discovered that systemd incorrectly handled certain PIDFile files. A local attacker could possibly use this issue to trick systemd into killing privileged processes. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-16888) It was discovered that systemd incorrectly handled certain udevadm trigger commands. A local attacker could possibly use this issue to cause systemd to consume resources, leading to a denial of service. (CVE-2019-20386) Jann Horn discovered that systemd incorrectly handled services that use the DynamicUser property. A local attacker could possibly use this issue to access resources owned by a different service in the future. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-3843, CVE-2019-3844) Tavis Ormandy discovered that systemd incorrectly handled certain Polkit queries. A local attacker could use this issue to cause systemd to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges. (CVE-2020-1712) Update Instructions: Run `sudo pro fix USN-4269-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: systemd-coredump - 229-4ubuntu21.27 systemd - 229-4ubuntu21.27 udev-udeb - 229-4ubuntu21.27 libsystemd0 - 229-4ubuntu21.27 systemd-container - 229-4ubuntu21.27 libnss-myhostname - 229-4ubuntu21.27 libudev1-udeb - 229-4ubuntu21.27 libudev1 - 229-4ubuntu21.27 libsystemd-dev - 229-4ubuntu21.27 systemd-journal-remote - 229-4ubuntu21.27 libpam-systemd - 229-4ubuntu21.27 libudev-dev - 229-4ubuntu21.27 libnss-mymachines - 229-4ubuntu21.27 libnss-resolve - 229-4ubuntu21.27 systemd-sysv - 229-4ubuntu21.27 udev - 229-4ubuntu21.27 No subscription required Medium CVE-2018-16888 CVE-2019-20386 CVE-2019-3843 CVE-2019-3844 CVE-2020-1712 Ubuntu 16.04 LTS It was discovered that Exiv2 incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4270-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exiv2 - 0.25-2.1ubuntu16.04.6 libexiv2-14 - 0.25-2.1ubuntu16.04.6 libexiv2-doc - 0.25-2.1ubuntu16.04.6 libexiv2-dev - 0.25-2.1ubuntu16.04.6 No subscription required Medium CVE-2019-20421 Ubuntu 16.04 LTS It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-16865, CVE-2019-19911) It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-5312) It was discovered that Pillow incorrectly handled certain TIFF images. An attacker could possibly use this issue to cause a crash. This issue only affected Ubuntu 19.10. (CVE-2020-5310) It was discovered that Pillow incorrectly handled certain SGI images. An attacker could possibly use this issue to execute arbitrary code or cause a crash. This issue only affected Ubuntu 18.04 and Ubuntu 19.10. (CVE-2020-5311) It was discovered that Pillow incorrectly handled certain PCX images. An attackter could possibly use this issue to execute arbitrary code or cause a crash. (CVE-2020-5312) It was discovered that Pillow incorrectly handled certain Flip images. An attacker could possibly use this issue to execute arbitrary code or cause a crash. (CVE-2020-5313) Update Instructions: Run `sudo pro fix USN-4272-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-pil.imagetk - 3.1.2-0ubuntu1.3 python-pil-doc - 3.1.2-0ubuntu1.3 python3-pil - 3.1.2-0ubuntu1.3 python-pil.imagetk - 3.1.2-0ubuntu1.3 python-imaging - 3.1.2-0ubuntu1.3 python-pil - 3.1.2-0ubuntu1.3 No subscription required Medium CVE-2019-16865 CVE-2019-19911 CVE-2020-5310 CVE-2020-5311 CVE-2020-5312 CVE-2020-5313 Ubuntu 16.04 LTS It was discovered that ReportLab incorrectly handled certain XML documents. If a user or automated system were tricked into processing a specially crafted document, a remote attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4273-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-reportlab-doc - 3.3.0-1ubuntu0.1 python-reportlab-accel - 3.3.0-1ubuntu0.1 python3-reportlab-accel - 3.3.0-1ubuntu0.1 python3-reportlab - 3.3.0-1ubuntu0.1 python-renderpm - 3.3.0-1ubuntu0.1 python-reportlab - 3.3.0-1ubuntu0.1 python3-renderpm - 3.3.0-1ubuntu0.1 No subscription required Medium CVE-2019-17626 Ubuntu 16.04 LTS It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-19956, CVE-2020-7595) Update Instructions: Run `sudo pro fix USN-4274-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxml2 - 2.9.3+dfsg1-1ubuntu0.7 libxml2-utils - 2.9.3+dfsg1-1ubuntu0.7 libxml2 - 2.9.3+dfsg1-1ubuntu0.7 libxml2-udeb - 2.9.3+dfsg1-1ubuntu0.7 libxml2-doc - 2.9.3+dfsg1-1ubuntu0.7 libxml2-dev - 2.9.3+dfsg1-1ubuntu0.7 No subscription required Low CVE-2019-19956 CVE-2020-7595 Ubuntu 16.04 LTS It was discovered that Qt incorrectly handled certain PPM images. If a user or automated system were tricked into opening a specially crafted PPM file, a remote attacker could cause Qt to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-19872) It was discovered that Qt incorrectly handled certain text files. If a user or automated system were tricked into opening a specially crafted text file, a remote attacker could cause Qt to crash, resulting in a denial of service. This issue only affected Ubuntu 19.10. (CVE-2019-18281) It was discovered that Qt incorrectly searched for plugins in the current working directory. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-0569) It was discovered that Qt incorrectly searched for libraries relative to the current working directory. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 19.10. (CVE-2020-0570) Update Instructions: Run `sudo pro fix USN-4275-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libqt5libqgtk2 - 5.5.1+dfsg-16ubuntu7.7 libqt5opengl5 - 5.5.1+dfsg-16ubuntu7.7 libqt5widgets5 - 5.5.1+dfsg-16ubuntu7.7 libqt5concurrent5 - 5.5.1+dfsg-16ubuntu7.7 libqt5sql5-mysql - 5.5.1+dfsg-16ubuntu7.7 qtbase5-dev - 5.5.1+dfsg-16ubuntu7.7 libqt5sql5-sqlite - 5.5.1+dfsg-16ubuntu7.7 libqt5sql5-psql - 5.5.1+dfsg-16ubuntu7.7 libqt5core5a - 5.5.1+dfsg-16ubuntu7.7 libqt5network5 - 5.5.1+dfsg-16ubuntu7.7 qt5-qmake-arm-linux-gnueabihf - 5.5.1+dfsg-16ubuntu7.7 libqt5sql5 - 5.5.1+dfsg-16ubuntu7.7 libqt5dbus5 - 5.5.1+dfsg-16ubuntu7.7 libqt5gui5 - 5.5.1+dfsg-16ubuntu7.7 libqt5opengl5-dev - 5.5.1+dfsg-16ubuntu7.7 qtbase5-doc-html - 5.5.1+dfsg-16ubuntu7.7 qtbase5-dev-tools - 5.5.1+dfsg-16ubuntu7.7 qt5-qmake - 5.5.1+dfsg-16ubuntu7.7 libqt5sql5-tds - 5.5.1+dfsg-16ubuntu7.7 qtbase5-private-dev - 5.5.1+dfsg-16ubuntu7.7 libqt5printsupport5 - 5.5.1+dfsg-16ubuntu7.7 libqt5xml5 - 5.5.1+dfsg-16ubuntu7.7 qtbase5-examples - 5.5.1+dfsg-16ubuntu7.7 libqt5test5 - 5.5.1+dfsg-16ubuntu7.7 libqt5sql5-odbc - 5.5.1+dfsg-16ubuntu7.7 qt5-default - 5.5.1+dfsg-16ubuntu7.7 No subscription required Medium CVE-2018-19872 CVE-2019-18281 CVE-2020-0569 CVE-2020-0570 Ubuntu 16.04 LTS Liu Bingchang discovered that libexif incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2016-6328) Lili Xu and Bingchang Liu discovered that libexif incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2017-7544) It was discovered that libexif incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-9278) Update Instructions: Run `sudo pro fix USN-4277-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libexif-dev - 0.6.21-2ubuntu0.1 libexif12 - 0.6.21-2ubuntu0.1 No subscription required Medium CVE-2016-6328 CVE-2017-7544 CVE-2019-9278 Ubuntu 16.04 LTS USN-4278-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4278-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nn - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ne - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nb - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fa - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fi - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fr - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fy - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-or - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kab - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-oc - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cs - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ga - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gd - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gn - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gl - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gu - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pa - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pl - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cy - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pt - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hi - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-uk - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-he - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hy - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hr - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hu - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-as - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ar - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ia - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-az - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-id - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mai - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-af - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-is - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-it - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-an - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bs - 73.0.1+build1-0ubuntu0.16.04.1 firefox - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ro - 73.0.1+build1-0ubuntu0.16.04.1 firefox-geckodriver - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ja - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ru - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-br - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zh-hant - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zh-hans - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bn - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-be - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bg - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sl - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sk - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-si - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sw - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sv - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sr - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sq - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ko - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kn - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-km - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kk - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ka - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-xh - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ca - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ku - 73.0.1+build1-0ubuntu0.16.04.1 firefox-mozsymbols - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lv - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lt - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-th - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hsb - 73.0.1+build1-0ubuntu0.16.04.1 firefox-dev - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-te - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cak - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ta - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lg - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-tr - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nso - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-de - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-da - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ms - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mr - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-my - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-uz - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ml - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mn - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mk - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ur - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-vi - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-eu - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-et - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-es - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-csb - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-el - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-eo - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-en - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zu - 73.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ast - 73.0.1+build1-0ubuntu0.16.04.1 No subscription required Medium CVE-2020-6796 CVE-2020-6798 CVE-2020-6800 CVE-2020-6801 Ubuntu 16.04 LTS It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2015-9253) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-7059) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2020-7060) Update Instructions: Run `sudo pro fix USN-4279-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.0-cgi - 7.0.33-0ubuntu0.16.04.11 php7.0-mcrypt - 7.0.33-0ubuntu0.16.04.11 php7.0-xsl - 7.0.33-0ubuntu0.16.04.11 php7.0-fpm - 7.0.33-0ubuntu0.16.04.11 libphp7.0-embed - 7.0.33-0ubuntu0.16.04.11 php7.0-phpdbg - 7.0.33-0ubuntu0.16.04.11 php7.0-curl - 7.0.33-0ubuntu0.16.04.11 php7.0-ldap - 7.0.33-0ubuntu0.16.04.11 php7.0-mbstring - 7.0.33-0ubuntu0.16.04.11 php7.0-gmp - 7.0.33-0ubuntu0.16.04.11 php7.0-sqlite3 - 7.0.33-0ubuntu0.16.04.11 php7.0-gd - 7.0.33-0ubuntu0.16.04.11 php7.0-common - 7.0.33-0ubuntu0.16.04.11 php7.0-enchant - 7.0.33-0ubuntu0.16.04.11 php7.0-odbc - 7.0.33-0ubuntu0.16.04.11 php7.0-cli - 7.0.33-0ubuntu0.16.04.11 php7.0-json - 7.0.33-0ubuntu0.16.04.11 php7.0-pgsql - 7.0.33-0ubuntu0.16.04.11 libapache2-mod-php7.0 - 7.0.33-0ubuntu0.16.04.11 php7.0-zip - 7.0.33-0ubuntu0.16.04.11 php7.0-mysql - 7.0.33-0ubuntu0.16.04.11 php7.0-dba - 7.0.33-0ubuntu0.16.04.11 php7.0-sybase - 7.0.33-0ubuntu0.16.04.11 php7.0-pspell - 7.0.33-0ubuntu0.16.04.11 php7.0-xml - 7.0.33-0ubuntu0.16.04.11 php7.0-bz2 - 7.0.33-0ubuntu0.16.04.11 php7.0-recode - 7.0.33-0ubuntu0.16.04.11 php7.0-soap - 7.0.33-0ubuntu0.16.04.11 php7.0 - 7.0.33-0ubuntu0.16.04.11 php7.0-tidy - 7.0.33-0ubuntu0.16.04.11 php7.0-interbase - 7.0.33-0ubuntu0.16.04.11 php7.0-opcache - 7.0.33-0ubuntu0.16.04.11 php7.0-readline - 7.0.33-0ubuntu0.16.04.11 php7.0-intl - 7.0.33-0ubuntu0.16.04.11 php7.0-imap - 7.0.33-0ubuntu0.16.04.11 php7.0-xmlrpc - 7.0.33-0ubuntu0.16.04.11 php7.0-bcmath - 7.0.33-0ubuntu0.16.04.11 php7.0-dev - 7.0.33-0ubuntu0.16.04.11 php7.0-snmp - 7.0.33-0ubuntu0.16.04.11 No subscription required Medium CVE-2015-9253 CVE-2020-7059 CVE-2020-7060 Ubuntu 16.04 LTS USN-4279-1 fixed vulnerabilities in PHP. The updated packages caused a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2015-9253) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-7059) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2020-7060) Update Instructions: Run `sudo pro fix USN-4279-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.0-cgi - 7.0.33-0ubuntu0.16.04.12 php7.0-mcrypt - 7.0.33-0ubuntu0.16.04.12 php7.0-xsl - 7.0.33-0ubuntu0.16.04.12 php7.0-fpm - 7.0.33-0ubuntu0.16.04.12 libphp7.0-embed - 7.0.33-0ubuntu0.16.04.12 php7.0-phpdbg - 7.0.33-0ubuntu0.16.04.12 php7.0-curl - 7.0.33-0ubuntu0.16.04.12 php7.0-ldap - 7.0.33-0ubuntu0.16.04.12 php7.0-mbstring - 7.0.33-0ubuntu0.16.04.12 php7.0-gmp - 7.0.33-0ubuntu0.16.04.12 php7.0-sqlite3 - 7.0.33-0ubuntu0.16.04.12 php7.0-gd - 7.0.33-0ubuntu0.16.04.12 php7.0-common - 7.0.33-0ubuntu0.16.04.12 php7.0-enchant - 7.0.33-0ubuntu0.16.04.12 php7.0-soap - 7.0.33-0ubuntu0.16.04.12 php7.0-odbc - 7.0.33-0ubuntu0.16.04.12 php7.0-cli - 7.0.33-0ubuntu0.16.04.12 php7.0-json - 7.0.33-0ubuntu0.16.04.12 php7.0-pgsql - 7.0.33-0ubuntu0.16.04.12 libapache2-mod-php7.0 - 7.0.33-0ubuntu0.16.04.12 php7.0-mysql - 7.0.33-0ubuntu0.16.04.12 php7.0-dba - 7.0.33-0ubuntu0.16.04.12 php7.0-sybase - 7.0.33-0ubuntu0.16.04.12 php7.0-pspell - 7.0.33-0ubuntu0.16.04.12 php7.0-xml - 7.0.33-0ubuntu0.16.04.12 php7.0-bz2 - 7.0.33-0ubuntu0.16.04.12 php7.0-recode - 7.0.33-0ubuntu0.16.04.12 php7.0-zip - 7.0.33-0ubuntu0.16.04.12 php7.0 - 7.0.33-0ubuntu0.16.04.12 php7.0-tidy - 7.0.33-0ubuntu0.16.04.12 php7.0-interbase - 7.0.33-0ubuntu0.16.04.12 php7.0-opcache - 7.0.33-0ubuntu0.16.04.12 php7.0-readline - 7.0.33-0ubuntu0.16.04.12 php7.0-intl - 7.0.33-0ubuntu0.16.04.12 php7.0-imap - 7.0.33-0ubuntu0.16.04.12 php7.0-xmlrpc - 7.0.33-0ubuntu0.16.04.12 php7.0-bcmath - 7.0.33-0ubuntu0.16.04.12 php7.0-dev - 7.0.33-0ubuntu0.16.04.12 php7.0-snmp - 7.0.33-0ubuntu0.16.04.12 No subscription required None https://launchpad.net/bugs/1863850 Ubuntu 16.04 LTS It was discovered that ClamAV incorrectly handled memory when the Data-Loss-Prevention (DLP) feature was enabled. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4280-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.102.2+dfsg-0ubuntu0.16.04.1 clamav-testfiles - 0.102.2+dfsg-0ubuntu0.16.04.1 clamav-base - 0.102.2+dfsg-0ubuntu0.16.04.1 clamav - 0.102.2+dfsg-0ubuntu0.16.04.1 clamav-daemon - 0.102.2+dfsg-0ubuntu0.16.04.1 clamav-docs - 0.102.2+dfsg-0ubuntu0.16.04.1 clamav-milter - 0.102.2+dfsg-0ubuntu0.16.04.1 clamav-freshclam - 0.102.2+dfsg-0ubuntu0.16.04.1 libclamav9 - 0.102.2+dfsg-0ubuntu0.16.04.1 clamdscan - 0.102.2+dfsg-0ubuntu0.16.04.1 No subscription required Medium CVE-2020-3123 Ubuntu 16.04 LTS Felipe Franciosi, Raphael Norwitz, and Peter Turschmid discovered that QEMU incorrectly handled iSCSI server responses. A remote attacker in control of the iSCSI server could use this issue to cause QEMU to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2020-1711) It was discovered that the QEMU libslirp component incorrectly handled memory. A remote attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-7039, CVE-2020-8608) Update Instructions: Run `sudo pro fix USN-4283-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.5+dfsg-5ubuntu10.43 qemu-user-static - 1:2.5+dfsg-5ubuntu10.43 qemu-system-s390x - 1:2.5+dfsg-5ubuntu10.43 qemu-block-extra - 1:2.5+dfsg-5ubuntu10.43 qemu-kvm - 1:2.5+dfsg-5ubuntu10.43 qemu-user - 1:2.5+dfsg-5ubuntu10.43 qemu-guest-agent - 1:2.5+dfsg-5ubuntu10.43 qemu-system - 1:2.5+dfsg-5ubuntu10.43 qemu-utils - 1:2.5+dfsg-5ubuntu10.43 qemu-system-aarch64 - 1:2.5+dfsg-5ubuntu10.43 qemu-system-mips - 1:2.5+dfsg-5ubuntu10.43 qemu-user-binfmt - 1:2.5+dfsg-5ubuntu10.43 qemu-system-x86 - 1:2.5+dfsg-5ubuntu10.43 qemu-system-arm - 1:2.5+dfsg-5ubuntu10.43 qemu-system-sparc - 1:2.5+dfsg-5ubuntu10.43 qemu - 1:2.5+dfsg-5ubuntu10.43 qemu-system-ppc - 1:2.5+dfsg-5ubuntu10.43 qemu-system-misc - 1:2.5+dfsg-5ubuntu10.43 No subscription required Medium CVE-2020-1711 CVE-2020-7039 CVE-2020-8608 Ubuntu 16.04 LTS It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15220) Julien Grall discovered that the Xen balloon memory driver in the Linux kernel did not properly restrict the amount of memory set aside for page mappings in some situations. An attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-17351) It was discovered that the Intel WiMAX 2400 driver in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19051) It was discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to possibly cause a denial of service (kernel memory exhaustion). (CVE-2019-19056) It was discovered that the Brocade BFA Fibre Channel device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19066) It was discovered that the Realtek RTL8xxx USB Wi-Fi device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19068) Gao Chuan discovered that the SAS Class driver in the Linux kernel contained a race condition that could lead to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-19965) It was discovered that the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel did not properly deallocate memory in certain error conditions. An attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-20096) Mitchell Frank discovered that the Wi-Fi implementation in the Linux kernel when used as an access point would send IAPP location updates for stations before client authentication had completed. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-5108) It was discovered that ZR364XX Camera USB device driver for the Linux kernel did not properly initialize memory. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15217) It was discovered that the Line 6 POD USB device driver in the Linux kernel did not properly validate data size information from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15221) Update Instructions: Run `sudo pro fix USN-4286-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1066-kvm - 4.4.0-1066.73 No subscription required linux-image-4.4.0-1102-aws - 4.4.0-1102.113 No subscription required linux-image-4.4.0-1129-raspi2 - 4.4.0-1129.138 No subscription required linux-image-4.4.0-1133-snapdragon - 4.4.0-1133.141 No subscription required linux-image-4.4.0-174-powerpc-e500mc - 4.4.0-174.204 linux-image-4.4.0-174-powerpc64-emb - 4.4.0-174.204 linux-image-4.4.0-174-lowlatency - 4.4.0-174.204 linux-image-4.4.0-174-powerpc-smp - 4.4.0-174.204 linux-image-4.4.0-174-generic - 4.4.0-174.204 linux-image-4.4.0-174-powerpc64-smp - 4.4.0-174.204 linux-image-4.4.0-174-generic-lpae - 4.4.0-174.204 No subscription required linux-image-kvm - 4.4.0.1066.66 No subscription required linux-image-aws - 4.4.0.1102.106 No subscription required linux-image-raspi2 - 4.4.0.1129.129 No subscription required linux-image-snapdragon - 4.4.0.1133.125 No subscription required linux-image-generic-lts-wily - 4.4.0.174.182 linux-image-generic-lpae-lts-utopic - 4.4.0.174.182 linux-image-powerpc64-emb-lts-vivid - 4.4.0.174.182 linux-image-powerpc-e500mc - 4.4.0.174.182 linux-image-generic-lpae-lts-xenial - 4.4.0.174.182 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.174.182 linux-image-generic-lts-utopic - 4.4.0.174.182 linux-image-powerpc-e500mc-lts-wily - 4.4.0.174.182 linux-image-generic-lts-vivid - 4.4.0.174.182 linux-image-generic-lpae-lts-wily - 4.4.0.174.182 linux-image-virtual-lts-vivid - 4.4.0.174.182 linux-image-virtual-lts-utopic - 4.4.0.174.182 linux-image-virtual - 4.4.0.174.182 linux-image-powerpc64-emb-lts-wily - 4.4.0.174.182 linux-image-lowlatency-lts-vivid - 4.4.0.174.182 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.174.182 linux-image-powerpc64-emb - 4.4.0.174.182 linux-image-powerpc-smp-lts-xenial - 4.4.0.174.182 linux-image-powerpc64-smp-lts-vivid - 4.4.0.174.182 linux-image-lowlatency-lts-wily - 4.4.0.174.182 linux-image-virtual-lts-wily - 4.4.0.174.182 linux-image-generic - 4.4.0.174.182 linux-image-lowlatency-lts-xenial - 4.4.0.174.182 linux-image-powerpc64-smp-lts-xenial - 4.4.0.174.182 linux-image-powerpc64-emb-lts-utopic - 4.4.0.174.182 linux-image-generic-lts-xenial - 4.4.0.174.182 linux-image-powerpc-smp - 4.4.0.174.182 linux-image-generic-lpae-lts-vivid - 4.4.0.174.182 linux-image-generic-lpae - 4.4.0.174.182 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.174.182 linux-image-powerpc64-smp-lts-wily - 4.4.0.174.182 linux-image-powerpc64-emb-lts-xenial - 4.4.0.174.182 linux-image-powerpc-smp-lts-wily - 4.4.0.174.182 linux-image-powerpc64-smp - 4.4.0.174.182 linux-image-powerpc64-smp-lts-utopic - 4.4.0.174.182 linux-image-lowlatency-lts-utopic - 4.4.0.174.182 linux-image-powerpc-smp-lts-vivid - 4.4.0.174.182 linux-image-lowlatency - 4.4.0.174.182 linux-image-virtual-lts-xenial - 4.4.0.174.182 linux-image-powerpc-smp-lts-utopic - 4.4.0.174.182 No subscription required Medium CVE-2019-14615 CVE-2019-15217 CVE-2019-15220 CVE-2019-15221 CVE-2019-17351 CVE-2019-19051 CVE-2019-19056 CVE-2019-19066 CVE-2019-19068 CVE-2019-19965 CVE-2019-20096 CVE-2019-5108 Ubuntu 16.04 LTS It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15099) It was discovered that the HSA Linux kernel driver for AMD GPU devices did not properly check for errors in certain situations, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service. (CVE-2019-16229) It was discovered that the Marvell 8xxx Libertas WLAN device driver in the Linux kernel did not properly check for errors in certain situations, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service. (CVE-2019-16232) It was discovered that a race condition existed in the Virtual Video Test Driver in the Linux kernel. An attacker with write access to /dev/video0 on a system with the vivid module loaded could possibly use this to gain administrative privileges. (CVE-2019-18683) It was discovered that the Renesas Digital Radio Interface (DRIF) driver in the Linux kernel did not properly initialize data. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-18786) It was discovered that the Afatech AF9005 DVB-T USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-18809) It was discovered that the btrfs file system in the Linux kernel did not properly validate metadata, leading to a NULL pointer dereference. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service (system crash). (CVE-2019-18885) It was discovered that multiple memory leaks existed in the Marvell WiFi-Ex Driver for the Linux kernel. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19057) It was discovered that the crypto subsystem in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19062) It was discovered that the Realtek rtlwifi USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19063) It was discovered that the RSI 91x WLAN device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19071) It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19078) It was discovered that the AMD GPU device drivers in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to possibly cause a denial of service (kernel memory exhaustion). (CVE-2019-19082) Dan Carpenter discovered that the AppleTalk networking subsystem of the Linux kernel did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-19227) It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly handle ioctl requests to get emulated CPUID features. An attacker with access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-19332) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle certain conditions. An attacker could use this to specially craft an ext4 file system that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19767) Gao Chuan discovered that the SAS Class driver in the Linux kernel contained a race condition that could lead to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-19965) It was discovered that the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel did not properly deallocate memory in certain error conditions. An attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-20096) Mitchell Frank discovered that the Wi-Fi implementation in the Linux kernel when used as an access point would send IAPP location updates for stations before client authentication had completed. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-5108) It was discovered that a race condition can lead to a use-after-free while destroying GEM contexts in the i915 driver for the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-7053) It was discovered that the B2C2 FlexCop USB device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15291) Update Instructions: Run `sudo pro fix USN-4287-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1033-oracle - 4.15.0-1033.36~16.04.1 No subscription required linux-image-4.15.0-1055-gcp - 4.15.0-1055.59 No subscription required linux-image-4.15.0-1060-aws - 4.15.0-1060.62~16.04.1 No subscription required linux-image-4.15.0-1071-azure - 4.15.0-1071.76 No subscription required linux-image-4.15.0-88-generic-lpae - 4.15.0-88.88~16.04.1 linux-image-4.15.0-88-generic - 4.15.0-88.88~16.04.1 linux-image-4.15.0-88-lowlatency - 4.15.0-88.88~16.04.1 No subscription required linux-image-oracle - 4.15.0.1033.26 No subscription required linux-image-gke - 4.15.0.1055.69 linux-image-gcp - 4.15.0.1055.69 No subscription required linux-image-aws-hwe - 4.15.0.1060.60 No subscription required linux-image-azure-edge - 4.15.0.1071.74 linux-image-azure - 4.15.0.1071.74 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.88.98 linux-image-generic-hwe-16.04 - 4.15.0.88.98 linux-image-generic-hwe-16.04-edge - 4.15.0.88.98 linux-image-generic-lpae-hwe-16.04 - 4.15.0.88.98 linux-image-virtual-hwe-16.04 - 4.15.0.88.98 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.88.98 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.88.98 linux-image-oem - 4.15.0.88.98 linux-image-lowlatency-hwe-16.04 - 4.15.0.88.98 No subscription required Medium CVE-2019-14615 CVE-2019-15099 CVE-2019-15291 CVE-2019-16229 CVE-2019-16232 CVE-2019-18683 CVE-2019-18786 CVE-2019-18809 CVE-2019-18885 CVE-2019-19057 CVE-2019-19062 CVE-2019-19063 CVE-2019-19071 CVE-2019-19078 CVE-2019-19082 CVE-2019-19227 CVE-2019-19332 CVE-2019-19767 CVE-2019-19965 CVE-2019-20096 CVE-2019-5108 CVE-2020-7053 Ubuntu 16.04 LTS It was discovered that ppp incorrectly handled certain rhostname values. A remote attacker could use this issue to cause ppp to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4288-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ppp-udeb - 2.4.7-1+2ubuntu1.16.04.2 ppp - 2.4.7-1+2ubuntu1.16.04.2 ppp-dev - 2.4.7-1+2ubuntu1.16.04.2 No subscription required Medium CVE-2020-8597 Ubuntu 16.04 LTS Jeriko One discovered that Squid incorrectly handled memory when connected to an FTP server. A remote attacker could possibly use this issue to obtain sensitive information from Squid memory. (CVE-2019-12528) Regis Leroy discovered that Squid incorrectly handled certain HTTP requests. A remote attacker could possibly use this issue to access server resources prohibited by earlier security filters. (CVE-2020-8449) Guido Vranken discovered that Squid incorrectly handled certain buffer operations when acting as a reverse proxy. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-8450) Aaron Costello discovered that Squid incorrectly handled certain NTLM authentication credentials. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2020-8517) Update Instructions: Run `sudo pro fix USN-4289-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squid-common - 3.5.12-1ubuntu7.10 squid - 3.5.12-1ubuntu7.10 squid-cgi - 3.5.12-1ubuntu7.10 squid-purge - 3.5.12-1ubuntu7.10 squidclient - 3.5.12-1ubuntu7.10 squid3 - 3.5.12-1ubuntu7.10 No subscription required Medium CVE-2019-12528 CVE-2020-8449 CVE-2020-8450 CVE-2020-8517 Ubuntu 16.04 LTS It was discovered that libpam-radius-auth incorrectly handled certain long passwords. A remote attacker could possibly use this issue to cause libpam-radius-auth to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4290-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpam-radius-auth - 1.3.17-0ubuntu4.1 No subscription required Medium CVE-2015-9542 Ubuntu 16.04 LTS It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841) It was discovered that rsync incorrectly handled vectors involving left shifts of negative integers in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9842) It was discovered that rsync incorrectly handled vectors involving big-endian CRC calculation in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9843) Update Instructions: Run `sudo pro fix USN-4292-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rsync - 3.1.1-3ubuntu1.3 No subscription required Low CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 Ubuntu 16.04 LTS It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to access sensitive information. (CVE-2019-19221) It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to cause a crash resulting in a denial of service or possibly unspecified other impact. This issue only affected Ubuntu 19.10. (CVE-2020-9308) Update Instructions: Run `sudo pro fix USN-4293-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bsdcpio - 3.1.2-11ubuntu0.16.04.8 libarchive13 - 3.1.2-11ubuntu0.16.04.8 bsdtar - 3.1.2-11ubuntu0.16.04.8 libarchive-dev - 3.1.2-11ubuntu0.16.04.8 No subscription required Medium CVE-2019-19221 CVE-2020-9308 Ubuntu 16.04 LTS It was discovered that Rake incorrectly handled certain files. An attacker could use this issue to possibly execute arbitrary commands. Update Instructions: Run `sudo pro fix USN-4295-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rake - 10.5.0-2ubuntu0.1 No subscription required Medium CVE-2020-8130 Ubuntu 16.04 LTS Norbert Szetei discovered that Django incorrectly handled the GIS functions and aggregates on Oracle. A remote attacker could possibly use this issue to perform an SQL injection attack. Update Instructions: Run `sudo pro fix USN-4296-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1.8.7-1ubuntu5.12 python-django-doc - 1.8.7-1ubuntu5.12 python-django-common - 1.8.7-1ubuntu5.12 python-django - 1.8.7-1ubuntu5.12 No subscription required Medium CVE-2020-9402 Ubuntu 16.04 LTS It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-13734, CVE-2019-13750, CVE-2019-13753) It was discovered that SQLite incorrectly handled certain corrupt records. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-13751) It was discovered that SQLite incorrectly handled certain queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10. (CVE-2019-19880) It was discovered that SQLite incorrectly handled certain queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-19923) It was discovered that SQLite incorrectly handled parser tree rewriting. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10. (CVE-2019-19924) It was discovered that SQLite incorrectly handled certain ZIP archives. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-19925, CVE-2019-19959) It was discovered that SQLite incorrectly handled errors during parsing. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-19926) It was discovered that SQLite incorrectly handled parsing errors. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-20218) It was discovered that SQLite incorrectly handled generated column optimizations. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2020-9327) Update Instructions: Run `sudo pro fix USN-4298-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lemon - 3.11.0-1ubuntu1.4 sqlite3-doc - 3.11.0-1ubuntu1.4 libsqlite3-0 - 3.11.0-1ubuntu1.4 libsqlite3-tcl - 3.11.0-1ubuntu1.4 sqlite3 - 3.11.0-1ubuntu1.4 libsqlite3-dev - 3.11.0-1ubuntu1.4 No subscription required Medium CVE-2019-13734 CVE-2019-13750 CVE-2019-13751 CVE-2019-13752 CVE-2019-13753 CVE-2019-19880 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19959 CVE-2019-20218 CVE-2020-9327 Ubuntu 16.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the URL or other browser chrome, obtain sensitive information, bypass Content Security Policy (CSP) protections, or execute arbitrary code. (CVE-2019-20503, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6808, CVE-2020-6810, CVE-2020-6812, CVE-2020-6813, CVE-2020-6814, CVE-2020-6815) It was discovered that Web Extensions with the all-url permission could access local files. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit this to obtain sensitive information. (CVE-2020-6809) It was discovered that the Devtools' 'Copy as cURL' feature did not fully escape website-controlled data. If a user were tricked in to using the 'Copy as cURL' feature to copy and paste a command with specially crafted data in to a terminal, an attacker could potentially exploit this to execute arbitrary commands via command injection. (CVE-2020-6811) Update Instructions: Run `sudo pro fix USN-4299-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-nn - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-ne - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-nb - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-fa - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-fi - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-fr - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-fy - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-or - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-kab - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-oc - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-cs - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-ga - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-gd - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-gn - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-gl - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-gu - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-pa - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-pl - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-cy - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-pt - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-hi - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-uk - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-he - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-hy - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-hr - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-hu - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-as - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-ar - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-ia - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-az - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-id - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-mai - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-af - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-is - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-it - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-an - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-bs - 74.0+build3-0ubuntu0.16.04.1 firefox - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-ro - 74.0+build3-0ubuntu0.16.04.1 firefox-geckodriver - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-ja - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-ru - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-br - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-zh-hant - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-zh-hans - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-bn - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-be - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-bg - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-sl - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-sk - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-si - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-sw - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-sv - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-sr - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-sq - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-ko - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-kn - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-km - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-kk - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-ka - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-xh - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-ca - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-ku - 74.0+build3-0ubuntu0.16.04.1 firefox-mozsymbols - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-lv - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-lt - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-th - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-hsb - 74.0+build3-0ubuntu0.16.04.1 firefox-dev - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-te - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-cak - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-ta - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-lg - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-tr - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-nso - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-de - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-da - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-ms - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-mr - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-my - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-uz - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-ml - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-mn - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-mk - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-ur - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-vi - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-eu - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-et - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-es - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-csb - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-el - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-eo - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-en - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-zu - 74.0+build3-0ubuntu0.16.04.1 firefox-locale-ast - 74.0+build3-0ubuntu0.16.04.1 No subscription required Medium CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6808 CVE-2020-6809 CVE-2020-6810 CVE-2020-6811 CVE-2020-6812 CVE-2020-6813 CVE-2020-6814 CVE-2020-6815 Ubuntu 16.04 LTS Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested (level 2) guest access the resources of a parent (level 1) guest in certain situations. An attacker could use this to expose sensitive information. (CVE-2020-2732) Gregory Herrero discovered that the fix for CVE-2019-14615 to address the Linux kernel not properly clearing data structures on context switches for certain Intel graphics processors was incomplete. A local attacker could use this to expose sensitive information. (CVE-2020-8832) It was discovered that the IPMI message handler implementation in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19046) It was discovered that the Intel WiMAX 2400 driver in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19051) It was discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to possibly cause a denial of service (kernel memory exhaustion). (CVE-2019-19056) It was discovered that the Intel(R) Wi-Fi device driver in the Linux kernel device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19058) It was discovered that the Brocade BFA Fibre Channel device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19066) It was discovered that the Realtek RTL8xxx USB Wi-Fi device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19068) It was discovered that ZR364XX Camera USB device driver for the Linux kernel did not properly initialize memory. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15217) Update Instructions: Run `sudo pro fix USN-4302-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1035-oracle - 4.15.0-1035.38~16.04.1 No subscription required linux-image-4.15.0-1058-gcp - 4.15.0-1058.62 No subscription required linux-image-4.15.0-1063-aws - 4.15.0-1063.67~16.04.1 No subscription required linux-image-4.15.0-1075-azure - 4.15.0-1075.80 No subscription required linux-image-4.15.0-91-generic - 4.15.0-91.92~16.04.1 linux-image-4.15.0-91-generic-lpae - 4.15.0-91.92~16.04.1 linux-image-4.15.0-91-lowlatency - 4.15.0-91.92~16.04.1 No subscription required linux-image-oracle - 4.15.0.1035.28 No subscription required linux-image-gke - 4.15.0.1058.72 linux-image-gcp - 4.15.0.1058.72 No subscription required linux-image-aws-hwe - 4.15.0.1063.63 No subscription required linux-image-azure-edge - 4.15.0.1075.78 linux-image-azure - 4.15.0.1075.78 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.91.101 linux-image-generic-hwe-16.04 - 4.15.0.91.101 linux-image-generic-hwe-16.04-edge - 4.15.0.91.101 linux-image-generic-lpae-hwe-16.04 - 4.15.0.91.101 linux-image-virtual-hwe-16.04 - 4.15.0.91.101 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.91.101 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.91.101 linux-image-oem - 4.15.0.91.101 linux-image-lowlatency-hwe-16.04 - 4.15.0.91.101 No subscription required Medium CVE-2019-15217 CVE-2019-19046 CVE-2019-19051 CVE-2019-19056 CVE-2019-19058 CVE-2019-19066 CVE-2019-19068 CVE-2020-2732 CVE-2020-8832 Ubuntu 16.04 LTS Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested (level 2) guest access the resources of a parent (level 1) guest in certain situations. An attacker could use this to expose sensitive information. Update Instructions: Run `sudo pro fix USN-4303-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1068-kvm - 4.4.0-1068.75 No subscription required linux-image-4.4.0-1104-aws - 4.4.0-1104.115 No subscription required linux-image-4.4.0-1130-raspi2 - 4.4.0-1130.139 No subscription required linux-image-4.4.0-1134-snapdragon - 4.4.0-1134.142 No subscription required linux-image-4.4.0-176-powerpc64-emb - 4.4.0-176.206 linux-image-4.4.0-176-generic-lpae - 4.4.0-176.206 linux-image-4.4.0-176-lowlatency - 4.4.0-176.206 linux-image-4.4.0-176-powerpc-e500mc - 4.4.0-176.206 linux-image-4.4.0-176-generic - 4.4.0-176.206 linux-image-4.4.0-176-powerpc64-smp - 4.4.0-176.206 linux-image-4.4.0-176-powerpc-smp - 4.4.0-176.206 No subscription required linux-image-kvm - 4.4.0.1068.68 No subscription required linux-image-aws - 4.4.0.1104.108 No subscription required linux-image-raspi2 - 4.4.0.1130.130 No subscription required linux-image-snapdragon - 4.4.0.1134.126 No subscription required linux-image-generic-lts-wily - 4.4.0.176.184 linux-image-powerpc64-emb-lts-vivid - 4.4.0.176.184 linux-image-powerpc-e500mc - 4.4.0.176.184 linux-image-generic-lpae-lts-xenial - 4.4.0.176.184 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.176.184 linux-image-generic-lpae-lts-utopic - 4.4.0.176.184 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.176.184 linux-image-generic-lts-utopic - 4.4.0.176.184 linux-image-powerpc-e500mc-lts-wily - 4.4.0.176.184 linux-image-generic-lpae-lts-wily - 4.4.0.176.184 linux-image-virtual-lts-vivid - 4.4.0.176.184 linux-image-virtual-lts-utopic - 4.4.0.176.184 linux-image-virtual - 4.4.0.176.184 linux-image-powerpc64-emb-lts-wily - 4.4.0.176.184 linux-image-generic - 4.4.0.176.184 linux-image-lowlatency-lts-vivid - 4.4.0.176.184 linux-image-powerpc64-smp-lts-utopic - 4.4.0.176.184 linux-image-powerpc64-emb - 4.4.0.176.184 linux-image-powerpc-smp-lts-xenial - 4.4.0.176.184 linux-image-powerpc64-smp-lts-vivid - 4.4.0.176.184 linux-image-lowlatency-lts-wily - 4.4.0.176.184 linux-image-virtual-lts-wily - 4.4.0.176.184 linux-image-lowlatency-lts-xenial - 4.4.0.176.184 linux-image-powerpc64-smp-lts-xenial - 4.4.0.176.184 linux-image-powerpc64-emb-lts-utopic - 4.4.0.176.184 linux-image-generic-lts-xenial - 4.4.0.176.184 linux-image-generic-lts-vivid - 4.4.0.176.184 linux-image-powerpc-smp - 4.4.0.176.184 linux-image-generic-lpae-lts-vivid - 4.4.0.176.184 linux-image-generic-lpae - 4.4.0.176.184 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.176.184 linux-image-powerpc64-smp-lts-wily - 4.4.0.176.184 linux-image-powerpc64-emb-lts-xenial - 4.4.0.176.184 linux-image-powerpc-smp-lts-wily - 4.4.0.176.184 linux-image-powerpc64-smp - 4.4.0.176.184 linux-image-lowlatency-lts-utopic - 4.4.0.176.184 linux-image-powerpc-smp-lts-vivid - 4.4.0.176.184 linux-image-lowlatency - 4.4.0.176.184 linux-image-virtual-lts-xenial - 4.4.0.176.184 linux-image-powerpc-smp-lts-utopic - 4.4.0.176.184 No subscription required Medium CVE-2020-2732 Ubuntu 16.04 LTS André Bargull discovered that ICU incorrectly handled certain strings. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4305-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: icu-devtools - 55.1-7ubuntu0.5 libicu55 - 55.1-7ubuntu0.5 libicu-dev - 55.1-7ubuntu0.5 icu-doc - 55.1-7ubuntu0.5 No subscription required Medium CVE-2020-10531 Ubuntu 16.04 LTS it was discovered that Twisted incorrectly validated or sanitized certain URIs or HTTP methods. A remote attacker could use this issue to inject invalid characters and possibly perform header injection attacks. (CVE-2019-12387) It was discovered that Twisted incorrectly verified XMPP TLS certificates. A remote attacker could possibly use this issue to perform a machine-in-the-middle attack and obtain sensitive information. (CVE-2019-12855) It was discovered that Twisted incorrectly handled HTTP/2 connections. A remote attacker could possibly use this issue to cause Twisted to hang or consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-9512, CVE-2019-9514, CVE-2019-9515) Jake Miller and ZeddYu Lu discovered that Twisted incorrectly handled certain content-length headers. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. (CVE-2020-10108, CVE-2020-10109) Update Instructions: Run `sudo pro fix USN-4308-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: twisted-doc - 16.0.0-1ubuntu0.4 python-twisted-news - 16.0.0-1ubuntu0.4 python3-twisted - 16.0.0-1ubuntu0.4 python-twisted-names - 16.0.0-1ubuntu0.4 python-twisted-words - 16.0.0-1ubuntu0.4 python-twisted-runner - 16.0.0-1ubuntu0.4 python-twisted-core - 16.0.0-1ubuntu0.4 python-twisted-web - 16.0.0-1ubuntu0.4 python-twisted - 16.0.0-1ubuntu0.4 python-twisted-mail - 16.0.0-1ubuntu0.4 python-twisted-bin - 16.0.0-1ubuntu0.4 No subscription required python-twisted-conch - 1:16.0.0-1ubuntu0.4 No subscription required Medium CVE-2019-12387 CVE-2019-12855 CVE-2019-9512 CVE-2019-9514 CVE-2019-9515 CVE-2020-10108 CVE-2020-10109 Ubuntu 16.04 LTS It was discovered that Vim incorrectly handled certain sources. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS (CVE-2017-11109) It was discovered that Vim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. (CVE-2017-5953) It was discovered that Vim incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.06 LTS. (CVE-2018-20786) It was discovered that Vim incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-20079) It was discovered that Vim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2017-6349, CVE-2017-6350) Update Instructions: Run `sudo pro fix USN-4309-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:7.4.1689-3ubuntu1.4 vim-nox-py2 - 2:7.4.1689-3ubuntu1.4 vim-gnome - 2:7.4.1689-3ubuntu1.4 vim-athena-py2 - 2:7.4.1689-3ubuntu1.4 vim-athena - 2:7.4.1689-3ubuntu1.4 vim-gtk - 2:7.4.1689-3ubuntu1.4 vim-gui-common - 2:7.4.1689-3ubuntu1.4 vim - 2:7.4.1689-3ubuntu1.4 vim-gtk3-py2 - 2:7.4.1689-3ubuntu1.4 vim-doc - 2:7.4.1689-3ubuntu1.4 vim-gtk-py2 - 2:7.4.1689-3ubuntu1.4 vim-tiny - 2:7.4.1689-3ubuntu1.4 vim-gnome-py2 - 2:7.4.1689-3ubuntu1.4 vim-gtk3 - 2:7.4.1689-3ubuntu1.4 vim-nox - 2:7.4.1689-3ubuntu1.4 vim-runtime - 2:7.4.1689-3ubuntu1.4 No subscription required Low CVE-2017-11109 CVE-2017-5953 CVE-2017-6349 CVE-2017-6350 CVE-2018-20786 CVE-2019-20079 Ubuntu 16.04 LTS It was discovered that BlueZ incorrectly handled bonding HID and HOGP devices. A local attacker could possibly use this issue to impersonate non-bonded devices. (CVE-2020-0556) It was discovered that BlueZ incorrectly handled certain commands. A local attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-7837) Update Instructions: Run `sudo pro fix USN-4311-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libbluetooth3 - 5.37-0ubuntu5.3 bluez-tests - 5.37-0ubuntu5.3 bluez-obexd - 5.37-0ubuntu5.3 bluetooth - 5.37-0ubuntu5.3 bluez - 5.37-0ubuntu5.3 bluez-hcidump - 5.37-0ubuntu5.3 bluez-cups - 5.37-0ubuntu5.3 libbluetooth-dev - 5.37-0ubuntu5.3 No subscription required Medium CVE-2016-7837 CVE-2020-0556 Ubuntu 16.04 LTS Russ Allbery discovered that pam-krb5 incorrectly handled some responses. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4314-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpam-heimdal - 4.7-2ubuntu0.1 libpam-krb5 - 4.7-2ubuntu0.1 No subscription required Medium CVE-2020-10595 Ubuntu 16.04 LTS Maximilien Bourgeteau discovered that the Apport lock file was created with insecure permissions. This could allow a local attacker to escalate their privileges via a symlink attack. (CVE-2020-8831) Maximilien Bourgeteau discovered a race condition in Apport when setting crash report permissions. This could allow a local attacker to read arbitrary files via a symlink attack. (CVE-2020-8833) Update Instructions: Run `sudo pro fix USN-4315-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.20.1-0ubuntu2.23 python3-problem-report - 2.20.1-0ubuntu2.23 apport-kde - 2.20.1-0ubuntu2.23 apport-retrace - 2.20.1-0ubuntu2.23 apport-valgrind - 2.20.1-0ubuntu2.23 python3-apport - 2.20.1-0ubuntu2.23 dh-apport - 2.20.1-0ubuntu2.23 apport-gtk - 2.20.1-0ubuntu2.23 apport - 2.20.1-0ubuntu2.23 python-problem-report - 2.20.1-0ubuntu2.23 apport-noui - 2.20.1-0ubuntu2.23 No subscription required High CVE-2020-8831 CVE-2020-8833 Ubuntu 16.04 LTS It was discovered that GD Graphics Library incorrectly handled cloning an image. An attacker could possibly use this issue to cause GD Graphics Library to crash, resulting in a denial of service. (CVE-2018-14553) It was discovered that GD Graphics Library incorrectly handled loading images from X bitmap format files. An attacker could possibly use this issue to cause GD Graphics Library to crash, resulting in a denial of service, or to disclose contents of the stack that has been left there by previous code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. (CVE-2019-11038) Update Instructions: Run `sudo pro fix USN-4316-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgd3 - 2.1.1-4ubuntu0.16.04.12 libgd-tools - 2.1.1-4ubuntu0.16.04.12 libgd-dev - 2.1.1-4ubuntu0.16.04.12 No subscription required Low CVE-2018-14553 CVE-2019-11038 Ubuntu 16.04 LTS Two use-after-free bugs were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit these to cause a denial of service or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4317-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nn - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ne - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nb - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fa - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fi - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fr - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fy - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-or - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kab - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-oc - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cs - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ga - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gd - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gn - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gl - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gu - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pa - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pl - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cy - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pt - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hi - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-uk - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-he - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hy - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hr - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hu - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-as - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ar - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ia - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-az - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-id - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mai - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-af - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-is - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-it - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-an - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bs - 74.0.1+build1-0ubuntu0.16.04.1 firefox - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ro - 74.0.1+build1-0ubuntu0.16.04.1 firefox-geckodriver - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ja - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ru - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-br - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zh-hant - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zh-hans - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bn - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-be - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bg - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sl - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sk - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-si - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sw - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sv - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sr - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sq - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ko - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kn - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-km - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kk - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ka - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-xh - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ca - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ku - 74.0.1+build1-0ubuntu0.16.04.1 firefox-mozsymbols - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lv - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lt - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-th - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hsb - 74.0.1+build1-0ubuntu0.16.04.1 firefox-dev - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-te - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cak - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ta - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lg - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-tr - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nso - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-de - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-da - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ms - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mr - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-my - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-uz - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ml - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mn - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mk - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ur - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-vi - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-eu - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-et - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-es - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-csb - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-el - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-eo - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-en - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zu - 74.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ast - 74.0.1+build1-0ubuntu0.16.04.1 No subscription required High CVE-2020-6819 CVE-2020-6820 Ubuntu 16.04 LTS Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2020-8428) Gustavo Romero and Paul Mackerras discovered that the KVM implementation in the Linux kernel for PowerPC processors did not properly keep guest state separate from host state. A local attacker in a KVM guest could use this to cause a denial of service (host system crash). (CVE-2020-8834) Shijie Luo discovered that the ext4 file system implementation in the Linux kernel did not properly check for a too-large journal size. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (soft lockup). (CVE-2020-8992) Update Instructions: Run `sudo pro fix USN-4318-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-96-lowlatency - 4.15.0-96.97~16.04.1 linux-image-4.15.0-96-generic - 4.15.0-96.97~16.04.1 linux-image-4.15.0-96-generic-lpae - 4.15.0-96.97~16.04.1 No subscription required linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.96.104 linux-image-generic-lpae-hwe-16.04 - 4.15.0.96.104 linux-image-virtual-hwe-16.04-edge - 4.15.0.96.104 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.96.104 linux-image-oem - 4.15.0.96.104 linux-image-lowlatency-hwe-16.04 - 4.15.0.96.104 linux-image-generic-hwe-16.04-edge - 4.15.0.96.104 linux-image-virtual-hwe-16.04 - 4.15.0.96.104 linux-image-generic-hwe-16.04 - 4.15.0.96.104 No subscription required Medium CVE-2020-8428 CVE-2020-8834 CVE-2020-8992 Ubuntu 16.04 LTS Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). Update Instructions: Run `sudo pro fix USN-4320-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1069-kvm - 4.4.0-1069.76 No subscription required linux-image-4.4.0-1105-aws - 4.4.0-1105.116 No subscription required linux-image-4.4.0-1131-raspi2 - 4.4.0-1131.140 No subscription required linux-image-4.4.0-1135-snapdragon - 4.4.0-1135.143 No subscription required linux-image-4.4.0-177-generic - 4.4.0-177.207 linux-image-4.4.0-177-generic-lpae - 4.4.0-177.207 linux-image-4.4.0-177-powerpc64-smp - 4.4.0-177.207 linux-image-4.4.0-177-lowlatency - 4.4.0-177.207 linux-image-4.4.0-177-powerpc-e500mc - 4.4.0-177.207 linux-image-4.4.0-177-powerpc-smp - 4.4.0-177.207 linux-image-4.4.0-177-powerpc64-emb - 4.4.0-177.207 No subscription required linux-image-kvm - 4.4.0.1069.69 No subscription required linux-image-aws - 4.4.0.1105.109 No subscription required linux-image-raspi2 - 4.4.0.1131.131 No subscription required linux-image-snapdragon - 4.4.0.1135.127 No subscription required linux-image-powerpc64-smp-lts-utopic - 4.4.0.177.185 linux-image-generic-lts-wily - 4.4.0.177.185 linux-image-powerpc64-emb-lts-vivid - 4.4.0.177.185 linux-image-powerpc-e500mc - 4.4.0.177.185 linux-image-generic-lpae-lts-xenial - 4.4.0.177.185 linux-image-generic-lpae-lts-utopic - 4.4.0.177.185 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.177.185 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.177.185 linux-image-powerpc-e500mc-lts-wily - 4.4.0.177.185 linux-image-generic-lts-vivid - 4.4.0.177.185 linux-image-generic-lpae-lts-wily - 4.4.0.177.185 linux-image-virtual-lts-vivid - 4.4.0.177.185 linux-image-virtual-lts-utopic - 4.4.0.177.185 linux-image-virtual - 4.4.0.177.185 linux-image-powerpc64-emb-lts-wily - 4.4.0.177.185 linux-image-powerpc64-smp-lts-xenial - 4.4.0.177.185 linux-image-generic-lts-utopic - 4.4.0.177.185 linux-image-powerpc64-emb - 4.4.0.177.185 linux-image-powerpc-smp-lts-xenial - 4.4.0.177.185 linux-image-powerpc64-smp-lts-vivid - 4.4.0.177.185 linux-image-lowlatency-lts-wily - 4.4.0.177.185 linux-image-virtual-lts-wily - 4.4.0.177.185 linux-image-generic - 4.4.0.177.185 linux-image-powerpc-smp - 4.4.0.177.185 linux-image-lowlatency-lts-xenial - 4.4.0.177.185 linux-image-lowlatency-lts-vivid - 4.4.0.177.185 linux-image-powerpc64-emb-lts-utopic - 4.4.0.177.185 linux-image-generic-lts-xenial - 4.4.0.177.185 linux-image-generic-lpae-lts-vivid - 4.4.0.177.185 linux-image-generic-lpae - 4.4.0.177.185 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.177.185 linux-image-powerpc64-smp-lts-wily - 4.4.0.177.185 linux-image-powerpc64-emb-lts-xenial - 4.4.0.177.185 linux-image-powerpc-smp-lts-wily - 4.4.0.177.185 linux-image-powerpc64-smp - 4.4.0.177.185 linux-image-lowlatency-lts-utopic - 4.4.0.177.185 linux-image-powerpc-smp-lts-vivid - 4.4.0.177.185 linux-image-lowlatency - 4.4.0.177.185 linux-image-virtual-lts-xenial - 4.4.0.177.185 linux-image-powerpc-smp-lts-utopic - 4.4.0.177.185 No subscription required Medium CVE-2020-8428 Ubuntu 16.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2020-6821, CVE-2020-6822, CVE-2020-6824, CVE-2020-6825, CVE-2020-6826) It was discovered that extensions could obtain auth codes from OAuth login flows in some circumstances. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit this to obtain access to the user's account. (CVE-2020-6823) Update Instructions: Run `sudo pro fix USN-4323-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-nn - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-ne - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-nb - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-fa - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-fi - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-fr - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-fy - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-or - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-kab - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-oc - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-cs - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-ga - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-gd - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-gn - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-gl - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-gu - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-pa - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-pl - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-cy - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-pt - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-hi - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-uk - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-he - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-hy - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-hr - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-hu - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-as - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-ar - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-ia - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-az - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-id - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-mai - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-af - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-is - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-it - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-an - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-bs - 75.0+build3-0ubuntu0.16.04.1 firefox - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-ro - 75.0+build3-0ubuntu0.16.04.1 firefox-geckodriver - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-ja - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-ru - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-br - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-zh-hant - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-zh-hans - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-bn - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-be - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-bg - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-sl - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-sk - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-si - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-sw - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-sv - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-sr - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-sq - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-ko - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-kn - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-km - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-kk - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-ka - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-xh - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-ca - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-ku - 75.0+build3-0ubuntu0.16.04.1 firefox-mozsymbols - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-lv - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-lt - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-th - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-hsb - 75.0+build3-0ubuntu0.16.04.1 firefox-dev - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-te - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-cak - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-ta - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-lg - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-csb - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-tr - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-nso - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-de - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-da - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-ms - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-mr - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-my - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-uz - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-ml - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-mn - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-mk - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-ur - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-eu - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-et - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-es - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-vi - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-el - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-eo - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-en - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-zu - 75.0+build3-0ubuntu0.16.04.1 firefox-locale-ast - 75.0+build3-0ubuntu0.16.04.1 No subscription required Medium CVE-2020-6821 CVE-2020-6822 CVE-2020-6823 CVE-2020-6824 CVE-2020-6825 CVE-2020-6826 Ubuntu 16.04 LTS Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2020-8428) Shijie Luo discovered that the ext4 file system implementation in the Linux kernel did not properly check for a too-large journal size. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (soft lockup). (CVE-2020-8992) Update Instructions: Run `sudo pro fix USN-4324-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1037-oracle - 4.15.0-1037.41~16.04.1 No subscription required linux-image-4.15.0-1060-gcp - 4.15.0-1060.64 No subscription required linux-image-4.15.0-1065-aws - 4.15.0-1065.69~16.04.1 No subscription required linux-image-4.15.0-1077-azure - 4.15.0-1077.82 No subscription required linux-image-oracle - 4.15.0.1037.30 No subscription required linux-image-gke - 4.15.0.1060.74 linux-image-gcp - 4.15.0.1060.74 No subscription required linux-image-aws-hwe - 4.15.0.1065.65 No subscription required linux-image-azure-edge - 4.15.0.1077.80 linux-image-azure - 4.15.0.1077.80 No subscription required Medium CVE-2020-8428 CVE-2020-8992 Ubuntu 16.04 LTS It was discovered that libiberty incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service, or possibly execute arbitrary code Update Instructions: Run `sudo pro fix USN-4326-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libiberty-dev - 20160215-1ubuntu0.3 No subscription required Medium CVE-2018-12641 CVE-2018-12697 CVE-2018-12698 CVE-2018-12934 CVE-2018-17794 CVE-2018-17985 CVE-2018-18483 CVE-2018-18484 CVE-2018-18700 CVE-2018-18701 CVE-2018-9138 CVE-2019-14250 CVE-2019-9070 CVE-2019-9071 Ubuntu 16.04 LTS Felix Wilhelm discovered that Git incorrectly handled certain URLs that included newlines. A remote attacker could possibly use this issue to trick Git into returning credential information for a wrong host. Update Instructions: Run `sudo pro fix USN-4329-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:2.7.4-0ubuntu1.8 gitweb - 1:2.7.4-0ubuntu1.8 git-all - 1:2.7.4-0ubuntu1.8 git-daemon-sysvinit - 1:2.7.4-0ubuntu1.8 git-arch - 1:2.7.4-0ubuntu1.8 git-el - 1:2.7.4-0ubuntu1.8 gitk - 1:2.7.4-0ubuntu1.8 git-gui - 1:2.7.4-0ubuntu1.8 git-mediawiki - 1:2.7.4-0ubuntu1.8 git-daemon-run - 1:2.7.4-0ubuntu1.8 git-man - 1:2.7.4-0ubuntu1.8 git-doc - 1:2.7.4-0ubuntu1.8 git-svn - 1:2.7.4-0ubuntu1.8 git-cvs - 1:2.7.4-0ubuntu1.8 git-core - 1:2.7.4-0ubuntu1.8 git-email - 1:2.7.4-0ubuntu1.8 No subscription required Medium CVE-2020-5260 Ubuntu 16.04 LTS It was discovered that PHP incorrectly handled certain file uploads. An attacker could possibly use this issue to cause a crash. (CVE-2020-7062) It was discovered that PHP incorrectly handled certain PHAR archive files. An attacker could possibly use this issue to access sensitive information. (CVE-2020-7063) It was discovered that PHP incorrectly handled certain EXIF files. An attacker could possibly use this issue to access sensitive information or cause a crash. (CVE-2020-7064) It was discovered that PHP incorrectly handled certain UTF strings. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 19.10. (CVE-2020-7065) It was discovered that PHP incorrectly handled certain URLs. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2020-7066) Update Instructions: Run `sudo pro fix USN-4330-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.0-cgi - 7.0.33-0ubuntu0.16.04.14 php7.0-mcrypt - 7.0.33-0ubuntu0.16.04.14 php7.0-xsl - 7.0.33-0ubuntu0.16.04.14 php7.0-fpm - 7.0.33-0ubuntu0.16.04.14 libphp7.0-embed - 7.0.33-0ubuntu0.16.04.14 php7.0-phpdbg - 7.0.33-0ubuntu0.16.04.14 php7.0-curl - 7.0.33-0ubuntu0.16.04.14 php7.0-ldap - 7.0.33-0ubuntu0.16.04.14 php7.0-mbstring - 7.0.33-0ubuntu0.16.04.14 php7.0-gmp - 7.0.33-0ubuntu0.16.04.14 php7.0-sqlite3 - 7.0.33-0ubuntu0.16.04.14 php7.0-gd - 7.0.33-0ubuntu0.16.04.14 php7.0-common - 7.0.33-0ubuntu0.16.04.14 php7.0-enchant - 7.0.33-0ubuntu0.16.04.14 php7.0-odbc - 7.0.33-0ubuntu0.16.04.14 php7.0-cli - 7.0.33-0ubuntu0.16.04.14 php7.0-json - 7.0.33-0ubuntu0.16.04.14 php7.0-pgsql - 7.0.33-0ubuntu0.16.04.14 libapache2-mod-php7.0 - 7.0.33-0ubuntu0.16.04.14 php7.0-zip - 7.0.33-0ubuntu0.16.04.14 php7.0-mysql - 7.0.33-0ubuntu0.16.04.14 php7.0-dba - 7.0.33-0ubuntu0.16.04.14 php7.0-sybase - 7.0.33-0ubuntu0.16.04.14 php7.0-pspell - 7.0.33-0ubuntu0.16.04.14 php7.0-xml - 7.0.33-0ubuntu0.16.04.14 php7.0-bz2 - 7.0.33-0ubuntu0.16.04.14 php7.0-recode - 7.0.33-0ubuntu0.16.04.14 php7.0-soap - 7.0.33-0ubuntu0.16.04.14 php7.0 - 7.0.33-0ubuntu0.16.04.14 php7.0-tidy - 7.0.33-0ubuntu0.16.04.14 php7.0-interbase - 7.0.33-0ubuntu0.16.04.14 php7.0-opcache - 7.0.33-0ubuntu0.16.04.14 php7.0-readline - 7.0.33-0ubuntu0.16.04.14 php7.0-intl - 7.0.33-0ubuntu0.16.04.14 php7.0-imap - 7.0.33-0ubuntu0.16.04.14 php7.0-xmlrpc - 7.0.33-0ubuntu0.16.04.14 php7.0-bcmath - 7.0.33-0ubuntu0.16.04.14 php7.0-dev - 7.0.33-0ubuntu0.16.04.14 php7.0-snmp - 7.0.33-0ubuntu0.16.04.14 No subscription required Medium CVE-2020-7062 CVE-2020-7063 CVE-2020-7064 CVE-2020-7065 CVE-2020-7066 Ubuntu 16.04 LTS It was discovered that File Roller incorrectly handled symlinks. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-4332-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: file-roller - 3.16.5-0ubuntu1.4 No subscription required Medium CVE-2020-11736 Ubuntu 16.04 LTS It was discovered that Python incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection. (CVE-2019-18348) It was discovered that Python incorrectly handled certain HTTP requests. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-8492) Update Instructions: Run `sudo pro fix USN-4333-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python2.7-dev - 2.7.12-1ubuntu0~16.04.11 python2.7-doc - 2.7.12-1ubuntu0~16.04.11 libpython2.7-stdlib - 2.7.12-1ubuntu0~16.04.11 libpython2.7-minimal - 2.7.12-1ubuntu0~16.04.11 libpython2.7 - 2.7.12-1ubuntu0~16.04.11 libpython2.7-testsuite - 2.7.12-1ubuntu0~16.04.11 python2.7 - 2.7.12-1ubuntu0~16.04.11 idle-python2.7 - 2.7.12-1ubuntu0~16.04.11 python2.7-examples - 2.7.12-1ubuntu0~16.04.11 libpython2.7-dev - 2.7.12-1ubuntu0~16.04.11 python2.7-minimal - 2.7.12-1ubuntu0~16.04.11 No subscription required libpython3.5-stdlib - 3.5.2-2ubuntu0~16.04.10 python3.5-venv - 3.5.2-2ubuntu0~16.04.10 python3.5-doc - 3.5.2-2ubuntu0~16.04.10 python3.5-dev - 3.5.2-2ubuntu0~16.04.10 libpython3.5-dev - 3.5.2-2ubuntu0~16.04.10 libpython3.5-minimal - 3.5.2-2ubuntu0~16.04.10 python3.5 - 3.5.2-2ubuntu0~16.04.10 idle-python3.5 - 3.5.2-2ubuntu0~16.04.10 libpython3.5-testsuite - 3.5.2-2ubuntu0~16.04.10 python3.5-examples - 3.5.2-2ubuntu0~16.04.10 python3.5-minimal - 3.5.2-2ubuntu0~16.04.10 libpython3.5 - 3.5.2-2ubuntu0~16.04.10 No subscription required Medium CVE-2019-18348 CVE-2020-8492 Ubuntu 16.04 LTS Carlo Arenas discovered that Git incorrectly handled certain URLs containing newlines, empty hosts, or lacking a scheme. A remote attacker could possibly use this issue to trick Git into returning credential information for a wrong host. Update Instructions: Run `sudo pro fix USN-4334-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:2.7.4-0ubuntu1.9 gitweb - 1:2.7.4-0ubuntu1.9 git-gui - 1:2.7.4-0ubuntu1.9 git-daemon-sysvinit - 1:2.7.4-0ubuntu1.9 git-arch - 1:2.7.4-0ubuntu1.9 git-el - 1:2.7.4-0ubuntu1.9 gitk - 1:2.7.4-0ubuntu1.9 git-all - 1:2.7.4-0ubuntu1.9 git-mediawiki - 1:2.7.4-0ubuntu1.9 git-daemon-run - 1:2.7.4-0ubuntu1.9 git-man - 1:2.7.4-0ubuntu1.9 git-doc - 1:2.7.4-0ubuntu1.9 git-svn - 1:2.7.4-0ubuntu1.9 git-cvs - 1:2.7.4-0ubuntu1.9 git-core - 1:2.7.4-0ubuntu1.9 git-email - 1:2.7.4-0ubuntu1.9 No subscription required Medium CVE-2020-11008 Ubuntu 16.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764, CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026, CVE-2019-20503, CVE-2020-6798, CVE-2020-6800, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6812, CVE-2020-6814, CVE-2020-6819, CVE-2020-6820, CVE-2020-6821, CVE-2020-6825) It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-11745) It was discovered that a specially crafted S/MIME message with an inner encryption layer could be displayed as having a valid signature in some circumstances, even if the signer had no access to the encrypted message. An attacker could potentially exploit this to spoof the message author. (CVE-2019-11755) A heap overflow was discovered in the expat library in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-15903) It was discovered that Message ID calculation was based on uninitialized data. An attacker could potentially exploit this to obtain sensitive information. (CVE-2020-6792) Mutiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2020-6793, CVE-2020-6795, CVE-2020-6822) It was discovered that if a user saved passwords before Thunderbird 60 and then later set a primary password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. (CVE-2020-6794) It was discovered that the Devtools’ ‘Copy as cURL’ feature did not fully escape website-controlled data. If a user were tricked in to using the ‘Copy as cURL’ feature to copy and paste a command with specially crafted data in to a terminal, an attacker could potentially exploit this to execute arbitrary commands via command injection. (CVE-2020-6811) Update Instructions: Run `sudo pro fix USN-4335-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: thunderbird-locale-es-ar - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-br - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-bn - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-be - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-bg - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ja - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-sl - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-sk - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-si - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-gnome-support - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-sv - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-sr - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-sq - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-hsb - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-cy - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-cs - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ca - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-pt-br - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-pa - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ka - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ko - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-kk - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-kab - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-pl - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-zh-tw - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-pt - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-nn-no - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-nb-no - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-bn-bd - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-lt - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-en-gb - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-uz - 1:68.7.0+build1-0ubuntu0.16.04.2 xul-ext-calendar-timezones - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-de - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-da - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-uk - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-dev - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-el - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-en-us - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-rm - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ms - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ro - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-eu - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-et - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-zh-hant - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-zh-hans - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ru - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-mk - 1:68.7.0+build1-0ubuntu0.16.04.2 xul-ext-gdata-provider - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-fr - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-es-es - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ta-lk - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-fy - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-fi - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ast - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-nl - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-nn - 1:68.7.0+build1-0ubuntu0.16.04.2 xul-ext-lightning - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ga-ie - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-fy-nl - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-nb - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-en - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-zh-cn - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-gl - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ga - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-tr - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-gd - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ta - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-dsb - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-it - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-hy - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-sv-se - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-hr - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-hu - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-pa-in - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-he - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-ar - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-af - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-pt-pt - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-cak - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-is - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-vi - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-mozsymbols - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-es - 1:68.7.0+build1-0ubuntu0.16.04.2 thunderbird-locale-id - 1:68.7.0+build1-0ubuntu0.16.04.2 No subscription required High CVE-2019-11745 CVE-2019-11755 CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903 CVE-2019-17005 CVE-2019-17008 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 CVE-2019-17016 CVE-2019-17017 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026 CVE-2019-20503 CVE-2020-6792 CVE-2020-6793 CVE-2020-6794 CVE-2020-6795 CVE-2020-6798 CVE-2020-6800 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 CVE-2020-6819 CVE-2020-6820 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 Ubuntu 16.04 LTS USN-4336-1 fixed several vulnerabilities in GNU binutils. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that GNU binutils contained a large number of security issues. If a user or automated system were tricked into processing a specially-crafted file, a remote attacker could cause GNU binutils to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4336-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: binutils-dev - 2.26.1-1ubuntu1~16.04.8+esm1 binutils-arm-linux-gnueabihf - 2.26.1-1ubuntu1~16.04.8+esm1 binutils-hppa64-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm1 binutils-multiarch - 2.26.1-1ubuntu1~16.04.8+esm1 binutils-powerpc64le-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm1 binutils-mipsel-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm1 binutils-m68k-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm1 binutils-s390x-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm1 binutils-multiarch-dev - 2.26.1-1ubuntu1~16.04.8+esm1 binutils-doc - 2.26.1-1ubuntu1~16.04.8+esm1 binutils-sh4-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm1 binutils-mips64-linux-gnuabi64 - 2.26.1-1ubuntu1~16.04.8+esm1 binutils-aarch64-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm1 binutils-source - 2.26.1-1ubuntu1~16.04.8+esm1 binutils-mips64el-linux-gnuabi64 - 2.26.1-1ubuntu1~16.04.8+esm1 binutils-mips-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm1 binutils-powerpc-linux-gnuspe - 2.26.1-1ubuntu1~16.04.8+esm1 binutils-powerpc64-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm1 binutils-hppa-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm1 binutils-sparc64-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm1 binutils-arm-linux-gnueabi - 2.26.1-1ubuntu1~16.04.8+esm1 binutils-alpha-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm1 binutils-powerpc-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm1 binutils - 2.26.1-1ubuntu1~16.04.8+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2016-2226 CVE-2016-4487 CVE-2016-4488 CVE-2016-4489 CVE-2016-4490 CVE-2016-4491 CVE-2016-4492 CVE-2016-4493 CVE-2016-6131 CVE-2017-12448 CVE-2017-12449 CVE-2017-12450 CVE-2017-12451 CVE-2017-12452 CVE-2017-12453 CVE-2017-12454 CVE-2017-12455 CVE-2017-12456 CVE-2017-12457 CVE-2017-12458 CVE-2017-12459 CVE-2017-12799 CVE-2017-12967 CVE-2017-13710 CVE-2017-14128 CVE-2017-14129 CVE-2017-14130 CVE-2017-14333 CVE-2017-14529 CVE-2017-14930 CVE-2017-14932 CVE-2017-14938 CVE-2017-14939 CVE-2017-14940 CVE-2017-15020 CVE-2017-15021 CVE-2017-15022 CVE-2017-15024 CVE-2017-15025 CVE-2017-15225 CVE-2017-15938 CVE-2017-15939 CVE-2017-15996 CVE-2017-16826 CVE-2017-16827 CVE-2017-16828 CVE-2017-16831 CVE-2017-16832 CVE-2017-17080 CVE-2017-17121 CVE-2017-17123 CVE-2017-17124 CVE-2017-17125 CVE-2017-6965 CVE-2017-6966 CVE-2017-6969 CVE-2017-7209 CVE-2017-7210 CVE-2017-7223 CVE-2017-7224 CVE-2017-7225 CVE-2017-7226 CVE-2017-7227 CVE-2017-7299 CVE-2017-7300 CVE-2017-7301 CVE-2017-7302 CVE-2017-7614 CVE-2017-8393 CVE-2017-8394 CVE-2017-8395 CVE-2017-8396 CVE-2017-8397 CVE-2017-8398 CVE-2017-8421 CVE-2017-9038 CVE-2017-9039 CVE-2017-9040 CVE-2017-9041 CVE-2017-9042 CVE-2017-9044 CVE-2017-9742 CVE-2017-9744 CVE-2017-9745 CVE-2017-9746 CVE-2017-9747 CVE-2017-9748 CVE-2017-9749 CVE-2017-9750 CVE-2017-9751 CVE-2017-9752 CVE-2017-9753 CVE-2017-9754 CVE-2017-9755 CVE-2017-9756 CVE-2017-9954 CVE-2018-1000876 CVE-2018-10372 CVE-2018-10373 CVE-2018-10534 CVE-2018-10535 CVE-2018-12641 CVE-2018-12697 CVE-2018-12698 CVE-2018-12699 CVE-2018-12934 CVE-2018-13033 CVE-2018-17358 CVE-2018-17359 CVE-2018-17360 CVE-2018-17794 CVE-2018-17985 CVE-2018-18309 CVE-2018-18483 CVE-2018-18484 CVE-2018-18605 CVE-2018-18606 CVE-2018-18607 CVE-2018-18700 CVE-2018-18701 CVE-2018-19931 CVE-2018-19932 CVE-2018-20002 CVE-2018-20623 CVE-2018-20671 CVE-2018-6323 CVE-2018-6543 CVE-2018-6759 CVE-2018-7208 CVE-2018-7568 CVE-2018-7569 CVE-2018-7642 CVE-2018-7643 CVE-2018-8945 CVE-2018-9138 CVE-2019-12972 CVE-2019-14250 CVE-2019-14444 CVE-2019-17450 CVE-2019-17451 CVE-2019-9070 CVE-2019-9071 CVE-2019-9073 CVE-2019-9074 CVE-2019-9075 CVE-2019-9077 Ubuntu 16.04 LTS It was discovered that OpenJDK incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service while processing a specially crafted regular expression. (CVE-2020-2754, CVE-2020-2755) It was discovered that OpenJDK incorrectly handled class descriptors and catching exceptions during object stream deserialization. An attacker could possibly use this issue to cause a denial of service while processing a specially crafted serialized input. (CVE-2020-2756, CVE-2020-2757) Bengt Jonsson, Juraj Somorovsky, Kostis Sagonas, Paul Fiterau Brostean and Robert Merget discovered that OpenJDK incorrectly handled certificate messages during TLS handshake. An attacker could possibly use this issue to bypass certificate verification and insert, edit or obtain sensitive information. This issue only affected OpenJDK 11. (CVE-2020-2767) It was discovered that OpenJDK incorrectly handled exceptions thrown by unmarshalKeyInfo() and unmarshalXMLSignature(). An attacker could possibly use this issue to cause a denial of service while reading key info or XML signature data from XML input. (CVE-2020-2773) Peter Dettman discovered that OpenJDK incorrectly handled SSLParameters in setAlgorithmConstraints(). An attacker could possibly use this issue to override the defined systems security policy and lead to the use of weak crypto algorithms that should be disabled. This issue only affected OpenJDK 11. (CVE-2020-2778) Simone Bordet discovered that OpenJDK incorrectly re-used single null TLS sessions for new TLS connections. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2020-2781) Dan Amodio discovered that OpenJDK did not restrict the use of CR and LF characters in values for HTTP headers. An attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2020-2800) Nils Emmerich discovered that OpenJDK incorrectly checked boundaries or argument types. An attacker could possibly use this issue to bypass sandbox restrictions causing unspecified impact. (CVE-2020-2803, CVE-2020-2805) It was discovered that OpenJDK incorrectly handled application data packets during TLS handshake. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11. (CVE-2020-2816) It was discovered that OpenJDK incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-2830) Update Instructions: Run `sudo pro fix USN-4337-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-8-doc - 8u252-b09-1~16.04 openjdk-8-jdk - 8u252-b09-1~16.04 openjdk-8-jre-headless - 8u252-b09-1~16.04 openjdk-8-jre - 8u252-b09-1~16.04 openjdk-8-jdk-headless - 8u252-b09-1~16.04 openjdk-8-source - 8u252-b09-1~16.04 openjdk-8-jre-zero - 8u252-b09-1~16.04 openjdk-8-demo - 8u252-b09-1~16.04 openjdk-8-jre-jamvm - 8u252-b09-1~16.04 No subscription required Medium CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2767 CVE-2020-2773 CVE-2020-2778 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2816 CVE-2020-2830 Ubuntu 16.04 LTS Brandon Perry discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. (CVE-2017-9111, CVE-2017-9113, CVE-2017-9115) Tan Jie discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. (CVE-2018-18444) Samuel Groß discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2020-11758, CVE-2020-11759, CVE-2020-11760, CVE-2020-11761, CVE-2020-11762, CVE-2020-11763, CVE-2020-11764) It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service. (CVE-2020-11765) Update Instructions: Run `sudo pro fix USN-4339-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libopenexr-dev - 2.2.0-10ubuntu2.2 openexr - 2.2.0-10ubuntu2.2 libopenexr22 - 2.2.0-10ubuntu2.2 openexr-doc - 2.2.0-10ubuntu2.2 No subscription required Medium CVE-2017-9111 CVE-2017-9113 CVE-2017-9115 CVE-2018-18444 CVE-2020-11758 CVE-2020-11759 CVE-2020-11760 CVE-2020-11761 CVE-2020-11762 CVE-2020-11763 CVE-2020-11764 CVE-2020-11765 Ubuntu 16.04 LTS It was discovered that CUPS incorrectly handled certain language values. A local attacker could possibly use this issue to cause CUPS to crash, leading to a denial of service, or possibly obtain sensitive information. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.10. (CVE-2019-2228) Stephan Zeisberg discovered that CUPS incorrectly handled certain malformed ppd files. A local attacker could possibly use this issue to execute arbitrary code. (CVE-2020-3898) Update Instructions: Run `sudo pro fix USN-4340-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcupscgi1 - 2.1.3-4ubuntu0.11 libcups2-dev - 2.1.3-4ubuntu0.11 cups-bsd - 2.1.3-4ubuntu0.11 cups-common - 2.1.3-4ubuntu0.11 cups-core-drivers - 2.1.3-4ubuntu0.11 cups-server-common - 2.1.3-4ubuntu0.11 libcupsimage2 - 2.1.3-4ubuntu0.11 cups-client - 2.1.3-4ubuntu0.11 libcupscgi1-dev - 2.1.3-4ubuntu0.11 libcupsimage2-dev - 2.1.3-4ubuntu0.11 cups-ipp-utils - 2.1.3-4ubuntu0.11 libcups2 - 2.1.3-4ubuntu0.11 libcupsmime1-dev - 2.1.3-4ubuntu0.11 cups-ppdc - 2.1.3-4ubuntu0.11 libcupsppdc1 - 2.1.3-4ubuntu0.11 libcupsmime1 - 2.1.3-4ubuntu0.11 libcupsppdc1-dev - 2.1.3-4ubuntu0.11 cups - 2.1.3-4ubuntu0.11 cups-daemon - 2.1.3-4ubuntu0.11 No subscription required Medium CVE-2019-2228 CVE-2020-3898 Ubuntu 16.04 LTS Andrei Popa discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-10700) It was discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could possibly use this issue to cause Samba to consume resources, resulting in a denial of service. (CVE-2020-10704) Update Instructions: Run `sudo pro fix USN-4341-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.26 libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.16.04.26 samba - 2:4.3.11+dfsg-0ubuntu0.16.04.26 registry-tools - 2:4.3.11+dfsg-0ubuntu0.16.04.26 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.26 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.26 smbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.26 python-samba - 2:4.3.11+dfsg-0ubuntu0.16.04.26 winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.26 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.16.04.26 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.16.04.26 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.16.04.26 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.26 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.26 samba-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.26 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.26 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.26 samba-common - 2:4.3.11+dfsg-0ubuntu0.16.04.26 samba-libs - 2:4.3.11+dfsg-0ubuntu0.16.04.26 ctdb - 2:4.3.11+dfsg-0ubuntu0.16.04.26 No subscription required Medium CVE-2020-10700 CVE-2020-10704 Ubuntu 16.04 LTS USN-4341-1 fixed vulnerabilities in Samba. The updated packages for Ubuntu 16.04 LTS introduced a regression when using LDAP. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could possibly use this issue to cause Samba to consume resources, resulting in a denial of service. (CVE-2020-10704) Update Instructions: Run `sudo pro fix USN-4341-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.16.04.27 samba - 2:4.3.11+dfsg-0ubuntu0.16.04.27 libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.27 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.27 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.27 smbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.27 python-samba - 2:4.3.11+dfsg-0ubuntu0.16.04.27 winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.27 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.16.04.27 samba-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.27 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.16.04.27 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.16.04.27 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.27 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.27 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.27 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.27 samba-common - 2:4.3.11+dfsg-0ubuntu0.16.04.27 registry-tools - 2:4.3.11+dfsg-0ubuntu0.16.04.27 samba-libs - 2:4.3.11+dfsg-0ubuntu0.16.04.27 ctdb - 2:4.3.11+dfsg-0ubuntu0.16.04.27 No subscription required None https://launchpad.net/bugs/1875798 Ubuntu 16.04 LTS Al Viro discovered that the Linux kernel for s390x systems did not properly perform page table upgrades for kernel sections that use secondary address mode. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2020-11884) It was discovered that the Intel Wi-Fi driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16234) Tristan Madani discovered that the block I/O tracing implementation in the Linux kernel contained a race condition. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2019-19768) It was discovered that the vhost net driver in the Linux kernel contained a stack buffer overflow. A local attacker with the ability to perform ioctl() calls on /dev/vhost-net could use this to cause a denial of service (system crash). (CVE-2020-10942) It was discovered that the OV51x USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2020-11608) It was discovered that the STV06XX USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2020-11609) It was discovered that the Xirlink C-It USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2020-11668) It was discovered that the virtual terminal implementation in the Linux kernel contained a race condition. A local attacker could possibly use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2020-8648) Jordy Zomer discovered that the floppy driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2020-9383) Update Instructions: Run `sudo pro fix USN-4345-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1038-oracle - 4.15.0-1038.42~16.04.1 No subscription required linux-image-4.15.0-1061-gcp - 4.15.0-1061.65 No subscription required linux-image-4.15.0-1066-aws - 4.15.0-1066.70~16.04.1 No subscription required linux-image-4.15.0-1082-azure - 4.15.0-1082.92~16.04.1 No subscription required linux-image-4.15.0-99-generic - 4.15.0-99.100~16.04.1 linux-image-4.15.0-99-generic-lpae - 4.15.0-99.100~16.04.1 linux-image-4.15.0-99-lowlatency - 4.15.0-99.100~16.04.1 No subscription required linux-image-oracle - 4.15.0.1038.31 No subscription required linux-image-gke - 4.15.0.1061.75 linux-image-gcp - 4.15.0.1061.75 No subscription required linux-image-aws-hwe - 4.15.0.1066.66 No subscription required linux-image-azure-edge - 4.15.0.1082.81 linux-image-azure - 4.15.0.1082.81 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.99.106 linux-image-generic-hwe-16.04 - 4.15.0.99.106 linux-image-generic-hwe-16.04-edge - 4.15.0.99.106 linux-image-generic-lpae-hwe-16.04 - 4.15.0.99.106 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.99.106 linux-image-virtual-hwe-16.04 - 4.15.0.99.106 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.99.106 linux-image-oem - 4.15.0.99.106 linux-image-lowlatency-hwe-16.04 - 4.15.0.99.106 No subscription required High CVE-2019-16234 CVE-2019-19768 CVE-2020-10942 CVE-2020-11608 CVE-2020-11609 CVE-2020-11668 CVE-2020-11884 CVE-2020-8648 CVE-2020-9383 Ubuntu 16.04 LTS It was discovered that the QLogic Fibre Channel driver in the Linux kernel did not properly check for error, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16233) It was discovered that the Intel Wi-Fi driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16234) Tristan Madani discovered that the block I/O tracing implementation in the Linux kernel contained a race condition. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2019-19768) It was discovered that the virtual terminal implementation in the Linux kernel contained a race condition. A local attacker could possibly use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2020-8648) Jordy Zomer discovered that the floppy driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2020-9383) Update Instructions: Run `sudo pro fix USN-4346-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1070-kvm - 4.4.0-1070.77 No subscription required linux-image-4.4.0-1106-aws - 4.4.0-1106.117 No subscription required linux-image-4.4.0-1132-raspi2 - 4.4.0-1132.141 No subscription required linux-image-4.4.0-1136-snapdragon - 4.4.0-1136.144 No subscription required linux-image-4.4.0-178-powerpc64-emb - 4.4.0-178.208 linux-image-4.4.0-178-powerpc-e500mc - 4.4.0-178.208 linux-image-4.4.0-178-powerpc64-smp - 4.4.0-178.208 linux-image-4.4.0-178-powerpc-smp - 4.4.0-178.208 linux-image-4.4.0-178-lowlatency - 4.4.0-178.208 linux-image-4.4.0-178-generic-lpae - 4.4.0-178.208 linux-image-4.4.0-178-generic - 4.4.0-178.208 No subscription required linux-image-kvm - 4.4.0.1070.70 No subscription required linux-image-aws - 4.4.0.1106.110 No subscription required linux-image-raspi2 - 4.4.0.1132.132 No subscription required linux-image-snapdragon - 4.4.0.1136.128 No subscription required linux-image-generic-lts-wily - 4.4.0.178.186 linux-image-powerpc64-emb-lts-vivid - 4.4.0.178.186 linux-image-powerpc-e500mc - 4.4.0.178.186 linux-image-generic-lpae-lts-xenial - 4.4.0.178.186 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.178.186 linux-image-generic-lpae-lts-utopic - 4.4.0.178.186 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.178.186 linux-image-generic-lts-utopic - 4.4.0.178.186 linux-image-powerpc-e500mc-lts-wily - 4.4.0.178.186 linux-image-generic-lpae-lts-wily - 4.4.0.178.186 linux-image-virtual-lts-vivid - 4.4.0.178.186 linux-image-virtual-lts-utopic - 4.4.0.178.186 linux-image-virtual - 4.4.0.178.186 linux-image-powerpc64-emb-lts-wily - 4.4.0.178.186 linux-image-lowlatency-lts-vivid - 4.4.0.178.186 linux-image-powerpc64-smp-lts-utopic - 4.4.0.178.186 linux-image-powerpc64-emb - 4.4.0.178.186 linux-image-powerpc-smp-lts-xenial - 4.4.0.178.186 linux-image-powerpc64-smp-lts-vivid - 4.4.0.178.186 linux-image-lowlatency-lts-wily - 4.4.0.178.186 linux-image-virtual-lts-wily - 4.4.0.178.186 linux-image-generic - 4.4.0.178.186 linux-image-lowlatency-lts-xenial - 4.4.0.178.186 linux-image-powerpc64-smp-lts-xenial - 4.4.0.178.186 linux-image-powerpc64-emb-lts-utopic - 4.4.0.178.186 linux-image-generic-lts-xenial - 4.4.0.178.186 linux-image-generic-lts-vivid - 4.4.0.178.186 linux-image-powerpc-smp - 4.4.0.178.186 linux-image-generic-lpae-lts-vivid - 4.4.0.178.186 linux-image-generic-lpae - 4.4.0.178.186 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.178.186 linux-image-powerpc64-smp-lts-wily - 4.4.0.178.186 linux-image-powerpc64-emb-lts-xenial - 4.4.0.178.186 linux-image-powerpc-smp-lts-wily - 4.4.0.178.186 linux-image-powerpc64-smp - 4.4.0.178.186 linux-image-lowlatency-lts-utopic - 4.4.0.178.186 linux-image-powerpc-smp-lts-vivid - 4.4.0.178.186 linux-image-lowlatency - 4.4.0.178.186 linux-image-virtual-lts-xenial - 4.4.0.178.186 linux-image-powerpc-smp-lts-utopic - 4.4.0.178.186 No subscription required Medium CVE-2019-16233 CVE-2019-16234 CVE-2019-19768 CVE-2020-8648 CVE-2020-9383 Ubuntu 16.04 LTS It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this to issue execute arbitrary scripts or HTML. (CVE-2018-0618) It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to display arbitrary text on a web page. (CVE-2018-13796) It was discovered that Mailman incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-12137) Update Instructions: Run `sudo pro fix USN-4348-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mailman - 1:2.1.20-1ubuntu0.4 No subscription required Medium CVE-2018-0618 CVE-2018-13796 CVE-2020-12137 Ubuntu 16.04 LTS A buffer overflow was discovered in the network stack. An unprivileged user could potentially enable escalation of privilege and/or denial of service. This issue was already fixed in a previous release for 18.04 LTS and 19.10. (CVE-2018-12178) A buffer overflow was discovered in BlockIo service. An unauthenticated user could potentially enable escalation of privilege, information disclosure and/or denial of service. This issue was already fixed in a previous release for 18.04 LTS and 19.10. (CVE-2018-12180) A stack overflow was discovered in bmp. An unprivileged user could potentially enable denial of service or elevation of privilege via local access. This issue was already fixed in a previous release for 18.04 LTS and 19.10. (CVE-2018-12181) It was discovered that memory was not cleared before free that could lead to potential password leak. (CVE-2019-14558) A memory leak was discovered in ArpOnFrameRcvdDpc. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. (CVE-2019-14559) An integer overflow was discovered in MdeModulePkg/PiDxeS3BootScriptLib. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. (CVE-2019-14563) It was discovered that the affected version doesn't properly check whether an unsigned EFI file should be allowed or not. An attacker could possibly load unsafe content by bypassing the verification. (CVE-2019-14575) It was discovered that original configuration runtime memory is freed, but it is still exposed to the OS runtime. (CVE-2019-14586) A double-unmap was discovered in TRB creation. An attacker could use it to cause a denial of service or other unspecified impact. (CVE-2019-14587) Update Instructions: Run `sudo pro fix USN-4349-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-efi - 0~20160408.ffea0a2c-2ubuntu0.1 ovmf - 0~20160408.ffea0a2c-2ubuntu0.1 No subscription required Medium CVE-2018-12178 CVE-2018-12180 CVE-2018-12181 CVE-2019-14558 CVE-2019-14559 CVE-2019-14563 CVE-2019-14575 CVE-2019-14586 CVE-2019-14587 Ubuntu 16.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.80 in Ubuntu 19.10 and Ubuntu 20.04 LTS. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.30. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-30.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-20.html https://www.oracle.com/security-alerts/cpuapr2020.html Update Instructions: Run `sudo pro fix USN-4350-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.30-0ubuntu0.16.04.1 mysql-source-5.7 - 5.7.30-0ubuntu0.16.04.1 libmysqlclient-dev - 5.7.30-0ubuntu0.16.04.1 mysql-client-core-5.7 - 5.7.30-0ubuntu0.16.04.1 mysql-client-5.7 - 5.7.30-0ubuntu0.16.04.1 libmysqlclient20 - 5.7.30-0ubuntu0.16.04.1 mysql-server-5.7 - 5.7.30-0ubuntu0.16.04.1 mysql-common - 5.7.30-0ubuntu0.16.04.1 mysql-server - 5.7.30-0ubuntu0.16.04.1 mysql-server-core-5.7 - 5.7.30-0ubuntu0.16.04.1 mysql-testsuite - 5.7.30-0ubuntu0.16.04.1 libmysqld-dev - 5.7.30-0ubuntu0.16.04.1 mysql-testsuite-5.7 - 5.7.30-0ubuntu0.16.04.1 No subscription required Medium CVE-2020-2759 CVE-2020-2760 CVE-2020-2762 CVE-2020-2763 CVE-2020-2765 CVE-2020-2780 CVE-2020-2804 CVE-2020-2812 CVE-2020-2892 CVE-2020-2893 CVE-2020-2895 CVE-2020-2896 CVE-2020-2897 CVE-2020-2898 CVE-2020-2901 CVE-2020-2903 CVE-2020-2904 CVE-2020-2921 CVE-2020-2922 CVE-2020-2923 CVE-2020-2924 CVE-2020-2925 CVE-2020-2926 CVE-2020-2928 CVE-2020-2930 Ubuntu 16.04 LTS Eli Biham and Lior Neumann discovered that certain Bluetooth devices incorrectly validated key exchange parameters. An attacker could possibly use this issue to obtain sensitive information. Update Instructions: Run `sudo pro fix USN-4351-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: scsi-firmware - 1.157.23 nic-firmware - 1.157.23 linux-firmware - 1.157.23 No subscription required Medium CVE-2018-5383 Ubuntu 16.04 LTS It was discovered that OpenLDAP incorrectly handled certain queries. A remote attacker could possibly use this issue to cause OpenLDAP to consume resources, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4352-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ldap-utils - 2.4.42+dfsg-2ubuntu3.8 libldap2-dev - 2.4.42+dfsg-2ubuntu3.8 libldap-2.4-2 - 2.4.42+dfsg-2ubuntu3.8 slapd-smbk5pwd - 2.4.42+dfsg-2ubuntu3.8 slapd - 2.4.42+dfsg-2ubuntu3.8 No subscription required Medium CVE-2020-12243 Ubuntu 16.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, spoof the URL bar, or execute arbitrary code. (CVE-2020-6831, CVE-2020-12387, CVE-2020-12390, CVE-2020-12391, CVE-2020-12394, CVE-2020-12395, CVE-2020-12396) It was discovered that the Devtools’ ‘Copy as cURL’ feature did not properly escape the HTTP POST data of a request. If a user were tricked in to using the ‘Copy as cURL’ feature to copy and paste a command with specially crafted data in to a terminal, an attacker could potentially exploit this to obtain sensitive information from local files. (CVE-2020-12392) Update Instructions: Run `sudo pro fix USN-4353-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-nn - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-ne - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-nb - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-fa - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-fi - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-fr - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-fy - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-or - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-kab - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-oc - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-cs - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-ga - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-gd - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-gn - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-gl - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-gu - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-pa - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-pl - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-cy - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-pt - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-hi - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-uk - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-he - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-hy - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-hr - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-hu - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-as - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-ar - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-ia - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-az - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-id - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-mai - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-af - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-is - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-it - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-an - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-bs - 76.0+build2-0ubuntu0.16.04.1 firefox - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-ro - 76.0+build2-0ubuntu0.16.04.1 firefox-geckodriver - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-ja - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-ru - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-br - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-zh-hant - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-zh-hans - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-bn - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-be - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-bg - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-sl - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-sk - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-si - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-sw - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-sv - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-sr - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-sq - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-ko - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-kn - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-km - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-kk - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-ka - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-xh - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-ca - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-ku - 76.0+build2-0ubuntu0.16.04.1 firefox-mozsymbols - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-lv - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-lt - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-th - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-hsb - 76.0+build2-0ubuntu0.16.04.1 firefox-dev - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-te - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-cak - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-ta - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-lg - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-tr - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-nso - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-de - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-da - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-ms - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-mr - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-my - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-uz - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-ml - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-mn - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-mk - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-ur - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-vi - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-eu - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-et - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-es - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-csb - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-el - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-eo - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-en - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-zu - 76.0+build2-0ubuntu0.16.04.1 firefox-locale-ast - 76.0+build2-0ubuntu0.16.04.1 No subscription required Medium CVE-2020-12387 CVE-2020-12390 CVE-2020-12391 CVE-2020-12392 CVE-2020-12394 CVE-2020-12395 CVE-2020-12396 CVE-2020-6831 Ubuntu 16.04 LTS USN-4353-1 fixed vulnerabilities in Firefox. The update caused a regression that impaired the functionality of some addons. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, spoof the URL bar, or execute arbitrary code. (CVE-2020-6831, CVE-2020-12387, CVE-2020-12390, CVE-2020-12391, CVE-2020-12394, CVE-2020-12395, CVE-2020-12396) It was discovered that the Devtools’ ‘Copy as cURL’ feature did not properly HTTP POST data of a request. If a user were tricked in to using the ‘Copy as cURL’ feature to copy and paste a command with specially crafted data in to a terminal, an attacker could potentially exploit this to obtain sensitive information from local files. (CVE-2020-12392) Update Instructions: Run `sudo pro fix USN-4353-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nn - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ne - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nb - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fa - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fi - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fr - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fy - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-or - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kab - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-oc - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cs - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ga - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gd - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gn - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gl - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gu - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pa - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pl - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cy - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pt - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hi - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-uk - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-he - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hy - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hr - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hu - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-as - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ar - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ia - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-az - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-id - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mai - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-af - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-is - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-it - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-an - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bs - 76.0.1+build1-0ubuntu0.16.04.1 firefox - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ro - 76.0.1+build1-0ubuntu0.16.04.1 firefox-geckodriver - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ja - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ru - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-br - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zh-hant - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zh-hans - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bn - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-be - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bg - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sl - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sk - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-si - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sw - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sv - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sr - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sq - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ko - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kn - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-km - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kk - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ka - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-xh - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ca - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ku - 76.0.1+build1-0ubuntu0.16.04.1 firefox-mozsymbols - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lv - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lt - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-th - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hsb - 76.0.1+build1-0ubuntu0.16.04.1 firefox-dev - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-te - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cak - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ta - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lg - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-tr - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nso - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-de - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-da - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ms - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mr - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-my - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-uz - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ml - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mn - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mk - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ur - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-vi - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-eu - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-et - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-es - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-csb - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-el - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-eo - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-en - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zu - 76.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ast - 76.0.1+build1-0ubuntu0.16.04.1 No subscription required None https://launchpad.net/bugs/1878251 Ubuntu 16.04 LTS It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to inject arbitrary content in the login page. Update Instructions: Run `sudo pro fix USN-4354-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mailman - 1:2.1.20-1ubuntu0.5 No subscription required Medium CVE-2020-12108 Ubuntu 16.04 LTS PulseAudio in Ubuntu contains additional functionality to mediate audio recording for snap packages and it was discovered that this functionality did not mediate PulseAudio module unloading. An attacker-controlled snap with only the audio-playback interface connected could exploit this to bypass access controls and record audio. Update Instructions: Run `sudo pro fix USN-4355-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpulse0 - 1:8.0-0ubuntu3.12 pulseaudio-module-zeroconf - 1:8.0-0ubuntu3.12 pulseaudio-module-bluetooth - 1:8.0-0ubuntu3.12 libpulse-dev - 1:8.0-0ubuntu3.12 pulseaudio-utils - 1:8.0-0ubuntu3.12 pulseaudio-module-raop - 1:8.0-0ubuntu3.12 pulseaudio-module-trust-store - 1:8.0-0ubuntu3.12 pulseaudio - 1:8.0-0ubuntu3.12 libpulsedsp - 1:8.0-0ubuntu3.12 pulseaudio-module-x11 - 1:8.0-0ubuntu3.12 pulseaudio-esound-compat - 1:8.0-0ubuntu3.12 libpulse-mainloop-glib0 - 1:8.0-0ubuntu3.12 pulseaudio-module-gconf - 1:8.0-0ubuntu3.12 pulseaudio-module-droid - 1:8.0-0ubuntu3.12 pulseaudio-module-lirc - 1:8.0-0ubuntu3.12 pulseaudio-module-jack - 1:8.0-0ubuntu3.12 No subscription required Medium CVE-2020-11931 https://launchpad.net/bugs/1877102 Ubuntu 16.04 LTS Jeriko One discovered that Squid incorrectly handled certain Edge Side Includes (ESI) responses. A malicious remote server could cause Squid to crash, possibly poison the cache, or possibly execute arbitrary code. (CVE-2019-12519, CVE-2019-12521) It was discovered that Squid incorrectly handled the hostname parameter to cachemgr.cgi when certain browsers are used. A remote attacker could possibly use this issue to inject HTML or invalid characters in the hostname parameter. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.10. (CVE-2019-18860) Clément Berthaux and Florian Guilbert discovered that Squid incorrectly handled Digest Authentication nonce values. A remote attacker could use this issue to replay nonce values, or possibly execute arbitrary code. (CVE-2020-11945) Update Instructions: Run `sudo pro fix USN-4356-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squid-common - 3.5.12-1ubuntu7.11 squid - 3.5.12-1ubuntu7.11 squid-cgi - 3.5.12-1ubuntu7.11 squid-purge - 3.5.12-1ubuntu7.11 squidclient - 3.5.12-1ubuntu7.11 squid3 - 3.5.12-1ubuntu7.11 No subscription required Medium CVE-2019-12519 CVE-2019-12521 CVE-2019-18860 CVE-2020-11945 Ubuntu 16.04 LTS It was discovered that libexif incorrectly handled certain tags. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-20030) It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash. (CVE-2020-12767) Update Instructions: Run `sudo pro fix USN-4358-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libexif-dev - 0.6.21-2ubuntu0.2 libexif12 - 0.6.21-2ubuntu0.2 No subscription required Medium CVE-2018-20030 CVE-2020-12767 Ubuntu 16.04 LTS It was discovered that APT incorrectly handled certain filenames during package installation. If an attacker could provide a specially crafted package to be installed by the system administrator, this could cause APT to crash. Update Instructions: Run `sudo pro fix USN-4359-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apt-doc - 1.2.32ubuntu0.1 apt-transport-https - 1.2.32ubuntu0.1 libapt-pkg5.0 - 1.2.32ubuntu0.1 libapt-pkg-doc - 1.2.32ubuntu0.1 apt - 1.2.32ubuntu0.1 apt-utils - 1.2.32ubuntu0.1 libapt-inst2.0 - 1.2.32ubuntu0.1 libapt-pkg-dev - 1.2.32ubuntu0.1 No subscription required Medium CVE-2020-3810 Ubuntu 16.04 LTS It was discovered that json-c incorrectly handled certain JSON files. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4360-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjson-c2 - 0.11-4ubuntu2.1 libjson-c-doc - 0.11-4ubuntu2.1 libjson-c-dev - 0.11-4ubuntu2.1 libjson0 - 0.11-4ubuntu2.1 libjson0-dev - 0.11-4ubuntu2.1 No subscription required Medium CVE-2020-12762 Ubuntu 16.04 LTS USN-4360-1 fixed a vulnerability in json-c. The security fix introduced a memory leak in some scenarios. This update reverts the security fix pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that json-c incorrectly handled certain JSON files. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4360-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjson-c2 - 0.11-4ubuntu2.5 libjson-c-doc - 0.11-4ubuntu2.5 libjson-c-dev - 0.11-4ubuntu2.5 libjson0 - 0.11-4ubuntu2.5 libjson0-dev - 0.11-4ubuntu2.5 No subscription required None https://launchpad.net/bugs/1878723 Ubuntu 16.04 LTS USN-4360-1 fixed a vulnerability in json-c. The security fix introduced a memory leak that was reverted in USN-4360-2 and USN-4360-3. This update provides the correct fix update for CVE-2020-12762. Original advisory details: It was discovered that json-c incorrectly handled certain JSON files. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4360-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjson-c2 - 0.11-4ubuntu2.6 libjson-c-doc - 0.11-4ubuntu2.6 libjson-c-dev - 0.11-4ubuntu2.6 libjson0 - 0.11-4ubuntu2.6 libjson0-dev - 0.11-4ubuntu2.6 No subscription required Medium CVE-2020-12762 Ubuntu 16.04 LTS It was discovered that the Serial CAN interface driver in the Linux kernel did not properly initialize data. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-11494) It was discovered that the linux kernel did not properly validate certain mount options to the tmpfs virtual memory file system. A local attacker with the ability to specify mount options could use this to cause a denial of service (system crash). (CVE-2020-11565) David Gibson discovered that the Linux kernel on Power9 CPUs did not properly save and restore Authority Mask registers state in some situations. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2020-11669) It was discovered that the block layer in the Linux kernel contained a race condition leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2020-12657) Update Instructions: Run `sudo pro fix USN-4363-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-101-generic - 4.15.0-101.102~16.04.1 linux-image-4.15.0-101-generic-lpae - 4.15.0-101.102~16.04.1 linux-image-4.15.0-101-lowlatency - 4.15.0-101.102~16.04.1 No subscription required linux-image-4.15.0-1039-oracle - 4.15.0-1039.43~16.04.1 No subscription required linux-image-4.15.0-1067-aws - 4.15.0-1067.71~16.04.1 No subscription required linux-image-4.15.0-1071-gcp - 4.15.0-1071.81~16.04.1 No subscription required linux-image-4.15.0-1083-azure - 4.15.0-1083.93~16.04.1 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.101.108 linux-image-generic-hwe-16.04-edge - 4.15.0.101.108 linux-image-generic-lpae-hwe-16.04 - 4.15.0.101.108 linux-image-generic-hwe-16.04 - 4.15.0.101.108 linux-image-virtual-hwe-16.04 - 4.15.0.101.108 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.101.108 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.101.108 linux-image-oem - 4.15.0.101.108 linux-image-lowlatency-hwe-16.04 - 4.15.0.101.108 No subscription required linux-image-oracle - 4.15.0.1039.32 No subscription required linux-image-aws-hwe - 4.15.0.1067.67 No subscription required linux-image-gke - 4.15.0.1071.77 linux-image-gcp - 4.15.0.1071.77 No subscription required linux-image-azure-edge - 4.15.0.1083.82 linux-image-azure - 4.15.0.1083.82 No subscription required Medium CVE-2020-11494 CVE-2020-11565 CVE-2020-11669 CVE-2020-12657 Ubuntu 16.04 LTS It was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19060) It was discovered that the vhost net driver in the Linux kernel contained a stack buffer overflow. A local attacker with the ability to perform ioctl() calls on /dev/vhost-net could use this to cause a denial of service (system crash). (CVE-2020-10942) It was discovered that the Serial CAN interface driver in the Linux kernel did not properly initialize data. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-11494) It was discovered that the linux kernel did not properly validate certain mount options to the tmpfs virtual memory file system. A local attacker with the ability to specify mount options could use this to cause a denial of service (system crash). (CVE-2020-11565) It was discovered that the OV51x USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2020-11608) It was discovered that the STV06XX USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2020-11609) It was discovered that the Xirlink C-It USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2020-11668) Update Instructions: Run `sudo pro fix USN-4364-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1071-kvm - 4.4.0-1071.78 No subscription required linux-image-4.4.0-1107-aws - 4.4.0-1107.118 No subscription required linux-image-4.4.0-1133-raspi2 - 4.4.0-1133.142 No subscription required linux-image-4.4.0-1137-snapdragon - 4.4.0-1137.145 No subscription required linux-image-4.4.0-179-powerpc-smp - 4.4.0-179.209 linux-image-4.4.0-179-powerpc64-emb - 4.4.0-179.209 linux-image-4.4.0-179-generic - 4.4.0-179.209 linux-image-4.4.0-179-lowlatency - 4.4.0-179.209 linux-image-4.4.0-179-powerpc-e500mc - 4.4.0-179.209 linux-image-4.4.0-179-powerpc64-smp - 4.4.0-179.209 linux-image-4.4.0-179-generic-lpae - 4.4.0-179.209 No subscription required linux-image-kvm - 4.4.0.1071.71 No subscription required linux-image-aws - 4.4.0.1107.111 No subscription required linux-image-raspi2 - 4.4.0.1133.133 No subscription required linux-image-snapdragon - 4.4.0.1137.129 No subscription required linux-image-virtual-lts-xenial - 4.4.0.179.187 linux-image-generic-lts-wily - 4.4.0.179.187 linux-image-powerpc64-emb-lts-vivid - 4.4.0.179.187 linux-image-powerpc-e500mc - 4.4.0.179.187 linux-image-generic-lpae-lts-xenial - 4.4.0.179.187 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.179.187 linux-image-generic-lpae-lts-utopic - 4.4.0.179.187 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.179.187 linux-image-generic-lts-utopic - 4.4.0.179.187 linux-image-powerpc-e500mc-lts-wily - 4.4.0.179.187 linux-image-generic-lts-vivid - 4.4.0.179.187 linux-image-generic-lpae-lts-wily - 4.4.0.179.187 linux-image-virtual-lts-vivid - 4.4.0.179.187 linux-image-virtual-lts-utopic - 4.4.0.179.187 linux-image-virtual - 4.4.0.179.187 linux-image-powerpc64-emb-lts-wily - 4.4.0.179.187 linux-image-lowlatency-lts-vivid - 4.4.0.179.187 linux-image-powerpc64-smp-lts-utopic - 4.4.0.179.187 linux-image-powerpc64-emb - 4.4.0.179.187 linux-image-powerpc-smp-lts-xenial - 4.4.0.179.187 linux-image-powerpc64-smp-lts-vivid - 4.4.0.179.187 linux-image-lowlatency-lts-wily - 4.4.0.179.187 linux-image-virtual-lts-wily - 4.4.0.179.187 linux-image-generic - 4.4.0.179.187 linux-image-lowlatency-lts-xenial - 4.4.0.179.187 linux-image-powerpc64-smp-lts-xenial - 4.4.0.179.187 linux-image-powerpc64-emb-lts-utopic - 4.4.0.179.187 linux-image-generic-lts-xenial - 4.4.0.179.187 linux-image-powerpc-smp - 4.4.0.179.187 linux-image-generic-lpae-lts-vivid - 4.4.0.179.187 linux-image-generic-lpae - 4.4.0.179.187 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.179.187 linux-image-powerpc64-smp-lts-wily - 4.4.0.179.187 linux-image-powerpc64-emb-lts-xenial - 4.4.0.179.187 linux-image-powerpc-smp-lts-wily - 4.4.0.179.187 linux-image-powerpc64-smp - 4.4.0.179.187 linux-image-lowlatency-lts-utopic - 4.4.0.179.187 linux-image-powerpc-smp-lts-vivid - 4.4.0.179.187 linux-image-lowlatency - 4.4.0.179.187 linux-image-powerpc-smp-lts-utopic - 4.4.0.179.187 No subscription required Medium CVE-2019-19060 CVE-2020-10942 CVE-2020-11494 CVE-2020-11565 CVE-2020-11608 CVE-2020-11609 CVE-2020-11668 Ubuntu 16.04 LTS Lior Shafir, Yehuda Afek, and Anat Bremler-Barr discovered that Bind incorrectly limited certain fetches. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service, or possibly use Bind to perform a reflection attack. (CVE-2020-8616) Tobias Klein discovered that Bind incorrectly handled checking TSIG validity. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service, or possibly perform other attacks. (CVE-2020-8617) Update Instructions: Run `sudo pro fix USN-4365-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libisccfg-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.16 libisc160 - 1:9.10.3.dfsg.P4-8ubuntu1.16 libisccc-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.16 libdns162 - 1:9.10.3.dfsg.P4-8ubuntu1.16 libbind-dev - 1:9.10.3.dfsg.P4-8ubuntu1.16 libisc-export160-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.16 liblwres141 - 1:9.10.3.dfsg.P4-8ubuntu1.16 libisccc-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.16 libisccfg-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.16 bind9 - 1:9.10.3.dfsg.P4-8ubuntu1.16 libisc-export160 - 1:9.10.3.dfsg.P4-8ubuntu1.16 libdns-export162-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.16 bind9-doc - 1:9.10.3.dfsg.P4-8ubuntu1.16 libbind-export-dev - 1:9.10.3.dfsg.P4-8ubuntu1.16 libisccc140 - 1:9.10.3.dfsg.P4-8ubuntu1.16 host - 1:9.10.3.dfsg.P4-8ubuntu1.16 libisccfg140 - 1:9.10.3.dfsg.P4-8ubuntu1.16 bind9-host - 1:9.10.3.dfsg.P4-8ubuntu1.16 dnsutils - 1:9.10.3.dfsg.P4-8ubuntu1.16 libdns-export162 - 1:9.10.3.dfsg.P4-8ubuntu1.16 bind9utils - 1:9.10.3.dfsg.P4-8ubuntu1.16 libirs-export141-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.16 libbind9-140 - 1:9.10.3.dfsg.P4-8ubuntu1.16 libirs141 - 1:9.10.3.dfsg.P4-8ubuntu1.16 libirs-export141 - 1:9.10.3.dfsg.P4-8ubuntu1.16 lwresd - 1:9.10.3.dfsg.P4-8ubuntu1.16 No subscription required Medium CVE-2020-8616 CVE-2020-8617 Ubuntu 16.04 LTS It was discovered that Exim incorrectly handled certain inputs. An remote attacker could possibly use this issue to access sensitive information or authentication bypass. Update Instructions: Run `sudo pro fix USN-4366-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exim4-dev - 4.86.2-2ubuntu2.6 eximon4 - 4.86.2-2ubuntu2.6 exim4 - 4.86.2-2ubuntu2.6 exim4-daemon-light - 4.86.2-2ubuntu2.6 exim4-config - 4.86.2-2ubuntu2.6 exim4-daemon-heavy - 4.86.2-2ubuntu2.6 exim4-base - 4.86.2-2ubuntu2.6 No subscription required Medium CVE-2020-12783 Ubuntu 16.04 LTS It was discovered that ClamAV incorrectly handled parsing ARJ archives. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2020-3327) It was discovered that ClamAV incorrectly handled parsing PDF files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2020-3341) Update Instructions: Run `sudo pro fix USN-4370-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.102.3+dfsg-0ubuntu0.16.04.1 clamav-testfiles - 0.102.3+dfsg-0ubuntu0.16.04.1 clamav-base - 0.102.3+dfsg-0ubuntu0.16.04.1 clamav - 0.102.3+dfsg-0ubuntu0.16.04.1 clamav-daemon - 0.102.3+dfsg-0ubuntu0.16.04.1 clamav-milter - 0.102.3+dfsg-0ubuntu0.16.04.1 clamav-docs - 0.102.3+dfsg-0ubuntu0.16.04.1 clamav-freshclam - 0.102.3+dfsg-0ubuntu0.16.04.1 libclamav9 - 0.102.3+dfsg-0ubuntu0.16.04.1 clamdscan - 0.102.3+dfsg-0ubuntu0.16.04.1 No subscription required Medium CVE-2020-3327 CVE-2020-3341 Ubuntu 16.04 LTS It was discovered that QEMU incorrectly handled bochs-display devices. A local attacker in a guest could use this to cause a denial of service or possibly execute arbitrary code in the host. This issue only affected Ubuntu 19.10. (CVE-2019-15034) It was discovered that QEMU incorrectly handled memory during certain VNC operations. A remote attacker could possibly use this issue to cause QEMU to consume resources, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.10. (CVE-2019-20382) It was discovered that QEMU incorrectly generated QEMU Pointer Authentication signatures on ARM. A local attacker could possibly use this issue to bypass PAuth. This issue only affected Ubuntu 19.10. (CVE-2020-10702) Ziming Zhang discovered that QEMU incorrectly handled ATI VGA emulation. A local attacker in a guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-11869) Aviv Sasson discovered that QEMU incorrectly handled Slirp networking. A remote attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.10. (CVE-2020-1983) Update Instructions: Run `sudo pro fix USN-4372-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.5+dfsg-5ubuntu10.44 qemu-user-static - 1:2.5+dfsg-5ubuntu10.44 qemu-system-s390x - 1:2.5+dfsg-5ubuntu10.44 qemu-block-extra - 1:2.5+dfsg-5ubuntu10.44 qemu-kvm - 1:2.5+dfsg-5ubuntu10.44 qemu-user - 1:2.5+dfsg-5ubuntu10.44 qemu-guest-agent - 1:2.5+dfsg-5ubuntu10.44 qemu-system - 1:2.5+dfsg-5ubuntu10.44 qemu-utils - 1:2.5+dfsg-5ubuntu10.44 qemu-system-aarch64 - 1:2.5+dfsg-5ubuntu10.44 qemu-system-mips - 1:2.5+dfsg-5ubuntu10.44 qemu-user-binfmt - 1:2.5+dfsg-5ubuntu10.44 qemu-system-x86 - 1:2.5+dfsg-5ubuntu10.44 qemu-system-arm - 1:2.5+dfsg-5ubuntu10.44 qemu-system-sparc - 1:2.5+dfsg-5ubuntu10.44 qemu - 1:2.5+dfsg-5ubuntu10.44 qemu-system-ppc - 1:2.5+dfsg-5ubuntu10.44 qemu-system-misc - 1:2.5+dfsg-5ubuntu10.44 No subscription required Medium CVE-2019-15034 CVE-2019-20382 CVE-2020-10702 CVE-2020-11869 CVE-2020-1983 Ubuntu 16.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2020-6831, CVE-2020-12387, CVE-2020-12395) It was discovered that the Devtools’ ‘Copy as cURL’ feature did not properly escape the HTTP POST data of a request. If a user were tricked in to using the ‘Copy as cURL’ feature to copy and paste a command with specially crafted data in to a terminal, an attacker could potentially exploit this to obtain sensitive information from local files. (CVE-2020-12392) It was discovered that Thunderbird did not correctly handle Unicode whitespace characters within the From email header. An attacker could potentially exploit this to spoof the sender email address that Thunderbird displays. (CVE-2020-12397) Update Instructions: Run `sudo pro fix USN-4373-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: thunderbird-locale-es-ar - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-br - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-bn - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-be - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-bg - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-ja - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-sl - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-sk - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-si - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-gnome-support - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-sv - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-sr - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-sq - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-hsb - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-cy - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-cs - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-en - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-ca - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-pt-br - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-pa - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-ka - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-ko - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-kk - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-kab - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-pl - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-zh-tw - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-pt - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-nn-no - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-nb-no - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-bn-bd - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-lt - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-en-gb - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-uz - 1:68.8.0+build2-0ubuntu0.16.04.2 xul-ext-calendar-timezones - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-de - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-da - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-uk - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-dev - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-el - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-en-us - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-rm - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-ms - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-ro - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-eu - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-et - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-zh-hant - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-zh-hans - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-ru - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-es - 1:68.8.0+build2-0ubuntu0.16.04.2 xul-ext-gdata-provider - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-fr - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-es-es - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-ta-lk - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-fy - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-fi - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-ast - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-nl - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-nn - 1:68.8.0+build2-0ubuntu0.16.04.2 xul-ext-lightning - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-ga-ie - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-fy-nl - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-nb - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-mozsymbols - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-zh-cn - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-gl - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-ga - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-tr - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-gd - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-ta - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-dsb - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-vi - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-hy - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-sv-se - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-hr - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-hu - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-pa-in - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-he - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-ar - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-af - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-pt-pt - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-cak - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-is - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-it - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-mk - 1:68.8.0+build2-0ubuntu0.16.04.2 thunderbird-locale-id - 1:68.8.0+build2-0ubuntu0.16.04.2 No subscription required Medium CVE-2020-6831 CVE-2020-12387 CVE-2020-12392 CVE-2020-12395 CVE-2020-12397 Ubuntu 16.04 LTS It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4375-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.0-cgi - 7.0.33-0ubuntu0.16.04.15 php7.0-mcrypt - 7.0.33-0ubuntu0.16.04.15 php7.0-xsl - 7.0.33-0ubuntu0.16.04.15 php7.0-fpm - 7.0.33-0ubuntu0.16.04.15 libphp7.0-embed - 7.0.33-0ubuntu0.16.04.15 php7.0-phpdbg - 7.0.33-0ubuntu0.16.04.15 php7.0-curl - 7.0.33-0ubuntu0.16.04.15 php7.0-ldap - 7.0.33-0ubuntu0.16.04.15 php7.0-mbstring - 7.0.33-0ubuntu0.16.04.15 php7.0-gmp - 7.0.33-0ubuntu0.16.04.15 php7.0-sqlite3 - 7.0.33-0ubuntu0.16.04.15 php7.0-gd - 7.0.33-0ubuntu0.16.04.15 php7.0-common - 7.0.33-0ubuntu0.16.04.15 php7.0-enchant - 7.0.33-0ubuntu0.16.04.15 php7.0-odbc - 7.0.33-0ubuntu0.16.04.15 php7.0-cli - 7.0.33-0ubuntu0.16.04.15 php7.0-json - 7.0.33-0ubuntu0.16.04.15 php7.0-pgsql - 7.0.33-0ubuntu0.16.04.15 libapache2-mod-php7.0 - 7.0.33-0ubuntu0.16.04.15 php7.0-zip - 7.0.33-0ubuntu0.16.04.15 php7.0-mysql - 7.0.33-0ubuntu0.16.04.15 php7.0-dba - 7.0.33-0ubuntu0.16.04.15 php7.0-sybase - 7.0.33-0ubuntu0.16.04.15 php7.0-pspell - 7.0.33-0ubuntu0.16.04.15 php7.0-xml - 7.0.33-0ubuntu0.16.04.15 php7.0-bz2 - 7.0.33-0ubuntu0.16.04.15 php7.0-recode - 7.0.33-0ubuntu0.16.04.15 php7.0-soap - 7.0.33-0ubuntu0.16.04.15 php7.0 - 7.0.33-0ubuntu0.16.04.15 php7.0-tidy - 7.0.33-0ubuntu0.16.04.15 php7.0-interbase - 7.0.33-0ubuntu0.16.04.15 php7.0-opcache - 7.0.33-0ubuntu0.16.04.15 php7.0-readline - 7.0.33-0ubuntu0.16.04.15 php7.0-intl - 7.0.33-0ubuntu0.16.04.15 php7.0-imap - 7.0.33-0ubuntu0.16.04.15 php7.0-xmlrpc - 7.0.33-0ubuntu0.16.04.15 php7.0-bcmath - 7.0.33-0ubuntu0.16.04.15 php7.0-dev - 7.0.33-0ubuntu0.16.04.15 php7.0-snmp - 7.0.33-0ubuntu0.16.04.15 No subscription required Medium CVE-2019-11048 Ubuntu 16.04 LTS Cesar Pereida García, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. (CVE-2019-1547) Matt Caswell discovered that OpenSSL incorrectly handled the random number generator (RNG). This may result in applications that use the fork() system call sharing the same RNG state between the parent and the child, contrary to expectations. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-1549) Guido Vranken discovered that OpenSSL incorrectly performed the x86_64 Montgomery squaring procedure. While unlikely, a remote attacker could possibly use this issue to recover private keys. (CVE-2019-1551) Bernd Edlinger discovered that OpenSSL incorrectly handled certain decryption functions. In certain scenarios, a remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. (CVE-2019-1563) Update Instructions: Run `sudo pro fix USN-4376-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.2g-1ubuntu4.16 libssl-dev - 1.0.2g-1ubuntu4.16 openssl - 1.0.2g-1ubuntu4.16 libssl-doc - 1.0.2g-1ubuntu4.16 libcrypto1.0.0-udeb - 1.0.2g-1ubuntu4.16 libssl1.0.0-udeb - 1.0.2g-1ubuntu4.16 No subscription required Low CVE-2019-1547 CVE-2019-1549 CVE-2019-1551 CVE-2019-1563 Ubuntu 16.04 LTS The ca-certificates package contained an expired CA certificate that caused connectivity issues. This update removes the "AddTrust External Root" CA. In addition, on Ubuntu 16.04 LTS and Ubuntu 18.04 LTS, this update refreshes the included certificates to those contained in the 20190110 package. Update Instructions: Run `sudo pro fix USN-4377-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ca-certificates-udeb - 20190110~16.04.1 ca-certificates - 20190110~16.04.1 No subscription required None https://launchpad.net/bugs/1881533 Ubuntu 16.04 LTS It was discovered that Flask incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4378-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-flask-doc - 0.10.1-2ubuntu0.1 python-flask - 0.10.1-2ubuntu0.1 python3-flask - 0.10.1-2ubuntu0.1 No subscription required Low CVE-2018-1000656 Ubuntu 16.04 LTS Dan Palmer discovered that Django incorrectly validated memcached cache keys. A remote attacker could possibly use this issue to cause a denial of service and obtain sensitive information. (CVE-2020-13254) Jon Dufresne discovered that Django incorrectly encoded query parameters for the admin ForeignKeyRawIdWidget. A remote attacker could possibly use this issue to perform XSS attacks. (CVE-2020-13596) Update Instructions: Run `sudo pro fix USN-4381-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1.8.7-1ubuntu5.13 python-django-doc - 1.8.7-1ubuntu5.13 python-django-common - 1.8.7-1ubuntu5.13 python-django - 1.8.7-1ubuntu5.13 No subscription required Medium CVE-2020-13254 CVE-2020-13596 Ubuntu 16.04 LTS It was discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4382-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfreerdp-common1.1.0 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libwinpr-dev - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libfreerdp-client1.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libwinpr-crt0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libfreerdp-primitives1.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libwinpr-pool0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libwinpr-library0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libwinpr-io0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libfreerdp-core1.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libfreerdp-locale1.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libfreerdp-gdi1.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libwinpr-winhttp0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libwinpr-synch0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libwinpr-sysinfo0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libfreerdp-codec1.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libwinpr-rpc0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libfreerdp-dev - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libwinpr-environment0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libfreerdp-cache1.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libwinpr-crypto0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libwinpr-sspi0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libfreerdp-utils1.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libwinpr-credui0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 freerdp-x11 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libwinpr-heap0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libfreerdp-rail1.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libwinpr-thread0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libwinpr-asn1-0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libwinpr-bcrypt0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libxfreerdp-client1.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libwinpr-file0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libwinpr-handle0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libwinpr-interlocked0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libwinpr-sspicli0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libwinpr-utils0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libwinpr-path0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libwinpr-error0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libwinpr-dsparse0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libfreerdp-plugins-standard - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libwinpr-timezone0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libfreerdp-crypto1.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libwinpr-winsock0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libwinpr-pipe0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libwinpr-credentials0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libwinpr-registry0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 libwinpr-input0.1 - 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 No subscription required Medium CVE-2020-11042 CVE-2020-11045 CVE-2020-11046 CVE-2020-11048 CVE-2020-11049 CVE-2020-11058 CVE-2020-11521 CVE-2020-11522 CVE-2020-11523 CVE-2020-11525 CVE-2020-11526 CVE-2020-13396 CVE-2020-13397 CVE-2020-13398 Ubuntu 16.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the addressbar, or execute arbitrary code. (CVE-2020-12405, CVE-2020-12406, CVE-2020-12407, CVE-2020-12408, CVE-2020-12409, CVE-2020-12410, CVE-2020-12411) It was discovered that NSS showed timing differences when performing DSA signatures. An attacker could potentially exploit this to obtain private keys using a timing attack. (CVE-2020-12399) Update Instructions: Run `sudo pro fix USN-4383-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nn - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ne - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nb - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fa - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fi - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fr - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fy - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-or - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kab - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-oc - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cs - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ga - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gd - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gn - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gl - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gu - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pa - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pl - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cy - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pt - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hi - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-uk - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-he - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hy - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hr - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hu - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-as - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ar - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ia - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-az - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-id - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mai - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-af - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-is - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-it - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-an - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bs - 77.0.1+build1-0ubuntu0.16.04.1 firefox - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ro - 77.0.1+build1-0ubuntu0.16.04.1 firefox-geckodriver - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ja - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ru - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-br - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zh-hant - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zh-hans - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bn - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-be - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bg - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sl - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sk - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-si - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sw - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sv - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sr - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sq - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ko - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kn - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-km - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kk - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ka - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-xh - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ca - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ku - 77.0.1+build1-0ubuntu0.16.04.1 firefox-mozsymbols - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lv - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lt - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-th - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hsb - 77.0.1+build1-0ubuntu0.16.04.1 firefox-dev - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-te - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cak - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ta - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lg - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-tr - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nso - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-de - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-da - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ms - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mr - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-my - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-uz - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ml - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mn - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mk - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ur - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-vi - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-eu - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-et - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-es - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-csb - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-el - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-eo - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-en - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zu - 77.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ast - 77.0.1+build1-0ubuntu0.16.04.1 No subscription required Medium CVE-2020-12399 CVE-2020-12405 CVE-2020-12406 CVE-2020-12407 CVE-2020-12408 CVE-2020-12409 CVE-2020-12410 CVE-2020-12411 Ubuntu 16.04 LTS It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. (CVE-2020-0543) It was discovered that on some Intel processors, partial data values previously read from a vector register on a physical core may be propagated into unused portions of the store buffer. A local attacker could possible use this to expose sensitive information. (CVE-2020-0548) It was discovered that on some Intel processors, data from the most recently evicted modified L1 data cache (L1D) line may be propagated into an unused (invalid) L1D fill buffer. A local attacker could possibly use this to expose sensitive information. (CVE-2020-0549) Update Instructions: Run `sudo pro fix USN-4385-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20200609.0ubuntu0.16.04.0 No subscription required Medium CVE-2020-0543 CVE-2020-0548 CVE-2020-0549 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SRBDS Ubuntu 16.04 LTS USN-4385-1 provided updated Intel Processor Microcode. Unfortunately, that update prevented certain processors in the Intel Skylake family (06_4EH) from booting successfully. Additonally, on Ubuntu 20.04 LTS, late loading of microcode was enabled, which could lead to system instability. This update reverts the microcode update for the Skylake processor family and disables the late loading option on Ubuntu 20.04 LTS. Please note that the 'dis_ucode_ldr' kernel command line option can be added in the boot menu to disable microcode loading for system recovery. We apologize for the inconvenience. Original advisory details: It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. (CVE-2020-0543) It was discovered that on some Intel processors, partial data values previously read from a vector register on a physical core may be propagated into unused portions of the store buffer. A local attacker could possible use this to expose sensitive information. (CVE-2020-0548) It was discovered that on some Intel processors, data from the most recently evicted modified L1 data cache (L1D) line may be propagated into an unused (invalid) L1D fill buffer. A local attacker could possibly use this to expose sensitive information. (CVE-2020-0549) Update Instructions: Run `sudo pro fix USN-4385-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20200609.0ubuntu0.16.04.1 No subscription required None https://launchpad.net/bugs/1882890 https://launchpad.net/bugs/1883002 Ubuntu 16.04 LTS It was discovered that libjpeg-turbo incorrectly handled certain PPM files. An attacker could possibly use this issue to access sensitive information. Update Instructions: Run `sudo pro fix USN-4386-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjpeg-turbo8 - 1.4.2-0ubuntu3.4 libjpeg-turbo-test - 1.4.2-0ubuntu3.4 libjpeg-turbo8-dev - 1.4.2-0ubuntu3.4 libturbojpeg - 1.4.2-0ubuntu3.4 libjpeg-turbo-progs - 1.4.2-0ubuntu3.4 No subscription required Medium CVE-2020-13790 Ubuntu 16.04 LTS It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2020-0067) It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. (CVE-2020-0543) Piotr Krysiuk discovered that race conditions existed in the file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12114) It was discovered that the USB susbsystem's scatter-gather implementation in the Linux kernel did not properly take data references in some situations, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-12464) Xiumei Mu discovered that the IPSec implementation in the Linux kernel did not properly encrypt IPv6 traffic in some situations. An attacker could use this to expose sensitive information. (CVE-2020-1749) Dmitry Vyukov discovered that the SELinux netlink security hook in the Linux kernel did not validate messages in some situations. A privileged attacker could use this to bypass SELinux netlink restrictions. (CVE-2020-10751) Update Instructions: Run `sudo pro fix USN-4390-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1045-oracle - 4.15.0-1045.49~16.04.1 No subscription required linux-image-4.15.0-106-lowlatency - 4.15.0-106.107~16.04.1 linux-image-4.15.0-106-generic - 4.15.0-106.107~16.04.1 linux-image-4.15.0-106-generic-lpae - 4.15.0-106.107~16.04.1 No subscription required linux-image-4.15.0-1073-aws - 4.15.0-1073.77~16.04.1 No subscription required linux-image-4.15.0-1077-gcp - 4.15.0-1077.87~16.04.1 No subscription required linux-image-4.15.0-1089-azure - 4.15.0-1089.99~16.04.1 No subscription required linux-image-oracle - 4.15.0.1045.38 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.106.111 linux-image-generic-hwe-16.04 - 4.15.0.106.111 linux-image-generic-hwe-16.04-edge - 4.15.0.106.111 linux-image-generic-lpae-hwe-16.04 - 4.15.0.106.111 linux-image-virtual-hwe-16.04 - 4.15.0.106.111 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.106.111 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.106.111 linux-image-oem - 4.15.0.106.111 linux-image-lowlatency-hwe-16.04 - 4.15.0.106.111 No subscription required linux-image-aws-hwe - 4.15.0.1073.73 No subscription required linux-image-gke - 4.15.0.1077.79 linux-image-gcp - 4.15.0.1077.79 No subscription required linux-image-azure-edge - 4.15.0.1089.84 linux-image-azure - 4.15.0.1089.84 No subscription required Medium CVE-2020-0067 CVE-2020-0543 CVE-2020-10751 CVE-2020-12114 CVE-2020-12464 CVE-2020-1749 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SRBDS Ubuntu 16.04 LTS It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle setxattr operations in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19319) It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. (CVE-2020-0543) Piotr Krysiuk discovered that race conditions existed in the file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12114) It was discovered that the USB susbsystem's scatter-gather implementation in the Linux kernel did not properly take data references in some situations, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-12464) It was discovered that the DesignWare SPI controller driver in the Linux kernel contained a race condition. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2020-12769) It was discovered that the exit signaling implementation in the Linux kernel contained an integer overflow. A local attacker could use this to cause a denial of service (arbitrary application crash). (CVE-2020-12826) Xiumei Mu discovered that the IPSec implementation in the Linux kernel did not properly encrypt IPv6 traffic in some situations. An attacker could use this to expose sensitive information. (CVE-2020-1749) Dmitry Vyukov discovered that the SELinux netlink security hook in the Linux kernel did not validate messages in some situations. A privileged attacker could use this to bypass SELinux netlink restrictions. (CVE-2020-10751) Update Instructions: Run `sudo pro fix USN-4391-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1075-kvm - 4.4.0-1075.82 No subscription required linux-image-4.4.0-1109-aws - 4.4.0-1109.120 No subscription required linux-image-4.4.0-1134-raspi2 - 4.4.0-1134.143 No subscription required linux-image-4.4.0-1138-snapdragon - 4.4.0-1138.146 No subscription required linux-image-4.4.0-184-generic - 4.4.0-184.214 linux-image-4.4.0-184-powerpc64-smp - 4.4.0-184.214 linux-image-4.4.0-184-generic-lpae - 4.4.0-184.214 linux-image-4.4.0-184-powerpc64-emb - 4.4.0-184.214 linux-image-4.4.0-184-lowlatency - 4.4.0-184.214 linux-image-4.4.0-184-powerpc-smp - 4.4.0-184.214 linux-image-4.4.0-184-powerpc-e500mc - 4.4.0-184.214 No subscription required linux-image-kvm - 4.4.0.1075.73 No subscription required linux-image-aws - 4.4.0.1109.113 No subscription required linux-image-raspi2 - 4.4.0.1134.134 No subscription required linux-image-snapdragon - 4.4.0.1138.130 No subscription required linux-image-virtual - 4.4.0.184.190 linux-image-generic-lts-wily - 4.4.0.184.190 linux-image-powerpc64-emb-lts-vivid - 4.4.0.184.190 linux-image-powerpc-e500mc - 4.4.0.184.190 linux-image-generic-lpae-lts-xenial - 4.4.0.184.190 linux-image-generic-lpae-lts-utopic - 4.4.0.184.190 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.184.190 linux-image-generic-lts-utopic - 4.4.0.184.190 linux-image-powerpc-e500mc-lts-wily - 4.4.0.184.190 linux-image-generic-lts-vivid - 4.4.0.184.190 linux-image-generic-lpae-lts-wily - 4.4.0.184.190 linux-image-virtual-lts-vivid - 4.4.0.184.190 linux-image-virtual-lts-utopic - 4.4.0.184.190 linux-image-powerpc64-emb-lts-wily - 4.4.0.184.190 linux-image-lowlatency-lts-vivid - 4.4.0.184.190 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.184.190 linux-image-powerpc-smp-lts-xenial - 4.4.0.184.190 linux-image-powerpc64-smp-lts-vivid - 4.4.0.184.190 linux-image-lowlatency-lts-wily - 4.4.0.184.190 linux-image-virtual-lts-wily - 4.4.0.184.190 linux-image-generic - 4.4.0.184.190 linux-image-powerpc64-smp-lts-utopic - 4.4.0.184.190 linux-image-powerpc64-smp-lts-xenial - 4.4.0.184.190 linux-image-powerpc64-emb-lts-utopic - 4.4.0.184.190 linux-image-generic-lts-xenial - 4.4.0.184.190 linux-image-powerpc-smp - 4.4.0.184.190 linux-image-lowlatency-lts-xenial - 4.4.0.184.190 linux-image-generic-lpae - 4.4.0.184.190 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.184.190 linux-image-powerpc64-smp-lts-wily - 4.4.0.184.190 linux-image-powerpc64-emb - 4.4.0.184.190 linux-image-powerpc64-emb-lts-xenial - 4.4.0.184.190 linux-image-generic-lpae-lts-vivid - 4.4.0.184.190 linux-image-powerpc-smp-lts-wily - 4.4.0.184.190 linux-image-powerpc64-smp - 4.4.0.184.190 linux-image-lowlatency-lts-utopic - 4.4.0.184.190 linux-image-powerpc-smp-lts-vivid - 4.4.0.184.190 linux-image-lowlatency - 4.4.0.184.190 linux-image-virtual-lts-xenial - 4.4.0.184.190 linux-image-powerpc-smp-lts-utopic - 4.4.0.184.190 No subscription required Medium CVE-2019-19319 CVE-2020-0543 CVE-2020-10751 CVE-2020-12114 CVE-2020-12464 CVE-2020-12769 CVE-2020-12826 CVE-2020-1749 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SRBDS Ubuntu 16.04 LTS It was discovered that SQLite incorrectly handled certain corruped schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-8740) It was discovered that SQLite incorrectly handled certain SELECT statements. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 19.10. (CVE-2019-19603) It was discovered that SQLite incorrectly handled certain self-referential views. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 19.10. (CVE-2019-19645) Henry Liu discovered that SQLite incorrectly handled certain malformed window-function queries. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-11655) It was discovered that SQLite incorrectly handled certain string operations. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-13434) It was discovered that SQLite incorrectly handled certain expressions. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-13435) It was discovered that SQLite incorrectly handled certain fts3 queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-13630) It was discovered that SQLite incorrectly handled certain virtual table names. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-13631) It was discovered that SQLite incorrectly handled certain fts3 queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-13632) Update Instructions: Run `sudo pro fix USN-4394-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lemon - 3.11.0-1ubuntu1.5 sqlite3-doc - 3.11.0-1ubuntu1.5 libsqlite3-0 - 3.11.0-1ubuntu1.5 libsqlite3-tcl - 3.11.0-1ubuntu1.5 sqlite3 - 3.11.0-1ubuntu1.5 libsqlite3-dev - 3.11.0-1ubuntu1.5 No subscription required Medium CVE-2018-8740 CVE-2019-19603 CVE-2019-19645 CVE-2020-11655 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 Ubuntu 16.04 LTS Justin Steven discovered that fwupd incorrectly handled certain signature verification. An attacker could possibly use this issue to install an unsigned firmware. Update Instructions: Run `sudo pro fix USN-4395-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libdfu-dev - 0.8.3-0ubuntu5.1 fwupd - 0.8.3-0ubuntu5.1 libfwupd-dev - 0.8.3-0ubuntu5.1 libdfu1 - 0.8.3-0ubuntu5.1 libfwupd1 - 0.8.3-0ubuntu5.1 No subscription required Medium CVE-2020-10759 Ubuntu 16.04 LTS It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-0093, CVE-2020-0182) It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to cause a remote denial of service. (CVE-2020-0198) It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information or cause a crash. (CVE-2020-13112) It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash. (CVE-2020-13113) It was discovered libexif incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-13114) Update Instructions: Run `sudo pro fix USN-4396-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libexif-dev - 0.6.21-2ubuntu0.5 libexif12 - 0.6.21-2ubuntu0.5 No subscription required Medium CVE-2020-0093 CVE-2020-0182 CVE-2020-0198 CVE-2020-13112 CVE-2020-13113 CVE-2020-13114 Ubuntu 16.04 LTS It was discovered that NSS incorrectly handled the TLS State Machine. A remote attacker could possibly use this issue to cause NSS to hang, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-17023) Cesar Pereida Garcia discovered that NSS incorrectly handled DSA key generation. A local attacker could possibly use this issue to perform a timing attack and recover DSA keys. (CVE-2020-12399) Update Instructions: Run `sudo pro fix USN-4397-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.28.4-0ubuntu0.16.04.11 libnss3-dev - 2:3.28.4-0ubuntu0.16.04.11 libnss3 - 2:3.28.4-0ubuntu0.16.04.11 libnss3-1d - 2:3.28.4-0ubuntu0.16.04.11 libnss3-tools - 2:3.28.4-0ubuntu0.16.04.11 No subscription required Medium CVE-2019-17023 CVE-2020-12399 Ubuntu 16.04 LTS Kevin Backhouse discovered that DBus incorrectly handled file descriptors. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4398-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dbus-1-doc - 1.10.6-1ubuntu3.6 dbus - 1.10.6-1ubuntu3.6 libdbus-1-dev - 1.10.6-1ubuntu3.6 dbus-udeb - 1.10.6-1ubuntu3.6 dbus-user-session - 1.10.6-1ubuntu3.6 libdbus-1-3-udeb - 1.10.6-1ubuntu3.6 dbus-x11 - 1.10.6-1ubuntu3.6 dbus-tests - 1.10.6-1ubuntu3.6 libdbus-1-3 - 1.10.6-1ubuntu3.6 No subscription required Medium CVE-2020-12049 Ubuntu 16.04 LTS It was discovered that the nfs-utils package set incorrect permissions on the /var/lib/nfs directory. An attacker could possibly use this issue to escalate privileges. Update Instructions: Run `sudo pro fix USN-4400-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nfs-kernel-server - 1:1.2.8-9ubuntu12.3 nfs-common - 1:1.2.8-9ubuntu12.3 No subscription required Low CVE-2019-3689 Ubuntu 16.04 LTS It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this issue to enable MITM attacks. (CVE-2020-14093) It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this issue to proceeds with a connection even if the user rejects an expired intermediate certificate. (CVE-2020-14154) Update Instructions: Run `sudo pro fix USN-4401-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mutt-patched - 1.5.24-1ubuntu0.3 mutt - 1.5.24-1ubuntu0.3 No subscription required Medium CVE-2020-14093 CVE-2020-14154 Ubuntu 16.04 LTS Marek Szlagor, Gregory Jefferis and Jeroen Ooms discovered that curl incorrectly handled certain credentials. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-8169) It was discovered that curl incorrectly handled certain parameters. An attacker could possibly use this issue to overwrite a local file. (CVE-2020-8177) Update Instructions: Run `sudo pro fix USN-4402-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.47.0-1ubuntu2.15 libcurl4-openssl-dev - 7.47.0-1ubuntu2.15 libcurl3-gnutls - 7.47.0-1ubuntu2.15 libcurl4-doc - 7.47.0-1ubuntu2.15 libcurl3-nss - 7.47.0-1ubuntu2.15 libcurl4-nss-dev - 7.47.0-1ubuntu2.15 libcurl3 - 7.47.0-1ubuntu2.15 curl - 7.47.0-1ubuntu2.15 No subscription required Medium CVE-2020-8169 CVE-2020-8177 Ubuntu 16.04 LTS It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this issue to enable MITM attacks. (CVE-2020-14954) This update also address a regression caused in the last update USN-4401-1. It only affected Ubuntu 12.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.10. Update Instructions: Run `sudo pro fix USN-4403-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mutt-patched - 1.5.24-1ubuntu0.4 mutt - 1.5.24-1ubuntu0.4 No subscription required Medium CVE-2020-14954 https://launchpad.net/bugs/1884588 Ubuntu 16.04 LTS It was discovered that glib-networking skipped hostname certificate verification if the application failed to specify the server identity. A remote attacker could use this to perform a person-in-the-middle attack and expose sensitive information. Update Instructions: Run `sudo pro fix USN-4405-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: glib-networking - 2.48.2-1~ubuntu16.04.2 glib-networking-services - 2.48.2-1~ubuntu16.04.2 glib-networking-tests - 2.48.2-1~ubuntu16.04.2 glib-networking-common - 2.48.2-1~ubuntu16.04.2 No subscription required Medium CVE-2020-13645 Ubuntu 16.04 LTS It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to inject arbitrary content in the login page. Update Instructions: Run `sudo pro fix USN-4406-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mailman - 1:2.1.20-1ubuntu0.6 No subscription required Medium CVE-2020-15011 Ubuntu 16.04 LTS It was discovered that LibVNCServer incorrectly handled decompressing data. An attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. (CVE-2019-15680) It was discovered that an information disclosure vulnerability existed in LibVNCServer when sending a ServerCutText message. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. (CVE-2019-15681) It was discovered that LibVNCServer incorrectly handled cursor shape updates. If a user were tricked in to connecting to a malicious server, an attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. (CVE-2019-15690, CVE-2019-20788) It was discovered that LibVNCServer incorrectly handled decoding WebSocket frames. An attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. (CVE-2017-18922) Update Instructions: Run `sudo pro fix USN-4407-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvncserver-config - 0.9.10+dfsg-3ubuntu0.16.04.4 libvncserver-dev - 0.9.10+dfsg-3ubuntu0.16.04.4 libvncserver1 - 0.9.10+dfsg-3ubuntu0.16.04.4 libvncclient1 - 0.9.10+dfsg-3ubuntu0.16.04.4 No subscription required Medium CVE-2017-18922 CVE-2019-15680 CVE-2019-15681 CVE-2019-15690 CVE-2019-20788 Ubuntu 16.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass permission prompts, or execute arbitrary code. (CVE-2020-12415, CVE-2020-12416, CVE-2020-12417, CVE-2020-12418, CVE-2020-12419, CVE-2020-12420, CVE-2020-12422, CVE-2020-12424, CVE-2020-12425, CVE-2020-12426) It was discovered that when performing add-on updates, certificate chains not terminating with built-in roots were silently rejected. This could result in add-ons becoming outdated. (CVE-2020-12421) Update Instructions: Run `sudo pro fix USN-4408-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nn - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ne - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nb - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fa - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fi - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fr - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fy - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-or - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kab - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-oc - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cs - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ga - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gd - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gn - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gl - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gu - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pa - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pl - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cy - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pt - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hi - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-uk - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-he - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hy - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hr - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hu - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-as - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ar - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ia - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-az - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-id - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mai - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-af - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-is - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-it - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-an - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bs - 78.0.1+build1-0ubuntu0.16.04.1 firefox - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ro - 78.0.1+build1-0ubuntu0.16.04.1 firefox-geckodriver - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ja - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ru - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-br - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zh-hant - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zh-hans - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bn - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-be - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bg - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sl - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sk - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-si - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sw - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sv - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sr - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sq - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ko - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kn - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-km - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kk - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ka - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-xh - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ca - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ku - 78.0.1+build1-0ubuntu0.16.04.1 firefox-mozsymbols - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lv - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lt - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-th - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hsb - 78.0.1+build1-0ubuntu0.16.04.1 firefox-dev - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-te - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cak - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ta - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lg - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-tr - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nso - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-de - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-da - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ms - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mr - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-my - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-uz - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ml - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mn - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mk - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ur - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-vi - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-eu - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-et - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-es - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-csb - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-el - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-eo - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-en - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zu - 78.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ast - 78.0.1+build1-0ubuntu0.16.04.1 No subscription required Medium CVE-2020-12415 CVE-2020-12416 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 CVE-2020-12422 CVE-2020-12424 CVE-2020-12425 CVE-2020-12426 Ubuntu 16.04 LTS Andrew Bartlett discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-10730) Douglas Bagnall discovered that Samba incorrectly handled certain queries. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2020-10745) Andrei Popa discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-10760) Update Instructions: Run `sudo pro fix USN-4409-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.16.04.28 samba - 2:4.3.11+dfsg-0ubuntu0.16.04.28 libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.28 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.28 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.28 smbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.28 python-samba - 2:4.3.11+dfsg-0ubuntu0.16.04.28 winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.28 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.16.04.28 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.16.04.28 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.16.04.28 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.28 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.28 samba-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.28 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.28 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.28 samba-common - 2:4.3.11+dfsg-0ubuntu0.16.04.28 registry-tools - 2:4.3.11+dfsg-0ubuntu0.16.04.28 samba-libs - 2:4.3.11+dfsg-0ubuntu0.16.04.28 ctdb - 2:4.3.11+dfsg-0ubuntu0.16.04.28 No subscription required Medium CVE-2020-10730 CVE-2020-10745 CVE-2020-10760 Ubuntu 16.04 LTS It was discovered that the network block device (nbd) implementation in the Linux kernel did not properly check for error conditions in some situations. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16089) It was discovered that the btrfs file system implementation in the Linux kernel did not properly validate file system metadata in some situations. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2019-19036, CVE-2019-19318, CVE-2019-19813, CVE-2019-19816) It was discovered that the btrfs implementation in the Linux kernel did not properly detect that a block was marked dirty in some situations. An attacker could use this to specially craft a file system image that, when unmounted, could cause a denial of service (system crash). (CVE-2019-19377) It was discovered that the kernel->user space relay implementation in the Linux kernel did not properly check return values in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-19462) Matthew Sheets discovered that the SELinux network label handling implementation in the Linux kernel could be coerced into de-referencing a NULL pointer. A remote attacker could use this to cause a denial of service (system crash). (CVE-2020-10711) It was discovered that the SCSI generic (sg) driver in the Linux kernel did not properly handle certain error conditions correctly. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2020-12770) It was discovered that the USB Gadget device driver in the Linux kernel did not validate arguments passed from configfs in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2020-13143) It was discovered that the efi subsystem in the Linux kernel did not handle memory allocation failures during early boot in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12380) It was discovered that the btrfs file system in the Linux kernel in some error conditions could report register information to the dmesg buffer. A local attacker could possibly use this to expose sensitive information. (CVE-2019-19039) Update Instructions: Run `sudo pro fix USN-4414-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1046-oracle - 4.15.0-1046.50~16.04.1 No subscription required linux-image-4.15.0-107-lowlatency - 4.15.0-107.108~16.04.1 linux-image-4.15.0-107-generic-lpae - 4.15.0-107.108~16.04.1 linux-image-4.15.0-107-generic - 4.15.0-107.108~16.04.1 No subscription required linux-image-4.15.0-1074-aws - 4.15.0-1074.78~16.04.1 No subscription required linux-image-4.15.0-1078-gcp - 4.15.0-1078.88~16.04.1 No subscription required linux-image-4.15.0-1091-azure - 4.15.0-1091.101~16.04.1 No subscription required linux-image-oracle - 4.15.0.1046.39 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.107.112 linux-image-lowlatency-hwe-16.04 - 4.15.0.107.112 linux-image-generic-hwe-16.04-edge - 4.15.0.107.112 linux-image-generic-lpae-hwe-16.04 - 4.15.0.107.112 linux-image-virtual-hwe-16.04 - 4.15.0.107.112 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.107.112 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.107.112 linux-image-oem - 4.15.0.107.112 linux-image-generic-hwe-16.04 - 4.15.0.107.112 No subscription required linux-image-aws-hwe - 4.15.0.1074.74 No subscription required linux-image-gke - 4.15.0.1078.80 linux-image-gcp - 4.15.0.1078.80 No subscription required linux-image-azure-edge - 4.15.0.1091.86 linux-image-azure - 4.15.0.1091.86 No subscription required Medium CVE-2019-12380 CVE-2019-16089 CVE-2019-19036 CVE-2019-19039 CVE-2019-19318 CVE-2019-19377 CVE-2019-19462 CVE-2019-19813 CVE-2019-19816 CVE-2020-10711 CVE-2020-12770 CVE-2020-13143 Ubuntu 16.04 LTS Felix Dörre discovered that coTURN response buffer is not initialized properly. An attacker could possibly use this issue to obtain sensitive information. (CVE-2020-4067) It was discovered that coTURN web server incorrectly handled HTTP POST requests. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information or other unspecified impact. (CVE-2020-6061, CVE-2020-6062) Update Instructions: Run `sudo pro fix USN-4415-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: coturn - 4.5.0.3-1ubuntu0.3 No subscription required Medium CVE-2020-4067 CVE-2020-6061 CVE-2020-6062 Ubuntu 16.04 LTS Florian Weimer discovered that the GNU C Library incorrectly handled certain memory operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-12133) It was discovered that the GNU C Library incorrectly handled certain SSE2-optimized memmove operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-18269) It was discovered that the GNU C Library incorrectly handled certain pathname operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-11236) It was discovered that the GNU C Library incorrectly handled certain AVX-512-optimized mempcpy operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-11237) It was discovered that the GNU C Library incorrectly handled certain hostname loookups. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-19591) Jakub Wilk discovered that the GNU C Library incorrectly handled certain memalign functions. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-6485) It was discovered that the GNU C Library incorrectly ignored the LD_PREFER_MAP_32BIT_EXEC environment variable after security transitions. A local attacker could use this issue to bypass ASLR restrictions. (CVE-2019-19126) It was discovered that the GNU C Library incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause the GNU C Library to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9169) It was discovered that the GNU C Library incorrectly handled certain bit patterns. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-10029) It was discovered that the GNU C Library incorrectly handled certain signal trampolines on PowerPC. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-1751) It was discovered that the GNU C Library incorrectly handled tilde expansion. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-1752) Update Instructions: Run `sudo pro fix USN-4416-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc6-i386 - 2.23-0ubuntu11.2 libc6-ppc64 - 2.23-0ubuntu11.2 libc6-dev-s390 - 2.23-0ubuntu11.2 glibc-source - 2.23-0ubuntu11.2 libc-bin - 2.23-0ubuntu11.2 libc6-x32 - 2.23-0ubuntu11.2 libc6-s390 - 2.23-0ubuntu11.2 libc6-armel - 2.23-0ubuntu11.2 libc6-pic - 2.23-0ubuntu11.2 libc6-dev-ppc64 - 2.23-0ubuntu11.2 libc6-dev-armel - 2.23-0ubuntu11.2 glibc-doc - 2.23-0ubuntu11.2 multiarch-support - 2.23-0ubuntu11.2 libc6-dev - 2.23-0ubuntu11.2 libc6-amd64 - 2.23-0ubuntu11.2 libc6-dev-amd64 - 2.23-0ubuntu11.2 libc6 - 2.23-0ubuntu11.2 locales-all - 2.23-0ubuntu11.2 libc6-dev-x32 - 2.23-0ubuntu11.2 locales - 2.23-0ubuntu11.2 libc6-udeb - 2.23-0ubuntu11.2 libc6-dev-i386 - 2.23-0ubuntu11.2 libc-dev-bin - 2.23-0ubuntu11.2 nscd - 2.23-0ubuntu11.2 No subscription required Medium CVE-2017-12133 CVE-2017-18269 CVE-2018-11236 CVE-2018-11237 CVE-2018-19591 CVE-2018-6485 CVE-2019-19126 CVE-2019-9169 CVE-2020-10029 CVE-2020-1751 CVE-2020-1752 Ubuntu 16.04 LTS Cesar Pereida, Billy Bob Brumley, Yuval Yarom, and Nicola Tuveri discovered that NSS incorrectly handled RSA key generation. A local attacker could possibly use this issue to perform a timing attack and recover RSA keys. Update Instructions: Run `sudo pro fix USN-4417-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.28.4-0ubuntu0.16.04.12 libnss3-dev - 2:3.28.4-0ubuntu0.16.04.12 libnss3 - 2:3.28.4-0ubuntu0.16.04.12 libnss3-1d - 2:3.28.4-0ubuntu0.16.04.12 libnss3-tools - 2:3.28.4-0ubuntu0.16.04.12 No subscription required Medium CVE-2020-12402 Ubuntu 16.04 LTS It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4418-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libopenexr-dev - 2.2.0-10ubuntu2.3 openexr - 2.2.0-10ubuntu2.3 libopenexr22 - 2.2.0-10ubuntu2.3 openexr-doc - 2.2.0-10ubuntu2.3 No subscription required Medium CVE-2020-15305 CVE-2020-15306 Ubuntu 16.04 LTS It was discovered that a race condition existed in the Precision Time Protocol (PTP) implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-10690) Matthew Sheets discovered that the SELinux network label handling implementation in the Linux kernel could be coerced into de-referencing a NULL pointer. A remote attacker could use this to cause a denial of service (system crash). (CVE-2020-10711) It was discovered that the SCSI generic (sg) driver in the Linux kernel did not properly handle certain error conditions correctly. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2020-12770) It was discovered that the USB Gadget device driver in the Linux kernel did not validate arguments passed from configfs in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2020-13143) Shijie Luo discovered that the ext4 file system implementation in the Linux kernel did not properly check for a too-large journal size. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (soft lockup). (CVE-2020-8992) Update Instructions: Run `sudo pro fix USN-4419-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1076-kvm - 4.4.0-1076.83 No subscription required linux-image-4.4.0-1110-aws - 4.4.0-1110.121 No subscription required linux-image-4.4.0-1135-raspi2 - 4.4.0-1135.144 No subscription required linux-image-4.4.0-1139-snapdragon - 4.4.0-1139.147 No subscription required linux-image-4.4.0-185-generic-lpae - 4.4.0-185.215 linux-image-4.4.0-185-powerpc64-emb - 4.4.0-185.215 linux-image-4.4.0-185-powerpc64-smp - 4.4.0-185.215 linux-image-4.4.0-185-generic - 4.4.0-185.215 linux-image-4.4.0-185-lowlatency - 4.4.0-185.215 linux-image-4.4.0-185-powerpc-smp - 4.4.0-185.215 linux-image-4.4.0-185-powerpc-e500mc - 4.4.0-185.215 No subscription required linux-image-kvm - 4.4.0.1076.74 No subscription required linux-image-aws - 4.4.0.1110.114 No subscription required linux-image-raspi2 - 4.4.0.1135.135 No subscription required linux-image-snapdragon - 4.4.0.1139.131 No subscription required linux-image-generic-lts-wily - 4.4.0.185.191 linux-image-powerpc64-emb-lts-vivid - 4.4.0.185.191 linux-image-powerpc-e500mc - 4.4.0.185.191 linux-image-generic-lpae-lts-xenial - 4.4.0.185.191 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.185.191 linux-image-generic-lpae-lts-utopic - 4.4.0.185.191 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.185.191 linux-image-powerpc64-smp-lts-utopic - 4.4.0.185.191 linux-image-powerpc-e500mc-lts-wily - 4.4.0.185.191 linux-image-generic-lts-vivid - 4.4.0.185.191 linux-image-generic-lpae-lts-wily - 4.4.0.185.191 linux-image-virtual-lts-vivid - 4.4.0.185.191 linux-image-lowlatency-lts-utopic - 4.4.0.185.191 linux-image-virtual-lts-utopic - 4.4.0.185.191 linux-image-virtual - 4.4.0.185.191 linux-image-powerpc64-emb-lts-wily - 4.4.0.185.191 linux-image-lowlatency-lts-vivid - 4.4.0.185.191 linux-image-generic-lts-utopic - 4.4.0.185.191 linux-image-powerpc64-emb - 4.4.0.185.191 linux-image-powerpc-smp-lts-xenial - 4.4.0.185.191 linux-image-powerpc64-smp-lts-vivid - 4.4.0.185.191 linux-image-lowlatency-lts-wily - 4.4.0.185.191 linux-image-virtual-lts-wily - 4.4.0.185.191 linux-image-generic - 4.4.0.185.191 linux-image-lowlatency-lts-xenial - 4.4.0.185.191 linux-image-powerpc64-smp-lts-xenial - 4.4.0.185.191 linux-image-powerpc64-emb-lts-utopic - 4.4.0.185.191 linux-image-generic-lts-xenial - 4.4.0.185.191 linux-image-powerpc-smp - 4.4.0.185.191 linux-image-generic-lpae-lts-vivid - 4.4.0.185.191 linux-image-generic-lpae - 4.4.0.185.191 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.185.191 linux-image-powerpc64-smp-lts-wily - 4.4.0.185.191 linux-image-powerpc64-emb-lts-xenial - 4.4.0.185.191 linux-image-powerpc-smp-lts-wily - 4.4.0.185.191 linux-image-powerpc64-smp - 4.4.0.185.191 linux-image-powerpc-smp-lts-vivid - 4.4.0.185.191 linux-image-lowlatency - 4.4.0.185.191 linux-image-virtual-lts-xenial - 4.4.0.185.191 linux-image-powerpc-smp-lts-utopic - 4.4.0.185.191 No subscription required Medium CVE-2020-10690 CVE-2020-10711 CVE-2020-12770 CVE-2020-13143 CVE-2020-8992 Ubuntu 16.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbtirary code. (CVE-2020-12405, CVE-2020-12406, CVE-2020-12410, CVE-2020-12417, CVE-2020-12418, CVE-2020-12419, CVE-2020-12420) It was discovered that Thunderbird would continue an unencrypted connection when configured to use STARTTLS for IMAP if the server responded with PREAUTH. A remote attacker could potentially exploit this to perform a person-in-the-middle attack in order to obtain sensitive information. (CVE-2020-12398) It was discovered that NSS showed timing differences when performing DSA signatures. An attacker could potentially exploit this to obtain private keys using a timing attack. (CVE-2020-12399) It was discovered that when performing add-on updates, certificate chains not terminating with built-in roots were silently rejected. This could result in add-ons becoming outdated. (CVE-2020-12421) Update Instructions: Run `sudo pro fix USN-4421-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: thunderbird-locale-es-ar - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-br - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-bn - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-be - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-bg - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ja - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sl - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sk - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-si - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-gnome-support - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sv - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sr - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sq - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hsb - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-cy - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-cs - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-en - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ca - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pt-br - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pa - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ka - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ko - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-kk - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-kab - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pl - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-tw - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pt - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nn-no - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nb-no - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-bn-bd - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-lt - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-en-gb - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-uz - 1:68.10.0+build1-0ubuntu0.16.04.1 xul-ext-calendar-timezones - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-de - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-da - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-uk - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-dev - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-el - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-en-us - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-rm - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ms - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ro - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-eu - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-et - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-hant - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-hans - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ru - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-es - 1:68.10.0+build1-0ubuntu0.16.04.1 xul-ext-gdata-provider - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fr - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-es-es - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ta-lk - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fy - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fi - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ast - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nl - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nn - 1:68.10.0+build1-0ubuntu0.16.04.1 xul-ext-lightning - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ga-ie - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-fy-nl - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-nb - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-mozsymbols - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-zh-cn - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-gl - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ga - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-tr - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-gd - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ta - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-dsb - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-vi - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hy - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-sv-se - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hr - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-hu - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pa-in - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-he - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-ar - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-af - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-pt-pt - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-cak - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-is - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-it - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-mk - 1:68.10.0+build1-0ubuntu0.16.04.1 thunderbird-locale-id - 1:68.10.0+build1-0ubuntu0.16.04.1 No subscription required Medium CVE-2020-12398 CVE-2020-12399 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 Ubuntu 16.04 LTS It was discovered that X-Frame-Options could be bypassed in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct clickjacking attacks. Update Instructions: Run `sudo pro fix USN-4423-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-nn - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-ne - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-nb - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-fa - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-fi - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-fr - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-fy - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-or - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-kab - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-oc - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-cs - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-ga - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-gd - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-gn - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-gl - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-gu - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-pa - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-pl - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-cy - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-pt - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-hi - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-uk - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-he - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-hy - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-hr - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-hu - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-as - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-ar - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-ia - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-az - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-id - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-mai - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-af - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-is - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-it - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-an - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-bs - 78.0.2+build2-0ubuntu0.16.04.1 firefox - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-ro - 78.0.2+build2-0ubuntu0.16.04.1 firefox-geckodriver - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-ja - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-ru - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-br - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-zh-hant - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-zh-hans - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-bn - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-be - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-bg - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-sl - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-sk - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-si - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-sw - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-sv - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-sr - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-sq - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-ko - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-kn - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-km - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-kk - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-ka - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-xh - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-ca - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-ku - 78.0.2+build2-0ubuntu0.16.04.1 firefox-mozsymbols - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-lv - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-lt - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-th - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-hsb - 78.0.2+build2-0ubuntu0.16.04.1 firefox-dev - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-te - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-cak - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-ta - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-lg - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-tr - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-nso - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-de - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-da - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-ms - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-mr - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-my - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-uz - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-ml - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-mn - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-mk - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-ur - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-vi - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-eu - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-et - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-es - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-csb - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-el - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-eo - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-en - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-zu - 78.0.2+build2-0ubuntu0.16.04.1 firefox-locale-ast - 78.0.2+build2-0ubuntu0.16.04.1 No subscription required None https://launchpad.net/bugs/1887576 Ubuntu 16.04 LTS It was discovered that cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices ran on every boot without restrictions. A physical attacker could exploit this to craft cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intended security mechanisms such as full disk encryption. This issue did not affect traditional Ubuntu systems. (CVE-2020-11933) It was discovered that snapctl user-open allowed altering the XDG_DATA_DIRS environment variable when calling the system xdg-open. A malicious snap could exploit this to bypass intended access restrictions to control how the host system xdg-open script opens the URL. This issue did not affect Ubuntu Core systems. (CVE-2020-11934) Update Instructions: Run `sudo pro fix USN-4424-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ubuntu-core-snapd-units - 2.45.1ubuntu0.2 ubuntu-core-launcher - 2.45.1ubuntu0.2 snap-confine - 2.45.1ubuntu0.2 ubuntu-snappy-cli - 2.45.1ubuntu0.2 golang-github-snapcore-snapd-dev - 2.45.1ubuntu0.2 snapd-xdg-open - 2.45.1ubuntu0.2 snapd - 2.45.1ubuntu0.2 golang-github-ubuntu-core-snappy-dev - 2.45.1ubuntu0.2 ubuntu-snappy - 2.45.1ubuntu0.2 No subscription required Medium CVE-2020-11933 CVE-2020-11934 Ubuntu 16.04 LTS Jason A. Donenfeld discovered that the ACPI implementation in the Linux kernel did not properly restrict loading SSDT code from an EFI variable. A privileged attacker could use this to bypass Secure Boot lockdown restrictions and execute arbitrary code in the kernel. (CVE-2019-20908) Fan Yang discovered that the mremap implementation in the Linux kernel did not properly handle DAX Huge Pages. A local attacker with access to DAX storage could use this to gain administrative privileges. (CVE-2020-10757) Mauricio Faria de Oliveira discovered that the aufs implementation in the Linux kernel improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service. (CVE-2020-11935) Jason A. Donenfeld discovered that the ACPI implementation in the Linux kernel did not properly restrict loading ACPI tables via configfs. A privileged attacker could use this to bypass Secure Boot lockdown restrictions and execute arbitrary code in the kernel. (CVE-2020-15780) Update Instructions: Run `sudo pro fix USN-4426-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1050-oracle - 4.15.0-1050.54~16.04.1 No subscription required linux-image-4.15.0-1079-aws - 4.15.0-1079.83~16.04.1 No subscription required linux-image-4.15.0-1080-gcp - 4.15.0-1080.90~16.04.1 No subscription required linux-image-4.15.0-1092-azure - 4.15.0-1092.102~16.04.1 No subscription required linux-image-4.15.0-112-generic - 4.15.0-112.113~16.04.1 linux-image-4.15.0-112-generic-lpae - 4.15.0-112.113~16.04.1 linux-image-4.15.0-112-lowlatency - 4.15.0-112.113~16.04.1 No subscription required linux-image-oracle - 4.15.0.1050.41 No subscription required linux-image-aws-hwe - 4.15.0.1079.76 No subscription required linux-image-gke - 4.15.0.1080.82 linux-image-gcp - 4.15.0.1080.82 No subscription required linux-image-azure-edge - 4.15.0.1092.87 linux-image-azure - 4.15.0.1092.87 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.112.114 linux-image-generic-hwe-16.04 - 4.15.0.112.114 linux-image-generic-hwe-16.04-edge - 4.15.0.112.114 linux-image-generic-lpae-hwe-16.04 - 4.15.0.112.114 linux-image-virtual-hwe-16.04 - 4.15.0.112.114 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.112.114 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.112.114 linux-image-oem - 4.15.0.112.114 linux-image-lowlatency-hwe-16.04 - 4.15.0.112.114 No subscription required Medium CVE-2019-20908 CVE-2020-10757 CVE-2020-11935 CVE-2020-15780 Ubuntu 16.04 LTS It was discovered that the Kvaser CAN/USB driver in the Linux kernel did not properly initialize memory in certain situations. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-19947) Chuhong Yuan discovered that go7007 USB audio device driver in the Linux kernel did not properly deallocate memory in some failure conditions. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-20810) Jason A. Donenfeld discovered that the ACPI implementation in the Linux kernel did not properly restrict loading SSDT code from an EFI variable. A privileged attacker could use this to bypass Secure Boot lockdown restrictions and execute arbitrary code in the kernel. (CVE-2019-20908) It was discovered that the elf handling code in the Linux kernel did not initialize memory before using it in certain situations. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2020-10732) It was discovered that the Linux kernel did not correctly apply Speculative Store Bypass Disable (SSBD) mitigations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10766) It was discovered that the Linux kernel did not correctly apply Indirect Branch Predictor Barrier (IBPB) mitigations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10767) It was discovered that the Linux kernel could incorrectly enable Indirect Branch Speculation after it has been disabled for a process via a prctl() call. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10768) Mauricio Faria de Oliveira discovered that the aufs implementation in the Linux kernel improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service. (CVE-2020-11935) It was discovered that the Virtual Terminal keyboard driver in the Linux kernel contained an integer overflow. A local attacker could possibly use this to have an unspecified impact. (CVE-2020-13974) It was discovered that the efi subsystem in the Linux kernel did not handle memory allocation failures during early boot in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12380) Update Instructions: Run `sudo pro fix USN-4427-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1077-kvm - 4.4.0-1077.84 No subscription required linux-image-4.4.0-1111-aws - 4.4.0-1111.123 No subscription required linux-image-4.4.0-1136-raspi2 - 4.4.0-1136.145 No subscription required linux-image-4.4.0-1140-snapdragon - 4.4.0-1140.148 No subscription required linux-image-4.4.0-186-powerpc64-emb - 4.4.0-186.216 linux-image-4.4.0-186-powerpc-smp - 4.4.0-186.216 linux-image-4.4.0-186-powerpc64-smp - 4.4.0-186.216 linux-image-4.4.0-186-generic - 4.4.0-186.216 linux-image-4.4.0-186-generic-lpae - 4.4.0-186.216 linux-image-4.4.0-186-lowlatency - 4.4.0-186.216 linux-image-4.4.0-186-powerpc-e500mc - 4.4.0-186.216 No subscription required linux-image-kvm - 4.4.0.1077.75 No subscription required linux-image-aws - 4.4.0.1111.116 No subscription required linux-image-raspi2 - 4.4.0.1136.136 No subscription required linux-image-snapdragon - 4.4.0.1140.132 No subscription required linux-image-generic-lts-wily - 4.4.0.186.192 linux-image-generic-lpae-lts-xenial - 4.4.0.186.192 linux-image-generic-lpae-lts-utopic - 4.4.0.186.192 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.186.192 linux-image-generic-lts-utopic - 4.4.0.186.192 linux-image-powerpc-e500mc-lts-wily - 4.4.0.186.192 linux-image-generic-lts-vivid - 4.4.0.186.192 linux-image-generic-lpae-lts-wily - 4.4.0.186.192 linux-image-virtual-lts-vivid - 4.4.0.186.192 linux-image-virtual-lts-utopic - 4.4.0.186.192 linux-image-virtual - 4.4.0.186.192 linux-image-powerpc64-emb-lts-wily - 4.4.0.186.192 linux-image-lowlatency-lts-vivid - 4.4.0.186.192 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.186.192 linux-image-powerpc64-emb - 4.4.0.186.192 linux-image-powerpc-smp-lts-xenial - 4.4.0.186.192 linux-image-powerpc-e500mc - 4.4.0.186.192 linux-image-powerpc64-smp-lts-vivid - 4.4.0.186.192 linux-image-lowlatency-lts-wily - 4.4.0.186.192 linux-image-generic - 4.4.0.186.192 linux-image-powerpc64-smp-lts-utopic - 4.4.0.186.192 linux-image-lowlatency-lts-xenial - 4.4.0.186.192 linux-image-powerpc64-smp-lts-xenial - 4.4.0.186.192 linux-image-powerpc64-emb-lts-utopic - 4.4.0.186.192 linux-image-generic-lts-xenial - 4.4.0.186.192 linux-image-virtual-lts-wily - 4.4.0.186.192 linux-image-powerpc-smp - 4.4.0.186.192 linux-image-powerpc64-emb-lts-vivid - 4.4.0.186.192 linux-image-generic-lpae-lts-vivid - 4.4.0.186.192 linux-image-generic-lpae - 4.4.0.186.192 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.186.192 linux-image-powerpc64-smp-lts-wily - 4.4.0.186.192 linux-image-powerpc64-emb-lts-xenial - 4.4.0.186.192 linux-image-powerpc-smp-lts-wily - 4.4.0.186.192 linux-image-powerpc64-smp - 4.4.0.186.192 linux-image-lowlatency-lts-utopic - 4.4.0.186.192 linux-image-powerpc-smp-lts-vivid - 4.4.0.186.192 linux-image-lowlatency - 4.4.0.186.192 linux-image-virtual-lts-xenial - 4.4.0.186.192 linux-image-powerpc-smp-lts-utopic - 4.4.0.186.192 No subscription required Medium CVE-2019-12380 CVE-2019-19947 CVE-2019-20810 CVE-2019-20908 CVE-2020-10732 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-11935 CVE-2020-13974 Ubuntu 16.04 LTS It was discovered that Python documentation had a misleading information. A security issue could be possibly caused by wrong assumptions of this information. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-17514) It was discovered that Python incorrectly handled certain TAR archives. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-20907) It was discovered that incorrectly handled certain ZIP files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9674) It was discovered that Python incorrectly handled certain IP values. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-14422) Update Instructions: Run `sudo pro fix USN-4428-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python2.7-dev - 2.7.12-1ubuntu0~16.04.12 python2.7-doc - 2.7.12-1ubuntu0~16.04.12 libpython2.7-stdlib - 2.7.12-1ubuntu0~16.04.12 libpython2.7-minimal - 2.7.12-1ubuntu0~16.04.12 libpython2.7 - 2.7.12-1ubuntu0~16.04.12 libpython2.7-testsuite - 2.7.12-1ubuntu0~16.04.12 python2.7 - 2.7.12-1ubuntu0~16.04.12 idle-python2.7 - 2.7.12-1ubuntu0~16.04.12 python2.7-examples - 2.7.12-1ubuntu0~16.04.12 libpython2.7-dev - 2.7.12-1ubuntu0~16.04.12 python2.7-minimal - 2.7.12-1ubuntu0~16.04.12 No subscription required libpython3.5-stdlib - 3.5.2-2ubuntu0~16.04.11 python3.5-venv - 3.5.2-2ubuntu0~16.04.11 python3.5-doc - 3.5.2-2ubuntu0~16.04.11 python3.5-dev - 3.5.2-2ubuntu0~16.04.11 libpython3.5-dev - 3.5.2-2ubuntu0~16.04.11 libpython3.5-minimal - 3.5.2-2ubuntu0~16.04.11 python3.5 - 3.5.2-2ubuntu0~16.04.11 idle-python3.5 - 3.5.2-2ubuntu0~16.04.11 libpython3.5-testsuite - 3.5.2-2ubuntu0~16.04.11 python3.5-examples - 3.5.2-2ubuntu0~16.04.11 python3.5-minimal - 3.5.2-2ubuntu0~16.04.11 libpython3.5 - 3.5.2-2ubuntu0~16.04.11 No subscription required Medium CVE-2019-17514 CVE-2019-20907 CVE-2019-9674 CVE-2020-14422 Ubuntu 16.04 LTS It was discovered that Evolution Data Server incorrectly handled STARTTLS when using SMTP and POP3. A remote attacker could possibly use this issue to perform a response injection attack. Update Instructions: Run `sudo pro fix USN-4429-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libecal1.2-dev - 3.18.5-1ubuntu1.3 libedataserver-1.2-21 - 3.18.5-1ubuntu1.3 libebackend-1.2-10 - 3.18.5-1ubuntu1.3 libebook1.2-dev - 3.18.5-1ubuntu1.3 libedata-cal1.2-dev - 3.18.5-1ubuntu1.3 libcamel-1.2-54 - 3.18.5-1ubuntu1.3 libebook-contacts-1.2-2 - 3.18.5-1ubuntu1.3 libedata-book1.2-dev - 3.18.5-1ubuntu1.3 libecal-1.2-19 - 3.18.5-1ubuntu1.3 evolution-data-server-online-accounts - 3.18.5-1ubuntu1.3 libebackend1.2-dev - 3.18.5-1ubuntu1.3 libcamel1.2-dev - 3.18.5-1ubuntu1.3 libedataserverui-1.2-1 - 3.18.5-1ubuntu1.3 gir1.2-edataserver-1.2 - 3.18.5-1ubuntu1.3 libedataserver1.2-dev - 3.18.5-1ubuntu1.3 libebook-contacts1.2-dev - 3.18.5-1ubuntu1.3 gir1.2-ebookcontacts-1.2 - 3.18.5-1ubuntu1.3 libedata-book-1.2-25 - 3.18.5-1ubuntu1.3 evolution-data-server - 3.18.5-1ubuntu1.3 evolution-data-server-common - 3.18.5-1ubuntu1.3 libedataserverui1.2-dev - 3.18.5-1ubuntu1.3 evolution-data-server-doc - 3.18.5-1ubuntu1.3 libebook-1.2-16 - 3.18.5-1ubuntu1.3 evolution-data-server-dev - 3.18.5-1ubuntu1.3 gir1.2-ebook-1.2 - 3.18.5-1ubuntu1.3 libedata-cal-1.2-28 - 3.18.5-1ubuntu1.3 No subscription required Medium CVE-2020-14928 Ubuntu 16.04 LTS It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted image file, a remote attacker could possibly cause Pillow to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4430-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-pil.imagetk - 3.1.2-0ubuntu1.4 python-pil-doc - 3.1.2-0ubuntu1.4 python3-pil - 3.1.2-0ubuntu1.4 python-pil.imagetk - 3.1.2-0ubuntu1.4 python-imaging - 3.1.2-0ubuntu1.4 python-pil - 3.1.2-0ubuntu1.4 No subscription required Low CVE-2020-10177 CVE-2020-10378 CVE-2020-10994 CVE-2020-11538 Ubuntu 16.04 LTS It was discovered that FFmpeg incorrectly verified empty audio packets or HEVC data. An attacker could possibly use this issue to cause a denial of service via a crafted file. This issue only affected Ubuntu 16.04 LTS, as it was already fixed in Ubuntu 18.04 LTS. For more information see: https://usn.ubuntu.com/usn/usn-3967-1 (CVE-2018-15822, CVE-2019-11338) It was discovered that FFmpeg incorrectly handled sscanf failures. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-12730) It was discovered that FFmpeg incorrectly handled certain WEBM files. An attacker could possibly use this issue to obtain sensitive data or other unspecified impact. This issue only affected Ubuntu 20.04 LTS. (CVE-2019-13312) It was discovered that FFmpeg incorrectly handled certain AVI files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-13390) It was discovered that FFmpeg incorrectly handled certain input. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-17539) It was discovered that FFmpeg incorrectly handled certain input during decoding of VQA files. An attacker could possibly use this issue to obtain sensitive information or other unspecified impact. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-17542) It was discovered that FFmpeg incorrectly handled certain JPEG files. An attacker could possibly use this issue to obtain sensitive information or other unspecified impact. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-12284) It was discovered that FFmpeg incorrectly handled certain M3U8 files. An attacker could possibly use this issue to obtain sensitive information or other unspecified impact. (CVE-2020-13904) Update Instructions: Run `sudo pro fix USN-4431-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libavresample-dev - 7:2.8.17-0ubuntu0.1 libswresample-ffmpeg1 - 7:2.8.17-0ubuntu0.1 libavresample-ffmpeg2 - 7:2.8.17-0ubuntu0.1 libavcodec-extra - 7:2.8.17-0ubuntu0.1 libswscale-ffmpeg3 - 7:2.8.17-0ubuntu0.1 libavcodec-dev - 7:2.8.17-0ubuntu0.1 libavutil-dev - 7:2.8.17-0ubuntu0.1 libavfilter-ffmpeg5 - 7:2.8.17-0ubuntu0.1 libpostproc-ffmpeg53 - 7:2.8.17-0ubuntu0.1 libavcodec-ffmpeg56 - 7:2.8.17-0ubuntu0.1 libswscale-dev - 7:2.8.17-0ubuntu0.1 libavformat-ffmpeg56 - 7:2.8.17-0ubuntu0.1 libswresample-dev - 7:2.8.17-0ubuntu0.1 libavdevice-dev - 7:2.8.17-0ubuntu0.1 libavcodec-ffmpeg-extra56 - 7:2.8.17-0ubuntu0.1 libavfilter-dev - 7:2.8.17-0ubuntu0.1 libpostproc-dev - 7:2.8.17-0ubuntu0.1 libavformat-dev - 7:2.8.17-0ubuntu0.1 ffmpeg - 7:2.8.17-0ubuntu0.1 libavutil-ffmpeg54 - 7:2.8.17-0ubuntu0.1 ffmpeg-doc - 7:2.8.17-0ubuntu0.1 libav-tools - 7:2.8.17-0ubuntu0.1 libavdevice-ffmpeg56 - 7:2.8.17-0ubuntu0.1 No subscription required Medium CVE-2018-15822 CVE-2019-11338 CVE-2019-12730 CVE-2019-13312 CVE-2019-13390 CVE-2019-17539 CVE-2019-17542 CVE-2020-12284 CVE-2020-13904 Ubuntu 16.04 LTS Jesse Michael and Mickey Shkatov discovered that the configuration parser in GRUB2 did not properly exit when errors were discovered, resulting in heap-based buffer overflows. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-10713) Chris Coulson discovered that the GRUB2 function handling code did not properly handle a function being redefined, leading to a use-after-free vulnerability. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-15706) Chris Coulson discovered that multiple integer overflows existed in GRUB2 when handling certain filesystems or font files, leading to heap-based buffer overflows. A local attacker could use these to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-14309, CVE-2020-14310, CVE-2020-14311) It was discovered that the memory allocator for GRUB2 did not validate allocation size, resulting in multiple integer overflows and heap-based buffer overflows when handling certain filesystems, PNG images or disk metadata. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-14308) Mathieu Trudel-Lapierre discovered that in certain situations, GRUB2 failed to validate kernel signatures. A local attacker could use this to bypass Secure Boot restrictions. (CVE-2020-15705) Colin Watson and Chris Coulson discovered that an integer overflow existed in GRUB2 when handling the initrd command, leading to a heap-based buffer overflow. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-15707) Update Instructions: Run `sudo pro fix USN-4432-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: grub-efi-amd64-signed - 1.66.26+2.02~beta2-36ubuntu3.26 grub-efi-arm64-signed - 1.66.26+2.02~beta2-36ubuntu3.26 No subscription required grub-firmware-qemu - 2.02~beta2-36ubuntu3.26 grub-ieee1275 - 2.02~beta2-36ubuntu3.26 grub-efi-amd64 - 2.02~beta2-36ubuntu3.26 grub2-common - 2.02~beta2-36ubuntu3.26 grub-uboot-bin - 2.02~beta2-36ubuntu3.26 grub-common - 2.02~beta2-36ubuntu3.26 grub-efi-amd64-bin - 2.02~beta2-36ubuntu3.26 grub-pc-bin - 2.02~beta2-36ubuntu3.26 grub-theme-starfield - 2.02~beta2-36ubuntu3.26 grub-efi-arm - 2.02~beta2-36ubuntu3.26 grub2 - 2.02~beta2-36ubuntu3.26 grub-xen-host - 2.02~beta2-36ubuntu3.26 grub-efi-arm64-bin - 2.02~beta2-36ubuntu3.26 grub-pc - 2.02~beta2-36ubuntu3.26 grub-emu - 2.02~beta2-36ubuntu3.26 grub-efi-arm-bin - 2.02~beta2-36ubuntu3.26 grub-linuxbios - 2.02~beta2-36ubuntu3.26 grub-xen - 2.02~beta2-36ubuntu3.26 grub-uboot - 2.02~beta2-36ubuntu3.26 grub-efi-ia32 - 2.02~beta2-36ubuntu3.26 grub-coreboot - 2.02~beta2-36ubuntu3.26 grub-efi-ia32-bin - 2.02~beta2-36ubuntu3.26 grub-ieee1275-bin - 2.02~beta2-36ubuntu3.26 grub-xen-bin - 2.02~beta2-36ubuntu3.26 grub-rescue-pc - 2.02~beta2-36ubuntu3.26 grub-mount-udeb - 2.02~beta2-36ubuntu3.26 grub-coreboot-bin - 2.02~beta2-36ubuntu3.26 grub-efi-arm64 - 2.02~beta2-36ubuntu3.26 grub-efi - 2.02~beta2-36ubuntu3.26 No subscription required High CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15705 CVE-2020-15706 CVE-2020-15707 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass Ubuntu 16.04 LTS USN-4432-1 fixed vulnerabilities in GRUB2 affecting Secure Boot environments. Unfortunately, the update introduced regressions for some BIOS systems (either pre-UEFI or UEFI configured in Legacy mode), preventing them from successfully booting. This update addresses the issue. Users with BIOS systems that installed GRUB2 versions from USN-4432-1 should verify that their GRUB2 installation has a correct understanding of their boot device location and installed the boot loader correctly. We apologize for the inconvenience. Original advisory details: Jesse Michael and Mickey Shkatov discovered that the configuration parser in GRUB2 did not properly exit when errors were discovered, resulting in heap-based buffer overflows. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-10713) Chris Coulson discovered that the GRUB2 function handling code did not properly handle a function being redefined, leading to a use-after-free vulnerability. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-15706) Chris Coulson discovered that multiple integer overflows existed in GRUB2 when handling certain filesystems or font files, leading to heap-based buffer overflows. A local attacker could use these to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-14309, CVE-2020-14310, CVE-2020-14311) It was discovered that the memory allocator for GRUB2 did not validate allocation size, resulting in multiple integer overflows and heap-based buffer overflows when handling certain filesystems, PNG images or disk metadata. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-14308) Mathieu Trudel-Lapierre discovered that in certain situations, GRUB2 failed to validate kernel signatures. A local attacker could use this to bypass Secure Boot restrictions. (CVE-2020-15705) Colin Watson and Chris Coulson discovered that an integer overflow existed in GRUB2 when handling the initrd command, leading to a heap-based buffer overflow. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-15707) Update Instructions: Run `sudo pro fix USN-4432-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: grub-efi-amd64-signed - 1.66.27+2.02~beta2-36ubuntu3.27 grub-efi-arm64-signed - 1.66.27+2.02~beta2-36ubuntu3.27 No subscription required grub-firmware-qemu - 2.02~beta2-36ubuntu3.27 grub-ieee1275 - 2.02~beta2-36ubuntu3.27 grub-efi-amd64 - 2.02~beta2-36ubuntu3.27 grub2-common - 2.02~beta2-36ubuntu3.27 grub-uboot-bin - 2.02~beta2-36ubuntu3.27 grub-common - 2.02~beta2-36ubuntu3.27 grub-efi-amd64-bin - 2.02~beta2-36ubuntu3.27 grub-pc-bin - 2.02~beta2-36ubuntu3.27 grub-theme-starfield - 2.02~beta2-36ubuntu3.27 grub-efi-arm - 2.02~beta2-36ubuntu3.27 grub2 - 2.02~beta2-36ubuntu3.27 grub-xen-host - 2.02~beta2-36ubuntu3.27 grub-efi-arm64-bin - 2.02~beta2-36ubuntu3.27 grub-pc - 2.02~beta2-36ubuntu3.27 grub-emu - 2.02~beta2-36ubuntu3.27 grub-efi-arm-bin - 2.02~beta2-36ubuntu3.27 grub-linuxbios - 2.02~beta2-36ubuntu3.27 grub-xen - 2.02~beta2-36ubuntu3.27 grub-uboot - 2.02~beta2-36ubuntu3.27 grub-efi-ia32 - 2.02~beta2-36ubuntu3.27 grub-coreboot - 2.02~beta2-36ubuntu3.27 grub-efi-ia32-bin - 2.02~beta2-36ubuntu3.27 grub-ieee1275-bin - 2.02~beta2-36ubuntu3.27 grub-xen-bin - 2.02~beta2-36ubuntu3.27 grub-rescue-pc - 2.02~beta2-36ubuntu3.27 grub-mount-udeb - 2.02~beta2-36ubuntu3.27 grub-coreboot-bin - 2.02~beta2-36ubuntu3.27 grub-efi-arm64 - 2.02~beta2-36ubuntu3.27 grub-efi - 2.02~beta2-36ubuntu3.27 No subscription required None https://launchpad.net/bugs/1889556 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass Ubuntu 16.04 LTS Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted socket name, leading to a denial of service, or possibly execute arbitrary code. (CVE-2019-20839) It was discovered that LibVNCServer did not properly access byte-aligned data. A remote attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. (CVE-2019-20840) Christian Beier discovered that LibVNCServer incorrectly handled anonymous TLS connections. A remote attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-14396) It was discovered that LibVNCServer incorrectly handled region clipping. A remote attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. (CVE-2020-14397) It was discovered that LibVNCServer did not properly reset incorrectly terminated TCP connections. A remote attacker could possibly use this issue to cause an infinite loop, resulting in a denial of service. (CVE-2020-14398) It was discovered that LibVNCServer did not properly access byte-aligned data. A remote attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. (CVE-2020-14399, CVE-2020-14400) It was discovered that LibVNCServer incorrectly handled screen scaling on the server side. A remote attacker could use this issue to cause LibVNCServer to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-14401) It was discovered that LibVNCServer incorrectly handled encodings. A remote attacker could use this issue to cause LibVNCServer to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-14402, CVE-2020-14403, CVE-2020-14404) It was discovered that LibVNCServer incorrectly handled TextChat messages. A remote attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. (CVE-2020-14405) Update Instructions: Run `sudo pro fix USN-4434-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvncserver-config - 0.9.10+dfsg-3ubuntu0.16.04.5 libvncserver-dev - 0.9.10+dfsg-3ubuntu0.16.04.5 libvncserver1 - 0.9.10+dfsg-3ubuntu0.16.04.5 libvncclient1 - 0.9.10+dfsg-3ubuntu0.16.04.5 No subscription required Medium CVE-2019-20839 CVE-2019-20840 CVE-2020-14396 CVE-2020-14397 CVE-2020-14398 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402 CVE-2020-14403 CVE-2020-14404 CVE-2020-14405 Ubuntu 16.04 LTS It was discovered that ClamAV incorrectly handled parsing ARJ archives. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2020-3327) It was discovered that ClamAV incorrectly handled scanning malicious files. A local attacker could possibly use this issue to delete arbitrary files. (CVE-2020-3350) It was discovered that ClamAV incorrectly handled parsing EGG archives. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2020-3481) Update Instructions: Run `sudo pro fix USN-4435-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.102.4+dfsg-0ubuntu0.16.04.1 clamav-testfiles - 0.102.4+dfsg-0ubuntu0.16.04.1 clamav-base - 0.102.4+dfsg-0ubuntu0.16.04.1 clamav - 0.102.4+dfsg-0ubuntu0.16.04.1 clamav-daemon - 0.102.4+dfsg-0ubuntu0.16.04.1 clamav-milter - 0.102.4+dfsg-0ubuntu0.16.04.1 clamav-docs - 0.102.4+dfsg-0ubuntu0.16.04.1 clamav-freshclam - 0.102.4+dfsg-0ubuntu0.16.04.1 libclamav9 - 0.102.4+dfsg-0ubuntu0.16.04.1 clamdscan - 0.102.4+dfsg-0ubuntu0.16.04.1 No subscription required Medium CVE-2020-3327 CVE-2020-3350 CVE-2020-3481 Ubuntu 16.04 LTS It was discovered that librsvg incorrectly handled parsing certain SVG files. A remote attacker could possibly use this issue to cause librsvg to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-11464) It was discovered that librsvg incorrectly handled parsing certain SVG files with nested patterns. A remote attacker could possibly use this issue to cause librsvg to consume resources and crash, resulting in a denial of service. (CVE-2019-20446) Update Instructions: Run `sudo pro fix USN-4436-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: librsvg2-common - 2.40.13-3ubuntu0.1 gir1.2-rsvg-2.0 - 2.40.13-3ubuntu0.1 librsvg2-doc - 2.40.13-3ubuntu0.1 librsvg2-bin - 2.40.13-3ubuntu0.1 librsvg2-2 - 2.40.13-3ubuntu0.1 librsvg2-dev - 2.40.13-3ubuntu0.1 No subscription required Low CVE-2017-11464 CVE-2019-20446 Ubuntu 16.04 LTS USN-4436-1 fixed a vulnerability in librsvg. The upstream fix caused a regression when parsing certain SVG files. This update backs out the fix pending further investigation. Original advisory details: It was discovered that librsvg incorrectly handled parsing certain SVG files. A remote attacker could possibly use this issue to cause librsvg to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-11464) It was discovered that librsvg incorrectly handled parsing certain SVG files with nested patterns. A remote attacker could possibly use this issue to cause librsvg to consume resources and crash, resulting in a denial of service. (CVE-2019-20446) Update Instructions: Run `sudo pro fix USN-4436-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: librsvg2-common - 2.40.13-3ubuntu0.2 gir1.2-rsvg-2.0 - 2.40.13-3ubuntu0.2 librsvg2-doc - 2.40.13-3ubuntu0.2 librsvg2-bin - 2.40.13-3ubuntu0.2 librsvg2-2 - 2.40.13-3ubuntu0.2 librsvg2-dev - 2.40.13-3ubuntu0.2 No subscription required None https://launchpad.net/bugs/1889206 Ubuntu 16.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.21 in Ubuntu 20.04 LTS. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.31. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-31.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-21.html https://www.oracle.com/security-alerts/cpujul2020.html Update Instructions: Run `sudo pro fix USN-4441-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.31-0ubuntu0.16.04.1 mysql-source-5.7 - 5.7.31-0ubuntu0.16.04.1 libmysqlclient-dev - 5.7.31-0ubuntu0.16.04.1 mysql-client-core-5.7 - 5.7.31-0ubuntu0.16.04.1 mysql-client-5.7 - 5.7.31-0ubuntu0.16.04.1 libmysqlclient20 - 5.7.31-0ubuntu0.16.04.1 mysql-server-5.7 - 5.7.31-0ubuntu0.16.04.1 mysql-common - 5.7.31-0ubuntu0.16.04.1 mysql-server - 5.7.31-0ubuntu0.16.04.1 mysql-server-core-5.7 - 5.7.31-0ubuntu0.16.04.1 mysql-testsuite - 5.7.31-0ubuntu0.16.04.1 libmysqld-dev - 5.7.31-0ubuntu0.16.04.1 mysql-testsuite-5.7 - 5.7.31-0ubuntu0.16.04.1 No subscription required Medium CVE-2020-14539 CVE-2020-14540 CVE-2020-14547 CVE-2020-14550 CVE-2020-14553 CVE-2020-14559 CVE-2020-14568 CVE-2020-14575 CVE-2020-14576 CVE-2020-14586 CVE-2020-14591 CVE-2020-14597 CVE-2020-14619 CVE-2020-14620 CVE-2020-14623 CVE-2020-14624 CVE-2020-14631 CVE-2020-14632 CVE-2020-14633 CVE-2020-14634 CVE-2020-14641 CVE-2020-14643 CVE-2020-14651 CVE-2020-14654 CVE-2020-14656 CVE-2020-14663 CVE-2020-14678 CVE-2020-14680 CVE-2020-14697 CVE-2020-14702 Ubuntu 16.04 LTS USN-4442-1 fixed vulnerabilities in Sympa. This update provides the corresponding updates for Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. Original advisory details: Nicolas Chatelain discovered that Sympa incorrectly handled environment variables. An attacker could possibly use this issue with a setuid binary and gain root privileges. (CVE-2020-10936) Michael Kaczmarczik discovered that Sympa incorrectly handled HTTP GET/POST requests. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-1000550) It was discovered that Sympa incorrectly handled URL parameters. An attacker could possibly use this issue to perform XSS attacks. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-1000671) Update Instructions: Run `sudo pro fix USN-4442-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sympa - 6.1.24~dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2018-1000550 CVE-2018-1000671 CVE-2020-10936 Ubuntu 16.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass iframe sandbox restrictions, confuse the user, or execute arbitrary code. (CVE-2020-6463, CVE-2020-6514, CVE-2020-15652, CVE-2020-15653, CVE-2020-15654, CVE-2020-15656, CVE-2020-15658, CVE-2020-15659) It was discovered that redirected HTTP requests which are observed or modified through a web extension could bypass existing CORS checks. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit this to obtain sensitive information across origins. (CVE-2020-15655) Update Instructions: Run `sudo pro fix USN-4443-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-nn - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-ne - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-nb - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-fa - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-fi - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-fr - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-fy - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-or - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-kab - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-oc - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-cs - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-ga - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-gd - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-gn - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-gl - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-gu - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-pa - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-pl - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-cy - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-pt - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-hi - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-uk - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-he - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-hy - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-hr - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-hu - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-as - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-ar - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-ia - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-az - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-id - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-mai - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-af - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-is - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-it - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-an - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-bs - 79.0+build1-0ubuntu0.16.04.2 firefox - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-ro - 79.0+build1-0ubuntu0.16.04.2 firefox-geckodriver - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-ja - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-ru - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-br - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-zh-hant - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-zh-hans - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-bn - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-be - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-bg - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-sl - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-sk - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-si - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-sw - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-sv - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-sr - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-sq - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-ko - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-kn - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-km - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-kk - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-ka - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-xh - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-ca - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-ku - 79.0+build1-0ubuntu0.16.04.2 firefox-mozsymbols - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-lv - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-lt - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-th - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-hsb - 79.0+build1-0ubuntu0.16.04.2 firefox-dev - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-te - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-cak - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-ta - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-lg - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-tr - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-nso - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-de - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-da - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-ms - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-mr - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-my - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-uz - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-ml - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-mn - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-mk - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-ur - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-vi - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-eu - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-et - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-es - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-csb - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-el - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-eo - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-en - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-zu - 79.0+build1-0ubuntu0.16.04.2 firefox-locale-ast - 79.0+build1-0ubuntu0.16.04.2 No subscription required Medium CVE-2020-15652 CVE-2020-15653 CVE-2020-15654 CVE-2020-15655 CVE-2020-15656 CVE-2020-15658 CVE-2020-15659 CVE-2020-6463 CVE-2020-6514 Ubuntu 16.04 LTS Jeriko One discovered that Squid incorrectly handled caching certain requests. A remote attacker could possibly use this issue to perform cache-injection attacks or gain access to reverse proxy features such as ESI. (CVE-2019-12520) Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks. (CVE-2019-12523) Jeriko One discovered that Squid incorrectly handled URL decoding. A remote attacker could possibly use this issue to bypass certain rule checks. (CVE-2019-12524) Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled input validation. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2019-18676) Update Instructions: Run `sudo pro fix USN-4446-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squid-common - 3.5.12-1ubuntu7.12 squid - 3.5.12-1ubuntu7.12 squid-cgi - 3.5.12-1ubuntu7.12 squid-purge - 3.5.12-1ubuntu7.12 squidclient - 3.5.12-1ubuntu7.12 squid3 - 3.5.12-1ubuntu7.12 No subscription required Medium CVE-2019-12520 CVE-2019-12523 CVE-2019-12524 CVE-2019-18676 Ubuntu 16.04 LTS USN-4446-1 fixed vulnerabilities in Squid. The update introduced a regression when using Squid with the icap or ecap protocols. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jeriko One discovered that Squid incorrectly handled caching certain requests. A remote attacker could possibly use this issue to perform cache-injection attacks or gain access to reverse proxy features such as ESI. (CVE-2019-12520) Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks. (CVE-2019-12523) Jeriko One discovered that Squid incorrectly handled URL decoding. A remote attacker could possibly use this issue to bypass certain rule checks. (CVE-2019-12524) Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled input validation. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2019-18676) Update Instructions: Run `sudo pro fix USN-4446-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squid-common - 3.5.12-1ubuntu7.13 squid - 3.5.12-1ubuntu7.13 squid-cgi - 3.5.12-1ubuntu7.13 squid-purge - 3.5.12-1ubuntu7.13 squidclient - 3.5.12-1ubuntu7.13 squid3 - 3.5.12-1ubuntu7.13 No subscription required None https://launchpad.net/bugs/1890265 Ubuntu 16.04 LTS It was discovered that libssh incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4447-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssh-gcrypt-dev - 0.6.3-4.3ubuntu0.6 libssh-doc - 0.6.3-4.3ubuntu0.6 libssh-gcrypt-4 - 0.6.3-4.3ubuntu0.6 libssh-4 - 0.6.3-4.3ubuntu0.6 libssh-dev - 0.6.3-4.3ubuntu0.6 No subscription required Medium CVE-2020-16135 Ubuntu 16.04 LTS It was discovered that Tomcat incorrectly validated the payload length in a WebSocket frame. A remote attacker could possibly use this issue to cause Tomcat to hang, resulting in a denial of service. (CVE-2020-13935) It was discovered that Tomcat incorrectly handled HTTP header parsing. In certain environments where Tomcat is located behind a reverse proxy, a remote attacker could possibly use this issue to perform HTTP Reqest Smuggling. (CVE-2020-1935) It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2020-9484) Update Instructions: Run `sudo pro fix USN-4448-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tomcat8-docs - 8.0.32-1ubuntu1.13 tomcat8-user - 8.0.32-1ubuntu1.13 libservlet3.1-java - 8.0.32-1ubuntu1.13 libservlet3.1-java-doc - 8.0.32-1ubuntu1.13 tomcat8-examples - 8.0.32-1ubuntu1.13 tomcat8-admin - 8.0.32-1ubuntu1.13 libtomcat8-java - 8.0.32-1ubuntu1.13 tomcat8-common - 8.0.32-1ubuntu1.13 tomcat8 - 8.0.32-1ubuntu1.13 No subscription required Medium CVE-2020-13935 CVE-2020-1935 CVE-2020-9484 Ubuntu 16.04 LTS Ryota Shiga working with Trend Micro´s Zero Day Initiative, discovered that Apport incorrectly dropped privileges when making certain D-Bus calls. A local attacker could use this issue to read arbitrary files. (CVE-2020-11936) Seong-Joong Kim discovered that Apport incorrectly parsed configuration files. A local attacker could use this issue to cause Apport to crash, resulting in a denial of service. (CVE-2020-15701) Ryota Shiga working with Trend Micro´s Zero Day Initiative, discovered that Apport incorrectly implemented certain checks. A local attacker could use this issue to escalate privileges and run arbitrary code. (CVE-2020-15702) Update Instructions: Run `sudo pro fix USN-4449-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.20.1-0ubuntu2.24 python3-problem-report - 2.20.1-0ubuntu2.24 apport-kde - 2.20.1-0ubuntu2.24 apport-retrace - 2.20.1-0ubuntu2.24 apport-valgrind - 2.20.1-0ubuntu2.24 python3-apport - 2.20.1-0ubuntu2.24 dh-apport - 2.20.1-0ubuntu2.24 apport-gtk - 2.20.1-0ubuntu2.24 apport - 2.20.1-0ubuntu2.24 python-problem-report - 2.20.1-0ubuntu2.24 apport-noui - 2.20.1-0ubuntu2.24 No subscription required Medium CVE-2020-11936 CVE-2020-15701 CVE-2020-15702 Ubuntu 16.04 LTS Seong-Joong Kim discovered that Whoopsie incorrectly handled memory. A local attacker could use this issue to cause Whoopsie to consume memory, resulting in a denial of service. (CVE-2020-11937) Seong-Joong Kim discovered that Whoopsie incorrectly handled parsing files. A local attacker could use this issue to cause Whoopsie to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-12135) Seong-Joong Kim discovered that Whoopsie incorrectly handled memory. A local attacker could use this issue to cause Whoopsie to consume memory, resulting in a denial of service. (CVE-2020-15570) Update Instructions: Run `sudo pro fix USN-4450-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: whoopsie - 0.2.52.5ubuntu0.5 libwhoopsie0 - 0.2.52.5ubuntu0.5 libwhoopsie-dev - 0.2.52.5ubuntu0.5 No subscription required Medium CVE-2020-11937 CVE-2020-12135 CVE-2020-15570 Ubuntu 16.04 LTS Thomas Chauchefoin working with Trend Micro´s Zero Day Initiative, discovered that ppp incorrectly handled module loading. A local attacker could use this issue to load arbitrary kernel modules and possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4451-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ppp-udeb - 2.4.7-1+2ubuntu1.16.04.3 ppp - 2.4.7-1+2ubuntu1.16.04.3 ppp-dev - 2.4.7-1+2ubuntu1.16.04.3 No subscription required Medium CVE-2020-15704 Ubuntu 16.04 LTS Johannes Kuhn discovered that OpenJDK 8 incorrectly handled access control contexts. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-14556) Philippe Arteau discovered that OpenJDK 8 incorrectly verified names in TLS server's X.509 certificates. An attacker could possibly use this issue to obtain sensitive information. (CVE-2020-14577) It was discovered that OpenJDK 8 incorrectly handled exceptions in DerInputStream class and in the DerValue.equals() method. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-14578, CVE-2020-14579) It was discovered that OpenJDK 8 incorrectly handled image files. An attacker could possibly use this issue to obtain sensitive information. (CVE-2020-14581) Markus Loewe discovered that OpenJDK 8 incorrectly handled concurrent access in java.nio.Buffer class. An attacker could use this issue to bypass sandbox restrictions. (CVE-2020-14583) It was discovered that OpenJDK 8 incorrectly handled transformation of images. An attacker could possibly use this issue to bypass sandbox restrictions and insert, edit or obtain sensitive information. (CVE-2020-14593) Roman Shemyakin discovered that OpenJDK 8 incorrectly handled XML files. An attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2020-14621) Update Instructions: Run `sudo pro fix USN-4453-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-8-doc - 8u265-b01-0ubuntu2~16.04 openjdk-8-jdk - 8u265-b01-0ubuntu2~16.04 openjdk-8-jre-headless - 8u265-b01-0ubuntu2~16.04 openjdk-8-jre - 8u265-b01-0ubuntu2~16.04 openjdk-8-jdk-headless - 8u265-b01-0ubuntu2~16.04 openjdk-8-source - 8u265-b01-0ubuntu2~16.04 openjdk-8-jre-zero - 8u265-b01-0ubuntu2~16.04 openjdk-8-demo - 8u265-b01-0ubuntu2~16.04 openjdk-8-jre-jamvm - 8u265-b01-0ubuntu2~16.04 No subscription required Medium CVE-2020-14556 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 Ubuntu 16.04 LTS Martin von Wittich and Wilko Meyer discovered that Samba incorrectly handled certain empty UDP packets when being used as a AD DC NBT server. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4454-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: registry-tools - 2:4.3.11+dfsg-0ubuntu0.16.04.29 libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.16.04.29 samba - 2:4.3.11+dfsg-0ubuntu0.16.04.29 libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.29 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.29 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.29 smbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.29 python-samba - 2:4.3.11+dfsg-0ubuntu0.16.04.29 winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.29 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.16.04.29 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.16.04.29 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.16.04.29 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.29 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.29 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.29 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.29 samba-common - 2:4.3.11+dfsg-0ubuntu0.16.04.29 ctdb - 2:4.3.11+dfsg-0ubuntu0.16.04.29 samba-libs - 2:4.3.11+dfsg-0ubuntu0.16.04.29 samba-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.29 No subscription required Medium CVE-2020-14303 Ubuntu 16.04 LTS It was discovered that NSS incorrectly handled certain signatures. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-12400, CVE-2020-12401, CVE-2020-6829) Update Instructions: Run `sudo pro fix USN-4455-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.28.4-0ubuntu0.16.04.13 libnss3-dev - 2:3.28.4-0ubuntu0.16.04.13 libnss3 - 2:3.28.4-0ubuntu0.16.04.13 libnss3-1d - 2:3.28.4-0ubuntu0.16.04.13 libnss3-tools - 2:3.28.4-0ubuntu0.16.04.13 No subscription required Medium CVE-2020-12400 CVE-2020-12401 CVE-2020-6829 Ubuntu 16.04 LTS It was discovered that Dovecot incorrectly handled deeply nested MIME parts. A remote attacker could possibly use this issue to cause Dovecot to consume resources, resulting in a denial of service. (CVE-2020-12100) It was discovered that Dovecot incorrectly handled memory when using NTLM. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service. (CVE-2020-12673) It was discovered that the Dovecot RPA mechanism incorrectly handled zero-length messages. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service. (CVE-2020-12674) Update Instructions: Run `sudo pro fix USN-4456-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dovecot-pgsql - 1:2.2.22-1ubuntu2.13 dovecot-mysql - 1:2.2.22-1ubuntu2.13 dovecot-sieve - 1:2.2.22-1ubuntu2.13 dovecot-core - 1:2.2.22-1ubuntu2.13 dovecot-ldap - 1:2.2.22-1ubuntu2.13 dovecot-sqlite - 1:2.2.22-1ubuntu2.13 dovecot-dev - 1:2.2.22-1ubuntu2.13 dovecot-pop3d - 1:2.2.22-1ubuntu2.13 dovecot-imapd - 1:2.2.22-1ubuntu2.13 dovecot-managesieved - 1:2.2.22-1ubuntu2.13 dovecot-lucene - 1:2.2.22-1ubuntu2.13 mail-stack-delivery - 1:2.2.22-1ubuntu2.13 dovecot-gssapi - 1:2.2.22-1ubuntu2.13 dovecot-solr - 1:2.2.22-1ubuntu2.13 dovecot-lmtpd - 1:2.2.22-1ubuntu2.13 No subscription required Medium CVE-2020-12100 CVE-2020-12673 CVE-2020-12674 Ubuntu 16.04 LTS Jason A. Donenfeld discovered that Software Properties incorrectly filtered certain escape sequences when displaying PPA descriptions. If a user were tricked into adding an arbitrary PPA, a remote attacker could possibly manipulate the screen. Update Instructions: Run `sudo pro fix USN-4457-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-software-properties - 0.96.20.10 software-properties-common - 0.96.20.10 software-properties-kde - 0.96.20.10 python3-software-properties - 0.96.20.10 software-properties-gtk - 0.96.20.10 No subscription required Medium CVE-2020-15709 Ubuntu 16.04 LTS Fabrice Perez discovered that the Apache mod_rewrite module incorrectly handled certain redirects. A remote attacker could possibly use this issue to perform redirects to an unexpected URL. (CVE-2020-1927) Chamal De Silva discovered that the Apache mod_proxy_ftp module incorrectly handled memory when proxying to a malicious FTP server. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2020-1934) Felix Wilhelm discovered that the HTTP/2 implementation in Apache did not properly handle certain Cache-Digest headers. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-9490) Felix Wilhelm discovered that the Apache mod_proxy_uwsgi module incorrectly handled large headers. A remote attacker could use this issue to obtain sensitive information or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-11984) Felix Wilhelm discovered that the HTTP/2 implementation in Apache did not properly handle certain logging statements. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-11993) Update Instructions: Run `sudo pro fix USN-4458-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2-data - 2.4.18-2ubuntu3.17 apache2-utils - 2.4.18-2ubuntu3.17 apache2-dev - 2.4.18-2ubuntu3.17 apache2-suexec-pristine - 2.4.18-2ubuntu3.17 apache2-suexec-custom - 2.4.18-2ubuntu3.17 apache2 - 2.4.18-2ubuntu3.17 apache2-doc - 2.4.18-2ubuntu3.17 apache2-bin - 2.4.18-2ubuntu3.17 No subscription required Medium CVE-2020-11984 CVE-2020-11993 CVE-2020-1927 CVE-2020-1934 CVE-2020-9490 Ubuntu 16.04 LTS It was discovered that Salt allows remote attackers to determine which files exist on the server. An attacker could use that to extract sensitive information. (CVE-2018-15750) It was discovered that Salt has a vulnerability that allows an user to bypass authentication. An attacker could use that to extract sensitive information, execute abritrary code or crash the server. (CVE-2018-15751) It was discovered that Salt is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host. (CVE-2019-17361) It was discovered that Salt incorrectly validated method calls and sanitized paths. A remote attacker could possibly use this issue to access some methods without authentication. (CVE-2020-11651, CVE-2020-11652) Update Instructions: Run `sudo pro fix USN-4459-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: salt-doc - 2015.8.8+ds-1ubuntu0.1 salt-minion - 2015.8.8+ds-1ubuntu0.1 salt-proxy - 2015.8.8+ds-1ubuntu0.1 salt-api - 2015.8.8+ds-1ubuntu0.1 salt-syndic - 2015.8.8+ds-1ubuntu0.1 salt-ssh - 2015.8.8+ds-1ubuntu0.1 salt-common - 2015.8.8+ds-1ubuntu0.1 salt-master - 2015.8.8+ds-1ubuntu0.1 salt-cloud - 2015.8.8+ds-1ubuntu0.1 No subscription required Medium CVE-2018-15750 CVE-2018-15751 CVE-2019-17361 CVE-2020-11651 CVE-2020-11652 Ubuntu 16.04 LTS It was discovered that the bcache subsystem in the Linux kernel did not properly release a lock in some error conditions. A local attacker could possibly use this to cause a denial of service. (CVE-2020-12771) Kyungtae Kim discovered that the USB testing driver in the Linux kernel did not properly deallocate memory on disconnect events. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2020-15393) Update Instructions: Run `sudo pro fix USN-4463-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1078-kvm - 4.4.0-1078.85 No subscription required linux-image-4.4.0-1112-aws - 4.4.0-1112.124 No subscription required linux-image-4.4.0-1137-raspi2 - 4.4.0-1137.146 No subscription required linux-image-4.4.0-1141-snapdragon - 4.4.0-1141.149 No subscription required linux-image-4.4.0-187-generic - 4.4.0-187.217 linux-image-4.4.0-187-powerpc64-emb - 4.4.0-187.217 linux-image-4.4.0-187-powerpc64-smp - 4.4.0-187.217 linux-image-4.4.0-187-generic-lpae - 4.4.0-187.217 linux-image-4.4.0-187-powerpc-smp - 4.4.0-187.217 linux-image-4.4.0-187-powerpc-e500mc - 4.4.0-187.217 linux-image-4.4.0-187-lowlatency - 4.4.0-187.217 No subscription required linux-image-kvm - 4.4.0.1078.76 No subscription required linux-image-aws - 4.4.0.1112.117 No subscription required linux-image-raspi2 - 4.4.0.1137.137 No subscription required linux-image-snapdragon - 4.4.0.1141.133 No subscription required linux-image-powerpc-e500mc-lts-utopic - 4.4.0.187.193 linux-image-generic-lts-wily - 4.4.0.187.193 linux-image-powerpc64-emb-lts-vivid - 4.4.0.187.193 linux-image-powerpc-e500mc - 4.4.0.187.193 linux-image-generic-lpae-lts-xenial - 4.4.0.187.193 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.187.193 linux-image-generic-lpae-lts-utopic - 4.4.0.187.193 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.187.193 linux-image-lowlatency-lts-utopic - 4.4.0.187.193 linux-image-generic-lts-utopic - 4.4.0.187.193 linux-image-powerpc-e500mc-lts-wily - 4.4.0.187.193 linux-image-generic-lts-vivid - 4.4.0.187.193 linux-image-generic-lpae-lts-wily - 4.4.0.187.193 linux-image-virtual-lts-utopic - 4.4.0.187.193 linux-image-virtual - 4.4.0.187.193 linux-image-powerpc64-emb-lts-wily - 4.4.0.187.193 linux-image-lowlatency-lts-vivid - 4.4.0.187.193 linux-image-powerpc64-smp-lts-utopic - 4.4.0.187.193 linux-image-powerpc64-emb - 4.4.0.187.193 linux-image-powerpc-smp-lts-xenial - 4.4.0.187.193 linux-image-powerpc64-smp-lts-vivid - 4.4.0.187.193 linux-image-lowlatency-lts-wily - 4.4.0.187.193 linux-image-generic - 4.4.0.187.193 linux-image-lowlatency-lts-xenial - 4.4.0.187.193 linux-image-powerpc64-smp-lts-xenial - 4.4.0.187.193 linux-image-powerpc64-emb-lts-utopic - 4.4.0.187.193 linux-image-generic-lts-xenial - 4.4.0.187.193 linux-image-virtual-lts-wily - 4.4.0.187.193 linux-image-powerpc-smp - 4.4.0.187.193 linux-image-generic-lpae-lts-vivid - 4.4.0.187.193 linux-image-generic-lpae - 4.4.0.187.193 linux-image-powerpc64-smp-lts-wily - 4.4.0.187.193 linux-image-powerpc64-emb-lts-xenial - 4.4.0.187.193 linux-image-powerpc-smp-lts-wily - 4.4.0.187.193 linux-image-powerpc64-smp - 4.4.0.187.193 linux-image-powerpc-smp-lts-utopic - 4.4.0.187.193 linux-image-powerpc-smp-lts-vivid - 4.4.0.187.193 linux-image-lowlatency - 4.4.0.187.193 linux-image-virtual-lts-xenial - 4.4.0.187.193 linux-image-virtual-lts-vivid - 4.4.0.187.193 No subscription required Low CVE-2020-12771 CVE-2020-15393 Ubuntu 16.04 LTS Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPT_CONNECT_ONLY option. This could result in data being sent to the wrong destination, possibly exposing sensitive information. Update Instructions: Run `sudo pro fix USN-4466-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.47.0-1ubuntu2.16 libcurl4-openssl-dev - 7.47.0-1ubuntu2.16 libcurl3-gnutls - 7.47.0-1ubuntu2.16 libcurl4-doc - 7.47.0-1ubuntu2.16 libcurl3-nss - 7.47.0-1ubuntu2.16 libcurl4-nss-dev - 7.47.0-1ubuntu2.16 libcurl3 - 7.47.0-1ubuntu2.16 curl - 7.47.0-1ubuntu2.16 No subscription required Low CVE-2020-8231 Ubuntu 16.04 LTS Ziming Zhang and VictorV discovered that the QEMU SLiRP networking implementation incorrectly handled replying to certain ICMP echo requests. An attacker inside a guest could possibly use this issue to leak host memory to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-10756) Eric Blake and Xueqiang Wei discovered that the QEMU NDB implementation incorrectly handled certain requests. A remote attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-10761) Ziming Zhang discovered that the QEMU SM501 graphics driver incorrectly handled certain operations. An attacker inside a guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-12829) It was discovered that the QEMU SD memory card implementation incorrectly handled certain memory operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-13253) Ren Ding and Hanqing Zhao discovered that the QEMU ES1370 audio driver incorrectly handled certain invalid frame counts. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-13361) Ren Ding and Hanqing Zhao discovered that the QEMU MegaRAID SAS SCSI driver incorrectly handled certain memory operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-13362) Alexander Bulekov discovered that QEMU MegaRAID SAS SCSI driver incorrectly handled certain memory space operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-13659) Ren Ding, Hanqing Zhao, Alexander Bulekov, and Anatoly Trosinenko discovered that the QEMU incorrectly handled certain msi-x mmio operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-13754) It was discovered that QEMU incorrectly handled certain memory copy operations when loading ROM contents. If a user were tricked into running an untrusted kernel image, a remote attacker could possibly use this issue to run arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-13765) Ren Ding, Hanqing Zhao, and Yi Ren discovered that the QEMU ATI video driver incorrectly handled certain index values. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-13800) Ziming Zhang discovered that the QEMU OSS audio driver incorrectly handled certain operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-14415) Ziming Zhang discovered that the QEMU XGMAC Ethernet controller incorrectly handled packet transmission. An attacker inside a guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-15863) Ziming Zhang discovered that the QEMU e1000e Ethernet controller incorrectly handled packet processing. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-16092) Update Instructions: Run `sudo pro fix USN-4467-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.5+dfsg-5ubuntu10.45 qemu-user-static - 1:2.5+dfsg-5ubuntu10.45 qemu-system-s390x - 1:2.5+dfsg-5ubuntu10.45 qemu-block-extra - 1:2.5+dfsg-5ubuntu10.45 qemu-kvm - 1:2.5+dfsg-5ubuntu10.45 qemu-user - 1:2.5+dfsg-5ubuntu10.45 qemu-guest-agent - 1:2.5+dfsg-5ubuntu10.45 qemu-system - 1:2.5+dfsg-5ubuntu10.45 qemu-utils - 1:2.5+dfsg-5ubuntu10.45 qemu-system-aarch64 - 1:2.5+dfsg-5ubuntu10.45 qemu-system-mips - 1:2.5+dfsg-5ubuntu10.45 qemu-user-binfmt - 1:2.5+dfsg-5ubuntu10.45 qemu-system-x86 - 1:2.5+dfsg-5ubuntu10.45 qemu-system-arm - 1:2.5+dfsg-5ubuntu10.45 qemu-system-sparc - 1:2.5+dfsg-5ubuntu10.45 qemu - 1:2.5+dfsg-5ubuntu10.45 qemu-system-ppc - 1:2.5+dfsg-5ubuntu10.45 qemu-system-misc - 1:2.5+dfsg-5ubuntu10.45 No subscription required Medium CVE-2020-10756 CVE-2020-10761 CVE-2020-12829 CVE-2020-13253 CVE-2020-13361 CVE-2020-13362 CVE-2020-13659 CVE-2020-13754 CVE-2020-13765 CVE-2020-13800 CVE-2020-14415 CVE-2020-15863 CVE-2020-16092 Ubuntu 16.04 LTS USN-4467-1 fixed vulnerabilities in QEMU. The fix for CVE-2020-13754 introduced a regression in certain environments. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Ren Ding, Hanqing Zhao, Alexander Bulekov, and Anatoly Trosinenko discovered that the QEMU incorrectly handled certain msi-x mmio operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-13754) Update Instructions: Run `sudo pro fix USN-4467-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.5+dfsg-5ubuntu10.51 qemu-user-static - 1:2.5+dfsg-5ubuntu10.51 qemu-system-s390x - 1:2.5+dfsg-5ubuntu10.51 qemu-block-extra - 1:2.5+dfsg-5ubuntu10.51 qemu-kvm - 1:2.5+dfsg-5ubuntu10.51 qemu-user - 1:2.5+dfsg-5ubuntu10.51 qemu-guest-agent - 1:2.5+dfsg-5ubuntu10.51 qemu-system - 1:2.5+dfsg-5ubuntu10.51 qemu-utils - 1:2.5+dfsg-5ubuntu10.51 qemu-system-aarch64 - 1:2.5+dfsg-5ubuntu10.51 qemu - 1:2.5+dfsg-5ubuntu10.51 qemu-user-binfmt - 1:2.5+dfsg-5ubuntu10.51 qemu-system-x86 - 1:2.5+dfsg-5ubuntu10.51 qemu-system-misc - 1:2.5+dfsg-5ubuntu10.51 qemu-system-sparc - 1:2.5+dfsg-5ubuntu10.51 qemu-system-arm - 1:2.5+dfsg-5ubuntu10.51 qemu-system-ppc - 1:2.5+dfsg-5ubuntu10.51 qemu-system-mips - 1:2.5+dfsg-5ubuntu10.51 No subscription required None https://launchpad.net/bugs/1914883 Ubuntu 16.04 LTS Emanuel Almeida discovered that Bind incorrectly handled certain TCP payloads. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-8620) Joseph Gullo discovered that Bind incorrectly handled QNAME minimization when used in certain configurations. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-8621) Dave Feldman, Jeff Warren, and Joel Cunningham discovered that Bind incorrectly handled certain truncated responses to a TSIG-signed request. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2020-8622) Lyu Chiy discovered that Bind incorrectly handled certain queries. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2020-8623) Joop Boonen discovered that Bind incorrectly handled certain subdomain update-policy rules. A remote attacker granted privileges to change certain parts of a zone could use this issue to change other contents of the zone, contrary to expectations. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-8624) Update Instructions: Run `sudo pro fix USN-4468-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libisccfg-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.17 libisc160 - 1:9.10.3.dfsg.P4-8ubuntu1.17 libisccc-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.17 libdns162 - 1:9.10.3.dfsg.P4-8ubuntu1.17 libbind-dev - 1:9.10.3.dfsg.P4-8ubuntu1.17 libisc-export160-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.17 liblwres141 - 1:9.10.3.dfsg.P4-8ubuntu1.17 libisccc-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.17 libisccfg-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.17 bind9 - 1:9.10.3.dfsg.P4-8ubuntu1.17 libisc-export160 - 1:9.10.3.dfsg.P4-8ubuntu1.17 libdns-export162-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.17 bind9-doc - 1:9.10.3.dfsg.P4-8ubuntu1.17 libbind-export-dev - 1:9.10.3.dfsg.P4-8ubuntu1.17 libisccc140 - 1:9.10.3.dfsg.P4-8ubuntu1.17 host - 1:9.10.3.dfsg.P4-8ubuntu1.17 libisccfg140 - 1:9.10.3.dfsg.P4-8ubuntu1.17 bind9-host - 1:9.10.3.dfsg.P4-8ubuntu1.17 dnsutils - 1:9.10.3.dfsg.P4-8ubuntu1.17 libdns-export162 - 1:9.10.3.dfsg.P4-8ubuntu1.17 bind9utils - 1:9.10.3.dfsg.P4-8ubuntu1.17 libirs-export141-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.17 libbind9-140 - 1:9.10.3.dfsg.P4-8ubuntu1.17 libirs141 - 1:9.10.3.dfsg.P4-8ubuntu1.17 libirs-export141 - 1:9.10.3.dfsg.P4-8ubuntu1.17 lwresd - 1:9.10.3.dfsg.P4-8ubuntu1.17 No subscription required Medium CVE-2020-8620 CVE-2020-8621 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 Ubuntu 16.04 LTS It was discovered that Ghostscript incorrectly handled certain document files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4469-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.16.04.13 ghostscript-x - 9.26~dfsg+0-0ubuntu0.16.04.13 libgs-dev - 9.26~dfsg+0-0ubuntu0.16.04.13 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.16.04.13 libgs9 - 9.26~dfsg+0-0ubuntu0.16.04.13 libgs9-common - 9.26~dfsg+0-0ubuntu0.16.04.13 No subscription required Medium CVE-2020-16287 CVE-2020-16288 CVE-2020-16289 CVE-2020-16290 CVE-2020-16291 CVE-2020-16292 CVE-2020-16293 CVE-2020-16294 CVE-2020-16295 CVE-2020-16296 CVE-2020-16297 CVE-2020-16298 CVE-2020-16299 CVE-2020-16300 CVE-2020-16301 CVE-2020-16302 CVE-2020-16303 CVE-2020-16304 CVE-2020-16305 CVE-2020-16306 CVE-2020-16307 CVE-2020-16308 CVE-2020-16309 CVE-2020-16310 CVE-2020-17538 Ubuntu 16.04 LTS Kritphong Mongkhonvanit discovered that sane-backends incorrectly handled certain packets. A remote attacker could possibly use this issue to obtain sensitive memory information. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-6318) It was discovered that sane-backends incorrectly handled certain memory operations. A remote attacker could possibly use this issue to execute arbitrary code. This issue only applied to Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-12861) It was discovered that sane-backends incorrectly handled certain memory operations. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2020-12862, CVE-2020-12863) It was discovered that sane-backends incorrectly handled certain memory operations. A remote attacker could possibly use this issue to obtain sensitive information. This issue only applied to Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-12864) It was discovered that sane-backends incorrectly handled certain memory operations. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2020-12865) It was discovered that sane-backends incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause a denial of service. This issue only applied to Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-12866) It was discovered that sane-backends incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2020-12867) Update Instructions: Run `sudo pro fix USN-4470-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsane - 1.0.25+git20150528-1ubuntu2.16.04.3 libsane-common - 1.0.25+git20150528-1ubuntu2.16.04.3 sane-utils - 1.0.25+git20150528-1ubuntu2.16.04.3 libsane-dev - 1.0.25+git20150528-1ubuntu2.16.04.3 No subscription required Medium CVE-2017-6318 CVE-2020-12861 CVE-2020-12862 CVE-2020-12863 CVE-2020-12864 CVE-2020-12865 CVE-2020-12866 CVE-2020-12867 Ubuntu 16.04 LTS Tobias Neitzel discovered that Net-SNMP incorrectly handled certain symlinks. An attacker could possibly use this issue to access sensitive information. (CVE-2020-15861) It was discovered that Net-SNMP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2020-15862) Update Instructions: Run `sudo pro fix USN-4471-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: snmptrapd - 5.7.3+dfsg-1ubuntu4.5 libsnmp-perl - 5.7.3+dfsg-1ubuntu4.5 libsnmp-dev - 5.7.3+dfsg-1ubuntu4.5 libsnmp-base - 5.7.3+dfsg-1ubuntu4.5 snmp - 5.7.3+dfsg-1ubuntu4.5 libsnmp30 - 5.7.3+dfsg-1ubuntu4.5 tkmib - 5.7.3+dfsg-1ubuntu4.5 snmpd - 5.7.3+dfsg-1ubuntu4.5 python-netsnmp - 5.7.3+dfsg-1ubuntu4.5 No subscription required Medium CVE-2020-15861 CVE-2020-15862 Ubuntu 16.04 LTS USN-4471-1 fixed a vulnerability in Net-SNMP. The updated introduced a regression making nsExtendCacheTime not settable. This update fixes the problem adding the cacheTime feature flag. Original advisory details: Tobias Neitzel discovered that Net-SNMP incorrectly handled certain symlinks. An attacker could possibly use this issue to access sensitive information. (CVE-2020-15861) It was discovered that Net-SNMP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2020-15862) Update Instructions: Run `sudo pro fix USN-4471-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: snmptrapd - 5.7.3+dfsg-1ubuntu4.6 libsnmp-perl - 5.7.3+dfsg-1ubuntu4.6 libsnmp-dev - 5.7.3+dfsg-1ubuntu4.6 libsnmp-base - 5.7.3+dfsg-1ubuntu4.6 snmp - 5.7.3+dfsg-1ubuntu4.6 libsnmp30 - 5.7.3+dfsg-1ubuntu4.6 tkmib - 5.7.3+dfsg-1ubuntu4.6 snmpd - 5.7.3+dfsg-1ubuntu4.6 python-netsnmp - 5.7.3+dfsg-1ubuntu4.6 No subscription required None https://launchpad.net/bugs/1892980 Ubuntu 16.04 LTS Noah Misch discovered that PostgreSQL incorrectly handled the search_path setting when used with logical replication. A remote attacker could possibly use this issue to execute arbitrary SQL code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-14349) Andres Freund discovered that PostgreSQL incorrectly handled search path elements in CREATE EXTENSION. A remote attacker could possibly use this issue to execute arbitrary SQL code. (CVE-2020-14350) Update Instructions: Run `sudo pro fix USN-4472-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-doc-9.5 - 9.5.23-0ubuntu0.16.04.1 postgresql-plperl-9.5 - 9.5.23-0ubuntu0.16.04.1 postgresql-server-dev-9.5 - 9.5.23-0ubuntu0.16.04.1 postgresql-9.5 - 9.5.23-0ubuntu0.16.04.1 postgresql-plpython-9.5 - 9.5.23-0ubuntu0.16.04.1 libecpg6 - 9.5.23-0ubuntu0.16.04.1 postgresql-client-9.5 - 9.5.23-0ubuntu0.16.04.1 libpq5 - 9.5.23-0ubuntu0.16.04.1 postgresql-contrib-9.5 - 9.5.23-0ubuntu0.16.04.1 libpgtypes3 - 9.5.23-0ubuntu0.16.04.1 libecpg-dev - 9.5.23-0ubuntu0.16.04.1 postgresql-pltcl-9.5 - 9.5.23-0ubuntu0.16.04.1 libpq-dev - 9.5.23-0ubuntu0.16.04.1 postgresql-plpython3-9.5 - 9.5.23-0ubuntu0.16.04.1 libecpg-compat3 - 9.5.23-0ubuntu0.16.04.1 No subscription required Medium CVE-2020-14349 CVE-2020-14350 Ubuntu 16.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, trick the user in to installing a malicious extension, spoof the URL bar, leak sensitive information between origins, or execute arbitrary code. (CVE-2020-15664, CVE-2020-15665, CVE-2020-15666, CVE-2020-15670) It was discovered that NSS incorrectly handled certain signatures. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-12400, CVE-2020-12401, CVE-2020-6829) A data race was discovered when importing certificate information in to the trust store. An attacker could potentially exploit this to cause an unspecified impact. (CVE-2020-15668) Update Instructions: Run `sudo pro fix USN-4474-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-nn - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-ne - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-nb - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-fa - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-fi - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-fr - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-fy - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-or - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-kab - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-oc - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-cs - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-ga - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-gd - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-gn - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-gl - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-gu - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-pa - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-pl - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-cy - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-pt - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-hi - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-uk - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-he - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-hy - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-hr - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-hu - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-as - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-ar - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-ia - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-az - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-id - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-mai - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-af - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-is - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-it - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-an - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-bs - 80.0+build2-0ubuntu0.16.04.1 firefox - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-ro - 80.0+build2-0ubuntu0.16.04.1 firefox-geckodriver - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-ja - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-ru - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-br - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-zh-hant - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-zh-hans - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-bn - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-be - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-bg - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-sl - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-sk - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-si - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-sw - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-sv - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-sr - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-sq - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-ko - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-kn - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-km - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-kk - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-ka - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-xh - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-ca - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-ku - 80.0+build2-0ubuntu0.16.04.1 firefox-mozsymbols - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-lv - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-lt - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-th - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-hsb - 80.0+build2-0ubuntu0.16.04.1 firefox-dev - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-te - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-cak - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-ta - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-lg - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-tr - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-nso - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-de - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-da - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-ms - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-mr - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-my - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-uz - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-ml - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-mn - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-mk - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-ur - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-vi - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-eu - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-et - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-es - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-csb - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-el - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-eo - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-en - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-zu - 80.0+build2-0ubuntu0.16.04.1 firefox-locale-ast - 80.0+build2-0ubuntu0.16.04.1 No subscription required Medium CVE-2020-12400 CVE-2020-12401 CVE-2020-15664 CVE-2020-15665 CVE-2020-15666 CVE-2020-15668 CVE-2020-15670 CVE-2020-6829 Ubuntu 16.04 LTS USN-4474-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, trick the user in to installing a malicious extension, spoof the URL bar, leak sensitive information between origins, or execute arbitrary code. (CVE-2020-15664, CVE-2020-15665, CVE-2020-15666, CVE-2020-15670) It was discovered that NSS incorrectly handled certain signatures. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-12400, CVE-2020-12401, CVE-2020-6829) A data race was discovered when importing certificate information in to the trust store. An attacker could potentially exploit this to cause an unspecified impact. (CVE-2020-15668) Update Instructions: Run `sudo pro fix USN-4474-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nn - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ne - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nb - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fa - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fi - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fr - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fy - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-or - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kab - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-oc - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cs - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ga - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gd - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gn - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gl - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gu - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pa - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pl - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cy - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pt - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hi - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-uk - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-he - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hy - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hr - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hu - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-as - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ar - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ia - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-az - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-id - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mai - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-af - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-is - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-it - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-an - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bs - 80.0.1+build1-0ubuntu0.16.04.1 firefox - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ro - 80.0.1+build1-0ubuntu0.16.04.1 firefox-geckodriver - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ja - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ru - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-br - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zh-hant - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zh-hans - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bn - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-be - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bg - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sl - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sk - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-si - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sw - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sv - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sr - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sq - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ko - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kn - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-km - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kk - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ka - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-xh - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ca - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ku - 80.0.1+build1-0ubuntu0.16.04.1 firefox-mozsymbols - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lv - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lt - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-th - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hsb - 80.0.1+build1-0ubuntu0.16.04.1 firefox-dev - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-te - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cak - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ta - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lg - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-tr - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nso - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-de - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-da - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ms - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mr - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-my - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-uz - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ml - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mn - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mk - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ur - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-vi - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-eu - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-et - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-es - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-csb - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-el - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-eo - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-en - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zu - 80.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ast - 80.0.1+build1-0ubuntu0.16.04.1 No subscription required None https://launchpad.net/bugs/1893021 Ubuntu 16.04 LTS It was discovered that NSS incorrectly handled some inputs. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-4476-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.28.4-0ubuntu0.16.04.14 libnss3-dev - 2:3.28.4-0ubuntu0.16.04.14 libnss3 - 2:3.28.4-0ubuntu0.16.04.14 libnss3-1d - 2:3.28.4-0ubuntu0.16.04.14 libnss3-tools - 2:3.28.4-0ubuntu0.16.04.14 No subscription required Medium CVE-2020-12403 Ubuntu 16.04 LTS USN-4478-1 fixed a vulnerability in Python-RSA. This update provides the corresponding update for Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. Original advisory details: It was discovered that Python-RSA incorrectly handled certain ciphertexts. An attacker could possibly use this issue to obtain sensitive information. Update Instructions: Run `sudo pro fix USN-4478-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-rsa - 3.2.3-1.1ubuntu0.1~esm1 python3-rsa - 3.2.3-1.1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-13757 Ubuntu 16.04 LTS Fabian Vogt discovered that Ark incorrectly handled symbolic links in tar archive files. An attacker could use this to construct a malicious tar archive that, when opened, would create files outside the extraction directory. Update Instructions: Run `sudo pro fix USN-4482-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ark - 4:15.12.3-0ubuntu1.2 No subscription required Medium CVE-2020-24654 Ubuntu 16.04 LTS Timothy Michaud discovered that the i915 graphics driver in the Linux kernel did not properly validate user memory locations for the i915_gem_execbuffer2_ioctl. A local attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2018-20669) It was discovered that the Kvaser CAN/USB driver in the Linux kernel did not properly initialize memory in certain situations. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-19947) Chuhong Yuan discovered that go7007 USB audio device driver in the Linux kernel did not properly deallocate memory in some failure conditions. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-20810) It was discovered that the elf handling code in the Linux kernel did not initialize memory before using it in certain situations. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2020-10732) It was discovered that the Linux kernel did not correctly apply Speculative Store Bypass Disable (SSBD) mitigations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10766) It was discovered that the Linux kernel did not correctly apply Indirect Branch Predictor Barrier (IBPB) mitigations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10767) It was discovered that the Linux kernel could incorrectly enable Indirect Branch Speculation after it has been disabled for a process via a prctl() call. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10768) Luca Bruno discovered that the zram module in the Linux kernel did not properly restrict unprivileged users from accessing the hot_add sysfs file. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2020-10781) It was discovered that the XFS file system implementation in the Linux kernel did not properly validate meta data in some circumstances. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. (CVE-2020-12655) It was discovered that the bcache subsystem in the Linux kernel did not properly release a lock in some error conditions. A local attacker could possibly use this to cause a denial of service. (CVE-2020-12771) It was discovered that the Virtual Terminal keyboard driver in the Linux kernel contained an integer overflow. A local attacker could possibly use this to have an unspecified impact. (CVE-2020-13974) Kyungtae Kim discovered that the USB testing driver in the Linux kernel did not properly deallocate memory on disconnect events. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2020-15393) It was discovered that the NFS server implementation in the Linux kernel did not properly honor umask settings when setting permissions while creating file system objects if the underlying file system did not support ACLs. An attacker could possibly use this to expose sensitive information or violate system integrity. (CVE-2020-24394) It was discovered that the Kerberos SUNRPC GSS implementation in the Linux kernel did not properly deallocate memory on module unload. A local privileged attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2020-12656) Update Instructions: Run `sudo pro fix USN-4485-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1051-oracle - 4.15.0-1051.55~16.04.1 No subscription required linux-image-4.15.0-1080-aws - 4.15.0-1080.84~16.04.1 No subscription required linux-image-4.15.0-1081-gcp - 4.15.0-1081.92~16.04.1 No subscription required linux-image-4.15.0-1093-azure - 4.15.0-1093.103~16.04.1 No subscription required linux-image-oracle - 4.15.0.1051.42 No subscription required linux-image-aws-hwe - 4.15.0.1080.77 No subscription required linux-image-gke - 4.15.0.1081.83 linux-image-gcp - 4.15.0.1081.83 No subscription required linux-image-azure-edge - 4.15.0.1093.88 linux-image-azure - 4.15.0.1093.88 No subscription required Medium CVE-2018-20669 CVE-2019-19947 CVE-2019-20810 CVE-2020-10732 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10781 CVE-2020-12655 CVE-2020-12656 CVE-2020-12771 CVE-2020-13974 CVE-2020-15393 CVE-2020-24394 Ubuntu 16.04 LTS Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). Update Instructions: Run `sudo pro fix USN-4486-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1079-kvm - 4.4.0-1079.86 No subscription required linux-image-4.4.0-1113-aws - 4.4.0-1113.126 No subscription required linux-image-4.4.0-1138-raspi2 - 4.4.0-1138.147 No subscription required linux-image-4.4.0-1142-snapdragon - 4.4.0-1142.151 No subscription required linux-image-4.4.0-189-generic - 4.4.0-189.219 linux-image-4.4.0-189-lowlatency - 4.4.0-189.219 linux-image-4.4.0-189-powerpc64-smp - 4.4.0-189.219 linux-image-4.4.0-189-generic-lpae - 4.4.0-189.219 linux-image-4.4.0-189-powerpc64-emb - 4.4.0-189.219 linux-image-4.4.0-189-powerpc-e500mc - 4.4.0-189.219 linux-image-4.4.0-189-powerpc-smp - 4.4.0-189.219 No subscription required linux-image-kvm - 4.4.0.1079.77 No subscription required linux-image-aws - 4.4.0.1113.118 No subscription required linux-image-raspi2 - 4.4.0.1138.138 No subscription required linux-image-snapdragon - 4.4.0.1142.134 No subscription required linux-image-generic-lts-wily - 4.4.0.189.195 linux-image-powerpc64-emb-lts-vivid - 4.4.0.189.195 linux-image-powerpc-e500mc - 4.4.0.189.195 linux-image-generic-lpae-lts-xenial - 4.4.0.189.195 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.189.195 linux-image-generic-lpae-lts-utopic - 4.4.0.189.195 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.189.195 linux-image-generic-lts-utopic - 4.4.0.189.195 linux-image-powerpc-e500mc-lts-wily - 4.4.0.189.195 linux-image-generic-lts-vivid - 4.4.0.189.195 linux-image-generic-lpae-lts-wily - 4.4.0.189.195 linux-image-virtual-lts-vivid - 4.4.0.189.195 linux-image-virtual-lts-utopic - 4.4.0.189.195 linux-image-virtual - 4.4.0.189.195 linux-image-powerpc64-emb-lts-wily - 4.4.0.189.195 linux-image-lowlatency-lts-vivid - 4.4.0.189.195 linux-image-powerpc64-smp-lts-utopic - 4.4.0.189.195 linux-image-powerpc64-emb - 4.4.0.189.195 linux-image-powerpc-smp-lts-xenial - 4.4.0.189.195 linux-image-powerpc64-smp-lts-vivid - 4.4.0.189.195 linux-image-lowlatency-lts-wily - 4.4.0.189.195 linux-image-generic - 4.4.0.189.195 linux-image-lowlatency-lts-xenial - 4.4.0.189.195 linux-image-powerpc64-smp-lts-xenial - 4.4.0.189.195 linux-image-powerpc64-emb-lts-utopic - 4.4.0.189.195 linux-image-generic-lts-xenial - 4.4.0.189.195 linux-image-powerpc-smp - 4.4.0.189.195 linux-image-generic-lpae-lts-vivid - 4.4.0.189.195 linux-image-generic-lpae - 4.4.0.189.195 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.189.195 linux-image-powerpc64-smp-lts-wily - 4.4.0.189.195 linux-image-powerpc64-emb-lts-xenial - 4.4.0.189.195 linux-image-powerpc-smp-lts-wily - 4.4.0.189.195 linux-image-virtual-lts-wily - 4.4.0.189.195 linux-image-powerpc64-smp - 4.4.0.189.195 linux-image-lowlatency-lts-utopic - 4.4.0.189.195 linux-image-powerpc-smp-lts-vivid - 4.4.0.189.195 linux-image-lowlatency - 4.4.0.189.195 linux-image-virtual-lts-xenial - 4.4.0.189.195 linux-image-powerpc-smp-lts-utopic - 4.4.0.189.195 No subscription required Low CVE-2018-10323 Ubuntu 16.04 LTS Todd Carson discovered that libx11 incorrectly handled certain memory operations. A local attacker could possibly use this issue to escalate privileges. (CVE-2020-14344) Jayden Rivers discovered that libx11 incorrectly handled locales. A local attacker could possibly use this issue to escalate privileges. (CVE-2020-14363) Update Instructions: Run `sudo pro fix USN-4487-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libx11-6 - 2:1.6.3-1ubuntu2.2 libx11-data - 2:1.6.3-1ubuntu2.2 libx11-xcb-dev - 2:1.6.3-1ubuntu2.2 libx11-xcb1 - 2:1.6.3-1ubuntu2.2 libx11-doc - 2:1.6.3-1ubuntu2.2 libx11-6-udeb - 2:1.6.3-1ubuntu2.2 libx11-dev - 2:1.6.3-1ubuntu2.2 No subscription required Medium CVE-2020-14344 CVE-2020-14363 Ubuntu 16.04 LTS Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the input extension protocol. A local attacker could possibly use this issue to escalate privileges. (CVE-2020-14346) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly initialized memory. A local attacker could possibly use this issue to obtain sensitive information. (CVE-2020-14347) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the XkbSelectEvents function. A local attacker could possibly use this issue to escalate privileges. (CVE-2020-14361) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the XRecordRegisterClients function. A local attacker could possibly use this issue to escalate privileges. (CVE-2020-14362) Update Instructions: Run `sudo pro fix USN-4488-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xserver-xorg-core - 2:1.18.4-0ubuntu0.9 xmir - 2:1.18.4-0ubuntu0.9 xwayland - 2:1.18.4-0ubuntu0.9 xorg-server-source - 2:1.18.4-0ubuntu0.9 xdmx - 2:1.18.4-0ubuntu0.9 xserver-xorg-xmir - 2:1.18.4-0ubuntu0.9 xserver-xorg-dev - 2:1.18.4-0ubuntu0.9 xdmx-tools - 2:1.18.4-0ubuntu0.9 xvfb - 2:1.18.4-0ubuntu0.9 xnest - 2:1.18.4-0ubuntu0.9 xserver-xorg-legacy - 2:1.18.4-0ubuntu0.9 xserver-common - 2:1.18.4-0ubuntu0.9 xserver-xephyr - 2:1.18.4-0ubuntu0.9 xserver-xorg-core-udeb - 2:1.18.4-0ubuntu0.9 No subscription required xorg-server-source-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.3 xmir-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.3 xserver-xorg-dev-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.3 xserver-xorg-core-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.3 xserver-xorg-legacy-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.3 xwayland-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.3 xserver-xephyr-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.3 No subscription required Medium CVE-2020-14346 CVE-2020-14347 CVE-2020-14361 CVE-2020-14362 Ubuntu 16.04 LTS Or Cohen discovered that the AF_PACKET implementation in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4489-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1053-oracle - 4.15.0-1053.57~16.04.1 No subscription required linux-image-4.15.0-1082-aws - 4.15.0-1082.86~16.04.1 No subscription required linux-image-4.15.0-1083-gcp - 4.15.0-1083.94~16.04.1 No subscription required linux-image-4.15.0-1095-azure - 4.15.0-1095.105~16.04.1 No subscription required linux-image-4.15.0-117-generic-lpae - 4.15.0-117.118~16.04.1 linux-image-4.15.0-117-generic - 4.15.0-117.118~16.04.1 linux-image-4.15.0-117-lowlatency - 4.15.0-117.118~16.04.1 No subscription required linux-image-oracle - 4.15.0.1053.43 No subscription required linux-image-aws-hwe - 4.15.0.1082.78 No subscription required linux-image-gke - 4.15.0.1083.84 linux-image-gcp - 4.15.0.1083.84 No subscription required linux-image-azure-edge - 4.15.0.1095.89 linux-image-azure - 4.15.0.1095.89 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.117.118 linux-image-lowlatency-hwe-16.04 - 4.15.0.117.118 linux-image-generic-hwe-16.04-edge - 4.15.0.117.118 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.117.118 linux-image-generic-lpae-hwe-16.04 - 4.15.0.117.118 linux-image-virtual-hwe-16.04 - 4.15.0.117.118 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.117.118 linux-image-oem - 4.15.0.117.118 linux-image-generic-hwe-16.04 - 4.15.0.117.118 No subscription required High CVE-2020-14386 Ubuntu 16.04 LTS Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the XkbSetNames function. A local attacker could possibly use this issue to escalate privileges. Update Instructions: Run `sudo pro fix USN-4490-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xserver-xorg-core - 2:1.18.4-0ubuntu0.10 xmir - 2:1.18.4-0ubuntu0.10 xwayland - 2:1.18.4-0ubuntu0.10 xorg-server-source - 2:1.18.4-0ubuntu0.10 xdmx - 2:1.18.4-0ubuntu0.10 xserver-xorg-legacy - 2:1.18.4-0ubuntu0.10 xserver-xorg-xmir - 2:1.18.4-0ubuntu0.10 xvfb - 2:1.18.4-0ubuntu0.10 xserver-xorg-dev - 2:1.18.4-0ubuntu0.10 xserver-xorg-core-udeb - 2:1.18.4-0ubuntu0.10 xnest - 2:1.18.4-0ubuntu0.10 xserver-xephyr - 2:1.18.4-0ubuntu0.10 xserver-common - 2:1.18.4-0ubuntu0.10 xdmx-tools - 2:1.18.4-0ubuntu0.10 No subscription required xorg-server-source-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.4 xserver-xephyr-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.4 xserver-xorg-core-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.4 xmir-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.4 xserver-xorg-legacy-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.4 xwayland-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.4 xserver-xorg-dev-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.4 No subscription required Medium CVE-2020-14345 Ubuntu 16.04 LTS It was discovered that Apache XML-RPC (aka ws-xmlrpc) does not properly deserialize untrusted data. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-17570) Update Instructions: Run `sudo pro fix USN-4496-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxmlrpc3-common-java - 3.1.3-7+deb8u1build0.16.04.1 libxmlrpc3-server-java - 3.1.3-7+deb8u1build0.16.04.1 libxmlrpc3-java-doc - 3.1.3-7+deb8u1build0.16.04.1 libxmlrpc3-client-java - 3.1.3-7+deb8u1build0.16.04.1 No subscription required Medium CVE-2019-17570 Ubuntu 16.04 LTS It was discovered that OpenJPEG incorrectly handled certain image files. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-9112) It was discovered that OpenJPEG did not properly handle certain input. If OpenJPEG were supplied with specially crafted input, it could be made to crash or potentially execute arbitrary code. (CVE-2018-20847, CVE-2018-21010, CVE-2020-6851, CVE-2020-8112, CVE-2020-15389) It was discovered that OpenJPEG incorrectly handled certain BMP files. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2019-12973) Update Instructions: Run `sudo pro fix USN-4497-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libopenjp2-tools - 2.1.2-1.1+deb9u5build0.16.04.1 libopenjpip-server - 2.1.2-1.1+deb9u5build0.16.04.1 libopenjp3d7 - 2.1.2-1.1+deb9u5build0.16.04.1 libopenjp3d-tools - 2.1.2-1.1+deb9u5build0.16.04.1 libopenjpip7 - 2.1.2-1.1+deb9u5build0.16.04.1 libopenjp2-7 - 2.1.2-1.1+deb9u5build0.16.04.1 libopenjp2-7-dev - 2.1.2-1.1+deb9u5build0.16.04.1 libopenjpip-viewer - 2.1.2-1.1+deb9u5build0.16.04.1 libopenjpip-dec-server - 2.1.2-1.1+deb9u5build0.16.04.1 No subscription required Medium CVE-2016-9112 CVE-2018-20847 CVE-2018-21010 CVE-2020-6851 CVE-2020-8112 CVE-2020-15389 CVE-2019-12973 Ubuntu 16.04 LTS It was discovered that Loofah does not properly sanitize JavaScript in sanitized output. An attacker could possibly use this issue to perform XSS attacks. (CVE-2019-15587) Update Instructions: Run `sudo pro fix USN-4498-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby-loofah - 2.0.3-2+deb9u3build0.16.04.1 No subscription required Medium CVE-2019-15587 Ubuntu 16.04 LTS It was discovered that MilkyTracker did not properly handle certain input. If a user were tricked into opening a malicious file, an attacker could cause MilkyTracker to crash or potentially execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4499-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: milkytracker - 0.90.85+dfsg-2.2+deb8u1build0.16.04.1 No subscription required Medium CVE-2019-14464 CVE-2019-14496 CVE-2019-14497 Ubuntu 16.04 LTS It was discovered that bsdiff mishandled certain input. If a user were tricked into opening a malicious file, an attacker could cause bsdiff to crash or potentially execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4500-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bsdiff - 4.3-15+deb8u1build0.16.04.1 No subscription required Medium CVE-2014-9862 Ubuntu 16.04 LTS It was discovered that an out-of-bounds read existed in LuaJIT. An attacker could use this to cause a denial of service (application crash) or possibly expose sensitive information. (CVE-2020-15890) Update Instructions: Run `sudo pro fix USN-4501-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libluajit-5.1-dev - 2.0.4+dfsg-1+deb9u1build0.16.04.1 libluajit-5.1-2 - 2.0.4+dfsg-1+deb9u1build0.16.04.1 libluajit-5.1-common - 2.0.4+dfsg-1+deb9u1build0.16.04.1 luajit - 2.0.4+dfsg-1+deb9u1build0.16.04.1 No subscription required Low CVE-2020-15890 Ubuntu 16.04 LTS It was discovered that websocket-extensions does not properly parse special headers. A remote attacker could use this issue to cause regex backtracking, resulting in a denial of service. (CVE-2020-7663) Update Instructions: Run `sudo pro fix USN-4502-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby-websocket-extensions - 0.1.2-1+deb9u1build0.16.04.1 No subscription required Medium CVE-2020-7663 Ubuntu 16.04 LTS It was discovered that Perl DBI module incorrectly handled certain calls. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4503-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libdbi-perl - 1.634-1ubuntu0.1 No subscription required Medium CVE-2020-14392 Ubuntu 16.04 LTS Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie-Hellman ciphersuites in the TLS specification and implemented by OpenSSL contained a flaw. A remote attacker could possibly use this issue to eavesdrop on encrypted communications. This was fixed in this update by removing the insecure ciphersuites from OpenSSL. (CVE-2020-1968) Cesar Pereida García, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-1547) Guido Vranken discovered that OpenSSL incorrectly performed the x86_64 Montgomery squaring procedure. While unlikely, a remote attacker could possibly use this issue to recover private keys. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-1551) Bernd Edlinger discovered that OpenSSL incorrectly handled certain decryption functions. In certain scenarios, a remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-1563) Update Instructions: Run `sudo pro fix USN-4504-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.2g-1ubuntu4.17 libssl-dev - 1.0.2g-1ubuntu4.17 openssl - 1.0.2g-1ubuntu4.17 libssl-doc - 1.0.2g-1ubuntu4.17 libcrypto1.0.0-udeb - 1.0.2g-1ubuntu4.17 libssl1.0.0-udeb - 1.0.2g-1ubuntu4.17 No subscription required Low CVE-2019-1547 CVE-2019-1551 CVE-2019-1563 CVE-2020-1968 Ubuntu 16.04 LTS It was discovered that MCabber does not properly manage roster pushes. An attacker could possibly use this issue to remotely perform machine-in-the-middle attacks. (CVE-2016-9928). Update Instructions: Run `sudo pro fix USN-4506-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mcabber - 0.10.2-1+deb8u1build0.16.04.1 No subscription required Medium CVE-2016-9928 Ubuntu 16.04 LTS It was discovered that ncmpc incorrectly handled long chat messages. A remote attacker could possibly exploit this with a crafted chat message, causing ncmpc to crash, resulting in a denial of service. (CVE-2018-9240) Update Instructions: Run `sudo pro fix USN-4507-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ncmpc - 0.24-1+deb8u1build0.16.04.1 ncmpc-lyrics - 0.24-1+deb8u1build0.16.04.1 No subscription required Medium CVE-2018-9240 Ubuntu 16.04 LTS It was discovered that StoreBackup did not properly manage lock files. A local attacker could use this issue to cause a denial of service or escalate privileges and run arbitrary code. (CVE-2020-7040) Update Instructions: Run `sudo pro fix USN-4508-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: storebackup - 3.2.1-1+deb8u1build0.16.04.1 No subscription required Medium CVE-2020-7040 Ubuntu 16.04 LTS Tom Tervoort discovered that the Netlogon protocol implemented by Samba incorrectly handled the authentication scheme. A remote attacker could use this issue to forge an authentication token and steal the credentials of the domain admin. This update fixes the issue by changing the "server schannel" setting to default to "yes", instead of "auto", which will force a secure netlogon channel. This may result in compatibility issues with older devices. A future update may allow a finer-grained control over this setting. Update Instructions: Run `sudo pro fix USN-4510-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.16.04.30 samba - 2:4.3.11+dfsg-0ubuntu0.16.04.30 libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.30 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.30 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.30 smbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.30 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.30 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.16.04.30 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.16.04.30 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.16.04.30 winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.30 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.30 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.30 samba-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.30 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.30 python-samba - 2:4.3.11+dfsg-0ubuntu0.16.04.30 samba-common - 2:4.3.11+dfsg-0ubuntu0.16.04.30 ctdb - 2:4.3.11+dfsg-0ubuntu0.16.04.30 samba-libs - 2:4.3.11+dfsg-0ubuntu0.16.04.30 registry-tools - 2:4.3.11+dfsg-0ubuntu0.16.04.30 No subscription required Medium CVE-2020-1472 Ubuntu 16.04 LTS Ziming Zhang, Xiao Wei, Gonglei Arei, and Yanyu Zhang discovered that QEMU incorrectly handled certain USB packets. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Update Instructions: Run `sudo pro fix USN-4511-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.5+dfsg-5ubuntu10.46 qemu-user-static - 1:2.5+dfsg-5ubuntu10.46 qemu-system-s390x - 1:2.5+dfsg-5ubuntu10.46 qemu-block-extra - 1:2.5+dfsg-5ubuntu10.46 qemu-kvm - 1:2.5+dfsg-5ubuntu10.46 qemu-user - 1:2.5+dfsg-5ubuntu10.46 qemu-guest-agent - 1:2.5+dfsg-5ubuntu10.46 qemu-system - 1:2.5+dfsg-5ubuntu10.46 qemu-utils - 1:2.5+dfsg-5ubuntu10.46 qemu-system-aarch64 - 1:2.5+dfsg-5ubuntu10.46 qemu-system-mips - 1:2.5+dfsg-5ubuntu10.46 qemu-user-binfmt - 1:2.5+dfsg-5ubuntu10.46 qemu-system-x86 - 1:2.5+dfsg-5ubuntu10.46 qemu-system-arm - 1:2.5+dfsg-5ubuntu10.46 qemu-system-sparc - 1:2.5+dfsg-5ubuntu10.46 qemu - 1:2.5+dfsg-5ubuntu10.46 qemu-system-ppc - 1:2.5+dfsg-5ubuntu10.46 qemu-system-misc - 1:2.5+dfsg-5ubuntu10.46 No subscription required Medium CVE-2020-14364 Ubuntu 16.04 LTS Dileep Kumar Jallepalli discovered that apng2gif incorrectly handled loading APNG files. An attacker could exploit this with a crafted APNG file to access sensitive information. (CVE-2017-6960) Update Instructions: Run `sudo pro fix USN-4513-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apng2gif - 1.5-3+deb8u1build0.16.04.1 No subscription required Medium CVE-2017-6960 Ubuntu 16.04 LTS It was discovered that libproxy incorrectly handled certain PAC files. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4514-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libproxy-cil-dev - 0.4.11-5ubuntu1.1 python-libproxy - 0.4.11-5ubuntu1.1 libproxy1v5 - 0.4.11-5ubuntu1.1 libproxy0.4-cil - 0.4.11-5ubuntu1.1 libproxy1-plugin-gsettings - 0.4.11-5ubuntu1.1 libproxy-dev - 0.4.11-5ubuntu1.1 libproxy1-plugin-webkit - 0.4.11-5ubuntu1.1 libproxy1-plugin-kconfig - 0.4.11-5ubuntu1.1 libproxy1-plugin-networkmanager - 0.4.11-5ubuntu1.1 libproxy-tools - 0.4.11-5ubuntu1.1 No subscription required Medium CVE-2020-25219 Ubuntu 16.04 LTS Antonio Norales discovered that Pure-FTPd incorrectly handled directory aliases. An attacker could possibly use this issue to access sensitive information. (CVE-2020-9274) Update Instructions: Run `sudo pro fix USN-4515-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: pure-ftpd-postgresql - 1.0.36-3.2+deb8u1build0.16.04.1 pure-ftpd-ldap - 1.0.36-3.2+deb8u1build0.16.04.1 pure-ftpd - 1.0.36-3.2+deb8u1build0.16.04.1 pure-ftpd-common - 1.0.36-3.2+deb8u1build0.16.04.1 pure-ftpd-mysql - 1.0.36-3.2+deb8u1build0.16.04.1 No subscription required Low CVE-2020-9274 Ubuntu 16.04 LTS It was discovered that Email-Address-List does not properly parse email addresses during email-ingestion. A remote attacker could use this issue to cause an algorithmic complexity attack, resulting in a denial of service. (CVE-2018-18898) Update Instructions: Run `sudo pro fix USN-4517-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libemail-address-list-perl - 0.05-1+deb9u1build0.16.04.1 No subscription required Medium CVE-2018-18898 Ubuntu 16.04 LTS Matthias Gerstner discovered that xawtv incorrectly handled opening files. A local attacker could possibly use this issue to open and write to arbitrary files and escalate privileges. (CVE-2020-13696) Update Instructions: Run `sudo pro fix USN-4518-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: webcam - 3.103-3+deb8u1build0.16.04.1 xawtv - 3.103-3+deb8u1build0.16.04.1 scantv - 3.103-3+deb8u1build0.16.04.1 pia - 3.103-3+deb8u1build0.16.04.1 xawtv-tools - 3.103-3+deb8u1build0.16.04.1 xawtv-plugins - 3.103-3+deb8u1build0.16.04.1 ttv - 3.103-3+deb8u1build0.16.04.1 radio - 3.103-3+deb8u1build0.16.04.1 v4l-conf - 3.103-3+deb8u1build0.16.04.1 alevtd - 3.103-3+deb8u1build0.16.04.1 xawtv-plugin-qt - 3.103-3+deb8u1build0.16.04.1 fbtv - 3.103-3+deb8u1build0.16.04.1 streamer - 3.103-3+deb8u1build0.16.04.1 No subscription required Low CVE-2020-13696 Ubuntu 16.04 LTS Ratchanan Srirattanamet discovered that an Ubuntu-specific patch caused PulseAudio to incorrectly handle memory under certain error conditions in the Bluez 5 module. An attacker could use this issue to cause PulseAudio to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-15710) Update Instructions: Run `sudo pro fix USN-4519-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpulse0 - 1:8.0-0ubuntu3.14 pulseaudio-module-lirc - 1:8.0-0ubuntu3.14 pulseaudio-module-bluetooth - 1:8.0-0ubuntu3.14 libpulse-dev - 1:8.0-0ubuntu3.14 pulseaudio-utils - 1:8.0-0ubuntu3.14 pulseaudio-module-raop - 1:8.0-0ubuntu3.14 pulseaudio-module-trust-store - 1:8.0-0ubuntu3.14 pulseaudio - 1:8.0-0ubuntu3.14 libpulsedsp - 1:8.0-0ubuntu3.14 pulseaudio-module-x11 - 1:8.0-0ubuntu3.14 pulseaudio-esound-compat - 1:8.0-0ubuntu3.14 libpulse-mainloop-glib0 - 1:8.0-0ubuntu3.14 pulseaudio-module-gconf - 1:8.0-0ubuntu3.14 pulseaudio-module-droid - 1:8.0-0ubuntu3.14 pulseaudio-module-zeroconf - 1:8.0-0ubuntu3.14 pulseaudio-module-jack - 1:8.0-0ubuntu3.14 No subscription required Medium CVE-2020-15710 Ubuntu 16.04 LTS It was discovered that Exim SpamAssassin does not properly handle configuration strings. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-19920) Update Instructions: Run `sudo pro fix USN-4520-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sa-exim - 4.2.1-14+deb8u1build0.16.04.1 No subscription required Medium CVE-2019-19920 Ubuntu 16.04 LTS It was discovered that pam_tacplus did not properly manage shared secrets if DEBUG loglevel and journald are used. A remote attacker could use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-4521-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpam-tacplus - 1.3.8-2+deb8u1build0.16.04.1 No subscription required Low CVE-2020-13881 Ubuntu 16.04 LTS It was discovered that noVNC did not properly manage certain messages, resulting in the remote VNC server injecting arbitrary HTML into the noVNC web page. An attacker could use this issue to conduct cross-site scripting (XSS) attacks. (CVE-2017-18635) Update Instructions: Run `sudo pro fix USN-4522-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: novnc - 1:0.4+dfsg+1+20131010+gitf68af8af3d-4+deb8u1build0.16.04.1 python-novnc - 1:0.4+dfsg+1+20131010+gitf68af8af3d-4+deb8u1build0.16.04.1 No subscription required Medium CVE-2017-18635 Ubuntu 16.04 LTS It was discovered that LibOFX did not properly check for errors in certain situations, leading to a NULL pointer dereference. A remote attacker could use this issue to cause a denial of service attack. (CVE-2019-9656) Update Instructions: Run `sudo pro fix USN-4523-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libofx-doc - 1:0.9.10-1+deb8u2build0.16.04.1 libofx-dev - 1:0.9.10-1+deb8u2build0.16.04.1 ofx - 1:0.9.10-1+deb8u2build0.16.04.1 libofx6 - 1:0.9.10-1+deb8u2build0.16.04.1 No subscription required Negligible CVE-2019-9656 Ubuntu 16.04 LTS Paul Dreik discovered that TNEF incorrectly handled filenames. If a user were tricked into opening a specially crafted email attachment, an attacker could possibly use this issue to write arbitrary files to the filesystem or cause TNEF crash, resulting in a denial of service. (CVE-2019-18849) Update Instructions: Run `sudo pro fix USN-4524-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tnef - 1.4.9-1+deb8u4build0.16.04.1 No subscription required Medium CVE-2019-18849 Ubuntu 16.04 LTS It was discovered that the AMD Cryptographic Coprocessor device driver in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-18808) It was discovered that the Conexant 23885 TV card device driver for the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19054) It was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19061) It was discovered that the AMD Audio Coprocessor driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker with the ability to load modules could use this to cause a denial of service (memory exhaustion). (CVE-2019-19067) It was discovered that the Atheros HTC based wireless driver in the Linux kernel did not properly deallocate in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19073, CVE-2019-19074) It was discovered that the F2FS file system in the Linux kernel did not properly perform bounds checking in some situations, leading to an out-of- bounds read. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-9445) It was discovered that the VFIO PCI driver in the Linux kernel did not properly handle attempts to access disabled memory spaces. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12888) It was discovered that the cgroup v2 subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. (CVE-2020-14356) It was discovered that the state of network RNG in the Linux kernel was potentially observable. A remote attacker could use this to expose sensitive information. (CVE-2020-16166) Update Instructions: Run `sudo pro fix USN-4526-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1054-oracle - 4.15.0-1054.58~16.04.1 No subscription required linux-image-4.15.0-1083-aws - 4.15.0-1083.87~16.04.1 No subscription required linux-image-4.15.0-1084-gcp - 4.15.0-1084.95~16.04.1 No subscription required linux-image-4.15.0-1096-azure - 4.15.0-1096.106~16.04.1 No subscription required linux-image-4.15.0-118-generic-lpae - 4.15.0-118.119~16.04.1 linux-image-4.15.0-118-lowlatency - 4.15.0-118.119~16.04.1 linux-image-4.15.0-118-generic - 4.15.0-118.119~16.04.1 No subscription required linux-image-oracle - 4.15.0.1054.44 No subscription required linux-image-aws-hwe - 4.15.0.1083.79 No subscription required linux-image-gke - 4.15.0.1084.85 linux-image-gcp - 4.15.0.1084.85 No subscription required linux-image-azure-edge - 4.15.0.1096.90 linux-image-azure - 4.15.0.1096.90 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.118.119 linux-image-lowlatency-hwe-16.04 - 4.15.0.118.119 linux-image-generic-hwe-16.04-edge - 4.15.0.118.119 linux-image-generic-lpae-hwe-16.04 - 4.15.0.118.119 linux-image-virtual-hwe-16.04 - 4.15.0.118.119 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.118.119 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.118.119 linux-image-oem - 4.15.0.118.119 linux-image-generic-hwe-16.04 - 4.15.0.118.119 No subscription required Medium CVE-2019-18808 CVE-2019-19054 CVE-2019-19061 CVE-2019-19067 CVE-2019-19073 CVE-2019-19074 CVE-2019-9445 CVE-2020-12888 CVE-2020-14356 CVE-2020-16166 Ubuntu 16.04 LTS It was discovered that the Conexant 23885 TV card device driver for the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19054) It was discovered that the Atheros HTC based wireless driver in the Linux kernel did not properly deallocate in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19073, CVE-2019-19074) Yue Haibing discovered that the Linux kernel did not properly handle reference counting in sysfs for network devices in some situations. A local attacker could possibly use this to cause a denial of service. (CVE-2019-20811) It was discovered that the F2FS file system in the Linux kernel did not properly perform bounds checking in some situations, leading to an out-of- bounds read. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-9445) It was discovered that the F2FS file system in the Linux kernel did not properly validate xattr meta data in some situations, leading to an out-of- bounds read. An attacker could use this to construct a malicious F2FS image that, when mounted, could expose sensitive information (kernel memory). (CVE-2019-9453) It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2020-0067) It was discovered that the NFS client implementation in the Linux kernel did not properly perform bounds checking before copying security labels in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-25212) Update Instructions: Run `sudo pro fix USN-4527-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1080-kvm - 4.4.0-1080.87 No subscription required linux-image-4.4.0-1114-aws - 4.4.0-1114.127 No subscription required linux-image-4.4.0-1139-raspi2 - 4.4.0-1139.148 No subscription required linux-image-4.4.0-1143-snapdragon - 4.4.0-1143.152 No subscription required linux-image-4.4.0-190-powerpc-e500mc - 4.4.0-190.220 linux-image-4.4.0-190-generic-lpae - 4.4.0-190.220 linux-image-4.4.0-190-lowlatency - 4.4.0-190.220 linux-image-4.4.0-190-powerpc-smp - 4.4.0-190.220 linux-image-4.4.0-190-powerpc64-emb - 4.4.0-190.220 linux-image-4.4.0-190-generic - 4.4.0-190.220 linux-image-4.4.0-190-powerpc64-smp - 4.4.0-190.220 No subscription required linux-image-kvm - 4.4.0.1080.78 No subscription required linux-image-aws - 4.4.0.1114.119 No subscription required linux-image-raspi2 - 4.4.0.1139.139 No subscription required linux-image-snapdragon - 4.4.0.1143.135 No subscription required linux-image-powerpc64-emb-lts-vivid - 4.4.0.190.196 linux-image-generic-lts-wily - 4.4.0.190.196 linux-image-generic-lpae-lts-xenial - 4.4.0.190.196 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.190.196 linux-image-generic-lpae-lts-utopic - 4.4.0.190.196 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.190.196 linux-image-generic-lts-utopic - 4.4.0.190.196 linux-image-powerpc-e500mc-lts-wily - 4.4.0.190.196 linux-image-generic-lts-vivid - 4.4.0.190.196 linux-image-generic-lpae-lts-wily - 4.4.0.190.196 linux-image-virtual-lts-vivid - 4.4.0.190.196 linux-image-virtual-lts-utopic - 4.4.0.190.196 linux-image-virtual - 4.4.0.190.196 linux-image-powerpc64-emb-lts-wily - 4.4.0.190.196 linux-image-generic - 4.4.0.190.196 linux-image-lowlatency-lts-vivid - 4.4.0.190.196 linux-image-powerpc64-smp-lts-utopic - 4.4.0.190.196 linux-image-powerpc64-emb - 4.4.0.190.196 linux-image-powerpc-smp-lts-xenial - 4.4.0.190.196 linux-image-powerpc-e500mc - 4.4.0.190.196 linux-image-powerpc64-smp-lts-vivid - 4.4.0.190.196 linux-image-lowlatency-lts-wily - 4.4.0.190.196 linux-image-lowlatency-lts-xenial - 4.4.0.190.196 linux-image-powerpc64-smp-lts-xenial - 4.4.0.190.196 linux-image-powerpc64-emb-lts-utopic - 4.4.0.190.196 linux-image-generic-lts-xenial - 4.4.0.190.196 linux-image-powerpc-smp - 4.4.0.190.196 linux-image-generic-lpae-lts-vivid - 4.4.0.190.196 linux-image-generic-lpae - 4.4.0.190.196 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.190.196 linux-image-powerpc64-smp-lts-wily - 4.4.0.190.196 linux-image-powerpc64-emb-lts-xenial - 4.4.0.190.196 linux-image-powerpc-smp-lts-wily - 4.4.0.190.196 linux-image-virtual-lts-wily - 4.4.0.190.196 linux-image-powerpc64-smp - 4.4.0.190.196 linux-image-lowlatency-lts-utopic - 4.4.0.190.196 linux-image-powerpc-smp-lts-vivid - 4.4.0.190.196 linux-image-lowlatency - 4.4.0.190.196 linux-image-virtual-lts-xenial - 4.4.0.190.196 linux-image-powerpc-smp-lts-utopic - 4.4.0.190.196 No subscription required Medium CVE-2019-19054 CVE-2019-19073 CVE-2019-19074 CVE-2019-20811 CVE-2019-9445 CVE-2019-9453 CVE-2020-0067 CVE-2020-25212 Ubuntu 16.04 LTS Adam Mohammed discovered that Ceph incorrectly handled certain CORS ExposeHeader tags. A remote attacker could possibly use this issue to preform an HTTP header injection attack. (CVE-2020-10753) Lei Cao discovered that Ceph incorrectly handled certain POST requests with invalid tagging XML. A remote attacker could possibly use this issue to cause Ceph to crash, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-12059) Robin H. Johnson discovered that Ceph incorrectly handled certain S3 requests. A remote attacker could possibly use this issue to perform a XSS attack. (CVE-2020-1760) Update Instructions: Run `sudo pro fix USN-4528-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ceph-fs-common - 10.2.11-0ubuntu0.16.04.3 ceph-fuse - 10.2.11-0ubuntu0.16.04.3 python-rados - 10.2.11-0ubuntu0.16.04.3 ceph - 10.2.11-0ubuntu0.16.04.3 ceph-test - 10.2.11-0ubuntu0.16.04.3 rbd-mirror - 10.2.11-0ubuntu0.16.04.3 rbd-nbd - 10.2.11-0ubuntu0.16.04.3 librbd-dev - 10.2.11-0ubuntu0.16.04.3 libradosstriper1 - 10.2.11-0ubuntu0.16.04.3 rbd-fuse - 10.2.11-0ubuntu0.16.04.3 librados-dev - 10.2.11-0ubuntu0.16.04.3 libcephfs-jni - 10.2.11-0ubuntu0.16.04.3 radosgw - 10.2.11-0ubuntu0.16.04.3 librados2 - 10.2.11-0ubuntu0.16.04.3 libcephfs1 - 10.2.11-0ubuntu0.16.04.3 librgw2 - 10.2.11-0ubuntu0.16.04.3 ceph-mds - 10.2.11-0ubuntu0.16.04.3 libradosstriper-dev - 10.2.11-0ubuntu0.16.04.3 librbd1 - 10.2.11-0ubuntu0.16.04.3 python-ceph - 10.2.11-0ubuntu0.16.04.3 libcephfs-dev - 10.2.11-0ubuntu0.16.04.3 librgw-dev - 10.2.11-0ubuntu0.16.04.3 python-cephfs - 10.2.11-0ubuntu0.16.04.3 python-rbd - 10.2.11-0ubuntu0.16.04.3 ceph-common - 10.2.11-0ubuntu0.16.04.3 libcephfs-java - 10.2.11-0ubuntu0.16.04.3 ceph-resource-agents - 10.2.11-0ubuntu0.16.04.3 No subscription required Medium CVE-2020-10753 CVE-2020-12059 CVE-2020-1760 Ubuntu 16.04 LTS It was discovered that Perl DBI module incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or expose sensitive information. Update Instructions: Run `sudo pro fix USN-4534-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libdbi-perl - 1.634-1ubuntu0.2 No subscription required Medium CVE-2019-20919 Ubuntu 16.04 LTS Gabriel Corona discovered that RDFLib did not properly load modules on the command-line. An attacker could possibly use this issue to cause RDFLib to execute arbitrary code. (CVE-2019-7653) Update Instructions: Run `sudo pro fix USN-4535-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-rdflib - 4.1.2-3+deb8u1build0.16.04.1 python-rdflib-doc - 4.1.2-3+deb8u1build0.16.04.1 python-rdflib-tools - 4.1.2-3+deb8u1build0.16.04.1 python-rdflib - 4.1.2-3+deb8u1build0.16.04.1 No subscription required Medium CVE-2019-7653 Ubuntu 16.04 LTS Vaisha Bernard discovered that Aptdaemon incorrectly handled the Locale property. A local attacker could use this issue to test for the presence of local files. Update Instructions: Run `sudo pro fix USN-4537-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-aptdaemon.gtk3widgets - 1.1.1+bzr982-0ubuntu14.4 python-aptdaemon - 1.1.1+bzr982-0ubuntu14.4 aptdaemon-data - 1.1.1+bzr982-0ubuntu14.4 python3-aptdaemon.test - 1.1.1+bzr982-0ubuntu14.4 aptdaemon - 1.1.1+bzr982-0ubuntu14.4 python3-aptdaemon.pkcompat - 1.1.1+bzr982-0ubuntu14.4 python-aptdaemon.gtk3widgets - 1.1.1+bzr982-0ubuntu14.4 python3-aptdaemon - 1.1.1+bzr982-0ubuntu14.4 No subscription required Medium CVE-2020-15703 Ubuntu 16.04 LTS Vaisha Bernard discovered that PackageKit incorrectly handled certain methods. A local attacker could use this issue to learn the MIME type of any file on the system. (CVE-2020-16121) Sami Niemimäki discovered that PackageKit incorrectly handled local deb packages. A local user could possibly use this issue to install untrusted packages, contrary to expectations. (CVE-2020-16122) Update Instructions: Run `sudo pro fix USN-4538-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpackagekit-glib2-16 - 0.8.17-4ubuntu6~gcc5.4ubuntu1.5 packagekit-docs - 0.8.17-4ubuntu6~gcc5.4ubuntu1.5 libpackagekit-glib2-dev - 0.8.17-4ubuntu6~gcc5.4ubuntu1.5 packagekit - 0.8.17-4ubuntu6~gcc5.4ubuntu1.5 packagekit-tools - 0.8.17-4ubuntu6~gcc5.4ubuntu1.5 python3-packagekit - 0.8.17-4ubuntu6~gcc5.4ubuntu1.5 packagekit-backend-smart - 0.8.17-4ubuntu6~gcc5.4ubuntu1.5 gir1.2-packagekitglib-1.0 - 0.8.17-4ubuntu6~gcc5.4ubuntu1.5 packagekit-backend-aptcc - 0.8.17-4ubuntu6~gcc5.4ubuntu1.5 gstreamer1.0-packagekit - 0.8.17-4ubuntu6~gcc5.4ubuntu1.5 packagekit-gtk3-module - 0.8.17-4ubuntu6~gcc5.4ubuntu1.5 No subscription required Medium CVE-2020-16121 CVE-2020-16122 Ubuntu 16.04 LTS Tim Blazytko, Cornelius Aschermann, Sergej Schumilo and Nils Bars discovered that Gnuplot did not properly validate string sizes in the df_generate_ascii_array_entry function. An attacker could possibly use this issue to cause a heap buffer overflow, resulting in a denial of service attack or arbitrary code execution. (CVE-2018-19490) Tim Blazytko, Cornelius Aschermann, Sergej Schumilo and Nils Bars discovered that Gnuplot did not properly validate string sizes in the PS_options function when the Gnuplot postscript terminal is used as a backend. An attacker could possibly use this issue to cause a buffer overflow, resulting in a denial of service attack or arbitrary code execution. (CVE-2018-19491) Tim Blazytko, Cornelius Aschermann, Sergej Schumilo and Nils Bars discovered that Gnuplot did not properly validate string sizes in the cairotrm_options function when the Gnuplot postscript terminal is used as a backend. An attacker could possibly use this issue to cause a buffer overflow, resulting in a denial of service attack or arbitrary code execution. (CVE-2018-19492) Update Instructions: Run `sudo pro fix USN-4541-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gnuplot - 4.6.6-3ubuntu0.1 gnuplot-doc - 4.6.6-3ubuntu0.1 gnuplot-tex - 4.6.6-3ubuntu0.1 gnuplot-qt - 4.6.6-3ubuntu0.1 gnuplot-data - 4.6.6-3ubuntu0.1 gnuplot-nox - 4.6.6-3ubuntu0.1 gnuplot-x11 - 4.6.6-3ubuntu0.1 No subscription required Low CVE-2018-19490 CVE-2018-19491 CVE-2018-19492 Ubuntu 16.04 LTS It was discovered that MiniUPnPd did not properly validate callback addresses. A remote attacker could possibly use this issue to expose sensitive information. (CVE-2019-12107) It was discovered that MiniUPnPd incorrectly handled unpopulated user XML input. An attacker could possibly use this issue to cause MiniUPnPd to crash, resulting in a denial of service. (CVE-2019-12108, CVE-2019-12109) It was discovered that MiniUPnPd incorrectly handled an empty description when port mapping. An attacker could possibly use this issue to cause MiniUPnPd to crash, resulting in a denial of service. (CVE-2019-12110) It was discovered that MiniUPnPd did not properly parse certain PCP requests. An attacker could possibly use this issue to cause MiniUPnPd to crash, resulting in a denial of service. (CVE-2019-12111) Update Instructions: Run `sudo pro fix USN-4542-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: miniupnpd - 1.8.20140523-4.1+deb9u2build0.16.04.1 No subscription required Medium CVE-2019-12107 CVE-2019-12108 CVE-2019-12109 CVE-2019-12110 CVE-2019-12111 Ubuntu 16.04 LTS It was discovered that libquicktime incorrectly handled certain malformed MP4 files. If a user were tricked into opening a specially crafted MP4 file, a remote attacker could use this issue to cause a denial of service (resource exhaustion). (CVE-2017-9122) It was discovered that libquicktime incorrectly handled certain malformed MP4 files. If a user were tricked into opening a specially crafted MP4 file, a remote attacker could use this issue to cause libquicktime to crash, resulting in a denial of service. (CVE-2017-9123, CVE-2017-9124, CVE-2017-9126, CVE-2017-9127, CVE-2017-9128) It was discovered that libquicktime incorrectly handled certain malformed MP4 files. If a user were tricked into opening a specially crafted MP4 file, a remote attacker could use this issue to cause a denial of service. (CVE-2017-9125) Update Instructions: Run `sudo pro fix USN-4545-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: quicktime-x11utils - 2:1.2.4-7+deb8u1ubuntu0.1 libquicktime2 - 2:1.2.4-7+deb8u1ubuntu0.1 libquicktime-dev - 2:1.2.4-7+deb8u1ubuntu0.1 libquicktime-doc - 2:1.2.4-7+deb8u1ubuntu0.1 quicktime-utils - 2:1.2.4-7+deb8u1ubuntu0.1 No subscription required Medium CVE-2017-9122 CVE-2017-9123 CVE-2017-9124 CVE-2017-9125 CVE-2017-9126 CVE-2017-9127 CVE-2017-9128 Ubuntu 16.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, conduct cross-site scripting (XSS) attacks, spoof the site displayed in the download dialog, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4546-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-nn - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-ne - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-nb - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-fa - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-fi - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-fr - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-fy - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-or - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-kab - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-oc - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-cs - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-ga - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-gd - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-gn - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-gl - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-gu - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-pa - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-pl - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-cy - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-pt - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-hi - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-uk - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-he - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-hy - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-hr - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-hu - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-as - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-ar - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-ia - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-az - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-id - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-mai - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-af - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-is - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-it - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-an - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-bs - 81.0+build2-0ubuntu0.16.04.1 firefox - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-ro - 81.0+build2-0ubuntu0.16.04.1 firefox-geckodriver - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-ja - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-ru - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-br - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-zh-hant - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-zh-hans - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-bn - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-be - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-bg - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-sl - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-sk - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-si - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-sw - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-sv - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-sr - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-sq - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-ko - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-kn - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-km - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-kk - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-ka - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-xh - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-ca - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-ku - 81.0+build2-0ubuntu0.16.04.1 firefox-mozsymbols - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-lv - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-lt - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-th - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-hsb - 81.0+build2-0ubuntu0.16.04.1 firefox-dev - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-te - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-cak - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-ta - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-lg - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-tr - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-nso - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-de - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-da - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-ms - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-mr - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-my - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-uz - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-ml - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-mn - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-mk - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-ur - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-vi - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-eu - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-et - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-es - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-csb - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-el - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-eo - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-en - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-zu - 81.0+build2-0ubuntu0.16.04.1 firefox-locale-ast - 81.0+build2-0ubuntu0.16.04.1 No subscription required Medium CVE-2020-15673 CVE-2020-15674 CVE-2020-15675 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678 Ubuntu 16.04 LTS USN-4546-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, conduct cross-site scripting (XSS) attacks, spoof the site displayed in the download dialog, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4546-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nn - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ne - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nb - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fa - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fi - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fr - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fy - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-or - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kab - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-oc - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cs - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ga - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gd - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gn - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gl - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gu - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pa - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pl - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cy - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pt - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hi - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-uk - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-he - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hy - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hr - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hu - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-as - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ar - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ia - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-az - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-id - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mai - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-af - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-is - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-it - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-an - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bs - 81.0.2+build1-0ubuntu0.16.04.1 firefox - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ro - 81.0.2+build1-0ubuntu0.16.04.1 firefox-geckodriver - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ja - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ru - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-br - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zh-hant - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zh-hans - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bn - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-be - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bg - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sl - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sk - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-si - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sw - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sv - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sr - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sq - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ko - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kn - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-km - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kk - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ka - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-xh - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ca - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ku - 81.0.2+build1-0ubuntu0.16.04.1 firefox-mozsymbols - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lv - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lt - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-th - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hsb - 81.0.2+build1-0ubuntu0.16.04.1 firefox-dev - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-te - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cak - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ta - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lg - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-csb - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-tr - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nso - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-de - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-da - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ms - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mr - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-my - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-uz - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ml - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mn - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mk - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ur - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-eu - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-et - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-es - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-vi - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-el - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-eo - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-en - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zu - 81.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ast - 81.0.2+build1-0ubuntu0.16.04.1 No subscription required None https://launchpad.net/bugs/1900032 Ubuntu 16.04 LTS It was discovered that the LibVNCClient vendored in SSVNC incorrectly handled certain packet lengths. A remote attacker could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code. (CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-2024) Update Instructions: Run `sudo pro fix USN-4547-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ssvnc - 1.0.29-2+deb8u1build0.16.04.1 No subscription required Medium CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20024 Ubuntu 16.04 LTS Alex Rousskov and Amit Klein discovered that Squid incorrectly handled certain Content-Length headers. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. (CVE-2020-15049) Amit Klein discovered that Squid incorrectly validated certain data. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. (CVE-2020-15810) Régis Leroy discovered that Squid incorrectly validated certain data. A remote attacker could possibly use this issue to perform an HTTP request splitting attack, resulting in cache poisoning. (CVE-2020-15811) Lubos Uhliarik discovered that Squid incorrectly handled certain Cache Digest response messages sent by trusted peers. A remote attacker could possibly use this issue to cause Squid to consume resources, resulting in a denial of service. (CVE-2020-24606) Update Instructions: Run `sudo pro fix USN-4551-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squid-common - 3.5.12-1ubuntu7.15 squid - 3.5.12-1ubuntu7.15 squid-cgi - 3.5.12-1ubuntu7.15 squid-purge - 3.5.12-1ubuntu7.15 squidclient - 3.5.12-1ubuntu7.15 squid3 - 3.5.12-1ubuntu7.15 No subscription required Medium CVE-2020-15049 CVE-2020-15810 CVE-2020-15811 CVE-2020-24606 Ubuntu 16.04 LTS Malte Kraus discovered that Pam-python mishandled certain environment variables. A local attacker could potentially use this vulnerability to execute programs as root. Update Instructions: Run `sudo pro fix USN-4552-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpam-python - 1.0.4-1.1+deb8u1build0.16.04.1 libpam-python-doc - 1.0.4-1.1+deb8u1build0.16.04.1 No subscription required Medium CVE-2019-16729 Ubuntu 16.04 LTS USN-4552-1 and USN-4552-2 fixed a vulnerability in Pam-python. The update introduced a regression which prevented PAM modules written in Python from importing python modules from site-specific directories. We apologize for the inconvenience. Original advisory details: Malte Kraus discovered that Pam-python mishandled certain environment variables. A local attacker could potentially use this vulnerability to execute programs as root. Update Instructions: Run `sudo pro fix USN-4552-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpam-python - 1.0.4-1.1+deb8u1ubuntu0.1 libpam-python-doc - 1.0.4-1.1+deb8u1ubuntu0.1 No subscription required Medium CVE-2019-16729 Ubuntu 16.04 LTS It was discovered that libPGF lacked proper validation when opening a specially crafted PGF file. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4554-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpgf-dev - 6.14.12-3.1ubuntu0.1 libpgf6 - 6.14.12-3.1ubuntu0.1 No subscription required Medium CVE-2015-6673 Ubuntu 16.04 LTS It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn't exist. A remote attacker could possibly use this issue to enumerate usernames. (CVE-2016-0762) Alvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly limited use of a certain utility method. A malicious application could possibly use this to bypass Security Manager restrictions. (CVE-2016-5018) It was discovered that Tomcat incorrectly controlled reading system properties. A malicious application could possibly use this to bypass Security Manager restrictions. (CVE-2016-6794) It was discovered that Tomcat incorrectly controlled certain configuration parameters. A malicious application could possibly use this to bypass Security Manager restrictions. (CVE-2016-6796) It was discovered that Tomcat incorrectly limited access to global JNDI resources. A malicious application could use this to access any global JNDI resource without an explicit ResourceLink. (CVE-2016-6797) Regis Leroy discovered that Tomcat incorrectly filtered certain invalid characters from the HTTP request line. A remote attacker could possibly use this issue to inject data into HTTP responses. (CVE-2016-6816) Pierre Ernst discovered that the Tomcat JmxRemoteLifecycleListener did not implement a recommended fix. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2016-8735) Update Instructions: Run `sudo pro fix USN-4557-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libservlet2.5-java - 6.0.45+dfsg-1ubuntu0.1 libservlet2.5-java-doc - 6.0.45+dfsg-1ubuntu0.1 No subscription required Medium CVE-2016-0762 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 CVE-2016-8735 Ubuntu 16.04 LTS Tom Tervoort discovered that the Netlogon protocol implemented by Samba incorrectly handled the authentication scheme. A remote attacker could use this issue to forge an authentication token and steal the credentials of the domain admin. While a previous security update fixed the issue by changing the "server schannel" setting to default to "yes", instead of "auto", which forced a secure netlogon channel, this update provides additional improvements. For compatibility reasons with older devices, Samba now allows specifying an insecure netlogon configuration per machine. See the following link for examples: https://www.samba.org/samba/security/CVE-2020-1472.html In addition, this update adds additional server checks for the protocol attack in the client-specified challenge to provide some protection when 'server schannel = no/auto' and avoid the false-positive results when running the proof-of-concept exploit. Update Instructions: Run `sudo pro fix USN-4559-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.16.04.31 samba - 2:4.3.11+dfsg-0ubuntu0.16.04.31 libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.31 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.31 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.31 smbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.31 python-samba - 2:4.3.11+dfsg-0ubuntu0.16.04.31 winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.31 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.16.04.31 samba-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.31 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.16.04.31 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.16.04.31 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.31 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.31 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.31 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.31 samba-common - 2:4.3.11+dfsg-0ubuntu0.16.04.31 registry-tools - 2:4.3.11+dfsg-0ubuntu0.16.04.31 samba-libs - 2:4.3.11+dfsg-0ubuntu0.16.04.31 ctdb - 2:4.3.11+dfsg-0ubuntu0.16.04.31 No subscription required Medium CVE-2020-1472 Ubuntu 16.04 LTS USN-4561-1 fixed vulnerabilities in Rack. This update provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu 20.04 LTS and Ubuntu 20.10. Original advisory details: It was discovered that Rack incorrectly handled certain paths. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-8161) It was discovered that Rack incorrectly validated cookies. An attacker could possibly use this issue to forge a secure cookie. (CVE-2020-8184) Update Instructions: Run `sudo pro fix USN-4561-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby-rack - 1.6.4-3ubuntu0.2 No subscription required Medium CVE-2020-8161 CVE-2020-8184 Ubuntu 16.04 LTS It was discovered that Apache Tika can have an excessive memory usage by using a crafted or corrupt PSD file. An attacker could use it to cause a denial of service (crash). (CVE-2020-1950, CVE-2020-1951) Update Instructions: Run `sudo pro fix USN-4564-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtika-java - 1.5-4ubuntu0.1 No subscription required Medium CVE-2020-1950 CVE-2020-1951 Ubuntu 16.04 LTS It was discovered that Brotli incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash. Update Instructions: Run `sudo pro fix USN-4568-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libbrotli1 - 1.0.3-1ubuntu1~16.04.2 python-brotli - 1.0.3-1ubuntu1~16.04.2 python3-brotli - 1.0.3-1ubuntu1~16.04.2 brotli - 1.0.3-1ubuntu1~16.04.2 libbrotli-dev - 1.0.3-1ubuntu1~16.04.2 No subscription required Medium CVE-2020-8927 Ubuntu 16.04 LTS It was discovered that urllib3 incorrectly handled certain character sequences. A remote attacker could possibly use this issue to perform CRLF injection. Update Instructions: Run `sudo pro fix USN-4570-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-urllib3 - 1.13.1-2ubuntu0.16.04.4 python3-urllib3 - 1.13.1-2ubuntu0.16.04.4 No subscription required Medium CVE-2020-26137 Ubuntu 16.04 LTS It was discovered that rack-cors did not properly handle relative file paths. An attacker could use this vulnerability to access arbitrary files. Update Instructions: Run `sudo pro fix USN-4571-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby-rack-cors - 0.4.0-1+deb9u2build0.16.04.1 No subscription required Medium CVE-2019-18978 Ubuntu 16.04 LTS Frediano Ziglio discovered that Spice incorrectly handled QUIC image decoding. A remote attacker could use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4572-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libspice-server1 - 0.12.6-4ubuntu0.5 libspice-server-dev - 0.12.6-4ubuntu0.5 No subscription required Medium CVE-2020-14355 Ubuntu 16.04 LTS Nicolas Ruff discovered that Vino incorrectly handled large ClientCutText messages. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. (CVE-2014-6053) It was discovered that Vino incorrectly handled certain packet lengths. A remote attacker could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code. (CVE-2018-7225) Pavel Cheremushkin discovered that an information disclosure vulnerability existed in Vino when sending a ServerCutText message. An attacker could possibly use this issue to expose sensitive information. (CVE-2019-15681) It was discovered that Vino incorrectly handled region clipping. A remote attacker could possibly use this issue to cause Vino to crash, resulting in a denial of service. (CVE-2020-14397) It was discovered that Vino incorrectly handled encodings. A remote attacker could use this issue to cause Vino to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-14402, CVE-2020-14403, CVE-2020-14404) Update Instructions: Run `sudo pro fix USN-4573-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vino - 3.8.1-0ubuntu9.3 No subscription required Medium CVE-2014-6053 CVE-2018-7225 CVE-2019-15681 CVE-2020-14397 CVE-2020-14402 CVE-2020-14403 CVE-2020-14404 Ubuntu 16.04 LTS It was discovered that libseccomp-golang did not properly generate BPFs. If a process were running under a restrictive seccomp filter that specified multiple syscall arguments, the application could potentially bypass the intended restrictions put in place by seccomp. Update Instructions: Run `sudo pro fix USN-4574-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: golang-github-seccomp-libseccomp-golang-dev - 0.0~git20150813.0.1b506fc-2+deb9u1build0.16.04.1 No subscription required Medium CVE-2017-18367 Ubuntu 16.04 LTS It was discovered that dom4j incorrectly handled reading XML data. A remote attacker could exploit this with a crafted XML file to expose sensitive data or possibly execute arbitrary code. (CVE-2020-10683) Update Instructions: Run `sudo pro fix USN-4575-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libdom4j-java - 1.6.1+dfsg.3-2ubuntu1.1 libdom4j-java-doc - 1.6.1+dfsg.3-2ubuntu1.1 No subscription required Medium CVE-2020-10683 Ubuntu 16.04 LTS Hadar Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-16119) Wen Xu discovered that the XFS file system in the Linux kernel did not properly validate inode metadata in some situations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10322) It was discovered that the btrfs file system in the Linux kernel contained a use-after-free vulnerability when merging free space. An attacker could use this to construct a malicious btrfs image that, when mounted and operated on, could cause a denial of service (system crash). (CVE-2019-19448) Jay Shin discovered that the ext4 file system implementation in the Linux kernel did not properly handle directory access with broken indexing, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-14314) Giuseppe Scrivano discovered that the overlay file system in the Linux kernel did not properly perform permission checks in some situations. A local attacker could possibly use this to bypass intended restrictions and gain read access to restricted files. (CVE-2020-16120) It was discovered that the NFS client implementation in the Linux kernel did not properly perform bounds checking before copying security labels in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-25212) It was discovered that the NFC implementation in the Linux kernel did not properly perform permissions checks when opening raw sockets. A local attacker could use this to create or listen to NFC traffic. (CVE-2020-26088) Update Instructions: Run `sudo pro fix USN-4578-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1056-oracle - 4.15.0-1056.61~16.04.1 No subscription required linux-image-4.15.0-1085-aws - 4.15.0-1085.90~16.04.1 No subscription required linux-image-4.15.0-1086-gcp - 4.15.0-1086.98~16.04.1 No subscription required linux-image-4.15.0-1098-azure - 4.15.0-1098.109~16.04.1 No subscription required linux-image-4.15.0-120-generic - 4.15.0-120.122~16.04.1 linux-image-4.15.0-120-generic-lpae - 4.15.0-120.122~16.04.1 linux-image-4.15.0-120-lowlatency - 4.15.0-120.122~16.04.1 No subscription required linux-image-oracle - 4.15.0.1056.46 No subscription required linux-image-aws-hwe - 4.15.0.1085.81 No subscription required linux-image-gke - 4.15.0.1086.87 linux-image-gcp - 4.15.0.1086.87 No subscription required linux-image-azure-edge - 4.15.0.1098.92 linux-image-azure - 4.15.0.1098.92 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.120.121 linux-image-lowlatency-hwe-16.04 - 4.15.0.120.121 linux-image-generic-hwe-16.04-edge - 4.15.0.120.121 linux-image-generic-lpae-hwe-16.04 - 4.15.0.120.121 linux-image-virtual-hwe-16.04 - 4.15.0.120.121 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.120.121 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.120.121 linux-image-oem - 4.15.0.120.121 linux-image-generic-hwe-16.04 - 4.15.0.120.121 No subscription required High CVE-2018-10322 CVE-2019-19448 CVE-2020-14314 CVE-2020-16119 CVE-2020-16120 CVE-2020-25212 CVE-2020-26088 Ubuntu 16.04 LTS Hadar Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-16119) Wen Xu discovered that the XFS file system in the Linux kernel did not properly validate inode metadata in some situations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10322) Jay Shin discovered that the ext4 file system implementation in the Linux kernel did not properly handle directory access with broken indexing, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-14314) It was discovered that a race condition existed in the hugetlb sysctl implementation in the Linux kernel. A privileged attacker could use this to cause a denial of service (system crash). (CVE-2020-25285) Update Instructions: Run `sudo pro fix USN-4579-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1082-kvm - 4.4.0-1082.91 No subscription required linux-image-4.4.0-1117-aws - 4.4.0-1117.131 No subscription required linux-image-4.4.0-1141-raspi2 - 4.4.0-1141.151 No subscription required linux-image-4.4.0-1145-snapdragon - 4.4.0-1145.155 No subscription required linux-image-4.4.0-193-powerpc-smp - 4.4.0-193.224 linux-image-4.4.0-193-powerpc64-emb - 4.4.0-193.224 linux-image-4.4.0-193-generic - 4.4.0-193.224 linux-image-4.4.0-193-lowlatency - 4.4.0-193.224 linux-image-4.4.0-193-powerpc-e500mc - 4.4.0-193.224 linux-image-4.4.0-193-powerpc64-smp - 4.4.0-193.224 linux-image-4.4.0-193-generic-lpae - 4.4.0-193.224 No subscription required linux-image-kvm - 4.4.0.1082.80 No subscription required linux-image-aws - 4.4.0.1117.122 No subscription required linux-image-raspi2 - 4.4.0.1141.141 No subscription required linux-image-snapdragon - 4.4.0.1145.137 No subscription required linux-image-powerpc64-emb-lts-vivid - 4.4.0.193.199 linux-image-generic-lts-wily - 4.4.0.193.199 linux-image-generic-lpae-lts-xenial - 4.4.0.193.199 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.193.199 linux-image-generic-lpae-lts-utopic - 4.4.0.193.199 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.193.199 linux-image-generic-lts-utopic - 4.4.0.193.199 linux-image-powerpc-e500mc-lts-wily - 4.4.0.193.199 linux-image-generic-lts-vivid - 4.4.0.193.199 linux-image-generic-lpae-lts-wily - 4.4.0.193.199 linux-image-virtual-lts-vivid - 4.4.0.193.199 linux-image-virtual-lts-utopic - 4.4.0.193.199 linux-image-virtual - 4.4.0.193.199 linux-image-powerpc64-emb-lts-wily - 4.4.0.193.199 linux-image-lowlatency-lts-vivid - 4.4.0.193.199 linux-image-powerpc64-smp-lts-utopic - 4.4.0.193.199 linux-image-powerpc64-emb - 4.4.0.193.199 linux-image-powerpc-smp-lts-xenial - 4.4.0.193.199 linux-image-powerpc-e500mc - 4.4.0.193.199 linux-image-powerpc64-smp-lts-vivid - 4.4.0.193.199 linux-image-lowlatency-lts-wily - 4.4.0.193.199 linux-image-generic - 4.4.0.193.199 linux-image-lowlatency-lts-xenial - 4.4.0.193.199 linux-image-powerpc64-smp-lts-xenial - 4.4.0.193.199 linux-image-powerpc64-emb-lts-utopic - 4.4.0.193.199 linux-image-generic-lts-xenial - 4.4.0.193.199 linux-image-virtual-lts-wily - 4.4.0.193.199 linux-image-powerpc-smp - 4.4.0.193.199 linux-image-generic-lpae-lts-vivid - 4.4.0.193.199 linux-image-generic-lpae - 4.4.0.193.199 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.193.199 linux-image-powerpc64-smp-lts-wily - 4.4.0.193.199 linux-image-powerpc64-emb-lts-xenial - 4.4.0.193.199 linux-image-powerpc-smp-lts-wily - 4.4.0.193.199 linux-image-powerpc64-smp - 4.4.0.193.199 linux-image-lowlatency-lts-utopic - 4.4.0.193.199 linux-image-powerpc-smp-lts-vivid - 4.4.0.193.199 linux-image-lowlatency - 4.4.0.193.199 linux-image-virtual-lts-xenial - 4.4.0.193.199 linux-image-powerpc-smp-lts-utopic - 4.4.0.193.199 No subscription required High CVE-2018-10322 CVE-2020-14314 CVE-2020-16119 CVE-2020-25285 Ubuntu 16.04 LTS It was discovered that Python incorrectly handled certain character sequences. A remote attacker could possibly use this issue to perform CRLF injection. Update Instructions: Run `sudo pro fix USN-4581-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python2.7-dev - 2.7.12-1ubuntu0~16.04.13 python2.7-doc - 2.7.12-1ubuntu0~16.04.13 libpython2.7-stdlib - 2.7.12-1ubuntu0~16.04.13 libpython2.7-minimal - 2.7.12-1ubuntu0~16.04.13 libpython2.7 - 2.7.12-1ubuntu0~16.04.13 libpython2.7-testsuite - 2.7.12-1ubuntu0~16.04.13 python2.7 - 2.7.12-1ubuntu0~16.04.13 idle-python2.7 - 2.7.12-1ubuntu0~16.04.13 python2.7-examples - 2.7.12-1ubuntu0~16.04.13 libpython2.7-dev - 2.7.12-1ubuntu0~16.04.13 python2.7-minimal - 2.7.12-1ubuntu0~16.04.13 No subscription required libpython3.5-stdlib - 3.5.2-2ubuntu0~16.04.12 python3.5-venv - 3.5.2-2ubuntu0~16.04.12 python3.5-doc - 3.5.2-2ubuntu0~16.04.12 python3.5-dev - 3.5.2-2ubuntu0~16.04.12 libpython3.5-dev - 3.5.2-2ubuntu0~16.04.12 libpython3.5-minimal - 3.5.2-2ubuntu0~16.04.12 python3.5 - 3.5.2-2ubuntu0~16.04.12 idle-python3.5 - 3.5.2-2ubuntu0~16.04.12 libpython3.5-testsuite - 3.5.2-2ubuntu0~16.04.12 python3.5-examples - 3.5.2-2ubuntu0~16.04.12 python3.5-minimal - 3.5.2-2ubuntu0~16.04.12 libpython3.5 - 3.5.2-2ubuntu0~16.04.12 No subscription required Medium CVE-2020-26116 Ubuntu 16.04 LTS It was discovered that Vim incorrectly handled permissions on the .swp file. A local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-17087) It was discovered that Vim incorrectly handled restricted mode. A local attacker could possibly use this issue to bypass restricted mode and execute arbitrary commands. Note: This update only makes executing shell commands more difficult. Restricted mode should not be considered a complete security measure. (CVE-2019-20807) Update Instructions: Run `sudo pro fix USN-4582-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:7.4.1689-3ubuntu1.5 vim-nox-py2 - 2:7.4.1689-3ubuntu1.5 vim-gnome - 2:7.4.1689-3ubuntu1.5 vim-athena-py2 - 2:7.4.1689-3ubuntu1.5 vim-athena - 2:7.4.1689-3ubuntu1.5 vim-gtk - 2:7.4.1689-3ubuntu1.5 vim-gui-common - 2:7.4.1689-3ubuntu1.5 vim - 2:7.4.1689-3ubuntu1.5 vim-gtk3-py2 - 2:7.4.1689-3ubuntu1.5 vim-doc - 2:7.4.1689-3ubuntu1.5 vim-gtk-py2 - 2:7.4.1689-3ubuntu1.5 vim-tiny - 2:7.4.1689-3ubuntu1.5 vim-gnome-py2 - 2:7.4.1689-3ubuntu1.5 vim-gtk3 - 2:7.4.1689-3ubuntu1.5 vim-nox - 2:7.4.1689-3ubuntu1.5 vim-runtime - 2:7.4.1689-3ubuntu1.5 No subscription required Low CVE-2017-17087 CVE-2019-20807 Ubuntu 16.04 LTS It was discovered that PHP incorrectly handled certain encrypt ciphers. An attacker could possibly use this issue to decrease security or cause incorrect encryption data. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-7069) It was discorevered that PHP incorrectly handled certain HTTP cookies. An attacker could possibly use this issue to forge cookie which is supposed to be secure. (CVE-2020-7070) Update Instructions: Run `sudo pro fix USN-4583-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.0-cgi - 7.0.33-0ubuntu0.16.04.16 php7.0-mcrypt - 7.0.33-0ubuntu0.16.04.16 php7.0-xsl - 7.0.33-0ubuntu0.16.04.16 php7.0-fpm - 7.0.33-0ubuntu0.16.04.16 libphp7.0-embed - 7.0.33-0ubuntu0.16.04.16 php7.0-phpdbg - 7.0.33-0ubuntu0.16.04.16 php7.0-curl - 7.0.33-0ubuntu0.16.04.16 php7.0-ldap - 7.0.33-0ubuntu0.16.04.16 php7.0-mbstring - 7.0.33-0ubuntu0.16.04.16 php7.0-gmp - 7.0.33-0ubuntu0.16.04.16 php7.0-sqlite3 - 7.0.33-0ubuntu0.16.04.16 php7.0-gd - 7.0.33-0ubuntu0.16.04.16 php7.0-common - 7.0.33-0ubuntu0.16.04.16 php7.0-enchant - 7.0.33-0ubuntu0.16.04.16 php7.0-odbc - 7.0.33-0ubuntu0.16.04.16 php7.0-cli - 7.0.33-0ubuntu0.16.04.16 php7.0-json - 7.0.33-0ubuntu0.16.04.16 php7.0-pgsql - 7.0.33-0ubuntu0.16.04.16 libapache2-mod-php7.0 - 7.0.33-0ubuntu0.16.04.16 php7.0-zip - 7.0.33-0ubuntu0.16.04.16 php7.0-mysql - 7.0.33-0ubuntu0.16.04.16 php7.0-dba - 7.0.33-0ubuntu0.16.04.16 php7.0-sybase - 7.0.33-0ubuntu0.16.04.16 php7.0-pspell - 7.0.33-0ubuntu0.16.04.16 php7.0-xml - 7.0.33-0ubuntu0.16.04.16 php7.0-bz2 - 7.0.33-0ubuntu0.16.04.16 php7.0-recode - 7.0.33-0ubuntu0.16.04.16 php7.0-soap - 7.0.33-0ubuntu0.16.04.16 php7.0 - 7.0.33-0ubuntu0.16.04.16 php7.0-tidy - 7.0.33-0ubuntu0.16.04.16 php7.0-interbase - 7.0.33-0ubuntu0.16.04.16 php7.0-opcache - 7.0.33-0ubuntu0.16.04.16 php7.0-readline - 7.0.33-0ubuntu0.16.04.16 php7.0-intl - 7.0.33-0ubuntu0.16.04.16 php7.0-imap - 7.0.33-0ubuntu0.16.04.16 php7.0-xmlrpc - 7.0.33-0ubuntu0.16.04.16 php7.0-bcmath - 7.0.33-0ubuntu0.16.04.16 php7.0-dev - 7.0.33-0ubuntu0.16.04.16 php7.0-snmp - 7.0.33-0ubuntu0.16.04.16 No subscription required Medium CVE-2020-7069 CVE-2020-7070 Ubuntu 16.04 LTS It was discovered that HtmlUnit incorrectly initialized Rhino engine. An Attacker could possibly use this issue to execute arbitrary Java code. Update Instructions: Run `sudo pro fix USN-4584-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libhtmlunit-java - 2.8-1ubuntu2.1 No subscription required Medium CVE-2020-5529 Ubuntu 16.04 LTS It was discovered that Newsbeuter didn't handle the command line input properly. An remote attacker could use it to ran remote code by crafting a special input file. (CVE-2017-12904) It was discovered that Newsbeuter didn't handle metacharacters in its filename properly. An remote attacker could use it to ran remote code by crafting a special filename. (CVE-2017-14500) Update Instructions: Run `sudo pro fix USN-4585-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: newsbeuter - 2.9-3ubuntu0.1 No subscription required Medium CVE-2017-12904 CVE-2017-14500 Ubuntu 16.04 LTS USN-4586-1 fixed vulnerabilities in PHP ImageMagick. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that PHP ImageMagick extension didn't check the address used by an array. An attacker could use this issue to cause PHP ImageMagick to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4586-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php-imagick - 3.4.0~rc6-1ubuntu3+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-11037 Ubuntu 16.04 LTS Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors and didn't check malloc return values. A remote attacker could use these issues to cause a denial of service or possibly execute arbitrary code. (CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055) Josef Gajdusek discovered that iTALC had heap-based buffer overflow vulnerabilities. A remote attacker could used these issues to cause a denial of service or possibly execute arbitrary code. (CVE-2016-9941, CVE-2016-9942) It was discovered that iTALC had an out-of-bounds write, multiple heap out-of-bounds writes, an infinite loop, improper initializations, and null pointer vulnerabilities. A remote attacker could used these issues to cause a denial of service or possibly execute arbitrary code. (CVE-2018-15127, CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-7225, CVE-2019-15681) Update Instructions: Run `sudo pro fix USN-4587-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: italc-master - 1:2.0.2+dfsg1-4ubuntu0.1 italc-client - 1:2.0.2+dfsg1-4ubuntu0.1 libitalccore - 1:2.0.2+dfsg1-4ubuntu0.1 italc-management-console - 1:2.0.2+dfsg1-4ubuntu0.1 No subscription required Medium CVE-2014-6051 CVE-2014-6052 CVE-2014-6053 CVE-2014-6054 CVE-2014-6055 CVE-2016-9941 CVE-2016-9942 CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20023 CVE-2018-20024 CVE-2018-20748 CVE-2018-20749 CVE-2018-20750 CVE-2018-7225 CVE-2019-15681 Ubuntu 16.04 LTS It was discovered that FlightGear could write arbitrary files if received a special nasal script. A remote attacker could exploit this with a crafted file to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4588-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: flightgear - 3.4.0-3ubuntu1.1 No subscription required Medium CVE-2016-9956 Ubuntu 16.04 LTS It was discovered that containerd could be made to expose sensitive information when processing URLs in container image manifests. A remote attacker could use this to trick the user and obtain the user's registry credentials. Update Instructions: Run `sudo pro fix USN-4589-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: containerd - 1.2.6-0ubuntu1~16.04.4 golang-github-docker-containerd-dev - 1.2.6-0ubuntu1~16.04.4 No subscription required Medium CVE-2020-15157 Ubuntu 16.04 LTS USN-4589-1 fixed a vulnerability in containerd. This update provides the corresponding update for docker.io. Original advisory details: It was discovered that containerd could be made to expose sensitive information when processing URLs in container image manifests. A remote attacker could use this to trick the user and obtain the user's registry credentials. Update Instructions: Run `sudo pro fix USN-4589-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: golang-github-docker-docker-dev - 18.09.7-0ubuntu1~16.04.6 docker.io - 18.09.7-0ubuntu1~16.04.6 golang-docker-dev - 18.09.7-0ubuntu1~16.04.6 vim-syntax-docker - 18.09.7-0ubuntu1~16.04.6 docker-doc - 18.09.7-0ubuntu1~16.04.6 No subscription required Medium CVE-2020-15157 Ubuntu 16.04 LTS It was discovered that Collabtive did not properly validate avatar image file uploads. An authenticated user could exploit this with a crafted file to cause Collabtive to execute arbitrary code. (CVE-2015-0258) Update Instructions: Run `sudo pro fix USN-4590-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: collabtive - 2.0+dfsg-6ubuntu1.1 No subscription required Medium CVE-2015-0258 Ubuntu 16.04 LTS Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-12351) Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate remote attacker could use this to expose sensitive information (kernel memory). (CVE-2020-12352) Update Instructions: Run `sudo pro fix USN-4591-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-122-generic - 4.15.0-122.124~16.04.1 linux-image-4.15.0-122-generic-lpae - 4.15.0-122.124~16.04.1 linux-image-4.15.0-122-lowlatency - 4.15.0-122.124~16.04.1 No subscription required linux-image-virtual-hwe-16.04 - 4.15.0.122.122 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.122.122 linux-image-generic-lpae-hwe-16.04 - 4.15.0.122.122 linux-image-virtual-hwe-16.04-edge - 4.15.0.122.122 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.122.122 linux-image-oem - 4.15.0.122.122 linux-image-lowlatency-hwe-16.04 - 4.15.0.122.122 linux-image-generic-hwe-16.04-edge - 4.15.0.122.122 linux-image-generic-hwe-16.04 - 4.15.0.122.122 No subscription required High CVE-2020-12351 CVE-2020-12352 Ubuntu 16.04 LTS Sergei Glazunov discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. Update Instructions: Run `sudo pro fix USN-4593-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfreetype6-dev - 2.6.1-0.1ubuntu2.5 libfreetype6-udeb - 2.6.1-0.1ubuntu2.5 freetype2-demos - 2.6.1-0.1ubuntu2.5 libfreetype6 - 2.6.1-0.1ubuntu2.5 No subscription required High CVE-2020-15999 Ubuntu 16.04 LTS François Kooman discovered that mod_auth_mellon incorrectly handled cookies. An attacker could possibly use this issue to cause a Cross-Site Session Transfer attack. (CVE-2017-6807) It was discovered that mod_auth_mellon incorrectly handled certain requests. An attacker could possibly use this issue to redirect a user to a malicious URL. (CVE-2019-3877) It was discovered that mod_auth_mellon incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information. (CVE-2019-3878) Update Instructions: Run `sudo pro fix USN-4597-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-auth-mellon - 0.12.0-2+deb9u1build0.16.04.1 No subscription required Medium CVE-2017-6807 CVE-2019-3877 CVE-2019-3878 Ubuntu 16.04 LTS It was discovered that LibEtPan incorrectly handled STARTTLS when using IMAP, SMTP and POP3. A remote attacker could possibly use this issue to perform a response injection attack. (CVE-2020-15953) Update Instructions: Run `sudo pro fix USN-4598-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libetpan-dev - 1.6-1ubuntu0.1 libetpan-doc - 1.6-1ubuntu0.1 libetpan17 - 1.6-1ubuntu0.1 No subscription required Medium CVE-2020-15953 Ubuntu 16.04 LTS USN-4599-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubuntu 16.04 LTS. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the prompt for opening an external application, obtain sensitive information, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4599-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-nn - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-ne - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-nb - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-fa - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-fi - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-fr - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-fy - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-or - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-kab - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-oc - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-cs - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-ga - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-gd - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-gn - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-gl - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-gu - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-pa - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-pl - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-cy - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-pt - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-hi - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-uk - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-he - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-hy - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-hr - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-hu - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-as - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-ar - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-ia - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-az - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-id - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-mai - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-af - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-is - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-it - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-an - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-bs - 82.0+build2-0ubuntu0.16.04.5 firefox - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-ro - 82.0+build2-0ubuntu0.16.04.5 firefox-geckodriver - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-ja - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-ru - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-br - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-zh-hant - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-zh-hans - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-bn - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-be - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-bg - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-sl - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-sk - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-si - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-sw - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-sv - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-sr - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-sq - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-ko - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-kn - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-km - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-kk - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-ka - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-xh - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-ca - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-ku - 82.0+build2-0ubuntu0.16.04.5 firefox-mozsymbols - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-lv - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-lt - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-th - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-hsb - 82.0+build2-0ubuntu0.16.04.5 firefox-dev - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-te - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-cak - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-ta - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-lg - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-tr - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-nso - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-de - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-da - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-ms - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-mr - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-my - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-uz - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-ml - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-mn - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-mk - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-ur - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-vi - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-eu - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-et - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-es - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-csb - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-el - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-eo - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-en - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-zu - 82.0+build2-0ubuntu0.16.04.5 firefox-locale-ast - 82.0+build2-0ubuntu0.16.04.5 No subscription required Medium CVE-2020-15254 CVE-2020-15680 CVE-2020-15681 CVE-2020-15682 CVE-2020-15683 CVE-2020-15684 CVE-2020-15969 Ubuntu 16.04 LTS USN-4599-1 and USN-4599-2 fixed vulnerabilities in Firefox. The updates introduced various minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the prompt for opening an external application, obtain sensitive information, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4599-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nn - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ne - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nb - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fa - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fi - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fr - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fy - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-or - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kab - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-oc - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cs - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ga - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gd - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gn - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gl - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gu - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pa - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pl - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cy - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pt - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hi - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-uk - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-he - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hy - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hr - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hu - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-as - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ar - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ia - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-az - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-id - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mai - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-af - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-is - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-it - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-an - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bs - 82.0.2+build1-0ubuntu0.16.04.1 firefox - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ro - 82.0.2+build1-0ubuntu0.16.04.1 firefox-geckodriver - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ja - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ru - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-br - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zh-hant - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zh-hans - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bn - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-be - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bg - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sl - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sk - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-si - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sw - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sv - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sr - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sq - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ko - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kn - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-km - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kk - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ka - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-xh - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ca - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ku - 82.0.2+build1-0ubuntu0.16.04.1 firefox-mozsymbols - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lv - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lt - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-th - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hsb - 82.0.2+build1-0ubuntu0.16.04.1 firefox-dev - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-te - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cak - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ta - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lg - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-tr - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nso - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-de - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-da - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ms - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mr - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-my - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-uz - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ml - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mn - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mk - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ur - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-vi - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-eu - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-et - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-es - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-csb - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-el - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-eo - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-en - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zu - 82.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ast - 82.0.2+build1-0ubuntu0.16.04.1 No subscription required None https://launchpad.net/bugs/1903197 https://usn.ubuntu.com/4599-2 Ubuntu 16.04 LTS It was discovered that Netty had HTTP request smuggling vulnerabilities. A remote attacker could used it to extract sensitive information. (CVE-2019-16869, CVE-2019-20444, CVE-2019-20445, CVE-2020-7238) Update Instructions: Run `sudo pro fix USN-4600-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnetty-3.9-java - 3.9.0.Final-1ubuntu0.1 No subscription required Medium CVE-2019-16869 CVE-2019-20444 CVE-2019-20445 CVE-2020-7238 Ubuntu 16.04 LTS ManhND discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10543) Hugo van der Sanden and Slaven Rezic discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10878) Sergey Aleynikov discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-12723) Update Instructions: Run `sudo pro fix USN-4602-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: perl-modules-5.22 - 5.22.1-9ubuntu0.9 libperl-dev - 5.22.1-9ubuntu0.9 perl-doc - 5.22.1-9ubuntu0.9 perl - 5.22.1-9ubuntu0.9 perl-base - 5.22.1-9ubuntu0.9 perl-debug - 5.22.1-9ubuntu0.9 libperl5.22 - 5.22.1-9ubuntu0.9 No subscription required Low CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 Ubuntu 16.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.22 in Ubuntu 20.04 LTS and Ubuntu 20.10. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.32. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-32.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-22.html https://www.oracle.com/security-alerts/cpuoct2020.html Update Instructions: Run `sudo pro fix USN-4604-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.32-0ubuntu0.16.04.1 mysql-source-5.7 - 5.7.32-0ubuntu0.16.04.1 libmysqlclient-dev - 5.7.32-0ubuntu0.16.04.1 mysql-client-core-5.7 - 5.7.32-0ubuntu0.16.04.1 mysql-client-5.7 - 5.7.32-0ubuntu0.16.04.1 libmysqlclient20 - 5.7.32-0ubuntu0.16.04.1 mysql-server-5.7 - 5.7.32-0ubuntu0.16.04.1 mysql-common - 5.7.32-0ubuntu0.16.04.1 mysql-server - 5.7.32-0ubuntu0.16.04.1 mysql-server-core-5.7 - 5.7.32-0ubuntu0.16.04.1 mysql-testsuite - 5.7.32-0ubuntu0.16.04.1 libmysqld-dev - 5.7.32-0ubuntu0.16.04.1 mysql-testsuite-5.7 - 5.7.32-0ubuntu0.16.04.1 No subscription required Medium CVE-2020-14672 CVE-2020-14760 CVE-2020-14765 CVE-2020-14769 CVE-2020-14771 CVE-2020-14773 CVE-2020-14775 CVE-2020-14776 CVE-2020-14777 CVE-2020-14785 CVE-2020-14786 CVE-2020-14789 CVE-2020-14790 CVE-2020-14791 CVE-2020-14793 CVE-2020-14794 CVE-2020-14800 CVE-2020-14804 CVE-2020-14809 CVE-2020-14812 CVE-2020-14814 CVE-2020-14821 CVE-2020-14827 CVE-2020-14828 CVE-2020-14829 CVE-2020-14830 CVE-2020-14836 CVE-2020-14837 CVE-2020-14838 CVE-2020-14839 CVE-2020-14844 CVE-2020-14845 CVE-2020-14846 CVE-2020-14848 CVE-2020-14852 CVE-2020-14853 CVE-2020-14860 CVE-2020-14861 CVE-2020-14866 CVE-2020-14867 CVE-2020-14868 CVE-2020-14869 CVE-2020-14870 CVE-2020-14873 CVE-2020-14878 CVE-2020-14888 CVE-2020-14891 CVE-2020-14893 Ubuntu 16.04 LTS Vaisha Bernard discovered that blueman did not properly sanitize input on the d-bus interface to blueman-mechanism. A local attacker could possibly use this issue to escalate privileges and run arbitrary code or cause a denial of service. (CVE-2020-15238) Update Instructions: Run `sudo pro fix USN-4605-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: blueman - 2.0.4-1ubuntu2.1 No subscription required Medium CVE-2020-15238 Ubuntu 16.04 LTS It was discovered that OpenJDK incorrectly handled deserializing Proxy class objects with many interfaces. A remote attacker could possibly use this issue to cause a denial of service (memory consumption) via a specially crafted input. (CVE-2020-14779) Sergey Ostanin discovered that OpenJDK incorrectly restricted authentication mechanisms. A remote attacker could possibly use this issue to obtain sensitive information over an unencrypted connection. (CVE-2020-14781) It was discovered that OpenJDK incorrectly handled untrusted certificates. An attacker could possibly use this issue to read or write sensitive information. (CVE-2020-14782) Zhiqiang Zang discovered that OpenJDK incorrectly checked for integer overflows. An attacker could possibly use this issue to bypass certain Java sandbox restrictions. (CVE-2020-14792) Markus Loewe discovered that OpenJDK incorrectly checked permissions when converting a file system path to an URI. An attacker could possibly use this issue to bypass certain Java sandbox restrictions. (CVE-2020-14796) Markus Loewe discovered that OpenJDK incorrectly checked for invalid characters when converting an URI to a path. An attacker could possibly use this issue to read or write sensitive information. (CVE-2020-14797) Markus Loewe discovered that OpenJDK incorrectly checked the length of input strings. An attacker could possibly use this issue to bypass certain Java sandbox restrictions. (CVE-2020-14798) It was discovered that OpenJDK incorrectly handled boundary checks. An attacker could possibly use this issue to bypass certain Java sandbox restrictions. (CVE-2020-14803) Update Instructions: Run `sudo pro fix USN-4607-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-8-doc - 8u272-b10-0ubuntu1~16.04 openjdk-8-jdk - 8u272-b10-0ubuntu1~16.04 openjdk-8-jre-headless - 8u272-b10-0ubuntu1~16.04 openjdk-8-jre - 8u272-b10-0ubuntu1~16.04 openjdk-8-jdk-headless - 8u272-b10-0ubuntu1~16.04 openjdk-8-source - 8u272-b10-0ubuntu1~16.04 openjdk-8-jre-zero - 8u272-b10-0ubuntu1~16.04 openjdk-8-demo - 8u272-b10-0ubuntu1~16.04 openjdk-8-jre-jamvm - 8u272-b10-0ubuntu1~16.04 No subscription required Medium CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 Ubuntu 16.04 LTS USN-4607-1 fixed vulnerabilities and added features in OpenJDK. Unfortunately, that update introduced a regression that could cause TLS connections with client certificate authentication to fail in some situations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that OpenJDK incorrectly handled deserializing Proxy class objects with many interfaces. A remote attacker could possibly use this issue to cause a denial of service (memory consumption) via a specially crafted input. (CVE-2020-14779) Sergey Ostanin discovered that OpenJDK incorrectly restricted authentication mechanisms. A remote attacker could possibly use this issue to obtain sensitive information over an unencrypted connection. (CVE-2020-14781) It was discovered that OpenJDK incorrectly handled untrusted certificates. An attacker could possibly use this issue to read or write sensitive information. (CVE-2020-14782) Zhiqiang Zang discovered that OpenJDK incorrectly checked for integer overflows. An attacker could possibly use this issue to bypass certain Java sandbox restrictions. (CVE-2020-14792) Markus Loewe discovered that OpenJDK incorrectly checked permissions when converting a file system path to an URI. An attacker could possibly use this issue to bypass certain Java sandbox restrictions. (CVE-2020-14796) Markus Loewe discovered that OpenJDK incorrectly checked for invalid characters when converting an URI to a path. An attacker could possibly use this issue to read or write sensitive information. (CVE-2020-14797) Markus Loewe discovered that OpenJDK incorrectly checked the length of input strings. An attacker could possibly use this issue to bypass certain Java sandbox restrictions. (CVE-2020-14798) It was discovered that OpenJDK incorrectly handled boundary checks. An attacker could possibly use this issue to bypass certain Java sandbox restrictions. (CVE-2020-14803) Update Instructions: Run `sudo pro fix USN-4607-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-8-doc - 8u275-b01-0ubuntu1~16.04 openjdk-8-jdk - 8u275-b01-0ubuntu1~16.04 openjdk-8-jre-headless - 8u275-b01-0ubuntu1~16.04 openjdk-8-jre - 8u275-b01-0ubuntu1~16.04 openjdk-8-jdk-headless - 8u275-b01-0ubuntu1~16.04 openjdk-8-source - 8u275-b01-0ubuntu1~16.04 openjdk-8-jre-zero - 8u275-b01-0ubuntu1~16.04 openjdk-8-demo - 8u275-b01-0ubuntu1~16.04 openjdk-8-jre-jamvm - 8u275-b01-0ubuntu1~16.04 No subscription required Medium CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 Ubuntu 16.04 LTS The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.44 version of the Mozilla certificate authority bundle. Update Instructions: Run `sudo pro fix USN-4608-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ca-certificates-udeb - 20201027ubuntu0.16.04.1 ca-certificates - 20201027ubuntu0.16.04.1 No subscription required None https://launchpad.net/bugs/1900727 Ubuntu 16.04 LTS Fabian Henneke discovered that GOsa incorrectly handled client cookies. An authenticated user could exploit this with a crafted cookie to perform file deletions in the context of the user account that runs the web server. (CVE-2019-14466) It was discovered that GOsa incorrectly handled user access control. A remote attacker could use this issue to log into any account with a username containing the word "success". (CVE-2019-11187) Fabian Henneke discovered that GOsa was vulnerable to cross-site scripting attacks via the change password form. A remote attacker could use this flaw to run arbitrary web scripts. (CVE-2018-1000528) Update Instructions: Run `sudo pro fix USN-4609-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gosa-plugin-phpscheduleit - 2.7.4+reloaded2-9ubuntu1.1 gosa-help-de - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-sudo - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-openxchange-schema - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-dns-schema - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-dhcp - 2.7.4+reloaded2-9ubuntu1.1 gosa-help-fr - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-mit-krb5 - 2.7.4+reloaded2-9ubuntu1.1 gosa - 2.7.4+reloaded2-9ubuntu1.1 gosa-desktop - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-systems - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-pptp-schema - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-ssh - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-uw-imap - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-mail - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-kolab - 2.7.4+reloaded2-9ubuntu1.1 gosa-dev - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-fai - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-squid - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-pptp - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-mit-krb5-schema - 2.7.4+reloaded2-9ubuntu1.1 gosa-help-nl - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-ssh-schema - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-goto - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-opengroupware - 2.7.4+reloaded2-9ubuntu1.1 gosa-help-en - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-pureftpd - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-kolab-schema - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-phpscheduleit-schema - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-gofax - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-scalix - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-netatalk - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-rolemanagement - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-ldapmanager - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-dns - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-phpgw - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-connectivity - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-fai-schema - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-samba - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-sudo-schema - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-opsi - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-pureftpd-schema - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-gofon - 2.7.4+reloaded2-9ubuntu1.1 gosa-schema - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-openxchange - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-webdav - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-nagios-schema - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-nagios - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-phpgw-schema - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-rsyslog - 2.7.4+reloaded2-9ubuntu1.1 gosa-plugin-dhcp-schema - 2.7.4+reloaded2-9ubuntu1.1 No subscription required Medium CVE-2018-1000528 CVE-2019-11187 CVE-2019-14466 Ubuntu 16.04 LTS Steven French discovered that Samba incorrectly handled ChangeNotify permissions. A remote attacker could possibly use this issue to obtain file name information. (CVE-2020-14318) Bas Alberts discovered that Samba incorrectly handled certain winbind requests. A remote attacker could possibly use this issue to cause winbind to crash, resulting in a denial of service. (CVE-2020-14323) Francis Brosnan Blázquez discovered that Samba incorrectly handled certain invalid DNS records. A remote attacker could possibly use this issue to cause the DNS server to crash, resulting in a denial of service. (CVE-2020-14383) Update Instructions: Run `sudo pro fix USN-4611-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.16.04.32 samba - 2:4.3.11+dfsg-0ubuntu0.16.04.32 registry-tools - 2:4.3.11+dfsg-0ubuntu0.16.04.32 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.32 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.32 smbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.32 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.32 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.16.04.32 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.16.04.32 samba-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.32 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.16.04.32 winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.32 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.32 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.32 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.32 python-samba - 2:4.3.11+dfsg-0ubuntu0.16.04.32 samba-common - 2:4.3.11+dfsg-0ubuntu0.16.04.32 ctdb - 2:4.3.11+dfsg-0ubuntu0.16.04.32 samba-libs - 2:4.3.11+dfsg-0ubuntu0.16.04.32 libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.32 No subscription required Medium CVE-2020-14318 CVE-2020-14323 CVE-2020-14383 Ubuntu 16.04 LTS Hubert Kario discovered that python-cryptography incorrectly handled certain decryption. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-4613-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-cryptography - 1.2.3-1ubuntu0.3 python-cryptography - 1.2.3-1ubuntu0.3 python-cryptography-doc - 1.2.3-1ubuntu0.3 No subscription required Medium CVE-2020-25659 Ubuntu 16.04 LTS It was discovered that Yerase's TNEF had null pointer dereferences, infinite loop, buffer overflow, out of bounds reads, directory traversal issues and other vulnerabilities. An attacker could use those issues to cause a crash and consequently a denial of service. (CVE-2017-6298, CVE-2017-6299, CVE-2017-6300, CVE-2017-6301, CVE-2017-6302, CVE-2017-6303, CVE-2017-6304, CVE-2017-6305, CVE-2017-6306, CVE-2017-6800, CVE-2017-6801, CVE-2017-6802) Update Instructions: Run `sudo pro fix USN-4615-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libytnef0-dev - 1.5-9ubuntu0.1 libytnef0 - 1.5-9ubuntu0.1 No subscription required Medium CVE-2017-6298 CVE-2017-6299 CVE-2017-6300 CVE-2017-6301 CVE-2017-6302 CVE-2017-6303 CVE-2017-6304 CVE-2017-6305 CVE-2017-6306 CVE-2017-6800 CVE-2017-6801 CVE-2017-6802 Ubuntu 16.04 LTS Kevin Backhouse discovered that AccountsService incorrectly dropped privileges. A local user could possibly use this issue to cause AccountsService to crash or hang, resulting in a denial of service. (CVE-2020-16126) Kevin Backhouse discovered that AccountsService incorrectly handled reading .pam_environment files. A local user could possibly use this issue to cause AccountsService to crash or hang, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2020-16127) Matthias Gerstner discovered that AccountsService incorrectly handled certain path checks. A local attacker could possibly use this issue to read arbitrary files. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-14036) Update Instructions: Run `sudo pro fix USN-4616-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: accountsservice - 0.6.40-2ubuntu11.6 gir1.2-accountsservice-1.0 - 0.6.40-2ubuntu11.6 libaccountsservice-doc - 0.6.40-2ubuntu11.6 libaccountsservice-dev - 0.6.40-2ubuntu11.6 libaccountsservice0 - 0.6.40-2ubuntu11.6 No subscription required Medium CVE-2018-14036 CVE-2020-16126 CVE-2020-16127 Ubuntu 16.04 LTS Mário Areias discovered that dom4j did not properly validate XML document elements. An attacker could exploit this with a crafted XML file to cause dom4j to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-1000632) Update Instructions: Run `sudo pro fix USN-4619-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libdom4j-java - 1.6.1+dfsg.3-2ubuntu1.2 libdom4j-java-doc - 1.6.1+dfsg.3-2ubuntu1.2 No subscription required Low CVE-2018-1000632 Ubuntu 16.04 LTS It was discovered that netqmail did not properly handle certain input. Both remote and local attackers could use this vulnerability to cause netqmail to crash or execute arbitrary code. (CVE-2005-1513, CVE-2005-1514, CVE-2005-1515) It was discovered that netqmail did not properly handle certain input when validating email addresses. An attacker could use this to bypass email address validation. (CVE-2020-3811) It was discovered that netqmail did not properly handle certain input when validating email addresses. An attacker could use this vulnerability to cause netqmail to disclose sensitive information. (CVE-2020-3812) Update Instructions: Run `sudo pro fix USN-4621-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qmail - 1.06-6.2~deb10u1build0.16.04.1 qmail-uids-gids - 1.06-6.2~deb10u1build0.16.04.1 No subscription required Medium CVE-2005-1513 CVE-2005-1514 CVE-2005-1515 CVE-2020-3811 CVE-2020-3812 Ubuntu 16.04 LTS It was discovered that OpenLDAP incorrectly handled certain network packets. A remote attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4622-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ldap-utils - 2.4.42+dfsg-2ubuntu3.10 libldap2-dev - 2.4.42+dfsg-2ubuntu3.10 libldap-2.4-2 - 2.4.42+dfsg-2ubuntu3.10 slapd-smbk5pwd - 2.4.42+dfsg-2ubuntu3.10 slapd - 2.4.42+dfsg-2ubuntu3.10 No subscription required Medium CVE-2020-25692 Ubuntu 16.04 LTS Ken Gaillot discovered that Pacemaker incorrectly handled IPC communications permissions. A local attacker could possibly use this issue to bypass ACL restrictions and execute arbitrary code as root. Update Instructions: Run `sudo pro fix USN-4623-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: pacemaker-remote - 1.1.14-2ubuntu1.9 libcrmcommon-dev - 1.1.14-2ubuntu1.9 pacemaker-resource-agents - 1.1.14-2ubuntu1.9 pacemaker-cli-utils - 1.1.14-2ubuntu1.9 pacemaker-common - 1.1.14-2ubuntu1.9 liblrmd1 - 1.1.14-2ubuntu1.9 libcrmcluster-dev - 1.1.14-2ubuntu1.9 libstonithd-dev - 1.1.14-2ubuntu1.9 libpe-status10 - 1.1.14-2ubuntu1.9 libtransitioner2 - 1.1.14-2ubuntu1.9 libstonithd2 - 1.1.14-2ubuntu1.9 libcrmservice3 - 1.1.14-2ubuntu1.9 libcrmcommon3 - 1.1.14-2ubuntu1.9 libcib-dev - 1.1.14-2ubuntu1.9 pacemaker - 1.1.14-2ubuntu1.9 libcrmservice-dev - 1.1.14-2ubuntu1.9 libpe-rules2 - 1.1.14-2ubuntu1.9 liblrmd-dev - 1.1.14-2ubuntu1.9 libpengine10 - 1.1.14-2ubuntu1.9 libpengine-dev - 1.1.14-2ubuntu1.9 pacemaker-doc - 1.1.14-2ubuntu1.9 libcrmcluster4 - 1.1.14-2ubuntu1.9 libcib4 - 1.1.14-2ubuntu1.9 No subscription required Medium CVE-2020-25654 Ubuntu 16.04 LTS It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to cause unexpected behaviours, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4624-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libexif-dev - 0.6.21-2ubuntu0.6 libexif12 - 0.6.21-2ubuntu0.6 No subscription required Medium CVE-2020-0452 Ubuntu 16.04 LTS A use-after-free was discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4625-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-nn - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ne - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-nb - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-fa - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-fi - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-fr - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-fy - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-or - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-kab - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-oc - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-cs - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ga - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-gd - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-gn - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-gl - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-gu - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-pa - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-pl - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-cy - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-pt - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-hi - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-uk - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-he - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-hy - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-hr - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-hu - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-as - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ar - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ia - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-az - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-id - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-mai - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-af - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-is - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-it - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-an - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-bs - 82.0.3+build1-0ubuntu0.16.04.1 firefox - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ro - 82.0.3+build1-0ubuntu0.16.04.1 firefox-geckodriver - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ja - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ru - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-br - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-zh-hant - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-zh-hans - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-bn - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-be - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-bg - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-sl - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-sk - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-si - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-sw - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-sv - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-sr - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-sq - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ko - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-kn - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-km - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-kk - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ka - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-xh - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ca - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ku - 82.0.3+build1-0ubuntu0.16.04.1 firefox-mozsymbols - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-lv - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-lt - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-th - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-hsb - 82.0.3+build1-0ubuntu0.16.04.1 firefox-dev - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-te - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-cak - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ta - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-lg - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-tr - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-nso - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-de - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-da - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ms - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-mr - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-my - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-uz - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ml - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-mn - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-mk - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ur - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-vi - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-eu - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-et - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-es - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-csb - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-el - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-eo - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-en - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-zu - 82.0.3+build1-0ubuntu0.16.04.1 firefox-locale-ast - 82.0.3+build1-0ubuntu0.16.04.1 No subscription required High CVE-2020-26950 Ubuntu 16.04 LTS Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running Average Power Limit (RAPL) driver in the Linux kernel did not properly restrict access to power data. A local attacker could possibly use this to expose sensitive information. Update Instructions: Run `sudo pro fix USN-4627-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1058-oracle - 4.15.0-1058.64~16.04.1 No subscription required linux-image-4.15.0-1087-gcp - 4.15.0-1087.100~16.04.1 No subscription required linux-image-4.15.0-123-generic - 4.15.0-123.126~16.04.1 linux-image-4.15.0-123-generic-lpae - 4.15.0-123.126~16.04.1 linux-image-4.15.0-123-lowlatency - 4.15.0-123.126~16.04.1 No subscription required linux-image-oracle - 4.15.0.1058.47 No subscription required linux-image-gke - 4.15.0.1087.88 linux-image-gcp - 4.15.0.1087.88 No subscription required linux-image-generic-hwe-16.04 - 4.15.0.123.123 linux-image-generic-hwe-16.04-edge - 4.15.0.123.123 linux-image-generic-lpae-hwe-16.04 - 4.15.0.123.123 linux-image-virtual-hwe-16.04-edge - 4.15.0.123.123 linux-image-virtual-hwe-16.04 - 4.15.0.123.123 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.123.123 linux-image-oem - 4.15.0.123.123 linux-image-lowlatency-hwe-16.04 - 4.15.0.123.123 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.123.123 No subscription required linux-image-4.4.0-194-powerpc64-smp - 4.4.0-194.226 linux-image-4.4.0-194-powerpc-e500mc - 4.4.0-194.226 linux-image-4.4.0-194-lowlatency - 4.4.0-194.226 linux-image-4.4.0-194-powerpc64-emb - 4.4.0-194.226 linux-image-4.4.0-194-powerpc-smp - 4.4.0-194.226 linux-image-4.4.0-194-generic-lpae - 4.4.0-194.226 linux-image-4.4.0-194-generic - 4.4.0-194.226 No subscription required linux-image-generic-lts-wily - 4.4.0.194.200 linux-image-powerpc64-emb-lts-vivid - 4.4.0.194.200 linux-image-powerpc-e500mc - 4.4.0.194.200 linux-image-generic-lpae-lts-xenial - 4.4.0.194.200 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.194.200 linux-image-generic-lpae-lts-utopic - 4.4.0.194.200 linux-image-powerpc64-smp-lts-vivid - 4.4.0.194.200 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.194.200 linux-image-generic-lts-utopic - 4.4.0.194.200 linux-image-powerpc-e500mc-lts-wily - 4.4.0.194.200 linux-image-generic-lts-vivid - 4.4.0.194.200 linux-image-generic-lpae-lts-wily - 4.4.0.194.200 linux-image-powerpc-smp-lts-wily - 4.4.0.194.200 linux-image-virtual-lts-vivid - 4.4.0.194.200 linux-image-virtual-lts-utopic - 4.4.0.194.200 linux-image-virtual - 4.4.0.194.200 linux-image-powerpc64-emb-lts-wily - 4.4.0.194.200 linux-image-powerpc64-smp-lts-xenial - 4.4.0.194.200 linux-image-powerpc64-smp-lts-utopic - 4.4.0.194.200 linux-image-powerpc64-emb - 4.4.0.194.200 linux-image-powerpc-smp-lts-xenial - 4.4.0.194.200 linux-image-lowlatency-lts-wily - 4.4.0.194.200 linux-image-generic - 4.4.0.194.200 linux-image-lowlatency-lts-xenial - 4.4.0.194.200 linux-image-lowlatency-lts-vivid - 4.4.0.194.200 linux-image-powerpc64-emb-lts-utopic - 4.4.0.194.200 linux-image-generic-lts-xenial - 4.4.0.194.200 linux-image-virtual-lts-wily - 4.4.0.194.200 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.194.200 linux-image-powerpc-smp - 4.4.0.194.200 linux-image-generic-lpae-lts-vivid - 4.4.0.194.200 linux-image-generic-lpae - 4.4.0.194.200 linux-image-powerpc64-smp-lts-wily - 4.4.0.194.200 linux-image-powerpc64-emb-lts-xenial - 4.4.0.194.200 linux-image-powerpc64-smp - 4.4.0.194.200 linux-image-lowlatency-lts-utopic - 4.4.0.194.200 linux-image-powerpc-smp-lts-vivid - 4.4.0.194.200 linux-image-lowlatency - 4.4.0.194.200 linux-image-virtual-lts-xenial - 4.4.0.194.200 linux-image-powerpc-smp-lts-utopic - 4.4.0.194.200 No subscription required Medium CVE-2020-8694 Ubuntu 16.04 LTS Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running Average Power Limit (RAPL) feature of some Intel processors allowed a side- channel attack based on power consumption measurements. A local attacker could possibly use this to expose sensitive information. (CVE-2020-8695) Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that some Intel(R) Processors did not properly remove sensitive information before storage or transfer in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-8696) Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that some Intel(R) Processors did not properly isolate shared resources in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-8698) Update Instructions: Run `sudo pro fix USN-4628-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20201110.0ubuntu0.16.04.1 No subscription required Medium CVE-2020-8695 CVE-2020-8696 CVE-2020-8698 Ubuntu 16.04 LTS USN-4628-1 provided updated Intel Processor Microcode. Unfortunately, that update prevented certain processors in the Intel Tiger Lake family from booting successfully. This update reverts the microcode update for the Tiger Lake processor family. Please note that the 'dis_ucode_ldr' kernel command line option can be added in the boot menu to disable microcode loading for system recovery. We apologize for the inconvenience. Original advisory details: Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running Average Power Limit (RAPL) feature of some Intel processors allowed a side- channel attack based on power consumption measurements. A local attacker could possibly use this to expose sensitive information. (CVE-2020-8695) Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that some Intel(R) Processors did not properly remove sensitive information before storage or transfer in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-8696) Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that some Intel(R) Processors did not properly isolate shared resources in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-8698) Update Instructions: Run `sudo pro fix USN-4628-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20201110.0ubuntu0.16.04.2 No subscription required None https://launchpad.net/bugs/1903883 Ubuntu 16.04 LTS Michael Chapman discovered that MoinMoin incorrectly handled certain cache actions. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-25074) Catarina Leite discovered that MoinMoin incorrectly handled certain SVG files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-15275) Update Instructions: Run `sudo pro fix USN-4629-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-moinmoin - 1.9.8-1ubuntu1.16.04.3 No subscription required High CVE-2020-15275 CVE-2020-25074 Ubuntu 16.04 LTS Hanno Böck discovered that Raptor incorrectly handled certain memory operations. If a user were tricked into opening a specially crafted document in an application linked against Raptor, an attacker could cause the application to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4630-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libraptor2-doc - 2.0.14-1ubuntu0.16.04.1 raptor2-utils - 2.0.14-1ubuntu0.16.04.1 libraptor2-dev - 2.0.14-1ubuntu0.16.04.1 libraptor2-0 - 2.0.14-1ubuntu0.16.04.1 No subscription required Medium CVE-2017-18926 Ubuntu 16.04 LTS It was discovered that the SLiRP networking implementation of the QEMU emulator did not properly manage memory under certain circumstances. An attacker could use this to cause a heap-based buffer overflow or other out- of-bounds access, which can lead to a denial of service (application crash) or potentially execute arbitrary code. (CVE-2020-7039) It was discovered that the SLiRP networking implementation of the QEMU emulator misuses snprintf return values. An attacker could use this to cause a denial of service (application crash) or potentially execute arbitrary code. (CVE-2020-8608) Update Instructions: Run `sudo pro fix USN-4632-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: slirp - 1:1.0.17-8ubuntu16.04.1 No subscription required Medium CVE-2020-7039 CVE-2020-8608 Ubuntu 16.04 LTS Peter Eisentraut discovered that PostgreSQL incorrectly handled connection security settings. Client applications could possibly be connecting with certain security parameters dropped, contrary to expectations. (CVE-2020-25694) Etienne Stalmans discovered that PostgreSQL incorrectly handled the security restricted operation sandbox. An authenticated remote attacker could possibly use this issue to execute arbitrary SQL functions as a superuser. (CVE-2020-25695) Nick Cleaton discovered that PostgreSQL incorrectly handled the \gset meta-command. A remote attacker with a compromised server could possibly use this issue to execute arbitrary code. (CVE-2020-25696) Update Instructions: Run `sudo pro fix USN-4633-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-doc-9.5 - 9.5.24-0ubuntu0.16.04.1 postgresql-plperl-9.5 - 9.5.24-0ubuntu0.16.04.1 postgresql-server-dev-9.5 - 9.5.24-0ubuntu0.16.04.1 postgresql-9.5 - 9.5.24-0ubuntu0.16.04.1 postgresql-plpython-9.5 - 9.5.24-0ubuntu0.16.04.1 libecpg6 - 9.5.24-0ubuntu0.16.04.1 postgresql-client-9.5 - 9.5.24-0ubuntu0.16.04.1 libpq-dev - 9.5.24-0ubuntu0.16.04.1 postgresql-contrib-9.5 - 9.5.24-0ubuntu0.16.04.1 libpgtypes3 - 9.5.24-0ubuntu0.16.04.1 libecpg-dev - 9.5.24-0ubuntu0.16.04.1 postgresql-pltcl-9.5 - 9.5.24-0ubuntu0.16.04.1 libpq5 - 9.5.24-0ubuntu0.16.04.1 postgresql-plpython3-9.5 - 9.5.24-0ubuntu0.16.04.1 libecpg-compat3 - 9.5.24-0ubuntu0.16.04.1 No subscription required Medium CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 Ubuntu 16.04 LTS It was discovered that OpenLDAP incorrectly handled certain malformed inputs. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4634-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ldap-utils - 2.4.42+dfsg-2ubuntu3.11 libldap2-dev - 2.4.42+dfsg-2ubuntu3.11 libldap-2.4-2 - 2.4.42+dfsg-2ubuntu3.11 slapd-smbk5pwd - 2.4.42+dfsg-2ubuntu3.11 slapd - 2.4.42+dfsg-2ubuntu3.11 No subscription required Medium CVE-2020-25709 CVE-2020-25710 Ubuntu 16.04 LTS Demi Obenour discovered that Kerberos incorrectly handled certain ASN.1. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4635-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libkadm5srv-mit9 - 1.13.2+dfsg-5ubuntu2.2 libk5crypto3 - 1.13.2+dfsg-5ubuntu2.2 krb5-user - 1.13.2+dfsg-5ubuntu2.2 libgssrpc4 - 1.13.2+dfsg-5ubuntu2.2 libkrb5support0 - 1.13.2+dfsg-5ubuntu2.2 krb5-doc - 1.13.2+dfsg-5ubuntu2.2 libkrb5-dev - 1.13.2+dfsg-5ubuntu2.2 krb5-pkinit - 1.13.2+dfsg-5ubuntu2.2 libkrb5-3 - 1.13.2+dfsg-5ubuntu2.2 krb5-kdc-ldap - 1.13.2+dfsg-5ubuntu2.2 krb5-otp - 1.13.2+dfsg-5ubuntu2.2 libkadm5clnt-mit9 - 1.13.2+dfsg-5ubuntu2.2 krb5-gss-samples - 1.13.2+dfsg-5ubuntu2.2 krb5-multidev - 1.13.2+dfsg-5ubuntu2.2 krb5-locales - 1.13.2+dfsg-5ubuntu2.2 libgssapi-krb5-2 - 1.13.2+dfsg-5ubuntu2.2 krb5-kdc - 1.13.2+dfsg-5ubuntu2.2 libkrad-dev - 1.13.2+dfsg-5ubuntu2.2 libkdb5-8 - 1.13.2+dfsg-5ubuntu2.2 krb5-k5tls - 1.13.2+dfsg-5ubuntu2.2 libkrad0 - 1.13.2+dfsg-5ubuntu2.2 krb5-admin-server - 1.13.2+dfsg-5ubuntu2.2 No subscription required Medium CVE-2020-28196 Ubuntu 16.04 LTS It was discovered that LibVNCServer incorrectly handled certain internals. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Vino package ships with a LibVNCServer source and all listed releases were affected for this package. Update Instructions: Run `sudo pro fix USN-4636-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvncserver-config - 0.9.10+dfsg-3ubuntu0.16.04.6 libvncserver-dev - 0.9.10+dfsg-3ubuntu0.16.04.6 libvncserver1 - 0.9.10+dfsg-3ubuntu0.16.04.6 libvncclient1 - 0.9.10+dfsg-3ubuntu0.16.04.6 No subscription required vino - 3.8.1-0ubuntu9.4 No subscription required Medium CVE-2020-25708 Ubuntu 16.04 LTS USN-4637-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubuntu 16.04 LTS. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across origins, bypass security restrictions, conduct phishing attacks, conduct cross-site scripting (XSS) attacks, bypass Content Security Policy (CSP) restrictions, conduct DNS rebinding attacks, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4637-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-nn - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-ne - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-nb - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-fa - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-fi - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-fr - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-fy - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-or - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-kab - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-oc - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-cs - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-ga - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-gd - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-gn - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-gl - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-gu - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-pa - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-pl - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-cy - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-pt - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-hi - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-uk - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-he - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-hy - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-hr - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-hu - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-as - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-ar - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-ia - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-az - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-id - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-mai - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-af - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-is - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-it - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-an - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-bs - 83.0+build2-0ubuntu0.16.04.3 firefox - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-ro - 83.0+build2-0ubuntu0.16.04.3 firefox-geckodriver - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-ja - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-ru - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-br - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-zh-hant - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-zh-hans - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-bn - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-be - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-bg - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-sl - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-sk - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-si - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-sw - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-sv - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-sr - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-sq - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-ko - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-kn - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-km - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-kk - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-ka - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-xh - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-ca - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-ku - 83.0+build2-0ubuntu0.16.04.3 firefox-mozsymbols - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-lv - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-lt - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-th - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-hsb - 83.0+build2-0ubuntu0.16.04.3 firefox-dev - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-te - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-cak - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-ta - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-lg - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-tr - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-nso - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-de - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-da - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-ms - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-mr - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-my - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-uz - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-ml - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-mn - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-mk - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-ur - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-vi - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-eu - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-et - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-es - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-csb - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-el - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-eo - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-en - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-zu - 83.0+build2-0ubuntu0.16.04.3 firefox-locale-ast - 83.0+build2-0ubuntu0.16.04.3 No subscription required Medium CVE-2020-16012 CVE-2020-26951 CVE-2020-26952 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26962 CVE-2020-26963 CVE-2020-26965 CVE-2020-26967 CVE-2020-26968 CVE-2020-26969 Ubuntu 16.04 LTS James Henstridge discovered that an Ubuntu-specific patch caused PulseAudio to incorrectly handle snap client connections. An attacker could possibly use this to expose sensitive information. Update Instructions: Run `sudo pro fix USN-4640-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpulse0 - 1:8.0-0ubuntu3.15 pulseaudio-module-zeroconf - 1:8.0-0ubuntu3.15 pulseaudio-module-bluetooth - 1:8.0-0ubuntu3.15 libpulse-dev - 1:8.0-0ubuntu3.15 pulseaudio-utils - 1:8.0-0ubuntu3.15 pulseaudio-module-raop - 1:8.0-0ubuntu3.15 pulseaudio-module-trust-store - 1:8.0-0ubuntu3.15 pulseaudio - 1:8.0-0ubuntu3.15 libpulsedsp - 1:8.0-0ubuntu3.15 pulseaudio-module-x11 - 1:8.0-0ubuntu3.15 pulseaudio-esound-compat - 1:8.0-0ubuntu3.15 libpulse-mainloop-glib0 - 1:8.0-0ubuntu3.15 pulseaudio-module-gconf - 1:8.0-0ubuntu3.15 pulseaudio-module-droid - 1:8.0-0ubuntu3.15 pulseaudio-module-lirc - 1:8.0-0ubuntu3.15 pulseaudio-module-jack - 1:8.0-0ubuntu3.15 No subscription required Medium CVE-2020-16123 Ubuntu 16.04 LTS It was discovered that Libextractor incorrectly handled zero sample rate. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-15266) It was discovered that Libextractor incorrectly handled certain FLAC metadata. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-15267) It was discovered that Libextractor incorrectly handled certain specially crafted files. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-15600, CVE-2018-16430, CVE-2018-20430) It was discovered that Libextractor incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-15601) It was discovered that Libextractor incorrectly handled integers. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-15602) It was discovered that Libextractore incorrectly handled certain crafted files. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-15922) It was discovered tha Libextractor incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-17440) It was discovered that Libextractor incorrectly handled certain malformed files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-14346) It was discovered that Libextractor incorrectly handled malformed files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-14347) It was discovered that Libextractor incorrectly handled metadata. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-20431) Update Instructions: Run `sudo pro fix USN-4641-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libextractor-dev - 1:1.3-4+deb9u3build0.16.04.1 extract - 1:1.3-4+deb9u3build0.16.04.1 libextractor3 - 1:1.3-4+deb9u3build0.16.04.1 No subscription required Medium CVE-2017-15266 CVE-2017-15267 CVE-2017-15600 CVE-2017-15601 CVE-2017-15602 CVE-2017-15922 CVE-2017-17440 CVE-2018-14346 CVE-2018-14347 CVE-2018-16430 CVE-2018-20430 CVE-2018-20431 Ubuntu 16.04 LTS It was discovered that PDFResurrect incorrectly handled certain memory operations during PDF summary generation. An attacker could use this to cause out-of-bounds writes, resulting in a denial of service (system crash) or arbitrary code execution. Update Instructions: Run `sudo pro fix USN-4642-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: pdfresurrect - 0.12-6ubuntu0.2 No subscription required Medium CVE-2020-9549 Ubuntu 16.04 LTS It was discovered that atftp's FTP server did not properly handler certain input. An attacker could use this to to cause a denial of service (crash) or possibly execute arbitrary code. (CVE-2019-11365) It was discovered that atftp's FTP server did not make proper use of mutexes when locking certain data structures. An attacker could use this to cause a denial of service via a NULL pointer dereference. (CVE-2019-11366) Update Instructions: Run `sudo pro fix USN-4643-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: atftp - 0.7.git20120829-3.1~0.16.04.1 atftpd - 0.7.git20120829-3.1~0.16.04.1 No subscription required Medium CVE-2019-11365 CVE-2019-11366 Ubuntu 16.04 LTS It was discovered that igraph mishandled certain malformed XML. An attacker could use this vulnerability to cause a denial of service (crash). Update Instructions: Run `sudo pro fix USN-4644-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libigraph0v5 - 0.7.1-2.1+deb9u1build0.16.04.1 libigraph0-dev - 0.7.1-2.1+deb9u1build0.16.04.1 No subscription required Medium CVE-2018-20349 Ubuntu 16.04 LTS It was discovered that Mutt incorrectly handled certain connections. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-4645-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mutt-patched - 1.5.24-1ubuntu0.5 mutt - 1.5.24-1ubuntu0.5 No subscription required Medium CVE-2020-28896 Ubuntu 16.04 LTS It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service. Update Instructions: Run `sudo pro fix USN-4646-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpoppler58 - 0.41.0-0ubuntu1.15 poppler-utils - 0.41.0-0ubuntu1.15 libpoppler-qt5-1 - 0.41.0-0ubuntu1.15 libpoppler-cpp-dev - 0.41.0-0ubuntu1.15 libpoppler-cpp0 - 0.41.0-0ubuntu1.15 gir1.2-poppler-0.18 - 0.41.0-0ubuntu1.15 libpoppler-dev - 0.41.0-0ubuntu1.15 libpoppler-glib8 - 0.41.0-0ubuntu1.15 libpoppler-private-dev - 0.41.0-0ubuntu1.15 libpoppler-qt4-dev - 0.41.0-0ubuntu1.15 libpoppler-glib-dev - 0.41.0-0ubuntu1.15 libpoppler-qt4-4 - 0.41.0-0ubuntu1.15 libpoppler-qt5-dev - 0.41.0-0ubuntu1.15 libpoppler-glib-doc - 0.41.0-0ubuntu1.15 No subscription required Medium CVE-2018-21009 CVE-2019-10871 CVE-2019-13283 CVE-2019-9959 CVE-2020-27778 Ubuntu 16.04 LTS USN-4646-1 fixed vulnerabilities in poppler. The fix for CVE-2019-10871 introduced a regression causing certain applications linked against poppler to fail. This update backs out the fix pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service. Update Instructions: Run `sudo pro fix USN-4646-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpoppler58 - 0.41.0-0ubuntu1.16 poppler-utils - 0.41.0-0ubuntu1.16 libpoppler-qt5-1 - 0.41.0-0ubuntu1.16 libpoppler-cpp-dev - 0.41.0-0ubuntu1.16 libpoppler-cpp0 - 0.41.0-0ubuntu1.16 gir1.2-poppler-0.18 - 0.41.0-0ubuntu1.16 libpoppler-dev - 0.41.0-0ubuntu1.16 libpoppler-glib8 - 0.41.0-0ubuntu1.16 libpoppler-private-dev - 0.41.0-0ubuntu1.16 libpoppler-qt4-dev - 0.41.0-0ubuntu1.16 libpoppler-glib-dev - 0.41.0-0ubuntu1.16 libpoppler-qt4-4 - 0.41.0-0ubuntu1.16 libpoppler-qt5-dev - 0.41.0-0ubuntu1.16 libpoppler-glib-doc - 0.41.0-0ubuntu1.16 No subscription required None https://launchpad.net/bugs/1905741 Ubuntu 16.04 LTS Jens Mueller discovered that xdg-utils incorrectly handled certain URI. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-4649-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xdg-utils - 1.1.1-1ubuntu1.16.04.4 No subscription required Low CVE-2020-27748 Ubuntu 16.04 LTS USN-4649-1 fixed vulnerabilities in xdg-utils. That update caused a regression by removing the --attach functionality in thunderbird and others applications. This update fix the problem by reverting these changes. Original advisory details: Jens Mueller discovered that xdg-utils incorrectly handled certain URI. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-4649-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xdg-utils - 1.1.1-1ubuntu1.16.04.5 No subscription required None https://launchpad.net/bugs/1909941 Ubuntu 16.04 LTS Alexander Bulekov discovered that QEMU incorrectly handled SDHCI device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2020-17380) Sergej Schumilo, Cornelius Aschermann, and Simon Wrner discovered that QEMU incorrectly handled USB device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-25084) Sergej Schumilo, Cornelius Aschermann, and Simon Wrner discovered that QEMU incorrectly handled SDHCI device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-25085) Gaoning Pan, Yongkang Jia, and Yi Ren discovered that QEMU incorrectly handled USB device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-25624) It was discovered that QEMU incorrectly handled USB device emulation. An attacker inside the guest could use this issue to cause QEMU to hang, resulting in a denial of service. (CVE-2020-25625) Cheolwoo Myung discovered that QEMU incorrectly handled USB device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-25723) Gaoning Pan discovered that QEMU incorrectly handled ATI graphics device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2020-27616) Gaoning Pan discovered that QEMU incorrectly handled networking. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-27617) Update Instructions: Run `sudo pro fix USN-4650-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.5+dfsg-5ubuntu10.48 qemu-user-static - 1:2.5+dfsg-5ubuntu10.48 qemu-system-s390x - 1:2.5+dfsg-5ubuntu10.48 qemu-block-extra - 1:2.5+dfsg-5ubuntu10.48 qemu-kvm - 1:2.5+dfsg-5ubuntu10.48 qemu-user - 1:2.5+dfsg-5ubuntu10.48 qemu-guest-agent - 1:2.5+dfsg-5ubuntu10.48 qemu-system - 1:2.5+dfsg-5ubuntu10.48 qemu-utils - 1:2.5+dfsg-5ubuntu10.48 qemu-system-aarch64 - 1:2.5+dfsg-5ubuntu10.48 qemu - 1:2.5+dfsg-5ubuntu10.48 qemu-user-binfmt - 1:2.5+dfsg-5ubuntu10.48 qemu-system-x86 - 1:2.5+dfsg-5ubuntu10.48 qemu-system-misc - 1:2.5+dfsg-5ubuntu10.48 qemu-system-sparc - 1:2.5+dfsg-5ubuntu10.48 qemu-system-arm - 1:2.5+dfsg-5ubuntu10.48 qemu-system-ppc - 1:2.5+dfsg-5ubuntu10.48 qemu-system-mips - 1:2.5+dfsg-5ubuntu10.48 No subscription required Medium CVE-2020-17380 CVE-2020-25084 CVE-2020-25085 CVE-2020-25624 CVE-2020-25625 CVE-2020-25723 CVE-2020-27616 CVE-2020-27617 Ubuntu 16.04 LTS It was discovered that SniffIt incorrectly handled certain configuration files. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4652-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sniffit - 0.3.7.beta-19ubuntu0.1 No subscription required Medium CVE-2014-5439 Ubuntu 16.04 LTS It was discovered that access controls for the shim’s API socket did not restrict access to the abstract unix domain socket in some cases. An attacker could use this vulnerability to run containers with elevated privileges. Update Instructions: Run `sudo pro fix USN-4653-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: containerd - 1.2.6-0ubuntu1~16.04.5 golang-github-docker-containerd-dev - 1.2.6-0ubuntu1~16.04.5 No subscription required Medium CVE-2020-15257 Ubuntu 16.04 LTS USN-4653-1 fixed a vulnerability in containerd. Unfortunately, those containerd packages introduced a regression in docker.io and the update was reverted. This update addresses the docker.io issue and reintroduces the fixes from USN-4653-1. We apologize for the inconvenience. Update Instructions: Run `sudo pro fix USN-4653-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: containerd - 1.2.6-0ubuntu1~16.04.6 golang-github-docker-containerd-dev - 1.2.6-0ubuntu1~16.04.6 No subscription required Medium CVE-2020-15257 https://launchpad.net/bugs/1870514 Ubuntu 16.04 LTS It was discovered that PEAR incorrectly sanitized filenames. A remote attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4654-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php-pear - 1:1.10.1+submodules+notgz-6ubuntu0.2 No subscription required Medium CVE-2020-28948 CVE-2020-28949 Ubuntu 16.04 LTS It was discovered that Werkzeug has insufficient debugger PIN randomness. An attacker could use this issue to access sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-14806) It was discovered that Werkzeug incorrectly handled certain URLs. An attacker could possibly use this issue to cause pishing attacks. This issue only affected Ubuntu 16.04 LTS. (CVE-2020-28724) Update Instructions: Run `sudo pro fix USN-4655-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-werkzeug - 0.10.4+dfsg1-1ubuntu1.2 python-werkzeug - 0.10.4+dfsg1-1ubuntu1.2 python-werkzeug-doc - 0.10.4+dfsg1-1ubuntu1.2 No subscription required Medium CVE-2019-14806 CVE-2020-28724 Ubuntu 16.04 LTS Jan-Niklas Sohn discovered that the X.Org X Server XKB extension incorrectly handled certain inputs. A local attacker could possibly use this issue to escalate privileges. Update Instructions: Run `sudo pro fix USN-4656-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xserver-xorg-core - 2:1.18.4-0ubuntu0.11 xmir - 2:1.18.4-0ubuntu0.11 xwayland - 2:1.18.4-0ubuntu0.11 xorg-server-source - 2:1.18.4-0ubuntu0.11 xdmx - 2:1.18.4-0ubuntu0.11 xserver-xorg-legacy - 2:1.18.4-0ubuntu0.11 xserver-xorg-xmir - 2:1.18.4-0ubuntu0.11 xvfb - 2:1.18.4-0ubuntu0.11 xserver-xorg-dev - 2:1.18.4-0ubuntu0.11 xserver-xorg-core-udeb - 2:1.18.4-0ubuntu0.11 xnest - 2:1.18.4-0ubuntu0.11 xserver-xephyr - 2:1.18.4-0ubuntu0.11 xserver-common - 2:1.18.4-0ubuntu0.11 xdmx-tools - 2:1.18.4-0ubuntu0.11 No subscription required xorg-server-source-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.5 xserver-xephyr-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.5 xserver-xorg-core-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.5 xmir-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.5 xserver-xorg-legacy-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.5 xwayland-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.5 xserver-xorg-dev-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.5 No subscription required Medium CVE-2020-14360 CVE-2020-25712 Ubuntu 16.04 LTS Elena Petrova discovered that the pin controller device tree implementation in the Linux kernel did not properly handle string references. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-0427) Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this to impersonate a previously paired Bluetooth device. (CVE-2020-10135) Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate remote attacker could use this to expose sensitive information (kernel memory). (CVE-2020-12352) It was discovered that a race condition existed in the perf subsystem of the Linux kernel, leading to a use-after-free vulnerability. An attacker with access to the perf subsystem could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-14351) It was discovered that the frame buffer implementation in the Linux kernel did not properly handle some edge cases in software scrollback. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-14390) It was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-25211) It was discovered that the Rados block device (rbd) driver in the Linux kernel did not properly perform privilege checks for access to rbd devices in some situations. A local attacker could use this to map or unmap rbd block devices. (CVE-2020-25284) It was discovered that the HDLC PPP implementation in the Linux kernel did not properly validate input in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-25643) It was discovered that the GENEVE tunnel implementation in the Linux kernel when combined with IPSec did not properly select IP routes in some situations. An attacker could use this to expose sensitive information (unencrypted network traffic). (CVE-2020-25645) Keyu Man discovered that the ICMP global rate limiter in the Linux kernel could be used to assist in scanning open UDP ports. A remote attacker could use to facilitate attacks on UDP based services that depend on source port randomization. (CVE-2020-25705) It was discovered that the framebuffer implementation in the Linux kernel did not properly perform range checks in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-28915) It was discovered that Power 9 processors could be coerced to expose information from the L1 cache in certain situations. A local attacker could use this to expose sensitive information. (CVE-2020-4788) Update Instructions: Run `sudo pro fix USN-4657-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1084-kvm - 4.4.0-1084.93 No subscription required linux-image-4.4.0-1118-aws - 4.4.0-1118.132 No subscription required linux-image-4.4.0-1142-raspi2 - 4.4.0-1142.152 No subscription required linux-image-4.4.0-1146-snapdragon - 4.4.0-1146.156 No subscription required linux-image-4.4.0-197-lowlatency - 4.4.0-197.229 linux-image-4.4.0-197-powerpc64-emb - 4.4.0-197.229 linux-image-4.4.0-197-powerpc-e500mc - 4.4.0-197.229 linux-image-4.4.0-197-generic-lpae - 4.4.0-197.229 linux-image-4.4.0-197-powerpc-smp - 4.4.0-197.229 linux-image-4.4.0-197-generic - 4.4.0-197.229 linux-image-4.4.0-197-powerpc64-smp - 4.4.0-197.229 No subscription required linux-image-kvm - 4.4.0.1084.82 No subscription required linux-image-aws - 4.4.0.1118.123 No subscription required linux-image-raspi2 - 4.4.0.1142.142 No subscription required linux-image-snapdragon - 4.4.0.1146.138 No subscription required linux-image-generic-lts-wily - 4.4.0.197.203 linux-image-powerpc64-emb-lts-vivid - 4.4.0.197.203 linux-image-powerpc-e500mc - 4.4.0.197.203 linux-image-generic-lpae-lts-xenial - 4.4.0.197.203 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.197.203 linux-image-generic-lpae-lts-utopic - 4.4.0.197.203 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.197.203 linux-image-generic-lts-utopic - 4.4.0.197.203 linux-image-powerpc-e500mc-lts-wily - 4.4.0.197.203 linux-image-generic-lts-vivid - 4.4.0.197.203 linux-image-generic-lpae-lts-wily - 4.4.0.197.203 linux-image-virtual-lts-vivid - 4.4.0.197.203 linux-image-virtual-lts-utopic - 4.4.0.197.203 linux-image-virtual - 4.4.0.197.203 linux-image-powerpc64-emb-lts-wily - 4.4.0.197.203 linux-image-lowlatency-lts-vivid - 4.4.0.197.203 linux-image-powerpc64-smp-lts-utopic - 4.4.0.197.203 linux-image-powerpc64-emb - 4.4.0.197.203 linux-image-powerpc-smp-lts-xenial - 4.4.0.197.203 linux-image-powerpc64-smp-lts-vivid - 4.4.0.197.203 linux-image-lowlatency-lts-wily - 4.4.0.197.203 linux-image-generic - 4.4.0.197.203 linux-image-lowlatency-lts-xenial - 4.4.0.197.203 linux-image-powerpc64-smp-lts-xenial - 4.4.0.197.203 linux-image-powerpc64-emb-lts-utopic - 4.4.0.197.203 linux-image-generic-lts-xenial - 4.4.0.197.203 linux-image-powerpc-smp - 4.4.0.197.203 linux-image-generic-lpae-lts-vivid - 4.4.0.197.203 linux-image-generic-lpae - 4.4.0.197.203 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.197.203 linux-image-powerpc64-smp-lts-wily - 4.4.0.197.203 linux-image-powerpc64-emb-lts-xenial - 4.4.0.197.203 linux-image-powerpc-smp-lts-wily - 4.4.0.197.203 linux-image-virtual-lts-wily - 4.4.0.197.203 linux-image-powerpc64-smp - 4.4.0.197.203 linux-image-lowlatency-lts-utopic - 4.4.0.197.203 linux-image-powerpc-smp-lts-vivid - 4.4.0.197.203 linux-image-lowlatency - 4.4.0.197.203 linux-image-virtual-lts-xenial - 4.4.0.197.203 linux-image-powerpc-smp-lts-utopic - 4.4.0.197.203 No subscription required Medium CVE-2020-0427 CVE-2020-10135 CVE-2020-12352 CVE-2020-14351 CVE-2020-14390 CVE-2020-25211 CVE-2020-25284 CVE-2020-25643 CVE-2020-25645 CVE-2020-25705 CVE-2020-28915 CVE-2020-4788 Ubuntu 16.04 LTS It was discovered that a race condition existed in the perf subsystem of the Linux kernel, leading to a use-after-free vulnerability. An attacker with access to the perf subsystem could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-14351) It was discovered that the frame buffer implementation in the Linux kernel did not properly handle some edge cases in software scrollback. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-14390) It was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-25211) It was discovered that the Rados block device (rbd) driver in the Linux kernel did not properly perform privilege checks for access to rbd devices in some situations. A local attacker could use this to map or unmap rbd block devices. (CVE-2020-25284) It was discovered that a race condition existed in the hugetlb sysctl implementation in the Linux kernel. A privileged attacker could use this to cause a denial of service (system crash). (CVE-2020-25285) It was discovered that the block layer subsystem in the Linux kernel did not properly handle zero-length requests. A local attacker could use this to cause a denial of service. (CVE-2020-25641) It was discovered that the HDLC PPP implementation in the Linux kernel did not properly validate input in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-25643) It was discovered that the GENEVE tunnel implementation in the Linux kernel when combined with IPSec did not properly select IP routes in some situations. An attacker could use this to expose sensitive information (unencrypted network traffic). (CVE-2020-25645) It was discovered that the framebuffer implementation in the Linux kernel did not properly perform range checks in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-28915) It was discovered that Power 9 processors could be coerced to expose information from the L1 cache in certain situations. A local attacker could use this to expose sensitive information. (CVE-2020-4788) Update Instructions: Run `sudo pro fix USN-4660-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1059-oracle - 4.15.0-1059.65~16.04.1 No subscription required linux-image-4.15.0-1088-gcp - 4.15.0-1088.101~16.04.1 No subscription required linux-image-4.15.0-1088-aws - 4.15.0-1088.93~16.04.1 No subscription required linux-image-4.15.0-1100-azure - 4.15.0-1100.111~16.04.1 No subscription required linux-image-4.15.0-126-generic-lpae - 4.15.0-126.129~16.04.1 linux-image-4.15.0-126-lowlatency - 4.15.0-126.129~16.04.1 linux-image-4.15.0-126-generic - 4.15.0-126.129~16.04.1 No subscription required linux-image-oracle - 4.15.0.1059.48 No subscription required linux-image-aws-hwe - 4.15.0.1088.82 No subscription required linux-image-gke - 4.15.0.1088.89 linux-image-gcp - 4.15.0.1088.89 No subscription required linux-image-azure-edge - 4.15.0.1100.93 linux-image-azure - 4.15.0.1100.93 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.126.125 linux-image-lowlatency-hwe-16.04 - 4.15.0.126.125 linux-image-generic-hwe-16.04-edge - 4.15.0.126.125 linux-image-generic-lpae-hwe-16.04 - 4.15.0.126.125 linux-image-virtual-hwe-16.04 - 4.15.0.126.125 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.126.125 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.126.125 linux-image-oem - 4.15.0.126.125 linux-image-generic-hwe-16.04 - 4.15.0.126.125 No subscription required Medium CVE-2020-14351 CVE-2020-14390 CVE-2020-25211 CVE-2020-25284 CVE-2020-25285 CVE-2020-25641 CVE-2020-25643 CVE-2020-25645 CVE-2020-28915 CVE-2020-4788 Ubuntu 16.04 LTS USN-4660-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression in the software raid10 driver when used with fstrim that could lead to data corruption. This update fixes the problem. Original advisory details: It was discovered that a race condition existed in the perf subsystem of the Linux kernel, leading to a use-after-free vulnerability. An attacker with access to the perf subsystem could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-14351) It was discovered that the frame buffer implementation in the Linux kernel did not properly handle some edge cases in software scrollback. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-14390) It was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-25211) It was discovered that the Rados block device (rbd) driver in the Linux kernel did not properly perform privilege checks for access to rbd devices in some situations. A local attacker could use this to map or unmap rbd block devices. (CVE-2020-25284) It was discovered that a race condition existed in the hugetlb sysctl implementation in the Linux kernel. A privileged attacker could use this to cause a denial of service (system crash). (CVE-2020-25285) It was discovered that the block layer subsystem in the Linux kernel did not properly handle zero-length requests. A local attacker could use this to cause a denial of service. (CVE-2020-25641) It was discovered that the HDLC PPP implementation in the Linux kernel did not properly validate input in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-25643) It was discovered that the GENEVE tunnel implementation in the Linux kernel when combined with IPSec did not properly select IP routes in some situations. An attacker could use this to expose sensitive information (unencrypted network traffic). (CVE-2020-25645) It was discovered that the framebuffer implementation in the Linux kernel did not properly perform range checks in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-28915) It was discovered that Power 9 processors could be coerced to expose information from the L1 cache in certain situations. A local attacker could use this to expose sensitive information. (CVE-2020-4788) Update Instructions: Run `sudo pro fix USN-4660-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1061-oracle - 4.15.0-1061.67~16.04.1 No subscription required linux-image-4.15.0-1090-gcp - 4.15.0-1090.103~16.04.1 No subscription required linux-image-4.15.0-1090-aws - 4.15.0-1090.95~16.04.1 No subscription required linux-image-4.15.0-1102-azure - 4.15.0-1102.113~16.04.1 No subscription required linux-image-4.15.0-128-generic-lpae - 4.15.0-128.131~16.04.1 linux-image-4.15.0-128-lowlatency - 4.15.0-128.131~16.04.1 linux-image-4.15.0-128-generic - 4.15.0-128.131~16.04.1 No subscription required linux-image-oracle - 4.15.0.1061.50 No subscription required linux-image-aws-hwe - 4.15.0.1090.84 No subscription required linux-image-gke - 4.15.0.1090.91 linux-image-gcp - 4.15.0.1090.91 No subscription required linux-image-azure-edge - 4.15.0.1102.95 linux-image-azure - 4.15.0.1102.95 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.128.127 linux-image-generic-hwe-16.04 - 4.15.0.128.127 linux-image-generic-hwe-16.04-edge - 4.15.0.128.127 linux-image-generic-lpae-hwe-16.04 - 4.15.0.128.127 linux-image-virtual-hwe-16.04 - 4.15.0.128.127 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.128.127 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.128.127 linux-image-oem - 4.15.0.128.127 linux-image-lowlatency-hwe-16.04 - 4.15.0.128.127 No subscription required None https://launchpad.net/bugs/1907262 Ubuntu 16.04 LTS It was discovered that Snapcraft includes the current directory when configuring LD_LIBRARY_PATH for application commands. If a user were tricked into installing a malicious snap or downloading a malicious library, under certain circumstances an attacker could exploit this to affect strict mode snaps that have access to the library and when launched from the directory containing the library. Update Instructions: Run `sudo pro fix USN-4661-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: snapcraft-parser - 2.43.1+16.04.1 snapcraft - 2.43.1+16.04.1 snapcraft-examples - 2.43.1+16.04.1 No subscription required Medium CVE-2020-27348 https://launchpad.net/bugs/1901572 Ubuntu 16.04 LTS David Benjamin discovered that OpenSSL incorrectly handled comparing certificates containing a EDIPartyName name type. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4662-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.2g-1ubuntu4.18 libssl-dev - 1.0.2g-1ubuntu4.18 openssl - 1.0.2g-1ubuntu4.18 libssl-doc - 1.0.2g-1ubuntu4.18 libcrypto1.0.0-udeb - 1.0.2g-1ubuntu4.18 libssl1.0.0-udeb - 1.0.2g-1ubuntu4.18 No subscription required High CVE-2020-1971 Ubuntu 16.04 LTS Kevin Backhouse discovered that Aptdaemon incorrectly handled certain properties. A local attacker could use this issue to test for the presence of local files. (CVE-2020-16128) Kevin Backhouse discovered that Aptdaemon incorrectly handled permission checks. A local attacker could possibly use this issue to cause a denial of service. (CVE-2020-27349) Update Instructions: Run `sudo pro fix USN-4664-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-aptdaemon.gtk3widgets - 1.1.1+bzr982-0ubuntu14.5 aptdaemon-data - 1.1.1+bzr982-0ubuntu14.5 python3-aptdaemon.test - 1.1.1+bzr982-0ubuntu14.5 python-aptdaemon - 1.1.1+bzr982-0ubuntu14.5 aptdaemon - 1.1.1+bzr982-0ubuntu14.5 python3-aptdaemon.pkcompat - 1.1.1+bzr982-0ubuntu14.5 python-aptdaemon.gtk3widgets - 1.1.1+bzr982-0ubuntu14.5 python3-aptdaemon - 1.1.1+bzr982-0ubuntu14.5 No subscription required Medium CVE-2020-16128 CVE-2020-27349 Ubuntu 16.04 LTS Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPT_CONNECT_ONLY option. This could result in data being sent to the wrong destination, possibly exposing sensitive information. This issue only affected Ubuntu 20.10. (CVE-2020-8231) Varnavas Papaioannou discovered that curl incorrectly handled FTP PASV responses. An attacker could possibly use this issue to trick curl into connecting to an arbitrary IP address and be used to perform port scanner and other information gathering. (CVE-2020-8284) It was discovered that curl incorrectly handled FTP wildcard matchins. A remote attacker could possibly use this issue to cause curl to consume resources and crash, resulting in a denial of service. (CVE-2020-8285) It was discovered that curl incorrectly handled OCSP response verification. A remote attacker could possibly use this issue to provide a fraudulent OCSP response. (CVE-2020-8286) Update Instructions: Run `sudo pro fix USN-4665-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.47.0-1ubuntu2.18 libcurl4-openssl-dev - 7.47.0-1ubuntu2.18 libcurl3-gnutls - 7.47.0-1ubuntu2.18 libcurl4-doc - 7.47.0-1ubuntu2.18 libcurl3-nss - 7.47.0-1ubuntu2.18 libcurl4-nss-dev - 7.47.0-1ubuntu2.18 libcurl3 - 7.47.0-1ubuntu2.18 curl - 7.47.0-1ubuntu2.18 No subscription required Medium CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 Ubuntu 16.04 LTS It was discovered that lxml incorrectly handled certain HTML. An attacker could possibly use this issue to cross-site scripting (XSS) attacks. Update Instructions: Run `sudo pro fix USN-4666-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-lxml - 3.5.0-1ubuntu0.2 python-lxml - 3.5.0-1ubuntu0.2 python-lxml-doc - 3.5.0-1ubuntu0.2 No subscription required Medium CVE-2020-27783 Ubuntu 16.04 LTS USN-4666-1 partially fixed a vulnerability in lxml, but an additional patch was needed. This update provides the corresponding additional patch in order to properly fix the vulnerability. Original advisory details: It was discovered that lxml incorrectly handled certain HTML. An attacker could possibly use this issue to cross-site scripting (XSS) attacks. Update Instructions: Run `sudo pro fix USN-4666-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-lxml - 3.5.0-1ubuntu0.3 python-lxml - 3.5.0-1ubuntu0.3 python-lxml-doc - 3.5.0-1ubuntu0.3 No subscription required Medium CVE-2020-27783 Ubuntu 16.04 LTS Kevin Backhouse discovered that APT incorrectly handled certain packages. A local attacker could possibly use this issue to cause APT to crash or stop responding, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4667-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apt-doc - 1.2.32ubuntu0.2 apt-transport-https - 1.2.32ubuntu0.2 libapt-pkg5.0 - 1.2.32ubuntu0.2 libapt-pkg-doc - 1.2.32ubuntu0.2 apt - 1.2.32ubuntu0.2 apt-utils - 1.2.32ubuntu0.2 libapt-inst2.0 - 1.2.32ubuntu0.2 libapt-pkg-dev - 1.2.32ubuntu0.2 No subscription required Medium CVE-2020-27350 Ubuntu 16.04 LTS Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could possibly use this issue to cause python-apt to consume resources, leading to a denial of service. Update Instructions: Run `sudo pro fix USN-4668-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-apt - 1.1.0~beta1ubuntu0.16.04.10 python-apt - 1.1.0~beta1ubuntu0.16.04.10 python-apt-common - 1.1.0~beta1ubuntu0.16.04.10 python-apt-dev - 1.1.0~beta1ubuntu0.16.04.10 python-apt-doc - 1.1.0~beta1ubuntu0.16.04.10 No subscription required Medium CVE-2020-27351 Ubuntu 16.04 LTS USN-4668-1 fixed vulnerabilities in python-apt. The update caused a regression when using certain APIs with a file handle. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could possibly use this issue to cause python-apt to consume resources, leading to a denial of service. Update Instructions: Run `sudo pro fix USN-4668-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-apt - 1.1.0~beta1ubuntu0.16.04.11 python-apt - 1.1.0~beta1ubuntu0.16.04.11 python-apt-common - 1.1.0~beta1ubuntu0.16.04.11 python-apt-dev - 1.1.0~beta1ubuntu0.16.04.11 python-apt-doc - 1.1.0~beta1ubuntu0.16.04.11 No subscription required None https://launchpad.net/bugs/1907676 Ubuntu 16.04 LTS It was discovered that a cross-site scripting (XSS) vulnerability in SquirrelMail allows remote attackers to use malicious script content from HTML e-mail to execute code and/or provoke a denial of service. Update Instructions: Run `sudo pro fix USN-4669-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squirrelmail - 2:1.4.23~svn20120406-2+deb8u3ubuntu0.16.04.2 No subscription required Medium CVE-2019-12970 Ubuntu 16.04 LTS It was discovered that ImageMagick incorrectly handled certain specially crafted image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.10. (CVE-2019-19948, CVE-2019-19949) It was discovered that ImageMagick incorrectly handled certain specially crafted image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. (CVE-2020-27560) Update Instructions: Run `sudo pro fix USN-4670-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.8.9.9-7ubuntu5.16 libmagickcore-6.q16-dev - 8:6.8.9.9-7ubuntu5.16 libmagickcore-dev - 8:6.8.9.9-7ubuntu5.16 imagemagick - 8:6.8.9.9-7ubuntu5.16 imagemagick-doc - 8:6.8.9.9-7ubuntu5.16 libmagickwand-dev - 8:6.8.9.9-7ubuntu5.16 libmagickwand-6.q16-dev - 8:6.8.9.9-7ubuntu5.16 libmagick++-6-headers - 8:6.8.9.9-7ubuntu5.16 libimage-magick-q16-perl - 8:6.8.9.9-7ubuntu5.16 libimage-magick-perl - 8:6.8.9.9-7ubuntu5.16 libmagick++-dev - 8:6.8.9.9-7ubuntu5.16 imagemagick-6.q16 - 8:6.8.9.9-7ubuntu5.16 libmagick++-6.q16-5v5 - 8:6.8.9.9-7ubuntu5.16 perlmagick - 8:6.8.9.9-7ubuntu5.16 libmagickwand-6.q16-2 - 8:6.8.9.9-7ubuntu5.16 libmagickcore-6-arch-config - 8:6.8.9.9-7ubuntu5.16 libmagick++-6.q16-dev - 8:6.8.9.9-7ubuntu5.16 libmagickcore-6.q16-2-extra - 8:6.8.9.9-7ubuntu5.16 libmagickcore-6-headers - 8:6.8.9.9-7ubuntu5.16 libmagickwand-6-headers - 8:6.8.9.9-7ubuntu5.16 libmagickcore-6.q16-2 - 8:6.8.9.9-7ubuntu5.16 No subscription required Low CVE-2019-19948 CVE-2019-19949 CVE-2020-27560 Ubuntu 16.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass the CSS sanitizer, bypass security restrictions, spoof the URL bar, or execute arbitrary code. (CVE-2020-16042, CVE-2020-26971, CVE-2020-26972, CVE-2020-26793, CVE-2020-26974, CVE-2020-26976, CVE-2020-26978, CVE-2020-26979, CVE-2020-35113, CVE-2020-35114) It was discovered that the proxy.onRequest API did not catch view-source URLs. If a user were tricked in to installing an extension with the proxy permission and opening View Source, an attacker could potentially exploit this to obtain sensitive information. (CVE-2020-35111) Update Instructions: Run `sudo pro fix USN-4671-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-nn - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-ne - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-nb - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-fa - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-fi - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-fr - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-fy - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-or - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-kab - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-oc - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-cs - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-ga - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-gd - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-gn - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-gl - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-gu - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-pa - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-pl - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-cy - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-pt - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-hi - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-uk - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-he - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-hy - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-hr - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-hu - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-as - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-ar - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-ia - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-az - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-id - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-mai - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-af - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-is - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-it - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-an - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-bs - 84.0+build3-0ubuntu0.16.04.1 firefox - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-ro - 84.0+build3-0ubuntu0.16.04.1 firefox-geckodriver - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-ja - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-ru - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-br - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-zh-hant - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-zh-hans - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-bn - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-be - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-bg - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-sl - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-sk - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-si - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-sw - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-sv - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-sr - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-sq - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-ko - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-kn - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-km - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-kk - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-ka - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-xh - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-ca - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-ku - 84.0+build3-0ubuntu0.16.04.1 firefox-mozsymbols - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-lv - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-lt - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-th - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-hsb - 84.0+build3-0ubuntu0.16.04.1 firefox-dev - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-te - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-cak - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-ta - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-lg - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-tr - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-nso - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-de - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-da - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-ms - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-mr - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-my - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-uz - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-ml - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-mn - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-mk - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-ur - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-vi - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-eu - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-et - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-es - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-csb - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-el - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-eo - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-en - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-zu - 84.0+build3-0ubuntu0.16.04.1 firefox-locale-ast - 84.0+build3-0ubuntu0.16.04.1 No subscription required Medium CVE-2020-16042 CVE-2020-26971 CVE-2020-26972 CVE-2020-26973 CVE-2020-26974 CVE-2020-26976 CVE-2020-26978 CVE-2020-26979 CVE-2020-35111 CVE-2020-35113 CVE-2020-35114 Ubuntu 16.04 LTS Rene Freingruber discovered that unzip incorrectly handled certain specially crafted password protected ZIP archives. If a user or automated system using unzip were tricked into opening a specially crafted zip file, an attacker could exploit this to cause a crash, resulting in a denial of service. (CVE-2018-1000035) Antonio Carista discovered that unzip incorrectly handled certain specially crafted ZIP archives. If a user or automated system using unzip were tricked into opening a specially crafted zip file, an attacker could exploit this to cause a crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. (CVE-2018-18384) It was discovered that unzip incorrectly handled certain specially crafted ZIP archives. If a user or automated system using unzip were tricked into opening a specially crafted zip file, an attacker could exploit this to cause resource consumption, resulting in a denial of service. (CVE-2019-13232) Martin Carpenter discovered that unzip incorrectly handled certain specially crafted ZIP archives. If a user or automated system using unzip were tricked into opening a specially crafted zip file, an attacker could exploit this to cause a crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2014-9913) Alexis Vanden Eijnde discovered that unzip incorrectly handled certain specially crafted ZIP archives. If a user or automated system using unzip were tricked into opening a specially crafted zip file, an attacker could exploit this to cause a crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2016-9844) Update Instructions: Run `sudo pro fix USN-4672-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: unzip - 6.0-20ubuntu1.1 No subscription required Low CVE-2014-9913 CVE-2016-9844 CVE-2018-1000035 CVE-2018-18384 CVE-2019-13232 Ubuntu 16.04 LTS Li Fei discovered that libproxy incorrectly handled certain PAC files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4673-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libproxy-cil-dev - 0.4.11-5ubuntu1.2 python-libproxy - 0.4.11-5ubuntu1.2 libproxy1v5 - 0.4.11-5ubuntu1.2 libproxy0.4-cil - 0.4.11-5ubuntu1.2 libproxy1-plugin-gsettings - 0.4.11-5ubuntu1.2 libproxy-dev - 0.4.11-5ubuntu1.2 libproxy1-plugin-webkit - 0.4.11-5ubuntu1.2 libproxy1-plugin-kconfig - 0.4.11-5ubuntu1.2 libproxy1-plugin-networkmanager - 0.4.11-5ubuntu1.2 libproxy-tools - 0.4.11-5ubuntu1.2 No subscription required Medium CVE-2020-26154 Ubuntu 16.04 LTS It was discovered that Dovecot incorrectly handled certain imap hibernation commands. A remote authenticated attacker could possibly use this issue to access other users' email. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2020-24386) Innokentii Sennovskiy discovered that Dovecot incorrectly handled MIME parsing. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service. (CVE-2020-25275) Update Instructions: Run `sudo pro fix USN-4674-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dovecot-pgsql - 1:2.2.22-1ubuntu2.14 dovecot-mysql - 1:2.2.22-1ubuntu2.14 dovecot-sieve - 1:2.2.22-1ubuntu2.14 dovecot-core - 1:2.2.22-1ubuntu2.14 dovecot-ldap - 1:2.2.22-1ubuntu2.14 dovecot-sqlite - 1:2.2.22-1ubuntu2.14 dovecot-dev - 1:2.2.22-1ubuntu2.14 dovecot-pop3d - 1:2.2.22-1ubuntu2.14 dovecot-imapd - 1:2.2.22-1ubuntu2.14 dovecot-managesieved - 1:2.2.22-1ubuntu2.14 dovecot-lucene - 1:2.2.22-1ubuntu2.14 mail-stack-delivery - 1:2.2.22-1ubuntu2.14 dovecot-gssapi - 1:2.2.22-1ubuntu2.14 dovecot-solr - 1:2.2.22-1ubuntu2.14 dovecot-lmtpd - 1:2.2.22-1ubuntu2.14 No subscription required Medium CVE-2020-24386 CVE-2020-25275 Ubuntu 16.04 LTS Pritam Singh discovered that OpenStack Horizon incorrectly validated certain parameters. An attacker could possibly use this issue to cause OpenStack Horizon to redirect to a malicious URL. Update Instructions: Run `sudo pro fix USN-4675-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openstack-dashboard - 2:9.1.2-0ubuntu5.2 python-django-horizon - 2:9.1.2-0ubuntu5.2 openstack-dashboard-ubuntu-theme - 2:9.1.2-0ubuntu5.2 No subscription required Medium CVE-2020-29565 Ubuntu 16.04 LTS It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4676-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libopenexr-dev - 2.2.0-10ubuntu2.4 openexr - 2.2.0-10ubuntu2.4 libopenexr22 - 2.2.0-10ubuntu2.4 openexr-doc - 2.2.0-10ubuntu2.4 No subscription required Medium CVE-2020-16587 CVE-2020-16588 CVE-2020-16589 Ubuntu 16.04 LTS David Cook discovered that p11-kit incorrectly handled certain memory operations. An attacker could use this issue to cause p11-kit to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4677-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libp11-kit0 - 0.23.2-5~ubuntu16.04.2 libp11-kit-dev - 0.23.2-5~ubuntu16.04.2 p11-kit-modules - 0.23.2-5~ubuntu16.04.2 p11-kit - 0.23.2-5~ubuntu16.04.2 No subscription required Medium CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 Ubuntu 16.04 LTS It was discovered that debugfs in the Linux kernel as used by blktrace contained a use-after-free in some situations. A privileged local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-19770) It was discovered that a race condition existed in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-0423) Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this to impersonate a previously paired Bluetooth device. (CVE-2020-10135) It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-25656) Minh Yuan discovered that the tty driver in the Linux kernel contained race conditions when handling fonts. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2020-25668) Keyu Man discovered that the ICMP global rate limiter in the Linux kernel could be used to assist in scanning open UDP ports. A remote attacker could use to facilitate attacks on UDP based services that depend on source port randomization. (CVE-2020-25705) Jinoh Kang discovered that the Xen event channel infrastructure in the Linux kernel contained a race condition. An attacker in guest could possibly use this to cause a denial of service (dom0 crash). (CVE-2020-27675) Daniel Axtens discovered that PowerPC RTAS implementation in the Linux kernel did not properly restrict memory accesses in some situations. A privileged local attacker could use this to arbitrarily modify kernel memory, potentially bypassing kernel lockdown restrictions. (CVE-2020-27777) Minh Yuan discovered that the framebuffer console driver in the Linux kernel did not properly handle fonts in some conditions. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2020-28974) Update Instructions: Run `sudo pro fix USN-4680-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1062-oracle - 4.15.0-1062.68~16.04.1 No subscription required linux-image-4.15.0-1091-gcp - 4.15.0-1091.104~16.04.1 No subscription required linux-image-4.15.0-1091-aws - 4.15.0-1091.96~16.04.1 No subscription required linux-image-4.15.0-1103-azure - 4.15.0-1103.114~16.04.1 No subscription required linux-image-4.15.0-129-generic - 4.15.0-129.132~16.04.1 linux-image-4.15.0-129-lowlatency - 4.15.0-129.132~16.04.1 linux-image-4.15.0-129-generic-lpae - 4.15.0-129.132~16.04.1 No subscription required linux-image-oracle - 4.15.0.1062.51 No subscription required linux-image-aws-hwe - 4.15.0.1091.85 No subscription required linux-image-gke - 4.15.0.1091.92 linux-image-gcp - 4.15.0.1091.92 No subscription required linux-image-azure-edge - 4.15.0.1103.96 linux-image-azure - 4.15.0.1103.96 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.129.128 linux-image-lowlatency-hwe-16.04 - 4.15.0.129.128 linux-image-generic-hwe-16.04-edge - 4.15.0.129.128 linux-image-generic-lpae-hwe-16.04 - 4.15.0.129.128 linux-image-virtual-hwe-16.04 - 4.15.0.129.128 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.129.128 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.129.128 linux-image-oem - 4.15.0.129.128 linux-image-generic-hwe-16.04 - 4.15.0.129.128 No subscription required Medium CVE-2019-19770 CVE-2020-0423 CVE-2020-10135 CVE-2020-25656 CVE-2020-25668 CVE-2020-25705 CVE-2020-27675 CVE-2020-27777 CVE-2020-28974 Ubuntu 16.04 LTS Ryan Hall discovered that the Intel 700 Series Ethernet Controllers driver in the Linux kernel did not properly deallocate memory in some conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-0148) It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-25656) Minh Yuan discovered that the tty driver in the Linux kernel contained race conditions when handling fonts. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2020-25668) Jinoh Kang discovered that the Xen event channel infrastructure in the Linux kernel contained a race condition. An attacker in guest could possibly use this to cause a denial of service (dom0 crash). (CVE-2020-27675) Minh Yuan discovered that the framebuffer console driver in the Linux kernel did not properly handle fonts in some conditions. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2020-28974) It was discovered that Power 9 processors could be coerced to expose information from the L1 cache in certain situations. A local attacker could use this to expose sensitive information. (CVE-2020-4788) Update Instructions: Run `sudo pro fix USN-4681-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1085-kvm - 4.4.0-1085.94 No subscription required linux-image-4.4.0-1119-aws - 4.4.0-1119.133 No subscription required linux-image-4.4.0-1143-raspi2 - 4.4.0-1143.153 No subscription required linux-image-4.4.0-1147-snapdragon - 4.4.0-1147.157 No subscription required linux-image-4.4.0-198-powerpc64-smp - 4.4.0-198.230 linux-image-4.4.0-198-generic - 4.4.0-198.230 linux-image-4.4.0-198-powerpc-e500mc - 4.4.0-198.230 linux-image-4.4.0-198-powerpc64-emb - 4.4.0-198.230 linux-image-4.4.0-198-lowlatency - 4.4.0-198.230 linux-image-4.4.0-198-generic-lpae - 4.4.0-198.230 linux-image-4.4.0-198-powerpc-smp - 4.4.0-198.230 No subscription required linux-image-kvm - 4.4.0.1085.83 No subscription required linux-image-aws - 4.4.0.1119.124 No subscription required linux-image-raspi2 - 4.4.0.1143.143 No subscription required linux-image-snapdragon - 4.4.0.1147.139 No subscription required linux-image-generic-lts-wily - 4.4.0.198.204 linux-image-powerpc64-emb-lts-vivid - 4.4.0.198.204 linux-image-powerpc-e500mc - 4.4.0.198.204 linux-image-generic-lpae-lts-xenial - 4.4.0.198.204 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.198.204 linux-image-generic-lpae-lts-utopic - 4.4.0.198.204 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.198.204 linux-image-generic-lts-utopic - 4.4.0.198.204 linux-image-powerpc-e500mc-lts-wily - 4.4.0.198.204 linux-image-generic-lts-vivid - 4.4.0.198.204 linux-image-generic-lpae-lts-wily - 4.4.0.198.204 linux-image-virtual-lts-vivid - 4.4.0.198.204 linux-image-virtual-lts-utopic - 4.4.0.198.204 linux-image-virtual - 4.4.0.198.204 linux-image-powerpc64-emb-lts-wily - 4.4.0.198.204 linux-image-lowlatency-lts-vivid - 4.4.0.198.204 linux-image-powerpc64-smp-lts-utopic - 4.4.0.198.204 linux-image-powerpc-smp-lts-xenial - 4.4.0.198.204 linux-image-powerpc64-smp-lts-vivid - 4.4.0.198.204 linux-image-lowlatency-lts-wily - 4.4.0.198.204 linux-image-generic - 4.4.0.198.204 linux-image-lowlatency-lts-xenial - 4.4.0.198.204 linux-image-powerpc64-smp-lts-xenial - 4.4.0.198.204 linux-image-powerpc64-emb-lts-utopic - 4.4.0.198.204 linux-image-generic-lts-xenial - 4.4.0.198.204 linux-image-powerpc-smp - 4.4.0.198.204 linux-image-generic-lpae-lts-vivid - 4.4.0.198.204 linux-image-generic-lpae - 4.4.0.198.204 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.198.204 linux-image-powerpc64-smp-lts-wily - 4.4.0.198.204 linux-image-powerpc64-emb - 4.4.0.198.204 linux-image-powerpc64-emb-lts-xenial - 4.4.0.198.204 linux-image-powerpc-smp-lts-wily - 4.4.0.198.204 linux-image-virtual-lts-wily - 4.4.0.198.204 linux-image-powerpc64-smp - 4.4.0.198.204 linux-image-lowlatency-lts-utopic - 4.4.0.198.204 linux-image-powerpc-smp-lts-vivid - 4.4.0.198.204 linux-image-lowlatency - 4.4.0.198.204 linux-image-virtual-lts-xenial - 4.4.0.198.204 linux-image-powerpc-smp-lts-utopic - 4.4.0.198.204 No subscription required Medium CVE-2019-0148 CVE-2020-25656 CVE-2020-25668 CVE-2020-27675 CVE-2020-28974 CVE-2020-4788 Ubuntu 16.04 LTS Laszlo Ersek discovered that EDK II incorrectly validated certain signed images. An attacker could possibly use this issue with a specially crafted image to cause EDK II to hang, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2019-14562) It was discovered that EDK II incorrectly parsed signed PKCS #7 data. An attacker could use this issue to cause EDK II to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-14584) Update Instructions: Run `sudo pro fix USN-4684-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-efi - 0~20160408.ffea0a2c-2ubuntu0.2 ovmf - 0~20160408.ffea0a2c-2ubuntu0.2 No subscription required Low CVE-2019-14562 CVE-2019-14584 Ubuntu 16.04 LTS It was discovered that Ghostscript incorrectly handled certain image files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4686-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.16.04.14 ghostscript-x - 9.26~dfsg+0-0ubuntu0.16.04.14 libgs-dev - 9.26~dfsg+0-0ubuntu0.16.04.14 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.16.04.14 libgs9 - 9.26~dfsg+0-0ubuntu0.16.04.14 libgs9-common - 9.26~dfsg+0-0ubuntu0.16.04.14 No subscription required Medium CVE-2018-5727 CVE-2020-27814 CVE-2020-27824 CVE-2020-27841 CVE-2020-27842 CVE-2020-27843 CVE-2020-27845 CVE-2020-6851 CVE-2020-8112 Ubuntu 16.04 LTS A use-after-free was discovered in Firefox when handling SCTP packets. An attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4687-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nn - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ne - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nb - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fa - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fi - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fr - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-fy - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-or - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kab - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-oc - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cs - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ga - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gd - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gn - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gl - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-gu - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pa - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pl - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cy - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-pt - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hi - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-uk - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-he - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hy - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hr - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hu - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-as - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ar - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ia - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-az - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-id - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mai - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-af - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-is - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-it - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-an - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bs - 84.0.2+build1-0ubuntu0.16.04.1 firefox - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ro - 84.0.2+build1-0ubuntu0.16.04.1 firefox-geckodriver - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ja - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ru - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-br - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zh-hant - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zh-hans - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bn - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-be - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-bg - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sl - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sk - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-si - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sw - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sv - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sr - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-sq - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ko - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kn - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-km - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-kk - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ka - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-xh - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ca - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ku - 84.0.2+build1-0ubuntu0.16.04.1 firefox-mozsymbols - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lv - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lt - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-th - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-hsb - 84.0.2+build1-0ubuntu0.16.04.1 firefox-dev - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-te - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-cak - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ta - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-lg - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-tr - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-nso - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-de - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-da - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ms - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mr - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-my - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-uz - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ml - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mn - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-mk - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ur - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-vi - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-eu - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-et - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-es - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-csb - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-el - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-eo - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-en - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-zu - 84.0.2+build1-0ubuntu0.16.04.1 firefox-locale-ast - 84.0.2+build1-0ubuntu0.16.04.1 No subscription required Medium CVE-2020-16044 Ubuntu 16.04 LTS It was discovered that Jasper incorrectly certain files. An attacker could possibly use this issue to cause a crash. (CVE-2018-18873) It was discovered that Jasper incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-19542) It was discovered that Jasper incorrectly handled certain JPC encoders. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-27828) It was discovered that Jasper incorrectly handled certain images. An attacker could possibly use this issue to expose sensitive information or cause a crash. (CVE-2017-9782) Update Instructions: Run `sudo pro fix USN-4688-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjasper-runtime - 1.900.1-debian1-2.4ubuntu1.3 libjasper-dev - 1.900.1-debian1-2.4ubuntu1.3 libjasper1 - 1.900.1-debian1-2.4ubuntu1.3 No subscription required Medium CVE-2017-9782 CVE-2018-18873 CVE-2018-19542 CVE-2020-27828 Ubuntu 16.04 LTS It was discovered that coTURN allowed peers to connect and relay packets to loopback addresses in the range of 127.x.x.x. A malicious user could use this vulnerability to insert packages into the loopback interface. Update Instructions: Run `sudo pro fix USN-4690-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: coturn - 4.5.0.3-1ubuntu0.4 No subscription required Medium CVE-2020-26262 Ubuntu 16.04 LTS Jonas Rudloff discovered that Open vSwitch incorrectly handled certain malformed LLDP packets. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4691-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openvswitch-switch - 2.5.9-0ubuntu0.16.04.2 openvswitch-pki - 2.5.9-0ubuntu0.16.04.2 ovn-docker - 2.5.9-0ubuntu0.16.04.2 openvswitch-common - 2.5.9-0ubuntu0.16.04.2 openvswitch-testcontroller - 2.5.9-0ubuntu0.16.04.2 openvswitch-vtep - 2.5.9-0ubuntu0.16.04.2 python-openvswitch - 2.5.9-0ubuntu0.16.04.2 openvswitch-ipsec - 2.5.9-0ubuntu0.16.04.2 ovn-host - 2.5.9-0ubuntu0.16.04.2 ovn-common - 2.5.9-0ubuntu0.16.04.2 ovn-central - 2.5.9-0ubuntu0.16.04.2 openvswitch-switch-dpdk - 2.5.9-0ubuntu0.16.04.2 openvswitch-test - 2.5.9-0ubuntu0.16.04.2 No subscription required Medium CVE-2015-8011 CVE-2020-27827 Ubuntu 16.04 LTS Chris Siebenmann discovered that tar incorrectly handled extracting files resized during extraction when invoked with the --sparse flag. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-20482) Daniel Axtens discovered that tar incorrectly handled certain malformed tar files. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to cause tar to crash, resulting in a denial of service. (CVE-2019-9923) Update Instructions: Run `sudo pro fix USN-4692-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tar-scripts - 1.28-2.1ubuntu0.2 tar - 1.28-2.1ubuntu0.2 No subscription required Low CVE-2018-20482 CVE-2019-9923 Ubuntu 16.04 LTS It was discovered that an SQL injection vulnerability exists in the Ampache search engine. Any user able to perform searches could dump any data contained in the database. An attacker could use this to disclose sensitive information. (CVE-2019-12385) It was discovered that an XSS vulnerability in Ampache. An attacker could use this vulnerability to force an admin to create a new privileged user. (CVE-2019-12386) Update Instructions: Run `sudo pro fix USN-4693-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ampache-common - 3.6-rzb2779+dfsg-0ubuntu9.2 ampache - 3.6-rzb2779+dfsg-0ubuntu9.2 No subscription required Medium CVE-2019-12385 CVE-2019-12386 Ubuntu 16.04 LTS It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data. Update Instructions: Run `sudo pro fix USN-4694-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-132-generic - 4.15.0-132.136~16.04.1 linux-image-4.15.0-132-lowlatency - 4.15.0-132.136~16.04.1 linux-image-4.15.0-132-generic-lpae - 4.15.0-132.136~16.04.1 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.132.130 linux-image-lowlatency-hwe-16.04 - 4.15.0.132.130 linux-image-generic-hwe-16.04-edge - 4.15.0.132.130 linux-image-generic-lpae-hwe-16.04 - 4.15.0.132.130 linux-image-virtual-hwe-16.04 - 4.15.0.132.130 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.132.130 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.132.130 linux-image-oem - 4.15.0.132.130 linux-image-generic-hwe-16.04 - 4.15.0.132.130 No subscription required linux-image-4.4.0-200-powerpc-smp - 4.4.0-200.232 linux-image-4.4.0-200-generic - 4.4.0-200.232 linux-image-4.4.0-200-powerpc64-smp - 4.4.0-200.232 linux-image-4.4.0-200-lowlatency - 4.4.0-200.232 linux-image-4.4.0-200-powerpc-e500mc - 4.4.0-200.232 linux-image-4.4.0-200-powerpc64-emb - 4.4.0-200.232 linux-image-4.4.0-200-generic-lpae - 4.4.0-200.232 No subscription required linux-image-generic-lts-wily - 4.4.0.200.206 linux-image-powerpc64-emb-lts-vivid - 4.4.0.200.206 linux-image-powerpc-e500mc - 4.4.0.200.206 linux-image-generic-lpae-lts-xenial - 4.4.0.200.206 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.200.206 linux-image-generic-lpae-lts-utopic - 4.4.0.200.206 linux-image-powerpc64-smp-lts-vivid - 4.4.0.200.206 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.200.206 linux-image-generic-lts-utopic - 4.4.0.200.206 linux-image-powerpc-e500mc-lts-wily - 4.4.0.200.206 linux-image-generic-lts-vivid - 4.4.0.200.206 linux-image-generic-lpae-lts-wily - 4.4.0.200.206 linux-image-virtual-lts-vivid - 4.4.0.200.206 linux-image-virtual-lts-utopic - 4.4.0.200.206 linux-image-virtual - 4.4.0.200.206 linux-image-powerpc64-emb-lts-wily - 4.4.0.200.206 linux-image-powerpc64-smp-lts-xenial - 4.4.0.200.206 linux-image-powerpc64-smp-lts-utopic - 4.4.0.200.206 linux-image-powerpc64-emb - 4.4.0.200.206 linux-image-powerpc-smp-lts-xenial - 4.4.0.200.206 linux-image-lowlatency-lts-wily - 4.4.0.200.206 linux-image-lowlatency-lts-vivid - 4.4.0.200.206 linux-image-generic - 4.4.0.200.206 linux-image-lowlatency-lts-xenial - 4.4.0.200.206 linux-image-powerpc64-emb-lts-utopic - 4.4.0.200.206 linux-image-generic-lts-xenial - 4.4.0.200.206 linux-image-virtual-lts-wily - 4.4.0.200.206 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.200.206 linux-image-powerpc-smp - 4.4.0.200.206 linux-image-generic-lpae-lts-vivid - 4.4.0.200.206 linux-image-generic-lpae - 4.4.0.200.206 linux-image-powerpc64-smp-lts-wily - 4.4.0.200.206 linux-image-powerpc64-emb-lts-xenial - 4.4.0.200.206 linux-image-powerpc-smp-lts-wily - 4.4.0.200.206 linux-image-powerpc64-smp - 4.4.0.200.206 linux-image-lowlatency-lts-utopic - 4.4.0.200.206 linux-image-powerpc-smp-lts-vivid - 4.4.0.200.206 linux-image-lowlatency - 4.4.0.200.206 linux-image-virtual-lts-xenial - 4.4.0.200.206 linux-image-powerpc-smp-lts-utopic - 4.4.0.200.206 No subscription required High CVE-2020-28374 Ubuntu 16.04 LTS Choongwoo Han discovered that icoutils incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2017-5208) It was discovered that icoutils incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2017-5331, CVE-2017-5332, CVE-2017-5333) Jerzy Kramarz discovered that icoutils incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2017-6009, CVE-2017-6010) Jerzy Kramarz discovered that icoutils incorrectly handled certain files. An attacker could possibly use this issue to expose sensitive information. (CVE-2017-6011) Update Instructions: Run `sudo pro fix USN-4695-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: icoutils - 0.31.0-3ubuntu0.1 No subscription required Medium CVE-2017-5208 CVE-2017-5331 CVE-2017-5332 CVE-2017-5333 CVE-2017-6009 CVE-2017-6010 CVE-2017-6011 Ubuntu 16.04 LTS It was discovered that HTMLDOC incorrectly handled certain HTML files. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4696-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: htmldoc - 1.8.27-8ubuntu1.1 htmldoc-common - 1.8.27-8ubuntu1.1 No subscription required Medium CVE-2019-19630 Ubuntu 16.04 LTS It was discovered that Pillow incorrectly handled certain PCX image files. If a user or automated system were tricked into opening a specially-crafted PCX file, a remote attacker could possibly cause Pillow to crash, resulting in a denial of service. (CVE-2020-35653) It was discovered that Pillow incorrectly handled certain Tiff image files. If a user or automated system were tricked into opening a specially-crafted Tiff file, a remote attacker could cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2020-35654) It was discovered that Pillow incorrectly handled certain SGI image files. If a user or automated system were tricked into opening a specially-crafted SGI file, a remote attacker could possibly cause Pillow to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2020-35655) Update Instructions: Run `sudo pro fix USN-4697-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-pil.imagetk - 3.1.2-0ubuntu1.5 python-pil-doc - 3.1.2-0ubuntu1.5 python3-pil - 3.1.2-0ubuntu1.5 python-pil.imagetk - 3.1.2-0ubuntu1.5 python-imaging - 3.1.2-0ubuntu1.5 python-pil - 3.1.2-0ubuntu1.5 No subscription required Medium CVE-2020-35653 CVE-2020-35654 CVE-2020-35655 Ubuntu 16.04 LTS Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled memory when sorting RRsets. A remote attacker could use this issue to cause Dnsmasq to hang, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-25681, CVE-2020-25687) Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled extracting certain names. A remote attacker could use this issue to cause Dnsmasq to hang, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-25682, CVE-2020-25683) Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly implemented address/port checks. A remote attacker could use this issue to perform a cache poisoning attack. (CVE-2020-25684) Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly implemented query resource name checks. A remote attacker could use this issue to perform a cache poisoning attack. (CVE-2020-25685) Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled multiple query requests for the same resource name. A remote attacker could use this issue to perform a cache poisoning attack. (CVE-2020-25686) It was discovered that Dnsmasq incorrectly handled memory during DHCP response creation. A remote attacker could possibly use this issue to cause Dnsmasq to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2019-14834) Update Instructions: Run `sudo pro fix USN-4698-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsmasq - 2.75-1ubuntu0.16.04.7 dnsmasq-utils - 2.75-1ubuntu0.16.04.7 dnsmasq-base - 2.75-1ubuntu0.16.04.7 No subscription required Medium CVE-2019-14834 CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 Ubuntu 16.04 LTS USN-4698-1 fixed vulnerabilities in Dnsmasq. The updates introduced regressions in certain environments related to issues with multiple queries, and issues with retries. This update fixes the problem. Original advisory details: Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled memory when sorting RRsets. A remote attacker could use this issue to cause Dnsmasq to hang, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-25681, CVE-2020-25687) Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled extracting certain names. A remote attacker could use this issue to cause Dnsmasq to hang, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-25682, CVE-2020-25683) Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly implemented address/port checks. A remote attacker could use this issue to perform a cache poisoning attack. (CVE-2020-25684) Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly implemented query resource name checks. A remote attacker could use this issue to perform a cache poisoning attack. (CVE-2020-25685) Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled multiple query requests for the same resource name. A remote attacker could use this issue to perform a cache poisoning attack. (CVE-2020-25686) It was discovered that Dnsmasq incorrectly handled memory during DHCP response creation. A remote attacker could possibly use this issue to cause Dnsmasq to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2019-14834) Update Instructions: Run `sudo pro fix USN-4698-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsmasq - 2.75-1ubuntu0.16.04.8 dnsmasq-utils - 2.75-1ubuntu0.16.04.8 dnsmasq-base - 2.75-1ubuntu0.16.04.8 No subscription required None https://launchpad.net/bugs/1916462 Ubuntu 16.04 LTS It was discovered that Apache Log4net incorrectly handled certain configuration files. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-4699-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblog4net1.2-cil - 1.2.10+dfsg-7ubuntu0.16.04.1 liblog4net-cil-dev - 1.2.10+dfsg-7ubuntu0.16.04.1 No subscription required Medium CVE-2018-1285 Ubuntu 16.04 LTS Alexandre D'Hondt discovered that PyXDG did not properly sanitize input. An attacker could exploit this with a crafted .menu file to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4700-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-xdg - 0.25-4ubuntu0.16.04.1 python-xdg - 0.25-4ubuntu0.16.04.1 No subscription required Low CVE-2019-12761 Ubuntu 16.04 LTS It was discovered that Pound incorrectly handled certain HTTP requests A remote attacker could use it to retrieve some sensitive information. (CVE-2016-10711, CVE-2018-21245) Update Instructions: Run `sudo pro fix USN-4702-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: pound - 2.6-6.1ubuntu0.1 No subscription required Medium CVE-2016-10711 CVE-2018-21245 Ubuntu 16.04 LTS It was discovered that Mutt incorrectly handled certain email messages. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4703-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mutt-patched - 1.5.24-1ubuntu0.6 mutt - 1.5.24-1ubuntu0.6 No subscription required Medium CVE-2021-3181 Ubuntu 16.04 LTS It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-12562) It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. (CVE-2017-14245, CVE-2017-14246, CVE-2017-14634, CVE-2017-16942, CVE-2017-6892, CVE-2018-13139, CVE-2018-19432, CVE-2018-19661, CVE-2018-19662, CVE-2018-19758, CVE-2019-3832) Update Instructions: Run `sudo pro fix USN-4704-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsndfile1 - 1.0.25-10ubuntu0.16.04.3 libsndfile1-dev - 1.0.25-10ubuntu0.16.04.3 sndfile-programs - 1.0.25-10ubuntu0.16.04.3 No subscription required Medium CVE-2017-12562 CVE-2017-14245 CVE-2017-14246 CVE-2017-14634 CVE-2017-16942 CVE-2017-6892 CVE-2018-13139 CVE-2018-19432 CVE-2018-19661 CVE-2018-19662 CVE-2018-19758 CVE-2019-3832 Ubuntu 16.04 LTS It was discovered that Sudo incorrectly handled memory when parsing command lines. A local attacker could possibly use this issue to obtain unintended access to the administrator account. (CVE-2021-3156) It was discovered that the Sudo sudoedit utility incorrectly handled checking directory permissions. A local attacker could possibly use this issue to bypass file permissions and determine if a directory exists or not. (CVE-2021-23239) Update Instructions: Run `sudo pro fix USN-4705-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sudo-ldap - 1.8.16-0ubuntu1.10 sudo - 1.8.16-0ubuntu1.10 No subscription required High CVE-2021-23239 CVE-2021-3156 Ubuntu 16.04 LTS Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13093) It was discovered that the btrfs file system implementation in the Linux kernel did not properly validate file system metadata in some situations. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2019-19813, CVE-2019-19816) Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2020-25669) Daniel Axtens discovered that PowerPC RTAS implementation in the Linux kernel did not properly restrict memory accesses in some situations. A privileged local attacker could use this to arbitrarily modify kernel memory, potentially bypassing kernel lockdown restrictions. (CVE-2020-27777) Update Instructions: Run `sudo pro fix USN-4708-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-201-generic - 4.4.0-201.233 linux-image-4.4.0-201-powerpc64-smp - 4.4.0-201.233 linux-image-4.4.0-201-lowlatency - 4.4.0-201.233 linux-image-4.4.0-201-powerpc-smp - 4.4.0-201.233 linux-image-4.4.0-201-generic-lpae - 4.4.0-201.233 linux-image-4.4.0-201-powerpc64-emb - 4.4.0-201.233 linux-image-4.4.0-201-powerpc-e500mc - 4.4.0-201.233 No subscription required linux-image-powerpc64-smp-lts-utopic - 4.4.0.201.207 linux-image-generic-lts-wily - 4.4.0.201.207 linux-image-powerpc-e500mc - 4.4.0.201.207 linux-image-generic-lpae-lts-xenial - 4.4.0.201.207 linux-image-generic-lpae-lts-utopic - 4.4.0.201.207 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.201.207 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.201.207 linux-image-powerpc-e500mc-lts-wily - 4.4.0.201.207 linux-image-generic-lts-vivid - 4.4.0.201.207 linux-image-generic-lpae-lts-wily - 4.4.0.201.207 linux-image-virtual-lts-vivid - 4.4.0.201.207 linux-image-virtual-lts-utopic - 4.4.0.201.207 linux-image-virtual - 4.4.0.201.207 linux-image-powerpc64-emb-lts-wily - 4.4.0.201.207 linux-image-lowlatency-lts-vivid - 4.4.0.201.207 linux-image-generic-lts-utopic - 4.4.0.201.207 linux-image-powerpc64-emb - 4.4.0.201.207 linux-image-powerpc-smp-lts-xenial - 4.4.0.201.207 linux-image-powerpc64-smp-lts-vivid - 4.4.0.201.207 linux-image-lowlatency-lts-wily - 4.4.0.201.207 linux-image-generic - 4.4.0.201.207 linux-image-lowlatency-lts-xenial - 4.4.0.201.207 linux-image-powerpc64-smp-lts-xenial - 4.4.0.201.207 linux-image-powerpc64-emb-lts-utopic - 4.4.0.201.207 linux-image-generic-lts-xenial - 4.4.0.201.207 linux-image-virtual-lts-wily - 4.4.0.201.207 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.201.207 linux-image-powerpc-smp - 4.4.0.201.207 linux-image-powerpc64-emb-lts-vivid - 4.4.0.201.207 linux-image-generic-lpae-lts-vivid - 4.4.0.201.207 linux-image-generic-lpae - 4.4.0.201.207 linux-image-powerpc64-smp-lts-wily - 4.4.0.201.207 linux-image-powerpc64-emb-lts-xenial - 4.4.0.201.207 linux-image-powerpc-smp-lts-wily - 4.4.0.201.207 linux-image-powerpc64-smp - 4.4.0.201.207 linux-image-lowlatency-lts-utopic - 4.4.0.201.207 linux-image-powerpc-smp-lts-vivid - 4.4.0.201.207 linux-image-lowlatency - 4.4.0.201.207 linux-image-virtual-lts-xenial - 4.4.0.201.207 linux-image-powerpc-smp-lts-utopic - 4.4.0.201.207 No subscription required Medium CVE-2018-13093 CVE-2019-19813 CVE-2019-19816 CVE-2020-25669 CVE-2020-27777 Ubuntu 16.04 LTS It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data. (CVE-2020-28374) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13093) It was discovered that the btrfs file system implementation in the Linux kernel did not properly validate file system metadata in some situations. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2019-19813, CVE-2019-19816) Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2020-25669) Update Instructions: Run `sudo pro fix USN-4709-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1087-kvm - 4.4.0-1087.96 No subscription required linux-image-4.4.0-1121-aws - 4.4.0-1121.135 No subscription required linux-image-4.4.0-1145-raspi2 - 4.4.0-1145.155 No subscription required linux-image-4.4.0-1149-snapdragon - 4.4.0-1149.159 No subscription required linux-image-kvm - 4.4.0.1087.85 No subscription required linux-image-aws - 4.4.0.1121.126 No subscription required linux-image-raspi2 - 4.4.0.1145.145 No subscription required linux-image-snapdragon - 4.4.0.1149.141 No subscription required High CVE-2018-13093 CVE-2019-19813 CVE-2019-19816 CVE-2020-25669 CVE-2020-28374 Ubuntu 16.04 LTS Kiyin (尹亮) discovered that the perf subsystem in the Linux kernel did not properly deallocate memory in some situations. A privileged attacker could use this to cause a denial of service (kernel memory exhaustion). Update Instructions: Run `sudo pro fix USN-4710-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-133-generic-lpae - 4.15.0-133.137~16.04.1 linux-image-4.15.0-133-lowlatency - 4.15.0-133.137~16.04.1 linux-image-4.15.0-133-generic - 4.15.0-133.137~16.04.1 No subscription required linux-image-virtual-hwe-16.04 - 4.15.0.133.131 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.133.131 linux-image-virtual-hwe-16.04-edge - 4.15.0.133.131 linux-image-generic-hwe-16.04 - 4.15.0.133.131 linux-image-lowlatency-hwe-16.04 - 4.15.0.133.131 linux-image-generic-hwe-16.04-edge - 4.15.0.133.131 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.133.131 linux-image-oem - 4.15.0.133.131 linux-image-generic-lpae-hwe-16.04 - 4.15.0.133.131 No subscription required Medium CVE-2020-25704 Ubuntu 16.04 LTS It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data. (CVE-2020-28374) Kiyin (尹亮) discovered that the perf subsystem in the Linux kernel did not properly deallocate memory in some situations. A privileged attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2020-25704) Update Instructions: Run `sudo pro fix USN-4711-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1064-oracle - 4.15.0-1064.71~16.04.1 No subscription required linux-image-4.15.0-1092-gcp - 4.15.0-1092.105~16.04.1 No subscription required linux-image-4.15.0-1093-aws - 4.15.0-1093.99~16.04.1 No subscription required linux-image-4.15.0-1106-azure - 4.15.0-1106.118~16.04.1 No subscription required linux-image-oracle - 4.15.0.1064.52 No subscription required linux-image-gke - 4.15.0.1092.93 linux-image-gcp - 4.15.0.1092.93 No subscription required linux-image-aws-hwe - 4.15.0.1093.86 No subscription required linux-image-azure-edge - 4.15.0.1106.97 linux-image-azure - 4.15.0.1106.97 No subscription required High CVE-2020-25704 CVE-2020-28374 Ubuntu 16.04 LTS Wang Baohua discovered that Django incorrectly extracted archive files. A remote attacker could possibly use this issue to extract files outside of their expected location. Update Instructions: Run `sudo pro fix USN-4715-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1.8.7-1ubuntu5.14 python-django-doc - 1.8.7-1ubuntu5.14 python-django-common - 1.8.7-1ubuntu5.14 python-django - 1.8.7-1ubuntu5.14 No subscription required Medium CVE-2021-3281 Ubuntu 16.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.23 in Ubuntu 20.04 LTS and Ubuntu 20.10. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.33. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-33.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-23.html https://www.oracle.com/security-alerts/cpujan2021.html Update Instructions: Run `sudo pro fix USN-4716-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.33-0ubuntu0.16.04.1 mysql-source-5.7 - 5.7.33-0ubuntu0.16.04.1 libmysqlclient-dev - 5.7.33-0ubuntu0.16.04.1 mysql-client-core-5.7 - 5.7.33-0ubuntu0.16.04.1 mysql-client-5.7 - 5.7.33-0ubuntu0.16.04.1 libmysqlclient20 - 5.7.33-0ubuntu0.16.04.1 mysql-server-5.7 - 5.7.33-0ubuntu0.16.04.1 mysql-common - 5.7.33-0ubuntu0.16.04.1 mysql-server - 5.7.33-0ubuntu0.16.04.1 mysql-server-core-5.7 - 5.7.33-0ubuntu0.16.04.1 mysql-testsuite - 5.7.33-0ubuntu0.16.04.1 libmysqld-dev - 5.7.33-0ubuntu0.16.04.1 mysql-testsuite-5.7 - 5.7.33-0ubuntu0.16.04.1 No subscription required Medium CVE-2021-2002 CVE-2021-2010 CVE-2021-2011 CVE-2021-2014 CVE-2021-2021 CVE-2021-2022 CVE-2021-2024 CVE-2021-2031 CVE-2021-2032 CVE-2021-2036 CVE-2021-2038 CVE-2021-2046 CVE-2021-2048 CVE-2021-2056 CVE-2021-2058 CVE-2021-2060 CVE-2021-2061 CVE-2021-2065 CVE-2021-2070 CVE-2021-2072 CVE-2021-2076 CVE-2021-2081 CVE-2021-2087 CVE-2021-2088 CVE-2021-2122 Ubuntu 16.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct clickjacking attacks, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4717-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-nn - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-ne - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-nb - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-fa - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-fi - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-fr - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-fy - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-or - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-kab - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-oc - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-cs - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-ga - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-gd - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-gn - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-gl - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-gu - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-pa - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-pl - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-cy - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-pt - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-hi - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-uk - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-he - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-hy - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-hr - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-hu - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-as - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-ar - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-ia - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-az - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-id - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-mai - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-af - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-is - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-it - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-an - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-bs - 85.0+build1-0ubuntu0.16.04.1 firefox - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-ro - 85.0+build1-0ubuntu0.16.04.1 firefox-geckodriver - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-ja - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-ru - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-br - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-zh-hant - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-zh-hans - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-bn - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-be - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-bg - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-sl - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-sk - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-si - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-sw - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-sv - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-sr - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-sq - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-ko - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-kn - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-km - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-kk - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-ka - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-xh - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-ca - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-ku - 85.0+build1-0ubuntu0.16.04.1 firefox-mozsymbols - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-lv - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-lt - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-th - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-hsb - 85.0+build1-0ubuntu0.16.04.1 firefox-dev - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-te - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-cak - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-ta - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-lg - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-tr - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-nso - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-de - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-da - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-ms - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-mr - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-my - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-uz - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-ml - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-mn - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-mk - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-ur - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-vi - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-eu - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-et - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-es - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-csb - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-el - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-eo - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-en - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-zu - 85.0+build1-0ubuntu0.16.04.1 firefox-locale-ast - 85.0+build1-0ubuntu0.16.04.1 No subscription required Medium CVE-2021-23953 CVE-2021-23954 CVE-2021-23955 CVE-2021-23956 CVE-2021-23958 CVE-2021-23960 CVE-2021-23961 CVE-2021-23962 CVE-2021-23963 CVE-2021-23964 CVE-2021-23965 Ubuntu 16.04 LTS USN-4717-1 fixed vulnerabilities in Firefox. The update caused a startup hang in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct clickjacking attacks, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4717-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nn - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ne - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nb - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fa - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fi - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fr - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-fy - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-or - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kab - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-oc - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cs - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ga - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gd - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gn - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gl - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-gu - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pa - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pl - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cy - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-pt - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hi - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-uk - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-he - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hy - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hr - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hu - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-as - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ar - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ia - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-az - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-id - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mai - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-af - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-is - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-it - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-an - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bs - 85.0.1+build1-0ubuntu0.16.04.1 firefox - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ro - 85.0.1+build1-0ubuntu0.16.04.1 firefox-geckodriver - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ja - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ru - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-br - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zh-hant - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zh-hans - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bn - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-be - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-bg - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sl - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sk - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-si - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sw - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sv - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sr - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-sq - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ko - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kn - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-km - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-kk - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ka - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-xh - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ca - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ku - 85.0.1+build1-0ubuntu0.16.04.1 firefox-mozsymbols - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lv - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lt - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-th - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-hsb - 85.0.1+build1-0ubuntu0.16.04.1 firefox-dev - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-te - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-cak - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ta - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-lg - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-tr - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-nso - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-de - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-da - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ms - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mr - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-my - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-uz - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ml - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mn - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-mk - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ur - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-vi - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-eu - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-et - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-es - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-csb - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-el - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-eo - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-en - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-zu - 85.0.1+build1-0ubuntu0.16.04.1 firefox-locale-ast - 85.0.1+build1-0ubuntu0.16.04.1 No subscription required None https://launchpad.net/bugs/1914147 Ubuntu 16.04 LTS It was discovered that fastd incorrectly handled certain packets. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4718-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: fastd - 17-4ubuntu0.1 No subscription required Medium CVE-2020-27638 Ubuntu 16.04 LTS The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.46 version of the Mozilla certificate authority bundle. Update Instructions: Run `sudo pro fix USN-4719-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ca-certificates-udeb - 20210119~16.04.1 ca-certificates - 20210119~16.04.1 No subscription required None https://launchpad.net/bugs/1914064 Ubuntu 16.04 LTS Itai Greenhut discovered that Apport incorrectly parsed certain files in the /proc filesystem. A local attacker could use this issue to escalate privileges and run arbitrary code. (CVE-2021-25682, CVE-2021-25683) Itai Greenhut discovered that Apport incorrectly handled opening certain special files. A local attacker could possibly use this issue to cause Apport to hang, resulting in a denial of service. (CVE-2021-25684) Update Instructions: Run `sudo pro fix USN-4720-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.20.1-0ubuntu2.30 python3-problem-report - 2.20.1-0ubuntu2.30 apport-kde - 2.20.1-0ubuntu2.30 apport-retrace - 2.20.1-0ubuntu2.30 apport-valgrind - 2.20.1-0ubuntu2.30 python3-apport - 2.20.1-0ubuntu2.30 dh-apport - 2.20.1-0ubuntu2.30 apport-gtk - 2.20.1-0ubuntu2.30 apport - 2.20.1-0ubuntu2.30 python-problem-report - 2.20.1-0ubuntu2.30 apport-noui - 2.20.1-0ubuntu2.30 No subscription required Medium CVE-2021-25682 CVE-2021-25683 CVE-2021-25684 Ubuntu 16.04 LTS It was discovered that ReadyMedia (MiniDLNA) allowed subscription requests with a delivery URL on a different network segment than the fully qualified event- subscription URL. An attacker could use this to hijack smart devices and cause denial of service attacks. (CVE-2020-12695) It was discovered that ReadyMedia (MiniDLNA) allowed remote code execution. A remote attacker could send a malicious UPnP HTTP request to the service using HTTP chunked encoding and cause a denial of service. (CVE-2020-28926) Update Instructions: Run `sudo pro fix USN-4722-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: minidlna - 1.1.5+dfsg-2ubuntu0.1 No subscription required Medium CVE-2020-12695 CVE-2020-28926 Ubuntu 16.04 LTS It was discovered that PEAR incorrectly handled symbolic links in archives. A remote attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4723-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php-pear - 1:1.10.1+submodules+notgz-6ubuntu0.3 No subscription required Medium CVE-2020-36193 Ubuntu 16.04 LTS It was discovered that OpenLDAP incorrectly handled Certificate Exact Assertion processing. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. (CVE-2020-36221) It was discovered that OpenLDAP incorrectly handled saslAuthzTo processing. A remote attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-36222, CVE-2020-36224, CVE-2020-36225, CVE-2020-36226) It was discovered that OpenLDAP incorrectly handled Return Filter control handling. A remote attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-36223) It was discovered that OpenLDAP incorrectly handled certain cancel operations. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. (CVE-2020-36227) It was discovered that OpenLDAP incorrectly handled Certificate List Extract Assertion processing. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. (CVE-2020-36228) It was discovered that OpenLDAP incorrectly handled X.509 DN parsing. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. (CVE-2020-36229, CVE-2020-36230) Update Instructions: Run `sudo pro fix USN-4724-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ldap-utils - 2.4.42+dfsg-2ubuntu3.12 libldap2-dev - 2.4.42+dfsg-2ubuntu3.12 libldap-2.4-2 - 2.4.42+dfsg-2ubuntu3.12 slapd-smbk5pwd - 2.4.42+dfsg-2ubuntu3.12 slapd - 2.4.42+dfsg-2ubuntu3.12 No subscription required Medium CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 Ubuntu 16.04 LTS It was discovered that QEMU incorrectly handled memory in iSCSI emulation. An attacker inside the guest could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2020-11947) Alexander Bulekov discovered that QEMU incorrectly handled Intel e1000e emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-15859) Alexander Bulekov discovered that QEMU incorrectly handled memory region cache. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2020-27821) Cheol-woo Myung discovered that QEMU incorrectly handled Intel e1000e emulation. An attacker inside the guest could use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2020-28916) Wenxiang Qian discovered that QEMU incorrectly handled ATAPI emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-29443) It was discovered that QEMU incorrectly handled VirtFS directory sharing. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2021-20181) Update Instructions: Run `sudo pro fix USN-4725-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.5+dfsg-5ubuntu10.49 qemu-user-static - 1:2.5+dfsg-5ubuntu10.49 qemu-system-s390x - 1:2.5+dfsg-5ubuntu10.49 qemu-block-extra - 1:2.5+dfsg-5ubuntu10.49 qemu-kvm - 1:2.5+dfsg-5ubuntu10.49 qemu-user - 1:2.5+dfsg-5ubuntu10.49 qemu-guest-agent - 1:2.5+dfsg-5ubuntu10.49 qemu-system - 1:2.5+dfsg-5ubuntu10.49 qemu-utils - 1:2.5+dfsg-5ubuntu10.49 qemu-system-aarch64 - 1:2.5+dfsg-5ubuntu10.49 qemu-system-mips - 1:2.5+dfsg-5ubuntu10.49 qemu-user-binfmt - 1:2.5+dfsg-5ubuntu10.49 qemu-system-x86 - 1:2.5+dfsg-5ubuntu10.49 qemu-system-arm - 1:2.5+dfsg-5ubuntu10.49 qemu-system-sparc - 1:2.5+dfsg-5ubuntu10.49 qemu - 1:2.5+dfsg-5ubuntu10.49 qemu-system-ppc - 1:2.5+dfsg-5ubuntu10.49 qemu-system-misc - 1:2.5+dfsg-5ubuntu10.49 No subscription required Medium CVE-2020-11947 CVE-2020-15859 CVE-2020-27821 CVE-2020-28916 CVE-2020-29443 CVE-2021-20181 Ubuntu 16.04 LTS It was discovered that OpenJDK incorrectly handled the direct buffering of characters. An attacker could use this issue to cause OpenJDK to crash, resulting in a denial of service, or cause other unspecified impact. Update Instructions: Run `sudo pro fix USN-4726-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-8-doc - 8u282-b08-0ubuntu1~16.04 openjdk-8-jdk - 8u282-b08-0ubuntu1~16.04 openjdk-8-jre-headless - 8u282-b08-0ubuntu1~16.04 openjdk-8-jre - 8u282-b08-0ubuntu1~16.04 openjdk-8-jdk-headless - 8u282-b08-0ubuntu1~16.04 openjdk-8-source - 8u282-b08-0ubuntu1~16.04 openjdk-8-jre-zero - 8u282-b08-0ubuntu1~16.04 openjdk-8-demo - 8u282-b08-0ubuntu1~16.04 openjdk-8-jre-jamvm - 8u282-b08-0ubuntu1~16.04 No subscription required None https://launchpad.net/bugs/1914824 Ubuntu 16.04 LTS Gilad Reti and Nimrod Stoler discovered that snapd did not correctly specify cgroup delegation when generating systemd service units for various container management snaps. This could allow a local attacker to escalate privileges via access to arbitrary devices of the container host from within a compromised or malicious container. Update Instructions: Run `sudo pro fix USN-4728-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ubuntu-core-snapd-units - 2.48.3 ubuntu-core-launcher - 2.48.3 snap-confine - 2.48.3 ubuntu-snappy-cli - 2.48.3 golang-github-snapcore-snapd-dev - 2.48.3 snapd-xdg-open - 2.48.3 snapd - 2.48.3 golang-github-ubuntu-core-snappy-dev - 2.48.3 ubuntu-snappy - 2.48.3 No subscription required High CVE-2020-27352 Ubuntu 16.04 LTS Joakim Hindersson discovered that Open vSwitch incorrectly parsed certain network packets. A remote attacker could use this issue to cause a denial of service, or possibly alter packet classification. Update Instructions: Run `sudo pro fix USN-4729-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openvswitch-switch - 2.5.9-0ubuntu0.16.04.3 openvswitch-pki - 2.5.9-0ubuntu0.16.04.3 ovn-docker - 2.5.9-0ubuntu0.16.04.3 openvswitch-common - 2.5.9-0ubuntu0.16.04.3 openvswitch-testcontroller - 2.5.9-0ubuntu0.16.04.3 openvswitch-vtep - 2.5.9-0ubuntu0.16.04.3 python-openvswitch - 2.5.9-0ubuntu0.16.04.3 openvswitch-ipsec - 2.5.9-0ubuntu0.16.04.3 ovn-host - 2.5.9-0ubuntu0.16.04.3 ovn-common - 2.5.9-0ubuntu0.16.04.3 ovn-central - 2.5.9-0ubuntu0.16.04.3 openvswitch-switch-dpdk - 2.5.9-0ubuntu0.16.04.3 openvswitch-test - 2.5.9-0ubuntu0.16.04.3 No subscription required Medium CVE-2020-35498 Ubuntu 16.04 LTS It was discovered that JUnit 4 contains a local information disclosure vulnerability. An attacker could possibly use this issue to obtain sensitive information. Update Instructions: Run `sudo pro fix USN-4731-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: junit4 - 4.12-4ubuntu1.1 junit4-doc - 4.12-4ubuntu1.1 No subscription required Medium CVE-2020-15250 Ubuntu 16.04 LTS It was discovered that wpa_supplicant did not properly handle P2P (Wi-Fi Direct) group information in some situations, leading to a heap overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-0326) It was discovered that hostapd did not properly handle UPnP subscribe messages in some circumstances. An attacker could use this to cause a denial of service. (CVE-2020-12695) Update Instructions: Run `sudo pro fix USN-4734-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: hostapd - 1:2.4-0ubuntu6.7 No subscription required wpagui - 2.4-0ubuntu6.7 wpasupplicant - 2.4-0ubuntu6.7 wpasupplicant-udeb - 2.4-0ubuntu6.7 No subscription required High CVE-2020-12695 CVE-2021-0326 Ubuntu 16.04 LTS It was discovered that Bind incorrectly handled GSSAPI security policy negotiation. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the Bind AppArmor profile. Update Instructions: Run `sudo pro fix USN-4737-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libisccfg-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.18 libisc160 - 1:9.10.3.dfsg.P4-8ubuntu1.18 libisccc-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.18 libdns162 - 1:9.10.3.dfsg.P4-8ubuntu1.18 libbind-dev - 1:9.10.3.dfsg.P4-8ubuntu1.18 libisc-export160-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.18 liblwres141 - 1:9.10.3.dfsg.P4-8ubuntu1.18 libisccc-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.18 libisccfg-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.18 bind9 - 1:9.10.3.dfsg.P4-8ubuntu1.18 libisc-export160 - 1:9.10.3.dfsg.P4-8ubuntu1.18 libdns-export162-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.18 bind9-doc - 1:9.10.3.dfsg.P4-8ubuntu1.18 libbind-export-dev - 1:9.10.3.dfsg.P4-8ubuntu1.18 libisccc140 - 1:9.10.3.dfsg.P4-8ubuntu1.18 host - 1:9.10.3.dfsg.P4-8ubuntu1.18 libisccfg140 - 1:9.10.3.dfsg.P4-8ubuntu1.18 bind9-host - 1:9.10.3.dfsg.P4-8ubuntu1.18 dnsutils - 1:9.10.3.dfsg.P4-8ubuntu1.18 libdns-export162 - 1:9.10.3.dfsg.P4-8ubuntu1.18 bind9utils - 1:9.10.3.dfsg.P4-8ubuntu1.18 libirs-export141-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.18 libbind9-140 - 1:9.10.3.dfsg.P4-8ubuntu1.18 libirs141 - 1:9.10.3.dfsg.P4-8ubuntu1.18 libirs-export141 - 1:9.10.3.dfsg.P4-8ubuntu1.18 lwresd - 1:9.10.3.dfsg.P4-8ubuntu1.18 No subscription required Medium CVE-2020-8625 Ubuntu 16.04 LTS Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths in EVP functions. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2021-23840) Tavis Ormandy discovered that OpenSSL incorrectly handled parsing issuer fields. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2021-23841) Update Instructions: Run `sudo pro fix USN-4738-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.2g-1ubuntu4.19 libssl-dev - 1.0.2g-1ubuntu4.19 openssl - 1.0.2g-1ubuntu4.19 libssl-doc - 1.0.2g-1ubuntu4.19 libcrypto1.0.0-udeb - 1.0.2g-1ubuntu4.19 libssl1.0.0-udeb - 1.0.2g-1ubuntu4.19 No subscription required Medium CVE-2021-23840 CVE-2021-23841 Ubuntu 16.04 LTS It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4741-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjackson-json-java - 1.9.2-7ubuntu0.2 libjackson-json-java-doc - 1.9.2-7ubuntu0.2 No subscription required Medium CVE-2017-15095 CVE-2017-7525 CVE-2019-10172 Ubuntu 16.04 LTS Pasi Saarinen discovered that OpenLDAP incorrectly handled certain short timestamps. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4744-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ldap-utils - 2.4.42+dfsg-2ubuntu3.13 libldap2-dev - 2.4.42+dfsg-2ubuntu3.13 libldap-2.4-2 - 2.4.42+dfsg-2ubuntu3.13 slapd-smbk5pwd - 2.4.42+dfsg-2ubuntu3.13 slapd - 2.4.42+dfsg-2ubuntu3.13 No subscription required Medium CVE-2021-27212 Ubuntu 16.04 LTS Tavis Ormandy discovered that xterm incorrectly handled certain character sequences. A remote attacker could use this issue to cause xterm to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4746-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xterm - 322-1ubuntu1.2 No subscription required Medium CVE-2021-27135 Ubuntu 16.04 LTS Felix Weinmann discovered that GNU Screen incorrectly handled certain character sequences. A remote attacker could use this issue to cause GNU Screen to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4747-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: screen - 4.3.1-2ubuntu0.1 No subscription required Medium CVE-2021-26937 Ubuntu 16.04 LTS It was discovered that the jfs file system implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to possibly cause a denial of service (system crash). (CVE-2020-27815) It was discovered that the memory management subsystem in the Linux kernel did not properly handle copy-on-write operations in some situations. A local attacker could possibly use this to gain unintended write access to read-only memory pages. (CVE-2020-29374) Michael Kurth and Pawel Wieczorkiewicz discovered that the Xen event processing backend in the Linux kernel did not properly limit the number of events queued. An attacker in a guest VM could use this to cause a denial of service in the host OS. (CVE-2020-29568) Jann Horn discovered that the tty subsystem of the Linux kernel did not use consistent locking in some situations, leading to a read-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2020-29660) Jann Horn discovered a race condition in the tty subsystem of the Linux kernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-29661) Update Instructions: Run `sudo pro fix USN-4748-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1088-kvm - 4.4.0-1088.97 No subscription required linux-image-4.4.0-1122-aws - 4.4.0-1122.136 No subscription required linux-image-4.4.0-1146-raspi2 - 4.4.0-1146.156 No subscription required linux-image-4.4.0-1150-snapdragon - 4.4.0-1150.160 No subscription required linux-image-4.4.0-203-powerpc-e500mc - 4.4.0-203.235 linux-image-4.4.0-203-powerpc64-smp - 4.4.0-203.235 linux-image-4.4.0-203-generic - 4.4.0-203.235 linux-image-4.4.0-203-lowlatency - 4.4.0-203.235 linux-image-4.4.0-203-generic-lpae - 4.4.0-203.235 linux-image-4.4.0-203-powerpc-smp - 4.4.0-203.235 linux-image-4.4.0-203-powerpc64-emb - 4.4.0-203.235 No subscription required linux-image-kvm - 4.4.0.1088.86 No subscription required linux-image-aws - 4.4.0.1122.127 No subscription required linux-image-raspi2 - 4.4.0.1146.146 No subscription required linux-image-snapdragon - 4.4.0.1150.142 No subscription required linux-image-generic-lts-wily - 4.4.0.203.209 linux-image-powerpc64-emb-lts-vivid - 4.4.0.203.209 linux-image-powerpc-e500mc - 4.4.0.203.209 linux-image-generic-lpae-lts-xenial - 4.4.0.203.209 linux-image-generic-lts-xenial - 4.4.0.203.209 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.203.209 linux-image-generic-lpae-lts-utopic - 4.4.0.203.209 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.203.209 linux-image-generic-lts-utopic - 4.4.0.203.209 linux-image-powerpc-e500mc-lts-wily - 4.4.0.203.209 linux-image-generic-lpae-lts-wily - 4.4.0.203.209 linux-image-virtual-lts-vivid - 4.4.0.203.209 linux-image-virtual-lts-utopic - 4.4.0.203.209 linux-image-virtual - 4.4.0.203.209 linux-image-powerpc64-emb-lts-wily - 4.4.0.203.209 linux-image-lowlatency-lts-vivid - 4.4.0.203.209 linux-image-powerpc64-smp-lts-utopic - 4.4.0.203.209 linux-image-powerpc64-emb - 4.4.0.203.209 linux-image-powerpc-smp-lts-xenial - 4.4.0.203.209 linux-image-lowlatency-lts-wily - 4.4.0.203.209 linux-image-generic-lts-vivid - 4.4.0.203.209 linux-image-generic - 4.4.0.203.209 linux-image-lowlatency-lts-xenial - 4.4.0.203.209 linux-image-powerpc64-smp-lts-xenial - 4.4.0.203.209 linux-image-powerpc64-emb-lts-utopic - 4.4.0.203.209 linux-image-powerpc64-smp-lts-vivid - 4.4.0.203.209 linux-image-powerpc-smp - 4.4.0.203.209 linux-image-generic-lpae-lts-vivid - 4.4.0.203.209 linux-image-generic-lpae - 4.4.0.203.209 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.203.209 linux-image-powerpc64-smp-lts-wily - 4.4.0.203.209 linux-image-powerpc64-emb-lts-xenial - 4.4.0.203.209 linux-image-powerpc-smp-lts-wily - 4.4.0.203.209 linux-image-virtual-lts-wily - 4.4.0.203.209 linux-image-powerpc64-smp - 4.4.0.203.209 linux-image-lowlatency-lts-utopic - 4.4.0.203.209 linux-image-powerpc-smp-lts-vivid - 4.4.0.203.209 linux-image-lowlatency - 4.4.0.203.209 linux-image-virtual-lts-xenial - 4.4.0.203.209 linux-image-powerpc-smp-lts-utopic - 4.4.0.203.209 No subscription required High CVE-2020-27815 CVE-2020-29374 CVE-2020-29568 CVE-2020-29660 CVE-2020-29661 Ubuntu 16.04 LTS Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2020-25669) It was discovered that the jfs file system implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to possibly cause a denial of service (system crash). (CVE-2020-27815) Shisong Qin and Bodong Zhao discovered that Speakup screen reader driver in the Linux kernel did not correctly handle setting line discipline in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-27830, CVE-2020-28941) It was discovered that the memory management subsystem in the Linux kernel did not properly handle copy-on-write operations in some situations. A local attacker could possibly use this to gain unintended write access to read-only memory pages. (CVE-2020-29374) Michael Kurth and Pawel Wieczorkiewicz discovered that the Xen event processing backend in the Linux kernel did not properly limit the number of events queued. An attacker in a guest VM could use this to cause a denial of service in the host OS. (CVE-2020-29568) Olivier Benjamin and Pawel Wieczorkiewicz discovered a race condition the Xen paravirt block backend in the Linux kernel, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service in the host OS. (CVE-2020-29569) Jann Horn discovered that the tty subsystem of the Linux kernel did not use consistent locking in some situations, leading to a read-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2020-29660) Jann Horn discovered a race condition in the tty subsystem of the Linux kernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-29661) Update Instructions: Run `sudo pro fix USN-4749-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1065-oracle - 4.15.0-1065.73~16.04.1 No subscription required linux-image-4.15.0-1093-gcp - 4.15.0-1093.106~16.04.1 No subscription required linux-image-4.15.0-1094-aws - 4.15.0-1094.101~16.04.1 No subscription required linux-image-4.15.0-1108-azure - 4.15.0-1108.120~16.04.1 No subscription required linux-image-4.15.0-136-generic-lpae - 4.15.0-136.140~16.04.1 linux-image-4.15.0-136-lowlatency - 4.15.0-136.140~16.04.1 linux-image-4.15.0-136-generic - 4.15.0-136.140~16.04.1 No subscription required linux-image-oracle - 4.15.0.1065.53 No subscription required linux-image-gke - 4.15.0.1093.94 linux-image-gcp - 4.15.0.1093.94 No subscription required linux-image-aws-hwe - 4.15.0.1094.87 No subscription required linux-image-azure-edge - 4.15.0.1108.99 linux-image-azure - 4.15.0.1108.99 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.136.132 linux-image-generic-hwe-16.04 - 4.15.0.136.132 linux-image-generic-hwe-16.04-edge - 4.15.0.136.132 linux-image-generic-lpae-hwe-16.04 - 4.15.0.136.132 linux-image-virtual-hwe-16.04 - 4.15.0.136.132 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.136.132 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.136.132 linux-image-oem - 4.15.0.136.132 linux-image-lowlatency-hwe-16.04 - 4.15.0.136.132 No subscription required High CVE-2020-25669 CVE-2020-27815 CVE-2020-27830 CVE-2020-28941 CVE-2020-29374 CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 Ubuntu 16.04 LTS It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. (CVE-2020-27619, CVE-2021-3177) Update Instructions: Run `sudo pro fix USN-4754-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python2.7-dev - 2.7.12-1ubuntu0~16.04.14 python2.7-doc - 2.7.12-1ubuntu0~16.04.14 libpython2.7-stdlib - 2.7.12-1ubuntu0~16.04.14 libpython2.7-minimal - 2.7.12-1ubuntu0~16.04.14 libpython2.7 - 2.7.12-1ubuntu0~16.04.14 libpython2.7-testsuite - 2.7.12-1ubuntu0~16.04.14 python2.7 - 2.7.12-1ubuntu0~16.04.14 idle-python2.7 - 2.7.12-1ubuntu0~16.04.14 python2.7-examples - 2.7.12-1ubuntu0~16.04.14 libpython2.7-dev - 2.7.12-1ubuntu0~16.04.14 python2.7-minimal - 2.7.12-1ubuntu0~16.04.14 No subscription required libpython3.5-stdlib - 3.5.2-2ubuntu0~16.04.13 python3.5-venv - 3.5.2-2ubuntu0~16.04.13 python3.5-doc - 3.5.2-2ubuntu0~16.04.13 python3.5-dev - 3.5.2-2ubuntu0~16.04.13 libpython3.5-dev - 3.5.2-2ubuntu0~16.04.13 libpython3.5-minimal - 3.5.2-2ubuntu0~16.04.13 python3.5 - 3.5.2-2ubuntu0~16.04.13 idle-python3.5 - 3.5.2-2ubuntu0~16.04.13 libpython3.5-testsuite - 3.5.2-2ubuntu0~16.04.13 python3.5-examples - 3.5.2-2ubuntu0~16.04.13 python3.5-minimal - 3.5.2-2ubuntu0~16.04.13 libpython3.5 - 3.5.2-2ubuntu0~16.04.13 No subscription required Medium CVE-2020-27619 CVE-2021-3177 Ubuntu 16.04 LTS USN-4754-1 fixed a vulnerability in Python. The fix for CVE-2021-3177 introduced a regression in Python 2.7. This update reverts the security fix pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. (CVE-2020-27619, CVE-2021-3177) Update Instructions: Run `sudo pro fix USN-4754-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpython2.7-minimal - 2.7.12-1ubuntu0~16.04.16 libpython2.7 - 2.7.12-1ubuntu0~16.04.16 python2.7 - 2.7.12-1ubuntu0~16.04.16 idle-python2.7 - 2.7.12-1ubuntu0~16.04.16 libpython2.7-testsuite - 2.7.12-1ubuntu0~16.04.16 libpython2.7-dev - 2.7.12-1ubuntu0~16.04.16 python2.7-minimal - 2.7.12-1ubuntu0~16.04.16 python2.7-doc - 2.7.12-1ubuntu0~16.04.16 python2.7-dev - 2.7.12-1ubuntu0~16.04.16 python2.7-examples - 2.7.12-1ubuntu0~16.04.16 libpython2.7-stdlib - 2.7.12-1ubuntu0~16.04.16 No subscription required None https://launchpad.net/bugs/1916893 Ubuntu 16.04 LTS USN-4754-1 fixed vulnerabilities in Python. Because of a regression, a subsequent update removed the fix for CVE-2021-3177. This update reinstates the security fix for CVE-2021-3177. We apologize for the inconvenience. Original advisory details: It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. (CVE-2020-27619, CVE-2021-3177) Update Instructions: Run `sudo pro fix USN-4754-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpython2.7-minimal - 2.7.12-1ubuntu0~16.04.18 libpython2.7 - 2.7.12-1ubuntu0~16.04.18 python2.7 - 2.7.12-1ubuntu0~16.04.18 python2.7-minimal - 2.7.12-1ubuntu0~16.04.18 libpython2.7-testsuite - 2.7.12-1ubuntu0~16.04.18 libpython2.7-dev - 2.7.12-1ubuntu0~16.04.18 idle-python2.7 - 2.7.12-1ubuntu0~16.04.18 python2.7-doc - 2.7.12-1ubuntu0~16.04.18 python2.7-dev - 2.7.12-1ubuntu0~16.04.18 python2.7-examples - 2.7.12-1ubuntu0~16.04.18 libpython2.7-stdlib - 2.7.12-1ubuntu0~16.04.18 No subscription required Medium CVE-2021-3177 Ubuntu 16.04 LTS It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Update Instructions: Run `sudo pro fix USN-4755-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.6-1ubuntu0.8 libtiffxx5 - 4.0.6-1ubuntu0.8 libtiff5-dev - 4.0.6-1ubuntu0.8 libtiff5 - 4.0.6-1ubuntu0.8 libtiff-tools - 4.0.6-1ubuntu0.8 libtiff-doc - 4.0.6-1ubuntu0.8 No subscription required Medium CVE-2020-35523 CVE-2020-35524 Ubuntu 16.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct cross-site scripting (XSS) attacks, bypass HTTP auth phishing warnings, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4756-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-nn - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-ne - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-nb - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-fa - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-fi - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-fr - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-fy - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-or - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-kab - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-oc - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-cs - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-ga - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-gd - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-gn - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-gl - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-gu - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-pa - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-pl - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-cy - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-pt - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-hi - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-uk - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-he - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-hy - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-hr - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-hu - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-as - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-ar - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-ia - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-az - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-id - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-mai - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-af - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-is - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-it - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-an - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-bs - 86.0+build3-0ubuntu0.16.04.1 firefox - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-ro - 86.0+build3-0ubuntu0.16.04.1 firefox-geckodriver - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-ja - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-ru - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-br - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-zh-hant - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-zh-hans - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-bn - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-be - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-bg - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-sl - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-sk - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-si - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-sw - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-sv - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-sr - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-sq - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-ko - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-kn - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-km - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-kk - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-ka - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-xh - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-ca - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-ku - 86.0+build3-0ubuntu0.16.04.1 firefox-mozsymbols - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-lv - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-lt - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-th - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-hsb - 86.0+build3-0ubuntu0.16.04.1 firefox-dev - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-te - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-cak - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-ta - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-lg - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-csb - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-tr - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-nso - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-de - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-da - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-ms - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-mr - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-my - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-uz - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-ml - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-mn - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-mk - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-ur - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-eu - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-et - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-es - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-vi - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-el - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-eo - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-en - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-zu - 86.0+build3-0ubuntu0.16.04.1 firefox-locale-ast - 86.0+build3-0ubuntu0.16.04.1 No subscription required Medium CVE-2021-23968 CVE-2021-23969 CVE-2021-23970 CVE-2021-23971 CVE-2021-23972 CVE-2021-23973 CVE-2021-23974 CVE-2021-23975 CVE-2021-23978 CVE-2021-23979 Ubuntu 16.04 LTS It was discovered that wpa_supplicant did not properly handle P2P (Wi-Fi Direct) provision discovery requests in some situations. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4757-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: hostapd - 1:2.4-0ubuntu6.8 No subscription required wpagui - 2.4-0ubuntu6.8 wpasupplicant - 2.4-0ubuntu6.8 wpasupplicant-udeb - 2.4-0ubuntu6.8 No subscription required Medium CVE-2021-27803 Ubuntu 16.04 LTS It was discovered that Go applications incorrectly handled uploaded content. If a user were tricked into visiting a malicious page, a remote attacker could exploit this with a crafted file to conduct cross-site scripting (XSS) attacks. Update Instructions: Run `sudo pro fix USN-4758-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: golang-1.10-go - 1.10.4-2ubuntu1~16.04.2 golang-1.10-src - 1.10.4-2ubuntu1~16.04.2 golang-1.10 - 1.10.4-2ubuntu1~16.04.2 golang-1.10-doc - 1.10.4-2ubuntu1~16.04.2 No subscription required Low CVE-2020-24553 Ubuntu 16.04 LTS Krzesimir Nowak discovered that GLib incorrectly handled certain large buffers. A remote attacker could use this issue to cause applications linked to GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-27218) Kevin Backhouse discovered that GLib incorrectly handled certain memory allocations. A remote attacker could use this issue to cause applications linked to GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-27219) Update Instructions: Run `sudo pro fix USN-4759-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libglib2.0-0 - 2.48.2-0ubuntu4.7 libglib2.0-0-refdbg - 2.48.2-0ubuntu4.7 libglib2.0-data - 2.48.2-0ubuntu4.7 libglib2.0-udeb - 2.48.2-0ubuntu4.7 libglib2.0-tests - 2.48.2-0ubuntu4.7 libglib2.0-doc - 2.48.2-0ubuntu4.7 libglib2.0-bin - 2.48.2-0ubuntu4.7 libglib2.0-dev - 2.48.2-0ubuntu4.7 No subscription required Medium CVE-2021-27218 CVE-2021-27219 Ubuntu 16.04 LTS Matheus Tavares discovered that Git incorrectly handled delay-capable clean/smudge filters when being used on case-insensitive filesystems. A remote attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4761-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:2.7.4-0ubuntu1.10 gitweb - 1:2.7.4-0ubuntu1.10 git-gui - 1:2.7.4-0ubuntu1.10 git-daemon-sysvinit - 1:2.7.4-0ubuntu1.10 git-arch - 1:2.7.4-0ubuntu1.10 git-el - 1:2.7.4-0ubuntu1.10 gitk - 1:2.7.4-0ubuntu1.10 git-all - 1:2.7.4-0ubuntu1.10 git-mediawiki - 1:2.7.4-0ubuntu1.10 git-daemon-run - 1:2.7.4-0ubuntu1.10 git-man - 1:2.7.4-0ubuntu1.10 git-doc - 1:2.7.4-0ubuntu1.10 git-svn - 1:2.7.4-0ubuntu1.10 git-cvs - 1:2.7.4-0ubuntu1.10 git-core - 1:2.7.4-0ubuntu1.10 git-email - 1:2.7.4-0ubuntu1.10 No subscription required Medium CVE-2021-21300 Ubuntu 16.04 LTS It was discovered that Pillow incorrectly handled certain Tiff image files. If a user or automated system were tricked into opening a specially-crafted Tiff file, a remote attacker could cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2021-25289, CVE-2021-25291) It was discovered that Pillow incorrectly handled certain Tiff image files. If a user or automated system were tricked into opening a specially-crafted Tiff file, a remote attacker could cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-25290) It was discovered that Pillow incorrectly handled certain PDF files. If a user or automated system were tricked into opening a specially-crafted PDF file, a remote attacker could cause Pillow to hang, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2021-25292) It was discovered that Pillow incorrectly handled certain SGI image files. If a user or automated system were tricked into opening a specially-crafted SGI file, a remote attacker could possibly cause Pillow to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2021-25293) Jiayi Lin, Luke Shaffer, Xinran Xie, and Akshay Ajayan discovered that Pillow incorrectly handled certain BLP files. If a user or automated system were tricked into opening a specially-crafted BLP file, a remote attacker could possibly cause Pillow to consume resources, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2021-27921) Jiayi Lin, Luke Shaffer, Xinran Xie, and Akshay Ajayan discovered that Pillow incorrectly handled certain ICNS files. If a user or automated system were tricked into opening a specially-crafted ICNS file, a remote attacker could possibly cause Pillow to consume resources, resulting in a denial of service. (CVE-2021-27922) Jiayi Lin, Luke Shaffer, Xinran Xie, and Akshay Ajayan discovered that Pillow incorrectly handled certain ICO files. If a user or automated system were tricked into opening a specially-crafted ICO file, a remote attacker could possibly cause Pillow to consume resources, resulting in a denial of service. (CVE-2021-27922) Update Instructions: Run `sudo pro fix USN-4763-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-pil.imagetk - 3.1.2-0ubuntu1.6 python-pil-doc - 3.1.2-0ubuntu1.6 python3-pil - 3.1.2-0ubuntu1.6 python-pil.imagetk - 3.1.2-0ubuntu1.6 python-imaging - 3.1.2-0ubuntu1.6 python-pil - 3.1.2-0ubuntu1.6 No subscription required Medium CVE-2021-25289 CVE-2021-25290 CVE-2021-25291 CVE-2021-25292 CVE-2021-25293 CVE-2021-27921 CVE-2021-27922 CVE-2021-27923 Ubuntu 16.04 LTS It was discovered that GLib incorrectly handled certain symlinks when replacing files. If a user or automated system were tricked into extracting a specially crafted file with File Roller, a remote attacker could possibly create files outside of the intended directory. Update Instructions: Run `sudo pro fix USN-4764-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libglib2.0-0 - 2.48.2-0ubuntu4.8 libglib2.0-0-refdbg - 2.48.2-0ubuntu4.8 libglib2.0-data - 2.48.2-0ubuntu4.8 libglib2.0-udeb - 2.48.2-0ubuntu4.8 libglib2.0-tests - 2.48.2-0ubuntu4.8 libglib2.0-doc - 2.48.2-0ubuntu4.8 libglib2.0-bin - 2.48.2-0ubuntu4.8 libglib2.0-dev - 2.48.2-0ubuntu4.8 No subscription required Medium CVE-2021-28153 Ubuntu 16.04 LTS It was discovered that The Sleuth Kit did not properly handle certain entires in FAT file systems. An attacker could use this vulnerability to mislead an analyst and obscure their activities. This issue only affected Ubuntu 14.04 ESM. (CVE-2012-5619) It was discovered that The Sleuth Kit mishandled certain crafted ISO 9660 images. If an analyst were tricked into opening a malicious image, an attacker could cause a denial of service (crash). (CVE-2017-13755) Update Instructions: Run `sudo pro fix USN-4765-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtsk13 - 4.2.0-3ubuntu0.1~esm1 sleuthkit - 4.2.0-3ubuntu0.1~esm1 libtsk-dev - 4.2.0-3ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2012-5619 CVE-2017-13755 Ubuntu 16.04 LTS It was discovered that Apache Commons BeanUtils improperly handled certain input. An attacker could possibly use this vulnerability to cause a crash or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4766-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcommons-beanutils-java - 1.9.2-3ubuntu0.1~esm1 libcommons-beanutils-java-doc - 1.9.2-3ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2014-0114 CVE-2019-10086 Ubuntu 16.04 LTS Fu Chuang discovered that Zabbix did not properly parse IPs. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2020-11800) It was discovered that Zabbix incorrectly handled certain requests. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2017-2824, CVE-2017-2825) It was discovered that Zabbix incorrectly handled certain XML files. A remote attacker could possibly use this issue to read arbitrary files or potentially execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. (CVE-2014-3005) It was discovered that Zabbix incorrectly handled certain inputs. A remote attacker could possibly use this issue to execute arbitrary SQL commands. This issue only affected Ubuntu 14.04 ESM. (CVE-2016-10134, CVE-2016-4338) It was discovered that Zabbix incorrectly handled the request parameter. A remote attacker could possibly use this issue to redirect requests to external links. This issue only affected Ubuntu 14.04 ESM and Ubuntu 18.04 ESM. (CVE-2016-10742) It was discovered that Zabbix incorrectly handled failed login attempts. A remote attacker could possibly use this issue to enumerate users. (CVE-2019-15132) It was discovered that Zabbix did not properly validate input. A remote attacker could exploit this to conduct cross-site scripting (XSS) attacks. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-15803) Update Instructions: Run `sudo pro fix USN-4767-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: zabbix-java-gateway - 1:2.4.7+dfsg-2ubuntu2.1+esm3 zabbix-frontend-php - 1:2.4.7+dfsg-2ubuntu2.1+esm3 zabbix-proxy-mysql - 1:2.4.7+dfsg-2ubuntu2.1+esm3 zabbix-server-pgsql - 1:2.4.7+dfsg-2ubuntu2.1+esm3 zabbix-server-mysql - 1:2.4.7+dfsg-2ubuntu2.1+esm3 zabbix-proxy-pgsql - 1:2.4.7+dfsg-2ubuntu2.1+esm3 zabbix-proxy-sqlite3 - 1:2.4.7+dfsg-2ubuntu2.1+esm3 zabbix-agent - 1:2.4.7+dfsg-2ubuntu2.1+esm3 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2014-3005 CVE-2016-10134 CVE-2016-10742 CVE-2016-4338 CVE-2017-2824 CVE-2017-2825 CVE-2019-15132 CVE-2020-11800 CVE-2020-15803 Ubuntu 16.04 LTS It was discovered that musl did not properly handle kernel syscalls. An attacker could use this vulnerability to cause a denial of service (crash) or possibly execute arbitrary code. (CVE-2018-1000001) It was discovered that musl did not properly handle the parsing of DNS response codes. A remote attacker could use this vulnerability to cause resource consumption (infinite loop), denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. (CVE-2014-3484) It was discovered that musl did not properly handle the parsing of DNS response codes. A remote attacker could use this vulnerability to cause resource consumption (infinite loop), denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. (CVE-2017-15650) It was discovered that musl did not properly handle the parsing of ipv6 addresses. An attacker could use this vulnerability to cause a denial of service (crash) or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. (CVE-2015-1817) It was discovered that TRE library, used by musl, did not properly handle certain inputs. An attacker could use this vulnerability to cause a denial of service (crash). (CVE-2016-8859) Update Instructions: Run `sudo pro fix USN-4768-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: musl-dev - 1.1.9-1ubuntu0.1~esm2 musl-tools - 1.1.9-1ubuntu0.1~esm2 musl - 1.1.9-1ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2014-3484 CVE-2015-1817 CVE-2016-8859 CVE-2017-15650 CVE-2018-1000001 Ubuntu 16.04 LTS It was discovered that Salt allowed remote attackers to write to arbitrary files via a special crafted file. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. (CVE-2014-3563) Andreas Stieger discovered that Salt exposed git usernames and passwords in log files. An attacker could use this issue to retrieve sensitive information. This issue only affected Ubuntu 14.04 ESM. (CVE-2015-6918). It was discovered that Salt exposed password authentication credentials in log files. An attacker could use this issue to retrieve sensitive information. This issue only affected Ubuntu 14.04 ESM. (CVE-2015-6941) It was discovered that Salt allowed remote attackers to write to arbitrary files via a special crafted file. An attacker could use this issue to cause a DoS or possibly execute arbitrary code. (CVE-2017-12791, CVE-2017-14695, CVE-2017-14696) It was discovered that Salt allowed remote attackers to determine which files exist on the server. An attacker could use this issue to extract sensitive information. This issue only affected Ubuntu 16.04 ESM. (CVE-2018-15750) It was discovered that Salt allowed users to bypass authentication. An attacker could use this issue to extract sensitive information, execute arbitrary code or crash the server. This issue only affected Ubuntu 16.04 ESM. (CVE-2018-15751) Update Instructions: Run `sudo pro fix USN-4769-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: salt-doc - 2015.8.8+ds-1ubuntu0.1+esm1 salt-minion - 2015.8.8+ds-1ubuntu0.1+esm1 salt-proxy - 2015.8.8+ds-1ubuntu0.1+esm1 salt-api - 2015.8.8+ds-1ubuntu0.1+esm1 salt-syndic - 2015.8.8+ds-1ubuntu0.1+esm1 salt-ssh - 2015.8.8+ds-1ubuntu0.1+esm1 salt-common - 2015.8.8+ds-1ubuntu0.1+esm1 salt-master - 2015.8.8+ds-1ubuntu0.1+esm1 salt-cloud - 2015.8.8+ds-1ubuntu0.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2014-3563 CVE-2015-6918 CVE-2015-6941 CVE-2017-12791 CVE-2017-14695 CVE-2017-14696 CVE-2018-15750 CVE-2018-15751 Ubuntu 16.04 LTS It was discovered that GlusterFS incorrectly handled network requests. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM. (CVE-2014-3619) It was discovered that GlusterFS incorrectly handled user permissions. An authenticated attacker could possibly use this to add himself to a trusted storage pool and perform privileged operations on volumes. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-10841) It was discovered that GlusterFS incorrectly handled mounting gluster volumes. An attacker could possibly use this issue to also mount shared gluster volumes and escalate privileges through malicious cronjobs. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-1088) It was discovered that GlusterFS incorrectly handled file paths. An attacker could possibly use this issue to create arbitrary files and execute arbitrary code. (CVE-2018-10904) It was discovered that GlusterFS incorrectly handled mounting volumes. An attacker could possibly use this issue to cause a denial of service or run arbitrary code. (CVE-2018-10907) It was discovered that GlusterFS incorrectly handled negative key length values. An attacker could possibly use this issue to obtain sensitive information. (CVE-2018-10911) It was discovered that GlusterFS incorrectly handled FUSE requests. An attacker could use this issue to obtain sensitive information. (CVE-2018-10913, CVE-2018-10914) It was discovered that GlusterFS incorrectly handled the file creation process. An authenticated attacker could possibly use this issue to create arbitrary files and obtain sensitive information. (CVE-2018-10923) It was discovered that GlusterFS incorrectly handled certain inputs. An authenticated attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 ESM. (CVE-2018-10924) It was discovered that GlusterFS incorrectly handled RPC requests. An attacker could possibly use this issue to write files to an arbitrary location and execute arbitrary code. (CVE-2018-10926, CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930) It was discovered that the fix for CVE-2018-10926, CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930 was incomplete. A remote authenticated attacker could possibly use this issue to execute arbitrary code or cause a denial of service. (CVE-2018-14651) It was discovered that GlusterFS incorrectly handled certain files. A remote authenticated attacker could possibly use this issue to cause a denial of service. (CVE-2018-14652) It was discovered that GlusterFS incorrectly handled RPC requests. A remote authenticated attacker could possibly use this issue to cause a denial of service or other unspecified impact. (CVE-2018-14653) It was discovered that GlusterFS incorrectly handled mount volumes operation. A remote attacker could possibly use this issue to create arbitrary files. This issue only affected Ubuntu 18.04 ESM. (CVE-2018-14654) It was discovered that GlusterFS incorrectly handled certain files. A remote authenticated attacker could possibly use this issue to create arbitrary files. (CVE-2018-14659) It was discovered that GlusterFS incorrectly handled certain inputs. A remote authenticated attacker could possibly use this is issue to cause a denial of service. This issue only affected Ubuntu 18.04 ESM. (CVE-2018-14660) It was discovered that GlusterFS incorrectly handled strings. A remote authenticated attacker could possibly use this issue to cause a denial of service. (CVE-2018-14661) Update Instructions: Run `sudo pro fix USN-4770-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: glusterfs-client - 3.7.6-1ubuntu1+esm1 glusterfs-server - 3.7.6-1ubuntu1+esm1 glusterfs-common - 3.7.6-1ubuntu1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2014-3619 CVE-2018-10841 CVE-2018-1088 CVE-2018-10904 CVE-2018-10907 CVE-2018-10911 CVE-2018-10913 CVE-2018-10914 CVE-2018-10923 CVE-2018-10924 CVE-2018-10926 CVE-2018-10927 CVE-2018-10928 CVE-2018-10929 CVE-2018-10930 CVE-2018-14651 CVE-2018-14652 CVE-2018-14653 CVE-2018-14654 CVE-2018-14659 CVE-2018-14660 CVE-2018-14661 Ubuntu 16.04 LTS It was discovered that HTCondor incorrectly invoked the mailx utility. An attacker could use this vulnerability to execute arbitrary commands. This issue only affected Ubuntu 14.04 ESM. (CVE-2014-8126) It was discovered that HTCondor mishandled certain crafted input. An attacker could use this vulnerability to cause HTCondor to crash. (CVE-2017-16816) Update Instructions: Run `sudo pro fix USN-4771-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: condor-doc - 8.4.2~dfsg.1-1ubuntu0.1~esm1 libclassad7 - 8.4.2~dfsg.1-1ubuntu0.1~esm1 htcondor-dev - 8.4.2~dfsg.1-1ubuntu0.1~esm1 condor-dev - 8.4.2~dfsg.1-1ubuntu0.1~esm1 condor - 8.4.2~dfsg.1-1ubuntu0.1~esm1 htcondor-doc - 8.4.2~dfsg.1-1ubuntu0.1~esm1 htcondor - 8.4.2~dfsg.1-1ubuntu0.1~esm1 libclassad-dev - 8.4.2~dfsg.1-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2014-8126 CVE-2017-16816 Ubuntu 16.04 LTS USN-2500-1 addressed CVE-2015-0255 for xorg-server. This update provides the corresponding fix for VNC4 on Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2015-0255) USN-2726-1 addressed CVE-2015-1283 for Expat. This update provides the corresponding fix for VNC4 on Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2015-1283) Original advisory details: Olivier Fourdan discovered that the X.Org X server incorrectly handled XkbSetGeometry requests resulting in an information leak. An attacker able to connect to an X server, either locally or remotely, could use this issue to possibly obtain sensitive information. (CVE-2015-0255) It was discovered that Expat incorrectly handled malformed XML data. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2015-1283) Update Instructions: Run `sudo pro fix USN-4772-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xvnc4viewer - 4.1.1+xorg4.3.0-37.3ubuntu2.1+esm1 vnc4server - 4.1.1+xorg4.3.0-37.3ubuntu2.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2015-0255 CVE-2015-1283 Ubuntu 16.04 LTS It was discovered that Drupal did not properly process certain input. An attacker could use this vulnerability to execute arbitrary code or completely compromise a Drupal site. (CVE-2018-7600, CVE-2018-7602) It was discovered that password reset URLs in Drupal could be forged. An attacker could use this vulnerability to gain access to another user's account. This issue affected only Ubuntu 14.04 ESM. (CVE-2015-2559) It was discovered that Drupal did not properly protect against open redirects. An attacker could use this vulnerability to send unsuspecting users to 3rd party sites and potentially carry out phishing attacks. This issue affected only Ubuntu 14.04 ESM. (CVE-2015-2749, CVE-2015-2750) Update Instructions: Run `sudo pro fix USN-4773-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: drupal7 - 7.44-1ubuntu1~16.04.0+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2015-2559 CVE-2015-2749 CVE-2015-2750 CVE-2018-7600 CVE-2018-7602 Ubuntu 16.04 LTS Toshiaki Maki discovered that Spring Framework incorrectly handled certain XML files. A remote attacker could exploit this with a crafted XML file to cause a denial of service. (CVE-2015-3192) Alvaro Muñoz discovered that Spring Framework incorrectly handled certain URLs. A remote attacker could possibly use this issue to cause a reflected file download. (CVE-2015-5211) It was discovered that Spring Framework did not properly sanitize path inputs. An attacker could possibly use this issue to read arbitrary files, resulting in a directory traversal attack (CVE-2016-9878) It was discovered that Spring Framework incorrectly handled XML documents. An attacker could possibly use this issue to generate an XML external entity attack, resulting in a denial of service, disclosure of information or other unspecified impact. This issue only affected Ubuntu 14.04 ESM. (CVE-2014-0225) It was discovered that Spring Framework incorrectly handled certain URLs. A remote attacker could possibly use this issue to read arbitrary files, resulting in a directory traversal attack. This issue only affected Ubuntu 14.04 ESM. (CVE-2014-3625, CVE-2014-3578) Update Instructions: Run `sudo pro fix USN-4774-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libspring-aop-java - 3.2.13-5ubuntu0.1~esm1 libspring-web-portlet-java - 3.2.13-5ubuntu0.1~esm1 libspring-core-java - 3.2.13-5ubuntu0.1~esm1 libspring-oxm-java - 3.2.13-5ubuntu0.1~esm1 libspring-beans-java - 3.2.13-5ubuntu0.1~esm1 libspring-jms-java - 3.2.13-5ubuntu0.1~esm1 libspring-expression-java - 3.2.13-5ubuntu0.1~esm1 libspring-transaction-java - 3.2.13-5ubuntu0.1~esm1 libspring-orm-java - 3.2.13-5ubuntu0.1~esm1 libspring-context-java - 3.2.13-5ubuntu0.1~esm1 libspring-web-servlet-java - 3.2.13-5ubuntu0.1~esm1 libspring-instrument-java - 3.2.13-5ubuntu0.1~esm1 libspring-context-support-java - 3.2.13-5ubuntu0.1~esm1 libspring-jdbc-java - 3.2.13-5ubuntu0.1~esm1 libspring-web-java - 3.2.13-5ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2015-3192 CVE-2015-5211 CVE-2016-9878 CVE-2014-0225 CVE-2014-3625 CVE-2014-3578 Ubuntu 16.04 LTS It was discovered that Lighttpd did not properly sanitized the string used in basic HTTP authentication method. A remote attacker could use this to inject arbitrary log entries and maybe obtain sensitive information. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2015-3200) It was discovered that Lighttpd did not properly sanitized the string used in alias. A remote attacker could use this to access the content of the directory above the alias and obtain sensitive information. (CVE-2018-19052) Update Instructions: Run `sudo pro fix USN-4775-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lighttpd-mod-mysql-vhost - 1.4.35-4ubuntu2.1+esm1 lighttpd-doc - 1.4.35-4ubuntu2.1+esm1 lighttpd-mod-magnet - 1.4.35-4ubuntu2.1+esm1 lighttpd-dev - 1.4.35-4ubuntu2.1+esm1 lighttpd - 1.4.35-4ubuntu2.1+esm1 lighttpd-mod-cml - 1.4.35-4ubuntu2.1+esm1 lighttpd-mod-webdav - 1.4.35-4ubuntu2.1+esm1 lighttpd-mod-trigger-b4-dl - 1.4.35-4ubuntu2.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Low CVE-2015-3200 CVE-2018-19052 Ubuntu 16.04 LTS It was discovered that semver incorrectly handled certain inputs. A remote attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4776-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjs-semver - 2.1.0-2ubuntu0.1~esm1 node-semver - 2.1.0-2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2015-8855 Ubuntu 16.04 LTS It was discovered that node-tar mishandled certain tar archives. An attacker could use this vulnerability to write arbitrary files to the filesystem. Update Instructions: Run `sudo pro fix USN-4777-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: node-tar - 1.0.3-2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2015-8860 Ubuntu 16.04 LTS It was discovered that OCaml mishandled sign extensions. A remote attacker could use this vulnerability to steal sensitive information, cause a denial of service (crash), or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. (CVE-2015-8869) It was discovered that OCaml mishandled crafted input. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code. (CVE-2018-9838) Update Instructions: Run `sudo pro fix USN-4778-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ocaml-mode - 4.02.3-5ubuntu2+esm1 ocaml-base-nox - 4.02.3-5ubuntu2+esm1 ocaml-nox - 4.02.3-5ubuntu2+esm1 ocaml - 4.02.3-5ubuntu2+esm1 ocaml-source - 4.02.3-5ubuntu2+esm1 ocaml-native-compilers - 4.02.3-5ubuntu2+esm1 ocaml-compiler-libs - 4.02.3-5ubuntu2+esm1 ocaml-interp - 4.02.3-5ubuntu2+esm1 ocaml-base - 4.02.3-5ubuntu2+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2015-8869 CVE-2018-9838 Ubuntu 16.04 LTS Danilo Segan discovered that Gettext mishandled certain input. An attacker could use this vulnerability to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4779-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php-gettext - 1.0.11-2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2015-8980 Ubuntu 16.04 LTS It was discovered that LAME incorrectly handled certain audio files. A remote attacker could possibly use this issue to cause a denial of service. Eight vulnerabilities (CVE-2015-9099, CVE-2015-9100, CVE-2015-9101, CVE-2017-15018, CVE-2017-11720, CVE-2017-8419, CVE-2017-9412, CVE-2017-15045) only affected Ubuntu 14.04 ESM, two vulnerabilities (CVE-2017-9410 and CVE-2017-9411) only affected Ubuntu 16.04 ESM, and one vulnerability (CVE-2017-15019) affected both Ubuntu 14.04 ESM and Ubuntu 16.04. Update Instructions: Run `sudo pro fix USN-4780-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmp3lame0 - 3.99.5+repack1-9ubuntu0.1~esm2 libmp3lame-dev - 3.99.5+repack1-9ubuntu0.1~esm2 lame-doc - 3.99.5+repack1-9ubuntu0.1~esm2 lame - 3.99.5+repack1-9ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2015-9099 CVE-2015-9100 CVE-2015-9101 CVE-2017-13712 CVE-2017-15018 CVE-2017-11720 CVE-2017-9411 CVE-2017-8419 CVE-2017-9412 CVE-2017-9410 CVE-2017-15045 CVE-2017-15019 Ubuntu 16.04 LTS It was discovered that Slurm incorrectly handled certain messages between the daemon and the user. An attacker could possibly use this issue to assume control of an arbitrary file on the system. This issue only affected Ubuntu 16.04 ESM. (CVE-2016-10030) It was discovered that Slurm mishandled SPANK environment variables. An attacker could possibly use this issue to gain elevated privileges. This issue only affected Ubuntu 16.04 ESM. (CVE-2017-15566) It was discovered that Slurm mishandled certain SQL queries. A local attacker could use this issue to gain elevated privileges. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-7033) It was discovered that Slurm mishandled user names and group ids. A local attacker could use this issue to gain administrative privileges. This issue only affected Ubuntu 14.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-10995) It was discovered that Slurm mishandled 23-bit systems. A local attacker could use this to gain administrative privileges. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2019-6438) It was discovered that Slurm incorrectly handled certain inputs when Message Aggregation is enabled. An attacker could possibly use this issue to launch a process as an arbitrary user. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-12693) It was discovered that Slurm incorrectly handled certain RPC inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-27745) Jonas Stare discovered that Slurm exposes sensitive information related to the X protocol. An attacker could possibly use this issue to obtain a graphical session from an arbitrary user. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-27746) It was discovered that Slurm incorrectly handled environment parameters. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-31215) Update Instructions: Run `sudo pro fix USN-4781-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpmi0-dev - 15.08.7-1ubuntu0.1~esm4 slurmctld - 15.08.7-1ubuntu0.1~esm4 slurm-wlm-basic-plugins-dev - 15.08.7-1ubuntu0.1~esm4 libslurmdb-perl - 15.08.7-1ubuntu0.1~esm4 libpam-slurm - 15.08.7-1ubuntu0.1~esm4 libpmi0 - 15.08.7-1ubuntu0.1~esm4 slurm-wlm - 15.08.7-1ubuntu0.1~esm4 libslurm-dev - 15.08.7-1ubuntu0.1~esm4 slurm-client - 15.08.7-1ubuntu0.1~esm4 libslurm29 - 15.08.7-1ubuntu0.1~esm4 slurmd - 15.08.7-1ubuntu0.1~esm4 slurm-wlm-torque - 15.08.7-1ubuntu0.1~esm4 slurm-client-emulator - 15.08.7-1ubuntu0.1~esm4 slurm-wlm-emulator - 15.08.7-1ubuntu0.1~esm4 libslurmdb29 - 15.08.7-1ubuntu0.1~esm4 slurm-wlm-doc - 15.08.7-1ubuntu0.1~esm4 slurm-llnl - 15.08.7-1ubuntu0.1~esm4 slurm-llnl-slurmdbd - 15.08.7-1ubuntu0.1~esm4 libslurm-perl - 15.08.7-1ubuntu0.1~esm4 libslurmdb-dev - 15.08.7-1ubuntu0.1~esm4 sview - 15.08.7-1ubuntu0.1~esm4 slurm-wlm-basic-plugins - 15.08.7-1ubuntu0.1~esm4 slurmdbd - 15.08.7-1ubuntu0.1~esm4 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2016-10030 CVE-2017-15566 CVE-2018-7033 CVE-2018-10995 CVE-2019-6438 CVE-2020-12693 CVE-2020-27745 CVE-2020-27746 CVE-2021-31215 Ubuntu 16.04 LTS USN-4781-1 fixed several vulnerabilities in Slurm. This update provides the corresponding updates for Ubuntu 14.04 ESM (CVE-2016-10030) and Ubuntu 16.04 ESM (CVE-2018-10995). Original advisory details: It was discovered that Slurm incorrectly handled certain messages between the daemon and the user. An attacker could possibly use this issue to assume control of an arbitrary file on the system. This issue only affected Ubuntu 16.04 ESM. (CVE-2016-10030) It was discovered that Slurm mishandled SPANK environment variables. An attacker could possibly use this issue to gain elevated privileges. This issue only affected Ubuntu 16.04 ESM. (CVE-2017-15566) It was discovered that Slurm mishandled certain SQL queries. A local attacker could use this issue to gain elevated privileges. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-7033) It was discovered that Slurm mishandled user names and group ids. A local attacker could use this issue to gain administrative privileges. This issue only affected Ubuntu 14.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-10995) It was discovered that Slurm mishandled 23-bit systems. A local attacker could use this to gain administrative privileges. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2019-6438) It was discovered that Slurm incorrectly handled certain inputs when Message Aggregation is enabled. An attacker could possibly use this issue to launch a process as an arbitrary user. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-12693) It was discovered that Slurm incorrectly handled certain RPC inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-27745) Jonas Stare discovered that Slurm exposes sensitive information related to the X protocol. An attacker could possibly use this issue to obtain a graphical session from an arbitrary user. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-27746) It was discovered that Slurm incorrectly handled environment parameters. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-31215) Update Instructions: Run `sudo pro fix USN-4781-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpmi0-dev - 15.08.7-1ubuntu0.1~esm5 slurmctld - 15.08.7-1ubuntu0.1~esm5 slurm-wlm-basic-plugins-dev - 15.08.7-1ubuntu0.1~esm5 libslurm-perl - 15.08.7-1ubuntu0.1~esm5 libslurm29 - 15.08.7-1ubuntu0.1~esm5 libpmi0 - 15.08.7-1ubuntu0.1~esm5 slurm-wlm - 15.08.7-1ubuntu0.1~esm5 libslurm-dev - 15.08.7-1ubuntu0.1~esm5 slurm-client - 15.08.7-1ubuntu0.1~esm5 libpam-slurm - 15.08.7-1ubuntu0.1~esm5 slurmd - 15.08.7-1ubuntu0.1~esm5 slurm-wlm-torque - 15.08.7-1ubuntu0.1~esm5 slurm-client-emulator - 15.08.7-1ubuntu0.1~esm5 slurm-wlm-emulator - 15.08.7-1ubuntu0.1~esm5 libslurmdb29 - 15.08.7-1ubuntu0.1~esm5 slurm-wlm-doc - 15.08.7-1ubuntu0.1~esm5 slurm-llnl - 15.08.7-1ubuntu0.1~esm5 slurmdbd - 15.08.7-1ubuntu0.1~esm5 slurm-llnl-slurmdbd - 15.08.7-1ubuntu0.1~esm5 libslurmdb-perl - 15.08.7-1ubuntu0.1~esm5 libslurmdb-dev - 15.08.7-1ubuntu0.1~esm5 sview - 15.08.7-1ubuntu0.1~esm5 slurm-wlm-basic-plugins - 15.08.7-1ubuntu0.1~esm5 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2016-10030 CVE-2018-10995 Ubuntu 16.04 LTS It was discovered that OpenJPEG incorrectly handled certain image files. A remote attacker could possibly use this issue to cause a denial of service. CVE-2016-10506 and CVE-2017-12982 affected only Ubuntu 16.04 ESM. CVE-2018-16375, CVE-2018-20845 and CVE-2019-12973 affected only Ubuntu 18.04 ESM. Update Instructions: Run `sudo pro fix USN-4782-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libopenjp2-tools - 2.1.2-1.1+deb9u6ubuntu0.1~esm1 libopenjpip-server - 2.1.2-1.1+deb9u6ubuntu0.1~esm1 libopenjpip-viewer - 2.1.2-1.1+deb9u6ubuntu0.1~esm1 libopenjp3d-tools - 2.1.2-1.1+deb9u6ubuntu0.1~esm1 libopenjpip7 - 2.1.2-1.1+deb9u6ubuntu0.1~esm1 libopenjp2-7 - 2.1.2-1.1+deb9u6ubuntu0.1~esm1 libopenjp2-7-dev - 2.1.2-1.1+deb9u6ubuntu0.1~esm1 libopenjp3d7 - 2.1.2-1.1+deb9u6ubuntu0.1~esm1 libopenjpip-dec-server - 2.1.2-1.1+deb9u6ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-12982 CVE-2018-16375 CVE-2018-20845 CVE-2018-5727 CVE-2019-12973 CVE-2016-10506 Ubuntu 16.04 LTS It was discovered that minimatch did not perform necessary bounds checking on regular expressions. An attacker could use this vulnerability to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4783-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: node-minimatch - 1.0.0-1ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2016-10540 Ubuntu 16.04 LTS It was discovered that Xerces-C++ XML Parser mishandles certain kinds of external DTD references, resulting in a user-after-free. An attacker could use this vulnerability to cause a denial of service (crash) or possibly execute arbitrary code. This issue affected only Ubuntu 16.04 ESM. (CVE-2016-2099) It was discovered that Xerces-C++ XML Parser fails to successfully parse a DTD that is too deeply nested. An unauthenticated attacker could use this vulnerability to cause a denial of service. This issue affected only Ubuntu 16.04 ESM. (CVE-2016-4463) It was discovered that Xerces-C++ mishandles certain kinds of external DTD references, resulting in dereference of a NULL pointer. An attacker could use this vulnerability to cause a denial of service. (CVE-2017-12627) Update Instructions: Run `sudo pro fix USN-4784-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxerces-c-dev - 3.1.3+debian-1ubuntu0.1~esm1 libxerces-c3.1 - 3.1.3+debian-1ubuntu0.1~esm1 libxerces-c-samples - 3.1.3+debian-1ubuntu0.1~esm1 libxerces-c-doc - 3.1.3+debian-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2016-2099 CVE-2016-4463 CVE-2017-12627 Ubuntu 16.04 LTS It was discovered that the npm command-line interface mishandled certain sensitive information. An attacker could use this vulnerability to collect authentication information that could be used to impersonate other users. Update Instructions: Run `sudo pro fix USN-4785-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: npm - 3.5.2-0ubuntu4.1.16.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2016-3956 Ubuntu 16.04 LTS It was discovered that Moment.js mishandled certain regular expressions. An attacker could use this vulnerability to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4786-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: node-moment - 2.11.0+ds-1ubuntu0.1~esm1 libjs-moment - 2.11.0+ds-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2016-4055 CVE-2017-18214 Ubuntu 16.04 LTS It was discovered that jq did not perform sufficient bounds checking, resulting in unbounded resource consumption. An attacker could use this vulnerability to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4787-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: jq - 1.5+dfsg-1ubuntu0.1+esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2016-4074 Ubuntu 16.04 LTS It was discovered that iperf mishandled certain UTF-8 and UTF-16 strings. A remote attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4788-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: iperf3 - 3.0.11-1ubuntu0.1~esm1 libiperf0 - 3.0.11-1ubuntu0.1~esm1 libiperf-dev - 3.0.11-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2016-4303 Ubuntu 16.04 LTS It was discovered that Apache ZooKeeper incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. (CVE-2016-5017) It was discovered that Apache ZooKeeper incorrectly implemented "wchp/wchc" commands. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-5637) It was discovered that Apache Zookeeper incorrectly handled clusters. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 ESM. (CVE-2018-8012) Update Instructions: Run `sudo pro fix USN-4789-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libzookeeper-java - 3.4.8-1ubuntu0.1~esm1 libzookeeper-java-doc - 3.4.8-1ubuntu0.1~esm1 libzookeeper2 - 3.4.8-1ubuntu0.1~esm1 zookeeper - 3.4.8-1ubuntu0.1~esm1 zookeeperd - 3.4.8-1ubuntu0.1~esm1 libzookeeper-st-dev - 3.4.8-1ubuntu0.1~esm1 zookeeper-bin - 3.4.8-1ubuntu0.1~esm1 libzookeeper-mt-dev - 3.4.8-1ubuntu0.1~esm1 libzookeeper-mt2 - 3.4.8-1ubuntu0.1~esm1 libzookeeper-st2 - 3.4.8-1ubuntu0.1~esm1 python-zookeeper - 3.4.8-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2016-5017 CVE-2017-5637 CVE-2018-8012 Ubuntu 16.04 LTS It was discovered that libtorrent incorrectly handled chunked headers. A remote attacker could possibly use this to cause a crash resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4790-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtorrent-rasterbar8 - 1.0.7-1ubuntu0.1~esm1 python3-libtorrent - 1.0.7-1ubuntu0.1~esm1 libtorrent-rasterbar-doc - 1.0.7-1ubuntu0.1~esm1 libtorrent-rasterbar-dev - 1.0.7-1ubuntu0.1~esm1 python-libtorrent - 1.0.7-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2016-5301 Ubuntu 16.04 LTS It was discovered that Apache Tomcat 7 did not protect applications from the presence of untrusted client data in an environment variable. A remote attacker could possible use this vulnerability to redirect the traffic to an arbitrary proxy and obtain sensitive information. (CVE-2016-5388) It was discovered that Apache Tomcat 7 mishandled specially crafted input. An attacker could use this vulnerability to cause a denial of service. (CVE-2018-1336) Update Instructions: Run `sudo pro fix USN-4791-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tomcat7-common - 7.0.68-1ubuntu0.4+esm1 libservlet3.0-java - 7.0.68-1ubuntu0.4+esm1 tomcat7-docs - 7.0.68-1ubuntu0.4+esm1 libservlet3.0-java-doc - 7.0.68-1ubuntu0.4+esm1 tomcat7 - 7.0.68-1ubuntu0.4+esm1 libtomcat7-java - 7.0.68-1ubuntu0.4+esm1 tomcat7-user - 7.0.68-1ubuntu0.4+esm1 tomcat7-admin - 7.0.68-1ubuntu0.4+esm1 tomcat7-examples - 7.0.68-1ubuntu0.4+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2016-5388 CVE-2018-1336 Ubuntu 16.04 LTS It was discovered that FreeIPA incorrectly handled certificates. An attacker could possibly use this issue to cause a denial of service by revoking arbitrary certificates This issue only affected Ubuntu 16.04 ESM. (CVE-2016-5404) It was discovered that FreeIPA incorrectly handled authentication attempts. An attacker could possibly use this issue to cause a denial of service. (CVE-2016-7030) It was discovered that FreeIPA incorrectly handled user's permissions. An authenticated attacker could possibly use this issue to modify other user's profiles or other unspecified impact. This issue only affected Ubuntu 16.04 ESM. (CVE-2016-9575) Update Instructions: Run `sudo pro fix USN-4792-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: freeipa-tests - 4.3.1-0ubuntu1+esm1 freeipa-admintools - 4.3.1-0ubuntu1+esm1 freeipa-server-trust-ad - 4.3.1-0ubuntu1+esm1 python-ipaclient - 4.3.1-0ubuntu1+esm1 freeipa-common - 4.3.1-0ubuntu1+esm1 freeipa-client - 4.3.1-0ubuntu1+esm1 python-ipalib - 4.3.1-0ubuntu1+esm1 freeipa-server - 4.3.1-0ubuntu1+esm1 python-ipaserver - 4.3.1-0ubuntu1+esm1 freeipa-server-dns - 4.3.1-0ubuntu1+esm1 python-ipatests - 4.3.1-0ubuntu1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2016-5404 CVE-2016-7030 CVE-2016-9575 Ubuntu 16.04 LTS It was discovered that collectd mishandled certain malformed packets. A remote attacker could use this vulnerability to cause collectd to crash or possibly execute arbitrary code. (CVE-2016-6254) It was discovered that collectd failed to handle certain input. An attacker could use this vulnerability to cause collectd to crash. (CVE-2017-16820) It was discovered that collectd mishandles certain malformed network packets. A remote attacker could use this vulnerability to cause a Denial of Service or consume system resources. (CVE-2017-7401) Update Instructions: Run `sudo pro fix USN-4793-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcollectdclient1 - 5.5.1-1ubuntu0.1~esm1 collectd - 5.5.1-1ubuntu0.1~esm1 collectd-core - 5.5.1-1ubuntu0.1~esm1 collectd-dev - 5.5.1-1ubuntu0.1~esm1 collectd-utils - 5.5.1-1ubuntu0.1~esm1 libcollectdclient-dev - 5.5.1-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2016-6254 CVE-2017-16820 CVE-2017-7401 Ubuntu 16.04 LTS Matthew Garrett discovered that libupnp mishandled POST requests by default. An attacker could use this vulnerability to write files to arbitrary locations in the victim's filesystem, possibly as root. (CVE-2016-6255) It was discovered that libupnp mishandled certain input. A remote attacker could use this vulnerability to cause a denial of service (crash) or possibly execute arbitrary code. (CVE-2016-8863) Update Instructions: Run `sudo pro fix USN-4794-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libupnp6 - 1:1.6.19+git20160116-1ubuntu0.1~esm1 libupnp6-dev - 1:1.6.19+git20160116-1ubuntu0.1~esm1 libupnp-dev - 1:1.6.19+git20160116-1ubuntu0.1~esm1 libupnp6-doc - 1:1.6.19+git20160116-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2016-6255 CVE-2016-8863 Ubuntu 16.04 LTS It was discovered that Apache Groovy incorrectly handled serialization mechanisms. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4795-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: groovy2-doc - 2.4.5-1ubuntu0.1~esm1 groovy2 - 2.4.5-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2016-6814 Ubuntu 16.04 LTS Alexander Minozhenko and James Bunton discovered that Node.js did not properly handle wildcards in name fields of X.509 TLS certificates. An attacker could use this vulnerability to execute a machine-in-the-middle- attack. This issue only affected Ubuntu 14.04 ESM and 16.04 ESM. (CVE-2016-7099) It was discovered that Node.js incorrectly handled certain NAPTR responses. A remote attacker could possibly use this issue to cause applications using Node.js to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 ESM. (CVE-2017-1000381) Nikita Skovoroda discovered that Node.js mishandled certain input, leading to an out of bounds write. An attacker could use this vulnerability to cause a denial of service (crash) or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 ESM. (CVE-2018-12115) Arkadiy Tetelman discovered that Node.js improperly handled certain malformed HTTP requests. An attacker could use this vulnerability to inject unexpected HTTP requests. This issue only affected Ubuntu 18.04 ESM. (CVE-2018-12116) Jan Maybach discovered that Node.js did not time out if incomplete HTTP/HTTPS headers were received. An attacker could use this vulnerability to cause a denial of service by keeping HTTP/HTTPS connections alive for a long period of time. This issue only affected Ubuntu 18.04 ESM. (CVE-2018-12122) Martin Bajanik discovered that the url.parse() method would return incorrect results if it received specially crafted input. An attacker could use this vulnerability to spoof the hostname and bypass hostname-specific security controls. This issue only affected Ubuntu 18.04 ESM. (CVE-2018-12123) It was discovered that Node.js is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser with network access to the system running the Node.js process. This issue only affected Ubuntu 18.04 ESM. (CVE-2018-7160) It was discovered that the Buffer.fill() and Buffer.alloc() methods improperly handled certain inputs. An attacker could use this vulnerability to cause a denial of service. This issue only affected Ubuntu 18.04 ESM. (CVE-2018-7167) Marco Pracucci discovered that Node.js mishandled HTTP and HTTPS connections. An attacker could use this vulnerability to cause a denial of service. This issue only affected Ubuntu 18.04 ESM. (CVE-2019-5737) Update Instructions: Run `sudo pro fix USN-4796-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nodejs-dev - 4.2.6~dfsg-1ubuntu4.2+esm1 nodejs-legacy - 4.2.6~dfsg-1ubuntu4.2+esm1 nodejs - 4.2.6~dfsg-1ubuntu4.2+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2016-7099 CVE-2017-1000381 CVE-2018-12115 CVE-2018-12116 CVE-2018-12122 CVE-2018-12123 CVE-2018-7160 CVE-2018-7167 CVE-2019-5737 Ubuntu 16.04 LTS It was discovered that LibASS incorrectly handled certain ASS files. A remote attacker could possibly use this issue to cause a denial of service. One of the issues, CVE-2016-7970, only affected Ubuntu 16.04 ESM. (CVE-2016-7969, CVE-2016-7970, CVE-2016-7972) It was discovered that LibASS incorrectly handled parsing operations for specific nested character strings. An attacker could possibly use this issue to cause a denial of service. This issue was only fixed in Ubuntu 16.04 LTS. (CVE-2020-24994) Update Instructions: Run `sudo pro fix USN-4797-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libass-dev - 0.13.1-1ubuntu0.1~esm2 libass5 - 0.13.1-1ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2016-7969 CVE-2016-7970 CVE-2016-7972 CVE-2020-24994 Ubuntu 16.04 LTS It was discovered that libgit2 mishandled certain malformed git objects. A remote attacker could use this vulnerability to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4798-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgit2-24 - 0.24.1-2ubuntu0.2+esm1 libgit2-dev - 0.24.1-2ubuntu0.2+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2016-8568 CVE-2016-8569 Ubuntu 16.04 LTS It was discovered that a buffer overflow in R causes memory corruption. An attacker could possibly use this to cause a denial of service or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4799-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: r-base-html - 3.2.3-4ubuntu0.1~esm3 r-base-core - 3.2.3-4ubuntu0.1~esm3 r-doc-pdf - 3.2.3-4ubuntu0.1~esm3 r-base - 3.2.3-4ubuntu0.1~esm3 r-recommended - 3.2.3-4ubuntu0.1~esm3 r-doc-html - 3.2.3-4ubuntu0.1~esm3 r-doc-info - 3.2.3-4ubuntu0.1~esm3 r-mathlib - 3.2.3-4ubuntu0.1~esm3 r-base-dev - 3.2.3-4ubuntu0.1~esm3 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2016-8714 Ubuntu 16.04 LTS It was discovered that Lynx incorrectly handled certain URLs. A remote attacker could possibly use this issue to obtain sensitive information or other unspecified impact. This issue only affected Ubuntu 16.04 ESM. (CVE-2016-9179) It was discovered that Lynx incorrectly handled certain HTML files. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 ESM. (CVE-2017-1000211) Thorsten Glaser discovered that Lynx mishandles the userinfo subcomponents of a URI. An attacker monitoring the network could discover cleartext credentials because they may appear in SNI data. (CVE-2021-38165) Update Instructions: Run `sudo pro fix USN-4800-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lynx-cur - 2.8.9dev8-4ubuntu1+esm2 lynx-common - 2.8.9dev8-4ubuntu1+esm2 lynx - 2.8.9dev8-4ubuntu1+esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2016-9179 CVE-2017-1000211 CVE-2021-38165 Ubuntu 16.04 LTS It was discovered that ROOT incorrectly handled certain input arguments. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4801-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libroot-misc-table-dev - 5.34.30-0ubuntu8+esm1 libroot-misc-minicern-dev - 5.34.30-0ubuntu8+esm1 libroot-graf2d-postscript5.34 - 5.34.30-0ubuntu8+esm1 root-plugin-sql-odbc - 5.34.30-0ubuntu8+esm1 libroot-net-auth5.34 - 5.34.30-0ubuntu8+esm1 libroot-misc-memstat5.34 - 5.34.30-0ubuntu8+esm1 root-plugin-math-minuit2 - 5.34.30-0ubuntu8+esm1 libroot-core-dev - 5.34.30-0ubuntu8+esm1 libroot-math-foam5.34 - 5.34.30-0ubuntu8+esm1 libroot-tree-treeplayer-dev - 5.34.30-0ubuntu8+esm1 libroot-net5.34 - 5.34.30-0ubuntu8+esm1 libroot-core5.34 - 5.34.30-0ubuntu8+esm1 root-plugin-graf2d-asimage - 5.34.30-0ubuntu8+esm1 root-plugin-hist-spectrumpainter - 5.34.30-0ubuntu8+esm1 libroot-misc-memstat-dev - 5.34.30-0ubuntu8+esm1 libroot-net-auth-dev - 5.34.30-0ubuntu8+esm1 libroot-montecarlo-eg-dev - 5.34.30-0ubuntu8+esm1 root-system-proofd - 5.34.30-0ubuntu8+esm1 libroot-hist-spectrum-dev - 5.34.30-0ubuntu8+esm1 libroot-hist-spectrum5.34 - 5.34.30-0ubuntu8+esm1 libroot-math-mathcore-dev - 5.34.30-0ubuntu8+esm1 libroot-tree-dev - 5.34.30-0ubuntu8+esm1 root-plugin-montecarlo-pythia8 - 5.34.30-0ubuntu8+esm1 libroot-math-mathmore-dev - 5.34.30-0ubuntu8+esm1 root-plugin-gui-qt - 5.34.30-0ubuntu8+esm1 libroot-math-mlp5.34 - 5.34.30-0ubuntu8+esm1 libroot-graf3d-gl-dev - 5.34.30-0ubuntu8+esm1 libroot-net-ldap5.34 - 5.34.30-0ubuntu8+esm1 root-plugin-gui-fitpanel - 5.34.30-0ubuntu8+esm1 libroot-math-mathcore5.34 - 5.34.30-0ubuntu8+esm1 libroot-net-bonjour-dev - 5.34.30-0ubuntu8+esm1 libroot-tree-treeplayer5.34 - 5.34.30-0ubuntu8+esm1 libroot-html-dev - 5.34.30-0ubuntu8+esm1 root-plugin-net-krb5 - 5.34.30-0ubuntu8+esm1 libroot-montecarlo-eg5.34 - 5.34.30-0ubuntu8+esm1 libroot-bindings-ruby-dev - 5.34.30-0ubuntu8+esm1 libroot-proof-proofplayer5.34 - 5.34.30-0ubuntu8+esm1 root-plugin-sql-pgsql - 5.34.30-0ubuntu8+esm1 libroot-montecarlo-vmc5.34 - 5.34.30-0ubuntu8+esm1 libroot-geom-dev - 5.34.30-0ubuntu8+esm1 libroot-hist-dev - 5.34.30-0ubuntu8+esm1 libroot-math-genvector-dev - 5.34.30-0ubuntu8+esm1 libroot-math-mathmore5.34 - 5.34.30-0ubuntu8+esm1 libroot-montecarlo-vmc-dev - 5.34.30-0ubuntu8+esm1 libroot-math-foam-dev - 5.34.30-0ubuntu8+esm1 libroot-math-physics5.34 - 5.34.30-0ubuntu8+esm1 libroot-geom5.34 - 5.34.30-0ubuntu8+esm1 root-plugin-tree-treeviewer - 5.34.30-0ubuntu8+esm1 libroot-io-xmlparser5.34 - 5.34.30-0ubuntu8+esm1 root-plugin-graf3d-x3d - 5.34.30-0ubuntu8+esm1 libroot-graf3d-eve5.34 - 5.34.30-0ubuntu8+esm1 root-plugin-net-globus - 5.34.30-0ubuntu8+esm1 libroot-math-minuit5.34 - 5.34.30-0ubuntu8+esm1 libroot-math-smatrix-dev - 5.34.30-0ubuntu8+esm1 libroot-proof-proofplayer-dev - 5.34.30-0ubuntu8+esm1 libroot-net-ldap-dev - 5.34.30-0ubuntu8+esm1 root-plugin-io-xml - 5.34.30-0ubuntu8+esm1 root-plugin-gui-sessionviewer - 5.34.30-0ubuntu8+esm1 libroot-graf3d-eve-dev - 5.34.30-0ubuntu8+esm1 root-system - 5.34.30-0ubuntu8+esm1 libroot-misc-table5.34 - 5.34.30-0ubuntu8+esm1 root-system-rootd - 5.34.30-0ubuntu8+esm1 root-plugin-graf2d-qt - 5.34.30-0ubuntu8+esm1 libroot-net-dev - 5.34.30-0ubuntu8+esm1 root-plugin-math-fumili - 5.34.30-0ubuntu8+esm1 libroot-roofit-dev - 5.34.30-0ubuntu8+esm1 libroot-gui5.34 - 5.34.30-0ubuntu8+esm1 root-plugin-geom-gdml - 5.34.30-0ubuntu8+esm1 root-plugin-graf2d-x11 - 5.34.30-0ubuntu8+esm1 root-system-common - 5.34.30-0ubuntu8+esm1 libroot-graf2d-graf-dev - 5.34.30-0ubuntu8+esm1 libroot-math-matrix5.34 - 5.34.30-0ubuntu8+esm1 libroot-gui-dev - 5.34.30-0ubuntu8+esm1 libroot-tree5.34 - 5.34.30-0ubuntu8+esm1 root-plugin-geom-geompainter - 5.34.30-0ubuntu8+esm1 libroot-math-mlp-dev - 5.34.30-0ubuntu8+esm1 libroot-bindings-python-dev - 5.34.30-0ubuntu8+esm1 root-plugin-hist-histpainter - 5.34.30-0ubuntu8+esm1 ttf-root-installer - 5.34.30-0ubuntu8+esm1 libroot-roofit5.34 - 5.34.30-0ubuntu8+esm1 libroot-gui-ged5.34 - 5.34.30-0ubuntu8+esm1 root-system-doc - 5.34.30-0ubuntu8+esm1 libroot-graf2d-postscript-dev - 5.34.30-0ubuntu8+esm1 libroot-graf3d-g3d5.34 - 5.34.30-0ubuntu8+esm1 root-plugin-gui-guibuilder - 5.34.30-0ubuntu8+esm1 root-plugin-io-sql - 5.34.30-0ubuntu8+esm1 libroot-math-quadp5.34 - 5.34.30-0ubuntu8+esm1 libroot-tmva5.34 - 5.34.30-0ubuntu8+esm1 libroot-math-genvector5.34 - 5.34.30-0ubuntu8+esm1 libroot-bindings-ruby5.34 - 5.34.30-0ubuntu8+esm1 libroot-bindings-python5.34 - 5.34.30-0ubuntu8+esm1 libroot-gui-ged-dev - 5.34.30-0ubuntu8+esm1 libroot-io-xmlparser-dev - 5.34.30-0ubuntu8+esm1 libroot-graf2d-gpad5.34 - 5.34.30-0ubuntu8+esm1 libroot-graf3d-gl5.34 - 5.34.30-0ubuntu8+esm1 libroot-net-bonjour5.34 - 5.34.30-0ubuntu8+esm1 libroot-html5.34 - 5.34.30-0ubuntu8+esm1 libroot-math-unuran5.34 - 5.34.30-0ubuntu8+esm1 libroot-graf2d-gpad-dev - 5.34.30-0ubuntu8+esm1 root-plugin-sql-mysql - 5.34.30-0ubuntu8+esm1 libroot-math-matrix-dev - 5.34.30-0ubuntu8+esm1 libroot-math-smatrix5.34 - 5.34.30-0ubuntu8+esm1 root-plugin-math-fftw3 - 5.34.30-0ubuntu8+esm1 libroot-graf2d-graf5.34 - 5.34.30-0ubuntu8+esm1 libroot-math-unuran-dev - 5.34.30-0ubuntu8+esm1 libroot-math-physics-dev - 5.34.30-0ubuntu8+esm1 libroot-math-splot5.34 - 5.34.30-0ubuntu8+esm1 root-plugin-hist-hbook - 5.34.30-0ubuntu8+esm1 libroot-math-splot-dev - 5.34.30-0ubuntu8+esm1 libroot-io-dev - 5.34.30-0ubuntu8+esm1 libroot-misc-minicern5.34 - 5.34.30-0ubuntu8+esm1 libroot-proof5.34 - 5.34.30-0ubuntu8+esm1 libroot-graf3d-g3d-dev - 5.34.30-0ubuntu8+esm1 libroot-math-minuit-dev - 5.34.30-0ubuntu8+esm1 libroot-static - 5.34.30-0ubuntu8+esm1 libroot-hist5.34 - 5.34.30-0ubuntu8+esm1 libroot-io5.34 - 5.34.30-0ubuntu8+esm1 libroot-tmva-dev - 5.34.30-0ubuntu8+esm1 libroot-math-quadp-dev - 5.34.30-0ubuntu8+esm1 root-system-bin - 5.34.30-0ubuntu8+esm1 root-plugin-geom-geombuilder - 5.34.30-0ubuntu8+esm1 libroot-proof-dev - 5.34.30-0ubuntu8+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-1000203 Ubuntu 16.04 LTS It was discovered that HTSlib incorrectly handled certain data. An attacker could possibly use this issue to execute arbitrary code. This issue affected only Ubuntu 16.04 ESM. (CVE-2017-1000206) It was discovered that HTSlib incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-13845) Update Instructions: Run `sudo pro fix USN-4802-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libhts-dev - 1.2.1-2ubuntu1+esm1 libhts1 - 1.2.1-2ubuntu1+esm1 htslib-test - 1.2.1-2ubuntu1+esm1 tabix - 1.2.1-2ubuntu1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-1000206 CVE-2018-13845 Ubuntu 16.04 LTS It was discovered that Gifsicle did not properly handle certain input. If a user were tricked into opening a malicious GIF, an attacker could potentially execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4803-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gifsicle - 1.88-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-1000421 CVE-2017-18120 Ubuntu 16.04 LTS It was discovered that Puppet installed modules with world writable permissions. An attacker could use this vulnerability to execute arbitrary code or cause a denial of service. (CVE-2017-10689) It was discovered that Puppet could be used to force YAML deserialization in an unsafe manner. A remote attacker could use this vulnerability for remote code execution. (CVE-2017-2295) Update Instructions: Run `sudo pro fix USN-4804-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: puppetmaster-common - 3.8.5-2ubuntu0.1+esm1 puppetmaster - 3.8.5-2ubuntu0.1+esm1 puppet-testsuite - 3.8.5-2ubuntu0.1+esm1 puppet - 3.8.5-2ubuntu0.1+esm1 puppet-common - 3.8.5-2ubuntu0.1+esm1 puppet-el - 3.8.5-2ubuntu0.1+esm1 puppetmaster-passenger - 3.8.5-2ubuntu0.1+esm1 vim-puppet - 3.8.5-2ubuntu0.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-10689 CVE-2017-2295 Ubuntu 16.04 LTS It was discovered that VLC mishandled certain crafted media files. An attacker could use this vulnerability to cause a denial of service (crash) or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. (CVE-2017-10699) It was discovered that VLC mishandled certain crafted MKV files. An attacker could use this vulnerability to cause a denial of service (crash) or possibly execute arbitrary code. (CVE-2018-11529) Update Instructions: Run `sudo pro fix USN-4805-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vlc-plugin-notify - 2.2.2-5ubuntu0.16.04.5+esm1 vlc-plugin-svg - 2.2.2-5ubuntu0.16.04.5+esm1 libvlc-dev - 2.2.2-5ubuntu0.16.04.5+esm1 libvlccore8 - 2.2.2-5ubuntu0.16.04.5+esm1 vlc - 2.2.2-5ubuntu0.16.04.5+esm1 vlc-data - 2.2.2-5ubuntu0.16.04.5+esm1 vlc-plugin-fluidsynth - 2.2.2-5ubuntu0.16.04.5+esm1 libvlc5 - 2.2.2-5ubuntu0.16.04.5+esm1 vlc-plugin-jack - 2.2.2-5ubuntu0.16.04.5+esm1 vlc-plugin-samba - 2.2.2-5ubuntu0.16.04.5+esm1 vlc-plugin-zvbi - 2.2.2-5ubuntu0.16.04.5+esm1 libvlccore-dev - 2.2.2-5ubuntu0.16.04.5+esm1 vlc-nox - 2.2.2-5ubuntu0.16.04.5+esm1 vlc-plugin-sdl - 2.2.2-5ubuntu0.16.04.5+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-10699 CVE-2018-11529 Ubuntu 16.04 LTS It was discovered that mpg123 failed to handle certain malformed mp3 files. An attacker could use this vulnerability to potentially leak sensitive information or cause a crash. Update Instructions: Run `sudo pro fix USN-4806-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mpg123 - 1.22.4-1ubuntu0.1+esm2 libmpg123-dev - 1.22.4-1ubuntu0.1+esm2 libmpg123-0 - 1.22.4-1ubuntu0.1+esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-12839 CVE-2017-12797 CVE-2017-9545 CVE-2017-11126 Ubuntu 16.04 LTS It was discovered that WildMIDI incorrectly handled certain MID files. A remote attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4807-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: wildmidi - 0.3.8-2ubuntu0.1~esm1 libwildmidi-dev - 0.3.8-2ubuntu0.1~esm1 libwildmidi-config - 0.3.8-2ubuntu0.1~esm1 libwildmidi1 - 0.3.8-2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-11661 CVE-2017-11662 CVE-2017-11663 CVE-2017-11664 Ubuntu 16.04 LTS It was discovered that Tinyproxy created its pid file with insecure permissions. An attacker could use the vulnerability to cause arbitrary processes to be killed, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4808-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tinyproxy - 1.8.3-3ubuntu16.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-11747 Ubuntu 16.04 LTS It was discovered that VideoLAN x265 mishandled certain memory-allocation inputs. An attacker could use this vulnerability to cause a denial of service (crash) Update Instructions: Run `sudo pro fix USN-4809-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: x265 - 1.9-3ubuntu0.1~esm1 libx265-dev - 1.9-3ubuntu0.1~esm1 libx265-doc - 1.9-3ubuntu0.1~esm1 libx265-79 - 1.9-3ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-13135 Ubuntu 16.04 LTS It was discovered that libzip mishandled certain malformed ZIP archives. A remote attacker could use this vulnerability to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4811-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libzip-dev - 1.0.1-0ubuntu1.1~esm1 zipmerge - 1.0.1-0ubuntu1.1~esm1 libzip4 - 1.0.1-0ubuntu1.1~esm1 zipcmp - 1.0.1-0ubuntu1.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Low CVE-2017-14107 Ubuntu 16.04 LTS It was discovered that libbson incorrectly validated input length. An attacker could possibly use this issue to cause a denial of service. This issue affected only Ubuntu 16.04 ESM. (CVE-2017-14227) It was discovered that libbson incorrectly handled certain specially crafted bson buffers. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-16790) Update Instructions: Run `sudo pro fix USN-4812-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libbson-doc - 1.3.1-1ubuntu0.1~esm1 libbson-1.0-0 - 1.3.1-1ubuntu0.1~esm1 libbson-dev - 1.3.1-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-14227 CVE-2018-16790 Ubuntu 16.04 LTS It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to obtain sensitive information. (CVE-2018-11307, CVE-2019-12086, CVE-2019-12814) It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. (CVE-2018-12022, CVE-2018-12023, CVE-2018-14718, CVE-2018-14719, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362, CVE-2019-12384, CVE-2019-14379, CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943, CVE-2019-17267, CVE-2019-17531, CVE-2019-20330, CVE-2020-10672, CVE-2020-10673, CVE-2020-10968, CVE-2020-10969, CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619, CVE-2020-11620, CVE-2020-14060, CVE-2020-14061, CVE-2020-14062, CVE-2020-14195, CVE-2020-8840, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548) It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute XML entity (XXE) attacks. (CVE-2018-14720) It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute server-side request forgery (SSRF). (CVE-2018-14721) Update Instructions: Run `sudo pro fix USN-4813-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjackson2-databind-java - 2.4.2-3ubuntu0.1~esm2 libjackson2-databind-java-doc - 2.4.2-3ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-11307 CVE-2018-12022 CVE-2018-12023 CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2019-12086 CVE-2019-12384 CVE-2019-12814 CVE-2019-14379 CVE-2019-14439 CVE-2019-14540 CVE-2019-16335 CVE-2019-16942 CVE-2019-16943 CVE-2019-17267 CVE-2019-17531 CVE-2019-20330 CVE-2020-10672 CVE-2020-10673 CVE-2020-10968 CVE-2020-10969 CVE-2020-11111 CVE-2020-11112 CVE-2020-11113 CVE-2020-11619 CVE-2020-11620 CVE-2020-14060 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195 CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 Ubuntu 16.04 LTS Richard Mudgett discovered that Asterisk did not properly check the length of input string when setting the user field for PartyB on a CDR. A remote attacker could use this vulnerability to cause a denial of service (crash) or potentially execute arbitrary code. (CVE-2017-16671) Alex Villacis Lasso discovered that Asterisk did not properly check the length of input string when setting the user field for PartyA on a CDR. A remote attacker could use this vulnerability to cause a denial of service (crash) or potentially execute arbitrary code. (CVE-2017-7617) Update Instructions: Run `sudo pro fix USN-4814-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: asterisk-doc - 1:13.1.0~dfsg-1.1ubuntu4.1+esm1 asterisk-ooh323 - 1:13.1.0~dfsg-1.1ubuntu4.1+esm1 asterisk-vpb - 1:13.1.0~dfsg-1.1ubuntu4.1+esm1 asterisk-config - 1:13.1.0~dfsg-1.1ubuntu4.1+esm1 asterisk-voicemail-imapstorage - 1:13.1.0~dfsg-1.1ubuntu4.1+esm1 asterisk-dev - 1:13.1.0~dfsg-1.1ubuntu4.1+esm1 asterisk - 1:13.1.0~dfsg-1.1ubuntu4.1+esm1 asterisk-dahdi - 1:13.1.0~dfsg-1.1ubuntu4.1+esm1 asterisk-mp3 - 1:13.1.0~dfsg-1.1ubuntu4.1+esm1 asterisk-voicemail - 1:13.1.0~dfsg-1.1ubuntu4.1+esm1 asterisk-mobile - 1:13.1.0~dfsg-1.1ubuntu4.1+esm1 asterisk-mysql - 1:13.1.0~dfsg-1.1ubuntu4.1+esm1 asterisk-modules - 1:13.1.0~dfsg-1.1ubuntu4.1+esm1 asterisk-voicemail-odbcstorage - 1:13.1.0~dfsg-1.1ubuntu4.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2017-16671 CVE-2017-7617 Ubuntu 16.04 LTS It was discovered that xrdp did not properly validate certain input in the session manager. A local attacker could possibly use this issue to cause a denial of service or other unspecified impact. (CVE-2017-16927) It was discovered that xrdp did not properly initialize PAM session modules. A remote attacker could possibly use this issue to escalate privileges. (CVE-2017-6967) Update Instructions: Run `sudo pro fix USN-4815-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xrdp - 0.6.1-2ubuntu0.3+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-16927 CVE-2017-6967 Ubuntu 16.04 LTS It was discovered that game-music-emu mishandled certain crafted input. A remote attacker could use this vulnerability to cause game-music-emu to crash. Update Instructions: Run `sudo pro fix USN-4816-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgme0 - 0.6.0-3ubuntu0.16.04.1+esm1 libgme-dev - 0.6.0-3ubuntu0.16.04.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-17446 Ubuntu 16.04 LTS It was discovered that HDF5 incorrectly handled certain hdf5 files. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4817-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libhdf5-doc - 1.8.16+docs-4ubuntu1.1+esm1 libhdf5-10 - 1.8.16+docs-4ubuntu1.1+esm1 libhdf5-dev - 1.8.16+docs-4ubuntu1.1+esm1 libhdf5-cpp-11 - 1.8.16+docs-4ubuntu1.1+esm1 hdf5-helpers - 1.8.16+docs-4ubuntu1.1+esm1 libhdf5-openmpi-dev - 1.8.16+docs-4ubuntu1.1+esm1 libhdf5-openmpi-10 - 1.8.16+docs-4ubuntu1.1+esm1 libhdf5-mpich-10 - 1.8.16+docs-4ubuntu1.1+esm1 libhdf5-mpich-dev - 1.8.16+docs-4ubuntu1.1+esm1 libhdf5-mpi-dev - 1.8.16+docs-4ubuntu1.1+esm1 libhdf5-serial-dev - 1.8.16+docs-4ubuntu1.1+esm1 hdf5-tools - 1.8.16+docs-4ubuntu1.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-17505 CVE-2017-17506 CVE-2017-17508 Ubuntu 16.04 LTS It was discovered that OpenCV did not properly manage certain objects, leading to a divide-by-zero. If a user were tricked into loading a specially crafted file, a remote attacker could potentially use this issue to cause a denial of service or possibly execute arbitrary code. (CVE-2019-15939) It was discovered that OpenCV did not properly manage certain files, leading to an out of bounds read. If a user were tricked into loading a specially crafted file, a remote attacker could potentially use this issue to make OpenCV crash, resulting in a denial of service. This issue was only fixed in Ubuntu 18.04 ESM. (CVE-2019-14491, CVE-2019-14492) It was discovered that OpenCV did not properly manage certain XML data, leading to a NULL pointer dereference. If a user were tricked into loading a specially crafted file, a remote attacker could potentially use this issue to make OpenCV crash, resulting in a denial of service. This issue was only fixed in Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2019-14493) It was discovered that OpenCV did not properly manage certain files, leading to a heap-based buffer overflow. If a user were tricked into loading a specially crafted file, a remote attacker could potentially use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 ESM. (CVE-2017-18009) Update Instructions: Run `sudo pro fix USN-4818-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libopencv-ocl-dev - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv-ml2.4v5 - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv-features2d-dev - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv-photo-dev - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libcv-dev - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv-flann-dev - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv-contrib2.4v5 - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv-flann2.4v5 - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv-ts-dev - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv-gpu-dev - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv-ml-dev - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv-highgui2.4v5 - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libcvaux-dev - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv-videostab-dev - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv-objdetect-dev - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libcvaux2.4 - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv-ocl2.4v5 - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv-stitching-dev - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv-imgproc-dev - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv-photo2.4v5 - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 python-opencv - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv-objdetect2.4v5 - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 opencv-doc - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv-calib3d-dev - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv-superres2.4v5 - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libhighgui2.4 - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv-video2.4v5 - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv-features2d2.4v5 - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv-videostab2.4v5 - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv-ts2.4v5 - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 opencv-data - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv-legacy2.4v5 - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv-dev - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv-gpu2.4v5 - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv-core2.4v5 - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv-contrib-dev - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libcv2.4 - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv-video-dev - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv2.4-jni - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv2.4-java - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv-highgui-dev - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv-imgproc2.4v5 - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv-stitching2.4v5 - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv-calib3d2.4v5 - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libhighgui-dev - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv-core-dev - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv-superres-dev - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 libopencv-legacy-dev - 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-15939 CVE-2019-14491 CVE-2017-18009 CVE-2019-14492 CVE-2019-14493 Ubuntu 16.04 LTS It was discovered that Leptonica incorrectly handled path names. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 ESM. (CVE-2017-18196) It was discovered that Leptonica incorrectly handled certain input arguments. An attacker could possibly use this issue to execute arbitrary commands. (CVE-2018-3836) It was discovered that Leptonica incorrectly handled input arguments. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. (CVE-2018-7186) Update Instructions: Run `sudo pro fix USN-4819-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: leptonica-progs - 1.73-1ubuntu0.1~esm1 libleptonica-dev - 1.73-1ubuntu0.1~esm1 liblept5 - 1.73-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-18196 CVE-2018-3836 CVE-2018-7186 Ubuntu 16.04 LTS It was discovered that S-nail incorrectly handled paths. An attacker could possible use this issue to write arbitrary files and escalate privileges. Update Instructions: Run `sudo pro fix USN-4820-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: heirloom-mailx - 14.8.6-1ubuntu0.1~esm1 s-nail - 14.8.6-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2017-5899 Ubuntu 16.04 LTS It was discovered that openpyxl incorrectly handled certain documents. A remote attacker could possibly use this issue to cause a denial of service or other unspecified impact. Update Instructions: Run `sudo pro fix USN-4821-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-openpyxl - 2.3.0-1ubuntu0.1~esm1 python3-openpyxl - 2.3.0-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-5992 Ubuntu 16.04 LTS It was discovered that Firebird exposed certain UDF libraries. An authenticated attacker could use this vulnerability to cause a denial of service (crash) or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4822-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firebird2.5-doc - 2.5.4.26856.ds4-1ubuntu0.1~esm1 libfbclient2 - 2.5.4.26856.ds4-1ubuntu0.1~esm1 firebird2.5-classic-common - 2.5.4.26856.ds4-1ubuntu0.1~esm1 libfbembed2.5 - 2.5.4.26856.ds4-1ubuntu0.1~esm1 firebird2.5-server-common - 2.5.4.26856.ds4-1ubuntu0.1~esm1 firebird2.5-common - 2.5.4.26856.ds4-1ubuntu0.1~esm1 firebird2.5-classic - 2.5.4.26856.ds4-1ubuntu0.1~esm1 firebird2.5-common-doc - 2.5.4.26856.ds4-1ubuntu0.1~esm1 firebird2.5-superclassic - 2.5.4.26856.ds4-1ubuntu0.1~esm1 libib-util - 2.5.4.26856.ds4-1ubuntu0.1~esm1 firebird-dev - 2.5.4.26856.ds4-1ubuntu0.1~esm1 firebird2.5-examples - 2.5.4.26856.ds4-1ubuntu0.1~esm1 firebird2.5-super - 2.5.4.26856.ds4-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-6369 Ubuntu 16.04 LTS It was discovered that Mosquitto incorrectly handled certain inputs. A remote attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4823-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mosquitto-dev - 1.4.8-1ubuntu0.16.04.7+esm1 libmosquitto-dev - 1.4.8-1ubuntu0.16.04.7+esm1 libmosquitto1 - 1.4.8-1ubuntu0.16.04.7+esm1 mosquitto - 1.4.8-1ubuntu0.16.04.7+esm1 libmosquittopp1 - 1.4.8-1ubuntu0.16.04.7+esm1 libmosquittopp-dev - 1.4.8-1ubuntu0.16.04.7+esm1 mosquitto-clients - 1.4.8-1ubuntu0.16.04.7+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-7655 Ubuntu 16.04 LTS It was discovered that Varnish incorrectly handled certain inputs. A remote attacker could possibly use this issue to obtain sensitive information. Update Instructions: Run `sudo pro fix USN-4824-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: varnish - 4.1.1-1ubuntu0.2+esm1 varnish-doc - 4.1.1-1ubuntu0.2+esm1 libvarnishapi-dev - 4.1.1-1ubuntu0.2+esm1 libvarnishapi1 - 4.1.1-1ubuntu0.2+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Low CVE-2017-8807 Ubuntu 16.04 LTS USN-3356-1 fix a vulnerability in Expat. This update provides the corresponding update for Coin3D for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Update Instructions: Run `sudo pro fix USN-4825-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcoin80-runtime - 3.1.4~abc9f50+dfsg1-1ubuntu0.1~esm1 libcoin80-dev - 3.1.4~abc9f50+dfsg1-1ubuntu0.1~esm1 libcoin80-doc - 3.1.4~abc9f50+dfsg1-1ubuntu0.1~esm1 libcoin80v5 - 3.1.4~abc9f50+dfsg1-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-9233 Ubuntu 16.04 LTS It was discovered that SoundTouch incorrectly handled certain WAV files. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM. (CVE-2017-9258, CVE-2017-9259, CVE-2017-9260) It was discovered that SoundTouch incorrectly handled ccertain WAV files. A remote attacker could possibly use this issue to cause arbitrary code execution. (CVE-2018-1000223) It was discovered that SoundTouch incorrectly handled certain inputs. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2018-17096) It was discovered that SoundTouch incorrectly handled certain WAV files. A remote attacker could possibly use this issue to cause a denial of service or other unspecified impact. (CVE-2018-17097, CVE-2018-17098) Update Instructions: Run `sudo pro fix USN-4826-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsoundtouch-dev - 1.9.2-2+deb9u1ubuntu0.1~esm1 soundstretch - 1.9.2-2+deb9u1ubuntu0.1~esm1 libsoundtouch1 - 1.9.2-2+deb9u1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-9258 CVE-2017-9259 CVE-2017-9260 CVE-2018-1000223 CVE-2018-17096 CVE-2018-17097 CVE-2018-17098 Ubuntu 16.04 LTS It was discovered that Crypto++ mishandled certain input. An attacker could use this vulnerability to leak potentially sensitive information. Update Instructions: Run `sudo pro fix USN-4827-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcrypto++9v5 - 5.6.1-9ubuntu0.1+esm1 libcrypto++-dev - 5.6.1-9ubuntu0.1+esm1 libcrypto++-doc - 5.6.1-9ubuntu0.1+esm1 libcrypto++-utils - 5.6.1-9ubuntu0.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Low CVE-2017-9434 Ubuntu 16.04 LTS It was discovered that librelp did not properly manage x509 certificates, leading to a stack-based buffer overflow. A remote attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4828-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: librelp0 - 1.2.9-1ubuntu0.1~esm1 librelp-dev - 1.2.9-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-1000140 Ubuntu 16.04 LTS Marcus Brinkmann discovered that python-gnupg improperly handled certain command line parameters. A remote attacker could use this to spoof the output of python-gnupg and cause unsigned e-mail to appear signed. (CVE-2018-12020) It was discovered that python-gnupg incorrectly handled the GPG passphrase. A remote attacker could send a specially crafted passphrase that would allow them to control the output of encryption and decryption operations. (CVE-2019-6690) Update Instructions: Run `sudo pro fix USN-4839-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-gnupg - 0.3.8-2ubuntu0.1~esm1 python-gnupg - 0.3.8-2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-12020 CVE-2019-6690 Ubuntu 16.04 LTS It was discovered that ntopng did not properly seed its random number generator, leading to predictable session tokens. An attacker could use this vulnerability to hijack a user's session. Update Instructions: Run `sudo pro fix USN-4842-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ntopng - 2.2+dfsg1-1ubuntu0.1~esm2 ntopng-data - 2.2+dfsg1-1ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2018-12520 Ubuntu 16.04 LTS Javier Nieto and Andres Rojas discovered that phpMyAdmin incorrectly managed input in the form of passwords. An attacker could use this vulnerability to cause a denial-of-service (DoS). This issue only affected Ubuntu 14.04 ESM. (CVE-2014-9218) Emanuel Bronshtein discovered that phpMyAdmin failed to properly sanitize input in the form of database names in the PHP Array export feature. An authenticated attacker could use this vulnerability to run arbitrary PHP commands. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2016-6609) Emanuel Bronshtein discovered that phpMyAdmin failed to properly sanitize input. An attacker could use this vulnerability to execute SQL injection attacks. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2016-6619) Emanuel Bronshtein discovered that phpMyadmin failed to properly sanitize input. An authenticated attacker could use this vulnerability to cause a denial-of-service (DoS). This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2016-6630) Emanuel Bronshtein discovered that phpMyAdmin failed to properly sanitize input. An attacker could use this vulnerability to bypass AllowRoot restrictions and deny rules for usernames. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2016-9849) Emanuel Bronshtein discovered that phpMyAdmin would allow sensitive information to be leaked when the argument separator in a URL was not the default & value. An attacker could use this vulnerability to obtain the CSRF token of a user. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2016-9866) Isaac Bennetch discovered that phpMyAdmin was incorrectly restricting user access due to the behavior of the substr function on some PHP versions. An attacker could use this vulnerability to bypass login restrictions established for users that have no password set. This issue only affected Ubuntu 14.04 ESM. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2017-18264) Emanuel Bronshtein discovered that phpMyAdmin failed to properly sanitize input in the form of parameters sent during a table editing operation. An attacker could use this vulnerability to trigger an endless recursion and cause a denial-of-service (DoS). This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2017-1000014) Emanuel Bronshtein discovered that phpMyAdmin failed to properly sanitize input used to generate a web page. An authenticated attacker could use this vulnerability to execute CSS injection attacks. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2017-1000015) It was discovered that phpMyAdmin incorrectly handled certain input. An attacker could use this vulnerability to execute a cross-site scripting (XSS) attack via a crafted URL. This issue only affected Ubuntu 16.04 ESM. (CVE-2018-7260) It was discovered phpMyAdmin incorrectly handled database names. An attacker could possibly use this to trigger a cross-site scripting attack. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-12581) Daniel Le Gall discovered that phpMyAdmin would expose sensitive information to unauthorized actors due to an error in its transformation feature. An authenticated attacker could use this vulnerability to leak the contents of a local file. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2018-19968) It was discovered that phpMyAdmin incorrectly handled user input. An attacker could possibly use this to perform a cross-site scripting attack. This issue only affected Ubuntu 16.04 ESM. (CVE-2018-19970) It was discovered that phpMyAdmin failed to properly sanitize input. An attacker could use this vulnerability to execute an SQL injection attack via a specially crafted database name. This issue only affected Ubuntu 16.04 ESM. (CVE-2019-11768) It was discovered that phpMyAdmin incorrectly handled some requests. An attacker could possibly use this to perform a cross site request forgery attack. This issue only affected Ubuntu 16.04 ESM. (CVE-2019-12616) It was discovered that phpMyAdmin incorrectly handled some requests. An attacker could possibly use this to perform a cross site request forgery attack. This issue only affected Ubuntu 14.04 ESM and Ubuntu 18.04 ESM. (CVE-2019-12922) It was discovered that phpMyAdmin failed to properly sanitize input. An attacker could use this vulnerability to execute an SQL injection attack via a specially crafted username. This issue only affected Ubuntu 16.04 ESM. (CVE-2019-6798) It was discovered that phpMyAdmin did not properly sanitize certain input. An attacker could use this vulnerability to possibly execute an HTML injection or a cross-site scripting (XSS) attack. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2019-19617) CSW Research Labs discovered that phpMyAdmin failed to properly sanitize input. An attacker could use this vulnerability to execute SQL injection attacks. This issue only affected Ubuntu 16.04 ESM. (CVE-2020-5504) Giwan Go and Yelang Lee discovered that phpMyAdmin was vulnerable to an XSS attack in the transformation feature. If a victim were to click on a crafted link, an attacker could run malicious JavaScript on the victim's system. This issue only affected Ubuntu 20.04 ESM. (CVE-2020-26934) Andre Sá discovered that phpMyAdmin incorrectly handled certain SQL statements in the search feature. A remote, authenticated attacker could use this to inject malicious SQL into a query. This issue only affected Ubuntu 20.04 ESM. (CVE-2020-26935) Update Instructions: Run `sudo pro fix USN-4843-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: phpmyadmin - 4:4.5.4.1-2ubuntu2.1+esm6 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2014-9218 CVE-2016-6609 CVE-2016-6619 CVE-2016-6630 CVE-2016-9849 CVE-2016-9866 CVE-2017-18264 CVE-2017-1000014 CVE-2017-1000015 CVE-2018-7260 CVE-2018-12581 CVE-2018-19968 CVE-2018-19970 CVE-2019-6798 CVE-2019-11768 CVE-2019-12616 CVE-2019-12922 CVE-2019-19617 CVE-2020-5504 CVE-2020-26934 CVE-2020-26935 Ubuntu 16.04 LTS Matthias Gerstner discovered that the cinnamon-settings-users utility in Cinnamon did not safely handle symlinks. An unprivileged attacker could potentially use this vulnerability to overwrite arbitrary files as root. Update Instructions: Run `sudo pro fix USN-4844-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cinnamon-common - 2.8.6-1ubuntu1+esm1 cinnamon-doc - 2.8.6-1ubuntu1+esm1 cinnamon - 2.8.6-1ubuntu1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2018-13054 Ubuntu 16.04 LTS It was discovered that libcgroup incorrectly handled log file permissions. An attacker could possibly use this issue to obtain sensitive information. Update Instructions: Run `sudo pro fix USN-4845-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcgroup-dev - 0.41-7ubuntu1+esm1 libpam-cgroup - 0.41-7ubuntu1+esm1 libcgroup1 - 0.41-7ubuntu1+esm1 cgroup-tools - 0.41-7ubuntu1+esm1 cgroup-bin - 0.41-7ubuntu1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-14348 Ubuntu 16.04 LTS It was discovered that libykpiv, a supporting library of the Yubico PIV tool and YubiKey PIV Manager, mishandled specially crafted input. An attacker with a custom-made, malicious USB device could potentially execute arbitrary code on a computer running the Yubico PIV Tool or Yubikey PIV Manager. Update Instructions: Run `sudo pro fix USN-4846-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libykpiv1 - 1.0.3-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2018-14779 CVE-2018-14780 Ubuntu 16.04 LTS It was discovered that ACME mini_httpd did not properly handle HTTP GET requests with empty headers. A remote attacker could use this vulnerability to read arbitrary files. Update Instructions: Run `sudo pro fix USN-4848-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mini-httpd - 1.23-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2018-18778 Ubuntu 16.04 LTS It was discovered that Libsolv incorrectly handled certain malformed input. An attacker could use this issue to cause Libsolv to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4851-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-solv - 0.6.11-1.1ubuntu0.1~esm1 libsolvext0-dev - 0.6.11-1.1ubuntu0.1~esm1 libsolvext0 - 0.6.11-1.1ubuntu0.1~esm1 libsolv-doc - 0.6.11-1.1ubuntu0.1~esm1 libsolv-tools - 0.6.11-1.1ubuntu0.1~esm1 python-solv - 0.6.11-1.1ubuntu0.1~esm1 libsolv-perl - 0.6.11-1.1ubuntu0.1~esm1 libsolv0 - 0.6.11-1.1ubuntu0.1~esm1 libsolv0-dev - 0.6.11-1.1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 Ubuntu 16.04 LTS It was discovered that VTK incorrectly handled certain XML files in the embedded Expat library. An attacker could possibly use this issue to cause a denial of service or expose sensitive information. Update Instructions: Run `sudo pro fix USN-4852-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvtk5.10 - 5.10.1+dfsg-2.1ubuntu0.1~esm1 libvtk5-qt4-dev - 5.10.1+dfsg-2.1ubuntu0.1~esm1 libvtk5-dev - 5.10.1+dfsg-2.1ubuntu0.1~esm1 vtk-examples - 5.10.1+dfsg-2.1ubuntu0.1~esm1 libvtk-java - 5.10.1+dfsg-2.1ubuntu0.1~esm1 python-vtk - 5.10.1+dfsg-2.1ubuntu0.1~esm1 libvtk5.10-qt4 - 5.10.1+dfsg-2.1ubuntu0.1~esm1 vtk-doc - 5.10.1+dfsg-2.1ubuntu0.1~esm1 tcl-vtk - 5.10.1+dfsg-2.1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-20843 CVE-2019-15903 Ubuntu 16.04 LTS It was discovered that liveMedia incorrectly handled certain network packets. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-4013) It was discovered that liveMedia incorrectly handled certain network sessions. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-6256) It was discovered that liveMedia incorrectly handled certain RTSP streamings. An attacker could possiby use this issue to cause a denial of service or other unspecified impact. (CVE-2019-7314) It was discovered that liveMedia incorrectly handled certain requests. An attacker could possibly use this issue to obtain sensitive information. (CVE-2019-9215) Update Instructions: Run `sudo pro fix USN-4853-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgroupsock8 - 2016.02.09-1ubuntu0.1~esm1 liblivemedia-dev - 2016.02.09-1ubuntu0.1~esm1 libusageenvironment3 - 2016.02.09-1ubuntu0.1~esm1 livemedia-utils - 2016.02.09-1ubuntu0.1~esm1 libbasicusageenvironment1 - 2016.02.09-1ubuntu0.1~esm1 liblivemedia50 - 2016.02.09-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-4013 CVE-2019-6256 CVE-2019-7314 CVE-2019-9215 Ubuntu 16.04 LTS It was discovered that IPython did not properly sanitize certain input. If a user were tricked into opening a specially crafted notebook file, a remote attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4855-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ipython3-notebook - 2.4.1-1ubuntu0.1~esm2 ipython3 - 2.4.1-1ubuntu0.1~esm2 ipython-notebook-common - 2.4.1-1ubuntu0.1~esm2 ipython-doc - 2.4.1-1ubuntu0.1~esm2 ipython - 2.4.1-1ubuntu0.1~esm2 ipython3-qtconsole - 2.4.1-1ubuntu0.1~esm2 ipython-notebook - 2.4.1-1ubuntu0.1~esm2 ipython-qtconsole - 2.4.1-1ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-8768 Ubuntu 16.04 LTS It was discovered that Burrows-Wheeler Aligner (BWA) mishandled certain crafted .alt files. An attacker could use this vulnerability to cause a denial of service (crash) or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4857-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bwa - 0.7.12-5ubuntu0.1~esm1 libbwa-dev - 0.7.12-5ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-10269 Ubuntu 16.04 LTS It was discovered that MediaInfoLib contained multiple security issues when handling certain multimedia files. If a user were tricked into opening a crafted multimedia file, an attacker could cause MediaInfoLib to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4859-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-mediainfodll - 0.7.82-1ubuntu0.1~esm1 libmediainfo-dev - 0.7.82-1ubuntu0.1~esm1 python3-mediainfodll - 0.7.82-1ubuntu0.1~esm1 libmediainfo0v5 - 0.7.82-1ubuntu0.1~esm1 libmediainfo-doc - 0.7.82-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-11372 CVE-2019-11373 Ubuntu 16.04 LTS Zack Flack discovered that Monit incorrectly handled certain input. A remote authenticated user could exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2019-11454) Zack Flack discovered a buffer overread when Monit decoded certain crafted URLs. An attacker could exploit this to potentially leak sensitive information. (CVE-2019-11455) Update Instructions: Run `sudo pro fix USN-4860-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: monit - 1:5.16-2ubuntu0.2+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-11454 CVE-2019-11455 Ubuntu 16.04 LTS It was discovered that fstream incorrectly handled certain crafted tarballs. An attacker could use this vulnerability to write arbitrary files to the filesystem. Update Instructions: Run `sudo pro fix USN-4863-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: node-fstream - 0.1.24-1ubuntu0.16.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Low CVE-2019-13173 Ubuntu 16.04 LTS It was discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount over the /proc directory and escalate privileges. (CVE-2019-16884) Etienne Champetier discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount the host filesystem into the container and escalate privileges. (CVE-2021-30465) Update Instructions: Run `sudo pro fix USN-4867-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: golang-github-opencontainers-runc-dev - 1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4+esm2 runc - 1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4+esm2 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2019-16884 CVE-2021-30465 Ubuntu 16.04 LTS It was discovered that LibTomCrypt incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or read sensitive information. Update Instructions: Run `sudo pro fix USN-4868-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtomcrypt-dev - 1.17-7ubuntu0.1+esm1 libtomcrypt0 - 1.17-7ubuntu0.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-17362 Ubuntu 16.04 LTS It was discovered that aria2 could accidentally leak authentication data. An attacker could possibly use this to gain access to sensitive information. Update Instructions: Run `sudo pro fix USN-4869-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: aria2 - 1.19.0-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-3500 Ubuntu 16.04 LTS It was discovered that Apache Ant created temporary files with insecure permissions. An attacker could use this vulnerability to read sensitive information leaked into /tmp, or potentially inject malicious code into a project that is built with Apache Ant. Update Instructions: Run `sudo pro fix USN-4874-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ant - 1.9.6-1ubuntu1.1+esm1 ant-doc - 1.9.6-1ubuntu1.1+esm1 ant-gcj - 1.9.6-1ubuntu1.1+esm1 ant-optional - 1.9.6-1ubuntu1.1+esm1 ant-optional-gcj - 1.9.6-1ubuntu1.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-1945 Ubuntu 16.04 LTS It was discovered that OpenSMTPD incorrectly verified the sender's or receiver's e-mail addresses under certain conditions. An attacker could possibly use this vulnerability to execute arbitrary commands as root. (CVE-2020-7247) It was discovered that OpenSMTPD did not properly handle hardlinks under certain conditions. An unprivileged local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 ESM. (CVE-2020-8793) It was discovered that OpenSMTPD mishandled certain input. A remote, unauthenticated attacker could possibly use this vulnerability to execute arbitrary shell commands as any non-root user. This issue only affected Ubuntu 16.04 ESM. (CVE-2020-8794) Update Instructions: Run `sudo pro fix USN-4875-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: opensmtpd - 5.7.3p2-1ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2020-7247 CVE-2020-8793 CVE-2020-8794 Ubuntu 16.04 LTS Olivier Benjamin and Pawel Wieczorkiewicz discovered a race condition the Xen paravirt block backend in the Linux kernel, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service in the host OS. (CVE-2020-29569) It was discovered that the Marvell WiFi-Ex device driver in the Linux kernel did not properly validate ad-hoc SSIDs. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-36158) 吴异 discovered that the NFS implementation in the Linux kernel did not properly prevent access outside of an NFS export that is a subdirectory of a file system. An attacker could possibly use this to bypass NFS access restrictions. (CVE-2021-3178) Update Instructions: Run `sudo pro fix USN-4876-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1089-kvm - 4.4.0-1089.98 No subscription required linux-image-4.4.0-1123-aws - 4.4.0-1123.137 No subscription required linux-image-4.4.0-1147-raspi2 - 4.4.0-1147.157 No subscription required linux-image-4.4.0-1151-snapdragon - 4.4.0-1151.161 No subscription required linux-image-4.4.0-204-lowlatency - 4.4.0-204.236 linux-image-4.4.0-204-generic - 4.4.0-204.236 linux-image-4.4.0-204-powerpc-smp - 4.4.0-204.236 linux-image-4.4.0-204-powerpc64-smp - 4.4.0-204.236 linux-image-4.4.0-204-generic-lpae - 4.4.0-204.236 linux-image-4.4.0-204-powerpc64-emb - 4.4.0-204.236 linux-image-4.4.0-204-powerpc-e500mc - 4.4.0-204.236 No subscription required linux-image-kvm - 4.4.0.1089.87 No subscription required linux-image-aws - 4.4.0.1123.128 No subscription required linux-image-raspi2 - 4.4.0.1147.147 No subscription required linux-image-snapdragon - 4.4.0.1151.143 No subscription required linux-image-generic-lts-wily - 4.4.0.204.210 linux-image-powerpc64-emb-lts-vivid - 4.4.0.204.210 linux-image-powerpc-e500mc - 4.4.0.204.210 linux-image-generic-lpae-lts-xenial - 4.4.0.204.210 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.204.210 linux-image-generic-lpae-lts-utopic - 4.4.0.204.210 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.204.210 linux-image-generic-lts-utopic - 4.4.0.204.210 linux-image-powerpc-e500mc-lts-wily - 4.4.0.204.210 linux-image-generic-lts-vivid - 4.4.0.204.210 linux-image-generic-lpae-lts-wily - 4.4.0.204.210 linux-image-virtual-lts-vivid - 4.4.0.204.210 linux-image-virtual-lts-utopic - 4.4.0.204.210 linux-image-lowlatency-lts-vivid - 4.4.0.204.210 linux-image-powerpc64-smp-lts-utopic - 4.4.0.204.210 linux-image-virtual - 4.4.0.204.210 linux-image-powerpc-smp-lts-xenial - 4.4.0.204.210 linux-image-powerpc64-smp-lts-vivid - 4.4.0.204.210 linux-image-powerpc64-emb-lts-wily - 4.4.0.204.210 linux-image-lowlatency-lts-wily - 4.4.0.204.210 linux-image-generic - 4.4.0.204.210 linux-image-lowlatency-lts-xenial - 4.4.0.204.210 linux-image-powerpc64-smp-lts-xenial - 4.4.0.204.210 linux-image-powerpc64-emb-lts-utopic - 4.4.0.204.210 linux-image-generic-lts-xenial - 4.4.0.204.210 linux-image-virtual-lts-wily - 4.4.0.204.210 linux-image-powerpc-smp - 4.4.0.204.210 linux-image-generic-lpae-lts-vivid - 4.4.0.204.210 linux-image-generic-lpae - 4.4.0.204.210 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.204.210 linux-image-powerpc64-smp-lts-wily - 4.4.0.204.210 linux-image-powerpc64-emb - 4.4.0.204.210 linux-image-powerpc64-emb-lts-xenial - 4.4.0.204.210 linux-image-powerpc-smp-lts-wily - 4.4.0.204.210 linux-image-powerpc64-smp - 4.4.0.204.210 linux-image-lowlatency-lts-utopic - 4.4.0.204.210 linux-image-powerpc-smp-lts-vivid - 4.4.0.204.210 linux-image-lowlatency - 4.4.0.204.210 linux-image-virtual-lts-xenial - 4.4.0.204.210 linux-image-powerpc-smp-lts-utopic - 4.4.0.204.210 No subscription required Medium CVE-2020-29569 CVE-2020-36158 CVE-2021-3178 Ubuntu 16.04 LTS It was discovered that the Marvell WiFi-Ex device driver in the Linux kernel did not properly validate ad-hoc SSIDs. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-36158) 吴异 discovered that the NFS implementation in the Linux kernel did not properly prevent access outside of an NFS export that is a subdirectory of a file system. An attacker could possibly use this to bypass NFS access restrictions. (CVE-2021-3178) Update Instructions: Run `sudo pro fix USN-4877-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1066-oracle - 4.15.0-1066.74~16.04.1 No subscription required linux-image-4.15.0-1094-gcp - 4.15.0-1094.107~16.04.1 No subscription required linux-image-4.15.0-1095-aws - 4.15.0-1095.102~16.04.1 No subscription required linux-image-4.15.0-1109-azure - 4.15.0-1109.121~16.04.1 No subscription required linux-image-4.15.0-137-lowlatency - 4.15.0-137.141~16.04.1 linux-image-4.15.0-137-generic - 4.15.0-137.141~16.04.1 linux-image-4.15.0-137-generic-lpae - 4.15.0-137.141~16.04.1 No subscription required linux-image-oracle - 4.15.0.1066.54 No subscription required linux-image-gke - 4.15.0.1094.95 linux-image-gcp - 4.15.0.1094.95 No subscription required linux-image-aws-hwe - 4.15.0.1095.88 No subscription required linux-image-azure-edge - 4.15.0.1109.100 linux-image-azure - 4.15.0.1109.100 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.137.133 linux-image-lowlatency-hwe-16.04 - 4.15.0.137.133 linux-image-generic-hwe-16.04-edge - 4.15.0.137.133 linux-image-generic-lpae-hwe-16.04 - 4.15.0.137.133 linux-image-virtual-hwe-16.04 - 4.15.0.137.133 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.137.133 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.137.133 linux-image-oem - 4.15.0.137.133 linux-image-generic-hwe-16.04 - 4.15.0.137.133 No subscription required Medium CVE-2020-36158 CVE-2021-3178 Ubuntu 16.04 LTS It was discovered that OpenJPEG incorrectly handled certain image data. An attacker could use this issue to cause OpenJPEG to crash, leading to a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4880-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libopenjp2-tools - 2.1.2-1.1+deb9u6build0.16.04.1 libopenjpip-server - 2.1.2-1.1+deb9u6build0.16.04.1 libopenjpip-viewer - 2.1.2-1.1+deb9u6build0.16.04.1 libopenjp3d-tools - 2.1.2-1.1+deb9u6build0.16.04.1 libopenjpip7 - 2.1.2-1.1+deb9u6build0.16.04.1 libopenjp2-7 - 2.1.2-1.1+deb9u6build0.16.04.1 libopenjp2-7-dev - 2.1.2-1.1+deb9u6build0.16.04.1 libopenjp3d7 - 2.1.2-1.1+deb9u6build0.16.04.1 libopenjpip-dec-server - 2.1.2-1.1+deb9u6build0.16.04.1 No subscription required Medium CVE-2020-27814 CVE-2020-27823 CVE-2020-27824 CVE-2020-27841 CVE-2020-27845 Ubuntu 16.04 LTS It was discovered that the Ruby JSON gem incorrectly handled certain JSON files. If a user or automated system were tricked into parsing a specially crafted JSON file, a remote attacker could use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-10663) It was discovered that Ruby incorrectly handled certain socket memory operations. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-10933) It was discovered that Ruby incorrectly handled certain transfer-encoding headers when using Webrick. A remote attacker could possibly use this issue to bypass a reverse proxy. (CVE-2020-25613) Update Instructions: Run `sudo pro fix USN-4882-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libruby2.3 - 2.3.1-2~ubuntu16.04.15 ruby2.3-tcltk - 2.3.1-2~ubuntu16.04.15 ruby2.3 - 2.3.1-2~ubuntu16.04.15 ruby2.3-dev - 2.3.1-2~ubuntu16.04.15 ruby2.3-doc - 2.3.1-2~ubuntu16.04.15 No subscription required Medium CVE-2020-10663 CVE-2020-10933 CVE-2020-25613 Ubuntu 16.04 LTS Adam Nichols discovered that heap overflows existed in the iSCSI subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-27365) Adam Nichols discovered that the iSCSI subsystem in the Linux kernel did not properly restrict access to iSCSI transport handles. A local attacker could use this to cause a denial of service or expose sensitive information (kernel pointer addresses). (CVE-2021-27363) Adam Nichols discovered that an out-of-bounds read existed in the iSCSI subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2021-27364) Update Instructions: Run `sudo pro fix USN-4883-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1067-oracle - 4.15.0-1067.75~16.04.1 No subscription required linux-image-4.15.0-1095-gcp - 4.15.0-1095.108~16.04.1 No subscription required linux-image-4.15.0-1096-aws - 4.15.0-1096.103~16.04.1 No subscription required linux-image-4.15.0-1110-azure - 4.15.0-1110.122~16.04.1 No subscription required linux-image-4.15.0-139-lowlatency - 4.15.0-139.143~16.04.1 linux-image-4.15.0-139-generic-lpae - 4.15.0-139.143~16.04.1 linux-image-4.15.0-139-generic - 4.15.0-139.143~16.04.1 No subscription required linux-image-oracle - 4.15.0.1067.55 No subscription required linux-image-gke - 4.15.0.1095.96 linux-image-gcp - 4.15.0.1095.96 No subscription required linux-image-aws-hwe - 4.15.0.1096.89 No subscription required linux-image-azure - 4.15.0.1110.101 linux-image-azure-edge - 4.15.0.1110.101 No subscription required linux-image-generic-hwe-16.04 - 4.15.0.139.134 linux-image-generic-hwe-16.04-edge - 4.15.0.139.134 linux-image-virtual-hwe-16.04 - 4.15.0.139.134 linux-image-generic-lpae-hwe-16.04 - 4.15.0.139.134 linux-image-virtual-hwe-16.04-edge - 4.15.0.139.134 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.139.134 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.139.134 linux-image-oem - 4.15.0.139.134 linux-image-lowlatency-hwe-16.04 - 4.15.0.139.134 No subscription required linux-image-4.4.0-1090-kvm - 4.4.0-1090.99 No subscription required linux-image-4.4.0-1124-aws - 4.4.0-1124.138 No subscription required linux-image-4.4.0-1148-raspi2 - 4.4.0-1148.158 No subscription required linux-image-4.4.0-1152-snapdragon - 4.4.0-1152.162 No subscription required linux-image-4.4.0-206-powerpc-smp - 4.4.0-206.238 linux-image-4.4.0-206-powerpc-e500mc - 4.4.0-206.238 linux-image-4.4.0-206-generic-lpae - 4.4.0-206.238 linux-image-4.4.0-206-powerpc64-smp - 4.4.0-206.238 linux-image-4.4.0-206-lowlatency - 4.4.0-206.238 linux-image-4.4.0-206-powerpc64-emb - 4.4.0-206.238 linux-image-4.4.0-206-generic - 4.4.0-206.238 No subscription required linux-image-kvm - 4.4.0.1090.88 No subscription required linux-image-aws - 4.4.0.1124.129 No subscription required linux-image-raspi2 - 4.4.0.1148.148 No subscription required linux-image-snapdragon - 4.4.0.1152.144 No subscription required linux-image-powerpc-e500mc-lts-utopic - 4.4.0.206.212 linux-image-generic-lts-wily - 4.4.0.206.212 linux-image-powerpc64-emb-lts-vivid - 4.4.0.206.212 linux-image-powerpc-e500mc - 4.4.0.206.212 linux-image-generic-lpae-lts-xenial - 4.4.0.206.212 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.206.212 linux-image-generic-lpae-lts-utopic - 4.4.0.206.212 linux-image-generic-lts-utopic - 4.4.0.206.212 linux-image-generic-lts-vivid - 4.4.0.206.212 linux-image-generic-lpae-lts-wily - 4.4.0.206.212 linux-image-virtual-lts-vivid - 4.4.0.206.212 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.206.212 linux-image-virtual-lts-utopic - 4.4.0.206.212 linux-image-virtual - 4.4.0.206.212 linux-image-powerpc64-emb-lts-wily - 4.4.0.206.212 linux-image-lowlatency-lts-vivid - 4.4.0.206.212 linux-image-powerpc64-smp-lts-utopic - 4.4.0.206.212 linux-image-powerpc-smp-lts-xenial - 4.4.0.206.212 linux-image-lowlatency-lts-wily - 4.4.0.206.212 linux-image-powerpc64-smp-lts-vivid - 4.4.0.206.212 linux-image-generic - 4.4.0.206.212 linux-image-lowlatency-lts-xenial - 4.4.0.206.212 linux-image-powerpc64-smp-lts-xenial - 4.4.0.206.212 linux-image-powerpc-e500mc-lts-wily - 4.4.0.206.212 linux-image-powerpc64-emb-lts-utopic - 4.4.0.206.212 linux-image-generic-lts-xenial - 4.4.0.206.212 linux-image-virtual-lts-wily - 4.4.0.206.212 linux-image-powerpc-smp - 4.4.0.206.212 linux-image-generic-lpae-lts-vivid - 4.4.0.206.212 linux-image-generic-lpae - 4.4.0.206.212 linux-image-powerpc64-smp-lts-wily - 4.4.0.206.212 linux-image-powerpc64-emb - 4.4.0.206.212 linux-image-powerpc64-emb-lts-xenial - 4.4.0.206.212 linux-image-powerpc-smp-lts-wily - 4.4.0.206.212 linux-image-powerpc64-smp - 4.4.0.206.212 linux-image-lowlatency-lts-utopic - 4.4.0.206.212 linux-image-powerpc-smp-lts-vivid - 4.4.0.206.212 linux-image-lowlatency - 4.4.0.206.212 linux-image-virtual-lts-xenial - 4.4.0.206.212 linux-image-powerpc-smp-lts-utopic - 4.4.0.206.212 No subscription required High CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 Ubuntu 16.04 LTS It was discovered that Pygments incorrectly handled parsing SML files. If a user or automated system were tricked into parsing a specially crafted SML file, a remote attacker could cause Pygments to hang, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4885-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-pygments-doc - 2.1+dfsg-1ubuntu0.1 python3-pygments - 2.1+dfsg-1ubuntu0.1 python-pygments - 2.1+dfsg-1ubuntu0.1 No subscription required Medium CVE-2021-20270 Ubuntu 16.04 LTS It was discovered that Privoxy incorrectly handled CGI requests. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2020-35502, CVE-2021-20209, CVE-2021-20210, CVE-2021-20213, CVE-2021-20215, CVE-2021-20216, CVE-2021-20217, CVE-2021-20272, CVE-2021-20273, CVE-2021-20275) It was discovered that Privoxy incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2021-20212, CVE-2021-20276) It was discovered that Privoxy incorrectly handled client tags. An attacker could possibly use this issue to cause Privoxy to consume resources, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2021-20211) It was discovered that Privoxy incorrectly handled client tags. An attacker could possibly use this issue to cause Privoxy to consume resources, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2021-20214) Update Instructions: Run `sudo pro fix USN-4886-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: privoxy - 3.0.24-1ubuntu0.1 No subscription required Medium CVE-2020-35502 CVE-2021-20209 CVE-2021-20210 CVE-2021-20211 CVE-2021-20212 CVE-2021-20213 CVE-2021-20214 CVE-2021-20215 CVE-2021-20216 CVE-2021-20217 CVE-2021-20272 CVE-2021-20273 CVE-2021-20275 CVE-2021-20276 Ubuntu 16.04 LTS Douglas Bagnall discovered that ldb, when used with Samba, incorrectly handled certain LDAP attributes. A remote attacker could possibly use this issue to cause the LDAP server to crash, resulting in a denial of service. (CVE-2021-20277) Douglas Bagnall discovered that ldb, when used with Samba, incorrectly handled certain DN strings. A remote attacker could use this issue to cause the LDAP server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-27840) Update Instructions: Run `sudo pro fix USN-4888-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-ldb-dev - 2:1.1.24-1ubuntu3.2 python-ldb - 2:1.1.24-1ubuntu3.2 ldb-tools - 2:1.1.24-1ubuntu3.2 python3-ldb - 2:1.1.24-1ubuntu3.2 libldb-dev - 2:1.1.24-1ubuntu3.2 libldb1 - 2:1.1.24-1ubuntu3.2 python3-ldb-dev - 2:1.1.24-1ubuntu3.2 No subscription required High CVE-2020-27840 CVE-2021-20277 Ubuntu 16.04 LTS Piotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not properly compute a speculative execution limit on pointer arithmetic in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-27171) Piotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not properly apply speculative execution limits on some pointer types. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-27170) Update Instructions: Run `sudo pro fix USN-4890-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1068-oracle - 4.15.0-1068.76~16.04.1 No subscription required linux-image-4.15.0-1096-gcp - 4.15.0-1096.109~16.04.1 No subscription required linux-image-4.15.0-1097-aws - 4.15.0-1097.104~16.04.1 No subscription required linux-image-4.15.0-1111-azure - 4.15.0-1111.123~16.04.1 No subscription required linux-image-4.15.0-140-generic - 4.15.0-140.144~16.04.1 linux-image-4.15.0-140-generic-lpae - 4.15.0-140.144~16.04.1 linux-image-4.15.0-140-lowlatency - 4.15.0-140.144~16.04.1 No subscription required linux-image-oracle - 4.15.0.1068.56 No subscription required linux-image-gke - 4.15.0.1096.97 linux-image-gcp - 4.15.0.1096.97 No subscription required linux-image-aws-hwe - 4.15.0.1097.90 No subscription required linux-image-azure-edge - 4.15.0.1111.102 linux-image-azure - 4.15.0.1111.102 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.140.135 linux-image-lowlatency-hwe-16.04 - 4.15.0.140.135 linux-image-generic-hwe-16.04-edge - 4.15.0.140.135 linux-image-generic-lpae-hwe-16.04 - 4.15.0.140.135 linux-image-virtual-hwe-16.04 - 4.15.0.140.135 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.140.135 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.140.135 linux-image-oem - 4.15.0.140.135 linux-image-generic-hwe-16.04 - 4.15.0.140.135 No subscription required High CVE-2020-27170 CVE-2020-27171 Ubuntu 16.04 LTS It was discovered that OpenJDK incorrectly verified Jar signatures. An attacker could possibly use this issue to bypass intended security restrictions when using Jar files signed with a disabled algorithm. Update Instructions: Run `sudo pro fix USN-4892-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-8-doc - 8u292-b10-0ubuntu1~16.04.1 openjdk-8-jdk - 8u292-b10-0ubuntu1~16.04.1 openjdk-8-jre-headless - 8u292-b10-0ubuntu1~16.04.1 openjdk-8-jre - 8u292-b10-0ubuntu1~16.04.1 openjdk-8-jdk-headless - 8u292-b10-0ubuntu1~16.04.1 openjdk-8-source - 8u292-b10-0ubuntu1~16.04.1 openjdk-8-jre-zero - 8u292-b10-0ubuntu1~16.04.1 openjdk-8-demo - 8u292-b10-0ubuntu1~16.04.1 openjdk-8-jre-jamvm - 8u292-b10-0ubuntu1~16.04.1 No subscription required Medium CVE-2021-2163 Ubuntu 16.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2021-23981, CVE-2021-23982, CVE-2021-23983, CVE-2021-23987, CVE-2021-23988) It was discovered that extensions could open popup windows with control of the window title in some circumstances. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to spook a website and trick the user into providing credentials. (CVE-2021-23984) It was discovered that the DevTools remote debugging feature could be enabled without an indication to the user. If a local attacker could modify the browser configuration, a remote attacker could potentially exploit this to obtain sensitive information. (CVE-2021-23985) It was discovered that extensions could read the response of cross origin requests in some circumstances. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to obtain sensitive information. (CVE-2021-23986) Update Instructions: Run `sudo pro fix USN-4893-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-nn - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-ne - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-nb - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-fa - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-fi - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-fr - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-fy - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-or - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-kab - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-oc - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-cs - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-ga - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-gd - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-gn - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-gl - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-gu - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-pa - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-pl - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-cy - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-pt - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-szl - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-hi - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-uk - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-he - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-hy - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-hr - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-hu - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-as - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-ar - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-ia - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-az - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-id - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-mai - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-af - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-is - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-it - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-an - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-bs - 87.0+build3-0ubuntu0.16.04.2 firefox - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-ro - 87.0+build3-0ubuntu0.16.04.2 firefox-geckodriver - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-ja - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-ru - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-br - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-zh-hant - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-zh-hans - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-bn - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-be - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-bg - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-sl - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-sk - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-si - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-sw - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-sv - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-sr - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-sq - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-ko - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-kn - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-km - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-kk - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-ka - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-xh - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-ca - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-ku - 87.0+build3-0ubuntu0.16.04.2 firefox-mozsymbols - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-lv - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-lt - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-th - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-hsb - 87.0+build3-0ubuntu0.16.04.2 firefox-dev - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-te - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-cak - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-ta - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-lg - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-csb - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-tr - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-nso - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-de - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-da - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-ms - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-mr - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-my - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-uz - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-ml - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-mn - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-mk - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-ur - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-eu - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-et - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-es - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-vi - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-el - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-eo - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-en - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-zu - 87.0+build3-0ubuntu0.16.04.2 firefox-locale-ast - 87.0+build3-0ubuntu0.16.04.2 No subscription required Medium CVE-2021-23981 CVE-2021-23982 CVE-2021-23983 CVE-2021-23984 CVE-2021-23985 CVE-2021-23986 CVE-2021-23987 CVE-2021-23988 Ubuntu 16.04 LTS Alex Rousskov and Amit Klein discovered that Squid incorrectly handled certain Content-Length headers. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-15049) Jianjun Chen discovered that Squid incorrectly validated certain input. A remote attacker could use this issue to perform HTTP Request Smuggling and possibly access services forbidden by the security controls. (CVE-2020-25097) Update Instructions: Run `sudo pro fix USN-4895-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squid-common - 3.5.12-1ubuntu7.16 squid - 3.5.12-1ubuntu7.16 squid-cgi - 3.5.12-1ubuntu7.16 squid-purge - 3.5.12-1ubuntu7.16 squidclient - 3.5.12-1ubuntu7.16 squid3 - 3.5.12-1ubuntu7.16 No subscription required Medium CVE-2020-15049 CVE-2020-25097 Ubuntu 16.04 LTS It was discovered that lxml incorrectly handled certain HTML attributes. A remote attacker could possibly use this issue to perform cross-site scripting (XSS) attacks. Update Instructions: Run `sudo pro fix USN-4896-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-lxml - 3.5.0-1ubuntu0.4 python-lxml - 3.5.0-1ubuntu0.4 python-lxml-doc - 3.5.0-1ubuntu0.4 No subscription required Medium CVE-2021-28957 Ubuntu 16.04 LTS Ben Caller discovered that Pygments incorrectly handled parsing certain files. If a user or automated system were tricked into parsing a specially crafted file, a remote attacker could cause Pygments to hang or consume resources, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4897-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-pygments-doc - 2.1+dfsg-1ubuntu0.2 python3-pygments - 2.1+dfsg-1ubuntu0.2 python-pygments - 2.1+dfsg-1ubuntu0.2 No subscription required Medium CVE-2021-27291 Ubuntu 16.04 LTS Viktor Szakats discovered that curl did not strip off user credentials from referrer header fields. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2021-22876) Mingtao Yang discovered that curl incorrectly handled session tickets when using an HTTPS proxy. A remote attacker in control of an HTTPS proxy could use this issue to bypass certificate checks and intercept communications. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2021-22890) Update Instructions: Run `sudo pro fix USN-4898-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.47.0-1ubuntu2.19 libcurl4-openssl-dev - 7.47.0-1ubuntu2.19 libcurl3-gnutls - 7.47.0-1ubuntu2.19 libcurl4-doc - 7.47.0-1ubuntu2.19 libcurl3-nss - 7.47.0-1ubuntu2.19 libcurl4-nss-dev - 7.47.0-1ubuntu2.19 libcurl3 - 7.47.0-1ubuntu2.19 curl - 7.47.0-1ubuntu2.19 No subscription required Medium CVE-2021-22876 CVE-2021-22890 Ubuntu 16.04 LTS Damian Lukowski discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially- crafted CF file, a remote attacker could possibly run arbitrary code. Update Instructions: Run `sudo pro fix USN-4899-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: spamassassin - 3.4.2-0ubuntu0.16.04.5 sa-compile - 3.4.2-0ubuntu0.16.04.5 spamc - 3.4.2-0ubuntu0.16.04.5 No subscription required Medium CVE-2020-1946 Ubuntu 16.04 LTS It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4900-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libopenexr-dev - 2.2.0-10ubuntu2.6 openexr - 2.2.0-10ubuntu2.6 libopenexr22 - 2.2.0-10ubuntu2.6 openexr-doc - 2.2.0-10ubuntu2.6 No subscription required Medium CVE-2021-3474 CVE-2021-3475 CVE-2021-3476 CVE-2021-3477 CVE-2021-3478 CVE-2021-3479 Ubuntu 16.04 LTS Dennis Brinkrolf discovered that Django incorrectly handled certain filenames. A remote attacker could possibly use this issue to create or overwrite files in unexpected directories. Update Instructions: Run `sudo pro fix USN-4902-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1.8.7-1ubuntu5.15 python-django-doc - 1.8.7-1ubuntu5.15 python-django-common - 1.8.7-1ubuntu5.15 python-django - 1.8.7-1ubuntu5.15 No subscription required Low CVE-2021-28658 Ubuntu 16.04 LTS Ben Harris discovered that the Linux kernel would strip extended privilege attributes of files when performing a failed unprivileged system call. A local attacker could use this to cause a denial of service. (CVE-2015-1350) Andrey Konovalov discovered that the video4linux driver for Hauppauge HD PVR USB devices in the Linux kernel did not properly handle some error conditions. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16644) It was discovered that the timer stats implementation in the Linux kernel allowed the discovery of a real PID value while inside a PID namespace. A local attacker could use this to expose sensitive information. (CVE-2017-5967) Wen Xu discovered that the xfs file system implementation in the Linux kernel did not properly validate the number of extents in an inode. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13095) It was discovered that the Fujitsu ES network device driver for the Linux kernel did not properly check for errors in some situations, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service. (CVE-2019-16231) It was discovered that the Marvell 8xxx Libertas WLAN device driver in the Linux kernel did not properly check for errors in certain situations, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service. (CVE-2019-16232) It was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19061) It was discovered that a race condition existed in the floppy device driver in the Linux kernel. An attacker with access to the floppy device could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-20261) Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H. Schönherr discovered that the Xen paravirtualization backend in the Linux kernel did not properly propagate errors to frontend drivers in some situations. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2021-26930) Jan Beulich discovered that multiple Xen backends in the Linux kernel did not properly handle certain error conditions under paravirtualization. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2021-26931) Jan Beulich discovered that the Xen netback backend in the Linux kernel did not properly handle certain error conditions under paravirtualization. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2021-28038) Update Instructions: Run `sudo pro fix USN-4904-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1091-kvm - 4.4.0-1091.100 No subscription required linux-image-4.4.0-1126-aws - 4.4.0-1126.140 No subscription required linux-image-4.4.0-1150-raspi2 - 4.4.0-1150.161 No subscription required linux-image-4.4.0-1154-snapdragon - 4.4.0-1154.164 No subscription required linux-image-4.4.0-208-generic-lpae - 4.4.0-208.240 linux-image-4.4.0-208-lowlatency - 4.4.0-208.240 linux-image-4.4.0-208-powerpc-smp - 4.4.0-208.240 linux-image-4.4.0-208-generic - 4.4.0-208.240 linux-image-4.4.0-208-powerpc-e500mc - 4.4.0-208.240 linux-image-4.4.0-208-powerpc64-smp - 4.4.0-208.240 linux-image-4.4.0-208-powerpc64-emb - 4.4.0-208.240 No subscription required linux-image-kvm - 4.4.0.1091.89 No subscription required linux-image-aws - 4.4.0.1126.131 No subscription required linux-image-raspi2 - 4.4.0.1150.150 No subscription required linux-image-snapdragon - 4.4.0.1154.146 No subscription required linux-image-generic-lts-wily - 4.4.0.208.214 linux-image-powerpc64-emb-lts-vivid - 4.4.0.208.214 linux-image-powerpc-e500mc - 4.4.0.208.214 linux-image-generic-lpae-lts-xenial - 4.4.0.208.214 linux-image-generic-lts-xenial - 4.4.0.208.214 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.208.214 linux-image-generic-lpae-lts-utopic - 4.4.0.208.214 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.208.214 linux-image-generic-lts-utopic - 4.4.0.208.214 linux-image-powerpc-e500mc-lts-wily - 4.4.0.208.214 linux-image-generic-lts-vivid - 4.4.0.208.214 linux-image-generic-lpae-lts-wily - 4.4.0.208.214 linux-image-virtual-lts-vivid - 4.4.0.208.214 linux-image-virtual-lts-utopic - 4.4.0.208.214 linux-image-virtual - 4.4.0.208.214 linux-image-powerpc64-emb-lts-wily - 4.4.0.208.214 linux-image-powerpc64-smp-lts-xenial - 4.4.0.208.214 linux-image-powerpc64-smp-lts-utopic - 4.4.0.208.214 linux-image-powerpc64-emb - 4.4.0.208.214 linux-image-powerpc-smp-lts-xenial - 4.4.0.208.214 linux-image-powerpc64-smp-lts-vivid - 4.4.0.208.214 linux-image-lowlatency-lts-wily - 4.4.0.208.214 linux-image-generic - 4.4.0.208.214 linux-image-lowlatency-lts-xenial - 4.4.0.208.214 linux-image-lowlatency-lts-vivid - 4.4.0.208.214 linux-image-powerpc64-emb-lts-utopic - 4.4.0.208.214 linux-image-virtual-lts-wily - 4.4.0.208.214 linux-image-powerpc-smp - 4.4.0.208.214 linux-image-generic-lpae-lts-vivid - 4.4.0.208.214 linux-image-generic-lpae - 4.4.0.208.214 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.208.214 linux-image-powerpc64-smp-lts-wily - 4.4.0.208.214 linux-image-powerpc64-emb-lts-xenial - 4.4.0.208.214 linux-image-powerpc-smp-lts-wily - 4.4.0.208.214 linux-image-powerpc64-smp - 4.4.0.208.214 linux-image-lowlatency-lts-utopic - 4.4.0.208.214 linux-image-powerpc-smp-lts-vivid - 4.4.0.208.214 linux-image-lowlatency - 4.4.0.208.214 linux-image-virtual-lts-xenial - 4.4.0.208.214 linux-image-powerpc-smp-lts-utopic - 4.4.0.208.214 No subscription required Medium CVE-2015-1350 CVE-2017-16644 CVE-2017-5967 CVE-2018-13095 CVE-2019-16231 CVE-2019-16232 CVE-2019-19061 CVE-2021-20261 CVE-2021-26930 CVE-2021-26931 CVE-2021-28038 Ubuntu 16.04 LTS Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain lengths of XInput extension ChangeFeedbackControl requests. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4905-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xserver-xorg-core - 2:1.18.4-0ubuntu0.12 xmir - 2:1.18.4-0ubuntu0.12 xwayland - 2:1.18.4-0ubuntu0.12 xorg-server-source - 2:1.18.4-0ubuntu0.12 xdmx - 2:1.18.4-0ubuntu0.12 xserver-xorg-legacy - 2:1.18.4-0ubuntu0.12 xserver-xorg-xmir - 2:1.18.4-0ubuntu0.12 xvfb - 2:1.18.4-0ubuntu0.12 xserver-xorg-dev - 2:1.18.4-0ubuntu0.12 xserver-xorg-core-udeb - 2:1.18.4-0ubuntu0.12 xnest - 2:1.18.4-0ubuntu0.12 xserver-xephyr - 2:1.18.4-0ubuntu0.12 xserver-common - 2:1.18.4-0ubuntu0.12 xdmx-tools - 2:1.18.4-0ubuntu0.12 No subscription required xorg-server-source-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.6 xserver-xephyr-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.6 xserver-xorg-core-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.6 xmir-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.6 xserver-xorg-legacy-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.6 xwayland-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.6 xserver-xorg-dev-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.6 No subscription required Medium CVE-2021-3472 Ubuntu 16.04 LTS It was discovered that Nettle incorrectly handled signature verification. A remote attacker could use this issue to cause Nettle to crash, resulting in a denial of service, or possibly force invalid signatures. Update Instructions: Run `sudo pro fix USN-4906-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nettle-bin - 3.2-1ubuntu0.16.04.2 libnettle6 - 3.2-1ubuntu0.16.04.2 libhogweed4 - 3.2-1ubuntu0.16.04.2 nettle-dev - 3.2-1ubuntu0.16.04.2 No subscription required Medium CVE-2021-20305 Ubuntu 16.04 LTS Wen Xu discovered that the xfs file system implementation in the Linux kernel did not properly validate the number of extents in an inode. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13095) It was discovered that the priority inheritance futex implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3347) It was discovered that the network block device (nbd) driver in the Linux kernel contained a use-after-free vulnerability during device setup. A local attacker with access to the nbd device could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3348) Update Instructions: Run `sudo pro fix USN-4907-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1069-oracle - 4.15.0-1069.77~16.04.1 No subscription required linux-image-4.15.0-1097-gcp - 4.15.0-1097.110~16.04.1 No subscription required linux-image-4.15.0-1098-aws - 4.15.0-1098.105~16.04.1 No subscription required linux-image-4.15.0-1112-azure - 4.15.0-1112.124~16.04.1 No subscription required linux-image-oracle - 4.15.0.1069.57 No subscription required linux-image-gke - 4.15.0.1097.98 linux-image-gcp - 4.15.0.1097.98 No subscription required linux-image-aws-hwe - 4.15.0.1098.91 No subscription required linux-image-azure-edge - 4.15.0.1112.103 linux-image-azure - 4.15.0.1112.103 No subscription required Medium CVE-2018-13095 CVE-2021-3347 CVE-2021-3348 Ubuntu 16.04 LTS It was discovered that Underscore incorrectly handled certain inputs. An attacker could possibly use this issue to inject arbitrary code. Update Instructions: Run `sudo pro fix USN-4913-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjs-underscore - 1.7.0~dfsg-1ubuntu1.1 node-underscore - 1.7.0~dfsg-1ubuntu1.1 No subscription required Medium CVE-2021-23358 Ubuntu 16.04 LTS It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges. (CVE-2021-3493) Piotr Krysiuk discovered that the BPF JIT compiler for x86 in the Linux kernel did not properly validate computation of branch displacements in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-29154) Update Instructions: Run `sudo pro fix USN-4916-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1070-oracle - 4.15.0-1070.78~16.04.1 No subscription required linux-image-4.15.0-1098-gcp - 4.15.0-1098.111~16.04.1 No subscription required linux-image-4.15.0-1099-aws - 4.15.0-1099.106~16.04.1 No subscription required linux-image-4.15.0-1113-azure - 4.15.0-1113.126~16.04.1 No subscription required linux-image-4.15.0-142-generic-lpae - 4.15.0-142.146~16.04.1 linux-image-4.15.0-142-generic - 4.15.0-142.146~16.04.1 linux-image-4.15.0-142-lowlatency - 4.15.0-142.146~16.04.1 No subscription required linux-image-oracle - 4.15.0.1070.58 No subscription required linux-image-gke - 4.15.0.1098.99 linux-image-gcp - 4.15.0.1098.99 No subscription required linux-image-aws-hwe - 4.15.0.1099.92 No subscription required linux-image-azure - 4.15.0.1113.104 linux-image-azure-edge - 4.15.0.1113.104 No subscription required linux-image-generic-hwe-16.04-edge - 4.15.0.142.137 linux-image-virtual-hwe-16.04 - 4.15.0.142.137 linux-image-generic-lpae-hwe-16.04 - 4.15.0.142.137 linux-image-generic-hwe-16.04 - 4.15.0.142.137 linux-image-virtual-hwe-16.04-edge - 4.15.0.142.137 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.142.137 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.142.137 linux-image-oem - 4.15.0.142.137 linux-image-lowlatency-hwe-16.04 - 4.15.0.142.137 No subscription required linux-image-4.4.0-1092-kvm - 4.4.0-1092.101 No subscription required linux-image-4.4.0-1127-aws - 4.4.0-1127.141 No subscription required linux-image-4.4.0-1151-raspi2 - 4.4.0-1151.162 No subscription required linux-image-4.4.0-1155-snapdragon - 4.4.0-1155.165 No subscription required linux-image-4.4.0-209-powerpc-e500mc - 4.4.0-209.241 linux-image-4.4.0-209-generic-lpae - 4.4.0-209.241 linux-image-4.4.0-209-lowlatency - 4.4.0-209.241 linux-image-4.4.0-209-powerpc-smp - 4.4.0-209.241 linux-image-4.4.0-209-generic - 4.4.0-209.241 linux-image-4.4.0-209-powerpc64-emb - 4.4.0-209.241 linux-image-4.4.0-209-powerpc64-smp - 4.4.0-209.241 No subscription required linux-image-kvm - 4.4.0.1092.90 No subscription required linux-image-aws - 4.4.0.1127.132 No subscription required linux-image-raspi2 - 4.4.0.1151.151 No subscription required linux-image-snapdragon - 4.4.0.1155.147 No subscription required linux-image-powerpc64-smp-lts-utopic - 4.4.0.209.215 linux-image-generic-lts-wily - 4.4.0.209.215 linux-image-generic-lts-utopic - 4.4.0.209.215 linux-image-generic-lpae-lts-xenial - 4.4.0.209.215 linux-image-powerpc64-emb-lts-vivid - 4.4.0.209.215 linux-image-generic-lpae-lts-utopic - 4.4.0.209.215 linux-image-powerpc-e500mc-lts-wily - 4.4.0.209.215 linux-image-generic-lts-vivid - 4.4.0.209.215 linux-image-generic-lpae-lts-wily - 4.4.0.209.215 linux-image-virtual-lts-vivid - 4.4.0.209.215 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.209.215 linux-image-virtual-lts-utopic - 4.4.0.209.215 linux-image-virtual - 4.4.0.209.215 linux-image-powerpc64-emb-lts-wily - 4.4.0.209.215 linux-image-lowlatency-lts-vivid - 4.4.0.209.215 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.209.215 linux-image-powerpc64-emb - 4.4.0.209.215 linux-image-powerpc-smp-lts-xenial - 4.4.0.209.215 linux-image-powerpc-e500mc - 4.4.0.209.215 linux-image-lowlatency-lts-wily - 4.4.0.209.215 linux-image-powerpc64-smp-lts-vivid - 4.4.0.209.215 linux-image-generic - 4.4.0.209.215 linux-image-powerpc64-smp-lts-xenial - 4.4.0.209.215 linux-image-powerpc64-emb-lts-utopic - 4.4.0.209.215 linux-image-generic-lts-xenial - 4.4.0.209.215 linux-image-powerpc-smp - 4.4.0.209.215 linux-image-generic-lpae-lts-vivid - 4.4.0.209.215 linux-image-generic-lpae - 4.4.0.209.215 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.209.215 linux-image-powerpc64-smp-lts-wily - 4.4.0.209.215 linux-image-powerpc64-emb-lts-xenial - 4.4.0.209.215 linux-image-lowlatency-lts-xenial - 4.4.0.209.215 linux-image-powerpc-smp-lts-wily - 4.4.0.209.215 linux-image-virtual-lts-wily - 4.4.0.209.215 linux-image-powerpc64-smp - 4.4.0.209.215 linux-image-lowlatency-lts-utopic - 4.4.0.209.215 linux-image-powerpc-smp-lts-vivid - 4.4.0.209.215 linux-image-lowlatency - 4.4.0.209.215 linux-image-virtual-lts-xenial - 4.4.0.209.215 linux-image-powerpc-smp-lts-utopic - 4.4.0.209.215 No subscription required High CVE-2021-29154 CVE-2021-3493 Ubuntu 16.04 LTS USN-4916-1 fixed vulnerabilities in the Linux kernel. Unfortunately, the fix for CVE-2021-3493 introduced a memory leak in some situations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges. (CVE-2021-3493) Piotr Krysiuk discovered that the BPF JIT compiler for x86 in the Linux kernel did not properly validate computation of branch displacements in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-29154) Update Instructions: Run `sudo pro fix USN-4916-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1093-kvm - 4.4.0-1093.102 No subscription required linux-image-4.4.0-1128-aws - 4.4.0-1128.142 No subscription required linux-image-4.4.0-1152-raspi2 - 4.4.0-1152.163 No subscription required linux-image-4.4.0-1156-snapdragon - 4.4.0-1156.166 No subscription required linux-image-4.4.0-210-generic-lpae - 4.4.0-210.242 linux-image-4.4.0-210-generic - 4.4.0-210.242 linux-image-4.4.0-210-powerpc-smp - 4.4.0-210.242 linux-image-4.4.0-210-lowlatency - 4.4.0-210.242 linux-image-4.4.0-210-powerpc64-emb - 4.4.0-210.242 linux-image-4.4.0-210-powerpc-e500mc - 4.4.0-210.242 linux-image-4.4.0-210-powerpc64-smp - 4.4.0-210.242 No subscription required linux-image-kvm - 4.4.0.1093.91 No subscription required linux-image-aws - 4.4.0.1128.133 No subscription required linux-image-raspi2 - 4.4.0.1152.152 No subscription required linux-image-snapdragon - 4.4.0.1156.148 No subscription required linux-image-generic-lts-wily - 4.4.0.210.216 linux-image-powerpc64-emb-lts-vivid - 4.4.0.210.216 linux-image-powerpc-e500mc - 4.4.0.210.216 linux-image-generic-lpae-lts-xenial - 4.4.0.210.216 linux-image-generic-lpae-lts-utopic - 4.4.0.210.216 linux-image-powerpc-e500mc-lts-xenial - 4.4.0.210.216 linux-image-powerpc-e500mc-lts-vivid - 4.4.0.210.216 linux-image-powerpc-e500mc-lts-wily - 4.4.0.210.216 linux-image-generic-lts-vivid - 4.4.0.210.216 linux-image-generic-lpae-lts-wily - 4.4.0.210.216 linux-image-virtual-lts-vivid - 4.4.0.210.216 linux-image-virtual-lts-utopic - 4.4.0.210.216 linux-image-virtual - 4.4.0.210.216 linux-image-powerpc64-emb-lts-wily - 4.4.0.210.216 linux-image-lowlatency-lts-vivid - 4.4.0.210.216 linux-image-generic-lts-utopic - 4.4.0.210.216 linux-image-powerpc64-emb - 4.4.0.210.216 linux-image-powerpc-smp-lts-xenial - 4.4.0.210.216 linux-image-powerpc64-smp-lts-vivid - 4.4.0.210.216 linux-image-lowlatency-lts-wily - 4.4.0.210.216 linux-image-generic - 4.4.0.210.216 linux-image-powerpc64-smp-lts-utopic - 4.4.0.210.216 linux-image-lowlatency-lts-xenial - 4.4.0.210.216 linux-image-powerpc64-smp-lts-xenial - 4.4.0.210.216 linux-image-powerpc64-emb-lts-utopic - 4.4.0.210.216 linux-image-generic-lts-xenial - 4.4.0.210.216 linux-image-powerpc-smp - 4.4.0.210.216 linux-image-generic-lpae-lts-vivid - 4.4.0.210.216 linux-image-generic-lpae - 4.4.0.210.216 linux-image-powerpc-e500mc-lts-utopic - 4.4.0.210.216 linux-image-powerpc64-smp-lts-wily - 4.4.0.210.216 linux-image-powerpc64-emb-lts-xenial - 4.4.0.210.216 linux-image-powerpc-smp-lts-wily - 4.4.0.210.216 linux-image-virtual-lts-wily - 4.4.0.210.216 linux-image-powerpc64-smp - 4.4.0.210.216 linux-image-lowlatency-lts-utopic - 4.4.0.210.216 linux-image-powerpc-smp-lts-vivid - 4.4.0.210.216 linux-image-lowlatency - 4.4.0.210.216 linux-image-virtual-lts-xenial - 4.4.0.210.216 linux-image-powerpc-smp-lts-utopic - 4.4.0.210.216 No subscription required None https://launchpad.net/bugs/1924611 Ubuntu 16.04 LTS It was discovered that ClamAV incorrectly handled parsing Excel documents. A remote attacker could possibly use this issue to cause ClamAV to hang, resulting in a denial of service. (CVE-2021-1252) It was discovered that ClamAV incorrectly handled parsing PDF documents. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2021-1404) It was discovered that ClamAV incorrectly handled parsing email. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2021-1405) Update Instructions: Run `sudo pro fix USN-4918-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.103.2+dfsg-0ubuntu0.16.04.1 clamav-testfiles - 0.103.2+dfsg-0ubuntu0.16.04.1 clamav-base - 0.103.2+dfsg-0ubuntu0.16.04.1 clamav - 0.103.2+dfsg-0ubuntu0.16.04.1 clamav-daemon - 0.103.2+dfsg-0ubuntu0.16.04.1 clamav-milter - 0.103.2+dfsg-0ubuntu0.16.04.1 clamav-docs - 0.103.2+dfsg-0ubuntu0.16.04.1 clamav-freshclam - 0.103.2+dfsg-0ubuntu0.16.04.1 libclamav9 - 0.103.2+dfsg-0ubuntu0.16.04.1 clamdscan - 0.103.2+dfsg-0ubuntu0.16.04.1 No subscription required Medium CVE-2021-1252 CVE-2021-1404 CVE-2021-1405 Ubuntu 16.04 LTS USN-4918-1 fixed vulnerabilities in ClamAV. The updated package could fail to properly scan in some situations. This update fixes the problem. Original advisory details: It was discovered that ClamAV incorrectly handled parsing Excel documents. A remote attacker could possibly use this issue to cause ClamAV to hang, resulting in a denial of service. (CVE-2021-1252) It was discovered that ClamAV incorrectly handled parsing PDF documents. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2021-1404) It was discovered that ClamAV incorrectly handled parsing email. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2021-1405) Update Instructions: Run `sudo pro fix USN-4918-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.103.2+dfsg-0ubuntu0.16.04.1+esm1 clamav-testfiles - 0.103.2+dfsg-0ubuntu0.16.04.1+esm1 clamav-base - 0.103.2+dfsg-0ubuntu0.16.04.1+esm1 clamav - 0.103.2+dfsg-0ubuntu0.16.04.1+esm1 clamav-daemon - 0.103.2+dfsg-0ubuntu0.16.04.1+esm1 clamav-milter - 0.103.2+dfsg-0ubuntu0.16.04.1+esm1 clamav-docs - 0.103.2+dfsg-0ubuntu0.16.04.1+esm1 clamav-freshclam - 0.103.2+dfsg-0ubuntu0.16.04.1+esm1 libclamav9 - 0.103.2+dfsg-0ubuntu0.16.04.1+esm1 clamdscan - 0.103.2+dfsg-0ubuntu0.16.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/1926300 Ubuntu 16.04 LTS It was discovered that OpenSLP did not properly validate URLs. A remote attacker could use this issue to cause OpenSLP to crash or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4919-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libslp-dev - 1.2.1-11ubuntu0.16.04.2 openslp-doc - 1.2.1-11ubuntu0.16.04.2 slptool - 1.2.1-11ubuntu0.16.04.2 slpd - 1.2.1-11ubuntu0.16.04.2 libslp1 - 1.2.1-11ubuntu0.16.04.2 No subscription required Medium CVE-2019-5544 Ubuntu 16.04 LTS It was discovered that ZeroMQ incorrectly handled certain application metadata. A remote attacker could use this issue to cause ZeroMQ to crash, or possibly execute arbitrary code. (CVE-2019-13132) It was discovered that ZeroMQ mishandled certain network traffic. An unauthenticated attacker could use this vulnerability to cause a denial-of- service and prevent legitimate clients from communicating with ZeroMQ. (CVE-2020-15166) It was discovered that ZeroMQ did not properly manage memory under certain circumstances. If a user or automated system were tricked into connecting to one or multiple compromised servers, a remote attacker could use this issue to cause a denial of service. (CVE-2021-20234) It was discovered that ZeroMQ incorrectly handled memory when processing messages with arbitrarily large sizes under certain circumstances. A remote unauthenticated attacker could use this issue to cause a ZeroMQ server to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-20235) It was discovered that ZeroMQ did not properly manage memory under certain circumstances. A remote unauthenticated attacker could use this issue to cause a ZeroMQ server to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-20237) Update Instructions: Run `sudo pro fix USN-4920-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libzmq5 - 4.1.4-7ubuntu0.1+esm2 libzmq3-dev - 4.1.4-7ubuntu0.1+esm2 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2019-13132 CVE-2020-15166 CVE-2021-20234 CVE-2021-20235 CVE-2021-20237 Ubuntu 16.04 LTS It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4921-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: caca-utils - 0.99.beta19-2ubuntu0.16.04.2 libcaca-dev - 0.99.beta19-2ubuntu0.16.04.2 libcaca0 - 0.99.beta19-2ubuntu0.16.04.2 No subscription required Medium CVE-2021-3410 Ubuntu 16.04 LTS Juho Nurminen discovered that the REXML gem bundled with Ruby incorrectly parsed and serialized XML documents. A remote attacker could possibly use this issue to perform an XML round-trip attack. Update Instructions: Run `sudo pro fix USN-4922-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libruby2.3 - 2.3.1-2~ubuntu16.04.16 ruby2.3 - 2.3.1-2~ubuntu16.04.16 ruby2.3-dev - 2.3.1-2~ubuntu16.04.16 ruby2.3-doc - 2.3.1-2~ubuntu16.04.16 ruby2.3-tcltk - 2.3.1-2~ubuntu16.04.16 No subscription required Medium CVE-2021-28965 Ubuntu 16.04 LTS It was discovered that Dnsmasq incorrectly handled certain wildcard synthesized NSEC records. A remote attacker could possibly use this issue to prove the non-existence of hostnames that actually exist. (CVE-2017-15107) It was discovered that Dnsmasq incorrectly handled certain large DNS packets. A remote attacker could possibly use this issue to cause Dnsmasq to crash, resulting in a denial of service. (CVE-2019-14513) Update Instructions: Run `sudo pro fix USN-4924-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsmasq - 2.75-1ubuntu0.16.04.10 dnsmasq-utils - 2.75-1ubuntu0.16.04.10 dnsmasq-base - 2.75-1ubuntu0.16.04.10 No subscription required Low CVE-2017-15107 CVE-2019-14513 Ubuntu 16.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, bypass security restrictions, trick the user into disclosing confidential information, or execute arbitrary code. (CVE-2021-23994, CVE-2021-23996, CVE-2021-23997, CVE-2021-23998, CVE-2021-23999, CVE-2021-24000, CVE-2021-24001, CVE-2021-29945, CVE-2021-29946, CVE-2021-29947) A use-after-free was discovered when Responsive Design Mode was enabled. If a user were tricked into opening a specially crafted website with Responsive Design Mode enabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2021-23995) It was discovered that Firefox mishandled ftp URLs with encoded newline characters. If a user were tricked into clicking on a specially crafted link, an attacker could potentially exploit this to send arbitrary FTP commands. (CVE-2021-24002) Update Instructions: Run `sudo pro fix USN-4926-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-nn - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-ne - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-nb - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-fa - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-fi - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-fr - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-fy - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-or - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-kab - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-oc - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-cs - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-ga - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-gd - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-gn - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-gl - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-gu - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-pa - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-pl - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-cy - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-pt - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-szl - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-hi - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-uk - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-he - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-hy - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-hr - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-hu - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-as - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-ar - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-ia - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-az - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-id - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-mai - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-af - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-is - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-it - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-an - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-bs - 88.0+build2-0ubuntu0.16.04.1 firefox - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-ro - 88.0+build2-0ubuntu0.16.04.1 firefox-geckodriver - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-ja - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-ru - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-br - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-zh-hant - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-zh-hans - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-bn - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-be - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-bg - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-sl - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-sk - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-si - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-sw - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-sv - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-sr - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-sq - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-ko - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-kn - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-km - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-kk - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-ka - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-xh - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-ca - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-ku - 88.0+build2-0ubuntu0.16.04.1 firefox-mozsymbols - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-lv - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-lt - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-th - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-hsb - 88.0+build2-0ubuntu0.16.04.1 firefox-dev - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-te - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-cak - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-ta - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-lg - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-csb - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-tr - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-nso - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-de - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-da - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-ms - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-mr - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-my - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-uz - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-ml - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-mn - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-mk - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-ur - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-eu - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-et - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-es - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-vi - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-el - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-eo - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-en - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-zu - 88.0+build2-0ubuntu0.16.04.1 firefox-locale-ast - 88.0+build2-0ubuntu0.16.04.1 No subscription required Medium CVE-2021-23994 CVE-2021-23995 CVE-2021-23996 CVE-2021-23997 CVE-2021-23998 CVE-2021-23999 CVE-2021-24000 CVE-2021-24001 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 CVE-2021-29947 Ubuntu 16.04 LTS It was discovered that File Roller incorrectly handled symlinks. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-4927-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: file-roller - 3.16.5-0ubuntu1.5 No subscription required Medium CVE-2020-36314 Ubuntu 16.04 LTS It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to cause access sensitive information or cause a crash. (CVE-2021-3497) It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code or cause a crash. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2021-3498) Update Instructions: Run `sudo pro fix USN-4928-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gstreamer1.0-plugins-good - 1.8.3-1ubuntu0.5 gstreamer1.0-pulseaudio - 1.8.3-1ubuntu0.5 gstreamer1.0-plugins-good-doc - 1.8.3-1ubuntu0.5 libgstreamer-plugins-good1.0-0 - 1.8.3-1ubuntu0.5 libgstreamer-plugins-good1.0-dev - 1.8.3-1ubuntu0.5 No subscription required Medium CVE-2021-3497 CVE-2021-3498 Ubuntu 16.04 LTS Greg Kuechle discovered that Bind incorrectly handled certain incremental zone updates. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2021-25214) Siva Kakarla discovered that Bind incorrectly handled certain DNAME records. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2021-25215) It was discovered that Bind incorrectly handled GSSAPI security policy negotiation. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-25216) Update Instructions: Run `sudo pro fix USN-4929-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libisccfg-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.19 libisc160 - 1:9.10.3.dfsg.P4-8ubuntu1.19 libisccc-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.19 libdns162 - 1:9.10.3.dfsg.P4-8ubuntu1.19 libbind-dev - 1:9.10.3.dfsg.P4-8ubuntu1.19 libisc-export160-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.19 liblwres141 - 1:9.10.3.dfsg.P4-8ubuntu1.19 libisccc-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.19 libisccfg-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.19 bind9 - 1:9.10.3.dfsg.P4-8ubuntu1.19 libisc-export160 - 1:9.10.3.dfsg.P4-8ubuntu1.19 libdns-export162-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.19 bind9-doc - 1:9.10.3.dfsg.P4-8ubuntu1.19 libbind-export-dev - 1:9.10.3.dfsg.P4-8ubuntu1.19 libisccc140 - 1:9.10.3.dfsg.P4-8ubuntu1.19 host - 1:9.10.3.dfsg.P4-8ubuntu1.19 libisccfg140 - 1:9.10.3.dfsg.P4-8ubuntu1.19 bind9-host - 1:9.10.3.dfsg.P4-8ubuntu1.19 dnsutils - 1:9.10.3.dfsg.P4-8ubuntu1.19 libdns-export162 - 1:9.10.3.dfsg.P4-8ubuntu1.19 bind9utils - 1:9.10.3.dfsg.P4-8ubuntu1.19 libirs-export141-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.19 libbind9-140 - 1:9.10.3.dfsg.P4-8ubuntu1.19 libirs141 - 1:9.10.3.dfsg.P4-8ubuntu1.19 libirs-export141 - 1:9.10.3.dfsg.P4-8ubuntu1.19 lwresd - 1:9.10.3.dfsg.P4-8ubuntu1.19 No subscription required Medium CVE-2021-25214 CVE-2021-25215 CVE-2021-25216 Ubuntu 16.04 LTS Peter Eriksson discovered that Samba incorrectly handled certain negative idmap cache entries. This issue could result in certain users gaining unauthorized access to files, contrary to expected behaviour. Update Instructions: Run `sudo pro fix USN-4930-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.16.04.34 samba - 2:4.3.11+dfsg-0ubuntu0.16.04.34 libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.34 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.34 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.34 smbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.34 python-samba - 2:4.3.11+dfsg-0ubuntu0.16.04.34 winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.34 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.16.04.34 samba-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.34 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.16.04.34 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.16.04.34 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.34 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.34 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.34 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.34 samba-common - 2:4.3.11+dfsg-0ubuntu0.16.04.34 registry-tools - 2:4.3.11+dfsg-0ubuntu0.16.04.34 samba-libs - 2:4.3.11+dfsg-0ubuntu0.16.04.34 ctdb - 2:4.3.11+dfsg-0ubuntu0.16.04.34 No subscription required Medium CVE-2021-20254 Ubuntu 16.04 LTS USN-4932-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Django incorrectly handled certain filenames. A remote attacker could possibly use this issue to create or overwrite files in unexpected directories. Update Instructions: Run `sudo pro fix USN-4932-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1.8.7-1ubuntu5.15+esm1 python-django-doc - 1.8.7-1ubuntu5.15+esm1 python-django-common - 1.8.7-1ubuntu5.15+esm1 python-django - 1.8.7-1ubuntu5.15+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-31542 Ubuntu 16.04 LTS USN-4934-1 fixed several vulnerabilities in Exim. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. CVE-2020-28026 only affected Ubuntu 16.04 ESM. Original advisory details: It was discovered that Exim contained multiple security issues. An attacker could use these issues to cause a denial of service, execute arbitrary code remotely, obtain sensitive information, or escalate local privileges. Update Instructions: Run `sudo pro fix USN-4934-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exim4-dev - 4.86.2-2ubuntu2.6+esm1 eximon4 - 4.86.2-2ubuntu2.6+esm1 exim4 - 4.86.2-2ubuntu2.6+esm1 exim4-base - 4.86.2-2ubuntu2.6+esm1 exim4-config - 4.86.2-2ubuntu2.6+esm1 exim4-daemon-heavy - 4.86.2-2ubuntu2.6+esm1 exim4-daemon-light - 4.86.2-2ubuntu2.6+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-28007 CVE-2020-28008 CVE-2020-28009 CVE-2020-28011 CVE-2020-28012 CVE-2020-28013 CVE-2020-28014 CVE-2020-28015 CVE-2020-28016 CVE-2020-28017 CVE-2020-28020 CVE-2020-28022 CVE-2020-28024 CVE-2020-28025 CVE-2020-28026 CVE-2021-27216 Ubuntu 16.04 LTS It was discovered that Exiv2 incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code or cause a crash. (CVE-2021-29457) It was discovered that Exiv2 incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. (CVE-2021-29458, CVE-2021-29470) It was discovered that Exiv2 incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code or cause a crash. (CVE-2021-3482) Update Instructions: Run `sudo pro fix USN-4941-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exiv2 - 0.25-2.1ubuntu16.04.7+esm1 libexiv2-14 - 0.25-2.1ubuntu16.04.7+esm1 libexiv2-doc - 0.25-2.1ubuntu16.04.7+esm1 libexiv2-dev - 0.25-2.1ubuntu16.04.7+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-29457 CVE-2021-29458 CVE-2021-29470 CVE-2021-3482 Ubuntu 16.04 LTS It was discovered that the DRM subsystem in the Linux kernel contained double-free vulnerabilities. A privileged attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-20292) Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H. Schönherr discovered that the Xen paravirtualization backend in the Linux kernel did not properly propagate errors to frontend drivers in some situations. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2021-26930) Jan Beulich discovered that multiple Xen backends in the Linux kernel did not properly handle certain error conditions under paravirtualization. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2021-26931) Jan Beulich discovered that the Xen netback backend in the Linux kernel did not properly handle certain error conditions under paravirtualization. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2021-28038) It was discovered that the Xen paravirtualization backend in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-28688) It was discovered that the Freescale Gianfar Ethernet driver for the Linux kernel did not properly handle receive queue overrun when jumbo frames were enabled in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2021-29264) It was discovered that the USB/IP driver in the Linux kernel contained race conditions during the update of local and shared status. An attacker could use this to cause a denial of service (system crash). (CVE-2021-29265) It was discovered that a race condition existed in the netfilter subsystem of the Linux kernel when replacing tables. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-29650) Arnd Bergmann discovered that the video4linux subsystem in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-30002) Update Instructions: Run `sudo pro fix USN-4946-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1071-oracle - 4.15.0-1071.79~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.15.0-1099-gcp - 4.15.0-1099.112~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.15.0-1102-aws - 4.15.0-1102.109~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.15.0-143-generic - 4.15.0-143.147~16.04.3 linux-image-4.15.0-143-lowlatency - 4.15.0-143.147~16.04.3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-oracle - 4.15.0.1071.59 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-gke - 4.15.0.1099.100 linux-image-gcp - 4.15.0.1099.100 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-aws-hwe - 4.15.0.1102.93 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-virtual-hwe-16.04 - 4.15.0.143.139 linux-image-virtual-hwe-16.04-edge - 4.15.0.143.139 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.143.139 linux-image-oem - 4.15.0.143.139 linux-image-lowlatency-hwe-16.04 - 4.15.0.143.139 linux-image-generic-hwe-16.04 - 4.15.0.143.139 linux-image-generic-hwe-16.04-edge - 4.15.0.143.139 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-20292 CVE-2021-26930 CVE-2021-26931 CVE-2021-28038 CVE-2021-28688 CVE-2021-29264 CVE-2021-29265 CVE-2021-29650 CVE-2021-30002 Ubuntu 16.04 LTS Sean Boran discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2020-29600) It was discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to access sensitive information. (CVE-2020-35176) Update Instructions: Run `sudo pro fix USN-4953-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: awstats - 7.4+dfsg-1ubuntu0.4+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-1000501 CVE-2020-29600 CVE-2020-35176 Ubuntu 16.04 LTS Jason Royes and Samuel Dytrych discovered that the memcpy() implementation for 32 bit ARM processors in the GNU C Library contained an integer underflow vulnerability. An attacker could possibly use this to cause a denial of service (application crash) or execute arbitrary code. (CVE-2020-6096) It was discovered that the POSIX regex implementation in the GNU C Library did not properly parse alternatives. An attacker could use this to cause a denial of service. (CVE-2009-5155) Update Instructions: Run `sudo pro fix USN-4954-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc6-i386 - 2.23-0ubuntu11.3 libc6-ppc64 - 2.23-0ubuntu11.3 libc6-dev-s390 - 2.23-0ubuntu11.3 glibc-source - 2.23-0ubuntu11.3 libc-bin - 2.23-0ubuntu11.3 libc6-x32 - 2.23-0ubuntu11.3 libc6-s390 - 2.23-0ubuntu11.3 libc6-armel - 2.23-0ubuntu11.3 libc6-pic - 2.23-0ubuntu11.3 libc6-dev-ppc64 - 2.23-0ubuntu11.3 libc6-dev-armel - 2.23-0ubuntu11.3 glibc-doc - 2.23-0ubuntu11.3 multiarch-support - 2.23-0ubuntu11.3 libc6-dev - 2.23-0ubuntu11.3 libc6-amd64 - 2.23-0ubuntu11.3 libc6-dev-amd64 - 2.23-0ubuntu11.3 libc6 - 2.23-0ubuntu11.3 locales-all - 2.23-0ubuntu11.3 libc6-dev-x32 - 2.23-0ubuntu11.3 locales - 2.23-0ubuntu11.3 libc6-udeb - 2.23-0ubuntu11.3 libc6-dev-i386 - 2.23-0ubuntu11.3 libc-dev-bin - 2.23-0ubuntu11.3 nscd - 2.23-0ubuntu11.3 No subscription required Low CVE-2009-5155 CVE-2020-6096 Ubuntu 16.04 LTS USN-4957-1 fixed several vulnerabilities in DjVuLibre. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, a remote attacker could cause applications to hang or crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4957-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libdjvulibre21 - 3.5.27.1-5ubuntu0.1+esm1 libdjvulibre-text - 3.5.27.1-5ubuntu0.1+esm1 djvulibre-desktop - 3.5.27.1-5ubuntu0.1+esm1 djview3 - 3.5.27.1-5ubuntu0.1+esm1 djvuserve - 3.5.27.1-5ubuntu0.1+esm1 libdjvulibre-dev - 3.5.27.1-5ubuntu0.1+esm1 djview - 3.5.27.1-5ubuntu0.1+esm1 djvulibre-bin - 3.5.27.1-5ubuntu0.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-32490 CVE-2021-32491 CVE-2021-32492 CVE-2021-32493 CVE-2021-3500 Ubuntu 16.04 LTS It was discovered that GStreamer Base Plugins incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-4959-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gstreamer1.0-plugins-base - 1.8.3-1ubuntu0.3+esm1 libgstreamer-plugins-base1.0-0 - 1.8.3-1ubuntu0.3+esm1 gstreamer1.0-x - 1.8.3-1ubuntu0.3+esm1 gstreamer1.0-alsa - 1.8.3-1ubuntu0.3+esm1 libgstreamer-plugins-base1.0-dev - 1.8.3-1ubuntu0.3+esm1 gir1.2-gst-plugins-base-1.0 - 1.8.3-1ubuntu0.3+esm1 gstreamer1.0-plugins-base-doc - 1.8.3-1ubuntu0.3+esm1 gstreamer1.0-plugins-base-apps - 1.8.3-1ubuntu0.3+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-3522 Ubuntu 16.04 LTS USN-4961-1 fixed a vulnerability in pip. This update provides the corresponding updates for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. Original advisory details: It was discovered that pip incorrectly handled unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. Update Instructions: Run `sudo pro fix USN-4961-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-pip - 8.1.1-2ubuntu0.6+esm2 python-pip-whl - 8.1.1-2ubuntu0.6+esm2 python3-pip - 8.1.1-2ubuntu0.6+esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Low CVE-2021-3572 Ubuntu 16.04 LTS It was discovered that Babel incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4962-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-pybabel - 1.3+dfsg.1-6ubuntu0.1~esm1 python-babel-localedata - 1.3+dfsg.1-6ubuntu0.1~esm1 python-babel-doc - 1.3+dfsg.1-6ubuntu0.1~esm1 python-babel - 1.3+dfsg.1-6ubuntu0.1~esm1 python3-babel - 1.3+dfsg.1-6ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None Ubuntu 16.04 LTS It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10 and Ubuntu 21.04. (CVE-2021-29463) It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10 and Ubuntu 21.04. (CVE-2021-29464) It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2021-29473, CVE-2021-32617) It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10 and Ubuntu 21.04. (CVE-2021-29623) Update Instructions: Run `sudo pro fix USN-4964-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exiv2 - 0.25-2.1ubuntu16.04.7+esm2 libexiv2-14 - 0.25-2.1ubuntu16.04.7+esm2 libexiv2-doc - 0.25-2.1ubuntu16.04.7+esm2 libexiv2-dev - 0.25-2.1ubuntu16.04.7+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-29463 CVE-2021-29464 CVE-2021-29473 CVE-2021-29623 CVE-2021-32617 Ubuntu 16.04 LTS USN-4965-1 fixed several vulnerabilities in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Maik Münch discovered that Apport incorrectly handled certain information gathering operations. A local attacker could use these issues to read and write arbitrary files as an administrator, and possibly escalate privileges. Update Instructions: Run `sudo pro fix USN-4965-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apport - 2.20.1-0ubuntu2.30+esm1 python3-problem-report - 2.20.1-0ubuntu2.30+esm1 apport-kde - 2.20.1-0ubuntu2.30+esm1 apport-retrace - 2.20.1-0ubuntu2.30+esm1 apport-valgrind - 2.20.1-0ubuntu2.30+esm1 python3-apport - 2.20.1-0ubuntu2.30+esm1 dh-apport - 2.20.1-0ubuntu2.30+esm1 apport-gtk - 2.20.1-0ubuntu2.30+esm1 python-apport - 2.20.1-0ubuntu2.30+esm1 python-problem-report - 2.20.1-0ubuntu2.30+esm1 apport-noui - 2.20.1-0ubuntu2.30+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-32547 CVE-2021-32548 CVE-2021-32549 CVE-2021-32550 CVE-2021-32551 CVE-2021-32552 CVE-2021-32553 CVE-2021-32554 CVE-2021-32555 CVE-2021-32556 CVE-2021-32557 Ubuntu 16.04 LTS USN-4966-1 fixed a vulnerability in libx11. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that libx11 incorrectly validated certain parameter lengths. A remote attacker could possibly use this issue to trick libx11 into emitting extra X protocol requests. Update Instructions: Run `sudo pro fix USN-4966-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libx11-6 - 2:1.6.3-1ubuntu2.2+esm1 libx11-data - 2:1.6.3-1ubuntu2.2+esm1 libx11-xcb-dev - 2:1.6.3-1ubuntu2.2+esm1 libx11-xcb1 - 2:1.6.3-1ubuntu2.2+esm1 libx11-doc - 2:1.6.3-1ubuntu2.2+esm1 libx11-6-udeb - 2:1.6.3-1ubuntu2.2+esm1 libx11-dev - 2:1.6.3-1ubuntu2.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-31535 Ubuntu 16.04 LTS USN-4967-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Original advisory details: Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx incorrectly handled responses to the DNS resolver. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4967-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nginx-extras - 1.10.3-0ubuntu0.16.04.5+esm1 nginx-core - 1.10.3-0ubuntu0.16.04.5+esm1 nginx-common - 1.10.3-0ubuntu0.16.04.5+esm1 nginx-full - 1.10.3-0ubuntu0.16.04.5+esm1 nginx - 1.10.3-0ubuntu0.16.04.5+esm1 nginx-light - 1.10.3-0ubuntu0.16.04.5+esm1 nginx-doc - 1.10.3-0ubuntu0.16.04.5+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-23017 Ubuntu 16.04 LTS USN-4968-1 fixed a vulnerability in LZ4. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that LZ4 incorrectly handled certain memory operations. If a user or automated system were tricked into uncompressing a specially- crafted LZ4 file, a remote attacker could use this issue to cause LZ4 to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4968-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblz4-tool - 0.0~r131-2ubuntu2+esm1 liblz4-dev - 0.0~r131-2ubuntu2+esm1 liblz4-1 - 0.0~r131-2ubuntu2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-3520 Ubuntu 16.04 LTS USN-4969-1 fixed a vulnerability in DHCP. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Original advisory details: Jon Franklin and Pawel Wieczorkiewicz discovered that DHCP incorrectly handled lease file parsing. A remote attacker could possibly use this issue to cause DHCP to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4969-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: isc-dhcp-dev - 4.3.3-5ubuntu12.10+esm1 isc-dhcp-client-ddns - 4.3.3-5ubuntu12.10+esm1 isc-dhcp-relay - 4.3.3-5ubuntu12.10+esm1 isc-dhcp-client - 4.3.3-5ubuntu12.10+esm1 isc-dhcp-common - 4.3.3-5ubuntu12.10+esm1 isc-dhcp-server - 4.3.3-5ubuntu12.10+esm1 isc-dhcp-client-udeb - 4.3.3-5ubuntu12.10+esm1 isc-dhcp-server-ldap - 4.3.3-5ubuntu12.10+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-25217 Ubuntu 16.04 LTS USN-4971-1 fixed several vulnerabilities in libwebp. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that libwebp incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause libwebp to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4971-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libwebp5 - 0.4.4-1ubuntu0.1~esm1 webp - 0.4.4-1ubuntu0.1~esm1 libwebpdemux1 - 0.4.4-1ubuntu0.1~esm1 libwebp-dev - 0.4.4-1ubuntu0.1~esm1 libwebpmux1 - 0.4.4-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-25009 CVE-2018-25010 CVE-2018-25011 CVE-2018-25012 CVE-2018-25013 CVE-2018-25014 CVE-2020-36328 CVE-2020-36329 CVE-2020-36330 CVE-2020-36331 Ubuntu 16.04 LTS USN-4975-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Rasmus Lerchedahl Petersen and Rasmus Wriedt Larsen discovered that Django incorrectly handled path sanitation in admindocs. A remote attacker could possibly use this issue to determine the existence of arbitrary files and in certain configurations obtain their contents. (CVE-2021-33203) Update Instructions: Run `sudo pro fix USN-4975-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1.8.7-1ubuntu5.15+esm3 python-django-doc - 1.8.7-1ubuntu5.15+esm3 python-django-common - 1.8.7-1ubuntu5.15+esm3 python-django - 1.8.7-1ubuntu5.15+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2021-33203 Ubuntu 16.04 LTS USN-4976-1 fixed a vulnerability in Dnsmasq. This update provides the corresponding update for Ubuntu 16.04 ESM. Dnsmasq has been updated to 2.79-1 for Ubuntu 16.04 ESM in order to fix some security issues. Original advisory details: Petr Mensik discovered that Dnsmasq incorrectly randomized source ports in certain configurations. A remote attacker could possibly use this issue to facilitate DNS cache poisoning attacks. Update Instructions: Run `sudo pro fix USN-4976-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsmasq - 2.79-1ubuntu0.16.04.1+esm1 dnsmasq-utils - 2.79-1ubuntu0.16.04.1+esm1 dnsmasq-base-lua - 2.79-1ubuntu0.16.04.1+esm1 dnsmasq-base - 2.79-1ubuntu0.16.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2021-3448 Ubuntu 16.04 LTS Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-25670) Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel did not properly deallocate memory in certain error situations. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2020-25671, CVE-2020-25672) Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel did not properly handle error conditions in some situations, leading to an infinite loop. A local attacker could use this to cause a denial of service. (CVE-2020-25673) It was discovered that the Realtek RTL8188EU Wireless device driver in the Linux kernel did not properly validate ssid lengths in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2021-28660) Zygo Blaxell discovered that the btrfs file system implementation in the Linux kernel contained a race condition during certain cloning operations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2021-28964) Vince Weaver discovered that the perf subsystem in the Linux kernel did not properly handle certain PEBS records properly for some Intel Haswell processors. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-28971) It was discovered that the RPA PCI Hotplug driver implementation in the Linux kernel did not properly handle device name writes via sysfs, leading to a buffer overflow. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-28972) It was discovered that the Qualcomm IPC router implementation in the Linux kernel did not properly initialize memory passed to user space. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-29647) Dan Carpenter discovered that the block device manager (dm) implementation in the Linux kernel contained a buffer overflow in the ioctl for listing devices. A privileged local attacker could use this to cause a denial of service (system crash). (CVE-2021-31916) It was discovered that the CIPSO implementation in the Linux kernel did not properly perform reference counting in some situations, leading to use- after-free vulnerabilities. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33033) Wolfgang Frisch discovered that the ext4 file system implementation in the Linux kernel contained an integer overflow when handling metadata inode extents. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service (system crash). (CVE-2021-3428) 马哲宇 discovered that the IEEE 1394 (Firewire) nosy packet sniffer driver in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3483) Update Instructions: Run `sudo pro fix USN-4979-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1072-oracle - 4.15.0-1072.80~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.15.0-1100-gcp - 4.15.0-1100.113~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.15.0-1103-aws - 4.15.0-1103.110~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.15.0-1115-azure - 4.15.0-1115.128~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.15.0-144-lowlatency - 4.15.0-144.148~16.04.1 linux-image-4.15.0-144-generic - 4.15.0-144.148~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-oracle - 4.15.0.1072.60 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-gke - 4.15.0.1100.101 linux-image-gcp - 4.15.0.1100.101 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-aws-hwe - 4.15.0.1103.94 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-azure-edge - 4.15.0.1115.106 linux-image-azure - 4.15.0.1115.106 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-virtual-hwe-16.04-edge - 4.15.0.144.140 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.144.140 linux-image-oem - 4.15.0.144.140 linux-image-lowlatency-hwe-16.04 - 4.15.0.144.140 linux-image-generic-hwe-16.04-edge - 4.15.0.144.140 linux-image-virtual-hwe-16.04 - 4.15.0.144.140 linux-image-generic-hwe-16.04 - 4.15.0.144.140 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2021-28660 CVE-2021-28964 CVE-2021-28971 CVE-2021-28972 CVE-2021-29647 CVE-2021-31916 CVE-2021-33033 CVE-2021-3428 CVE-2021-3483 Ubuntu 16.04 LTS It was discovered that some Intel processors may not properly invalidate cache entries used by Intel Virtualization Technology for Directed I/O (VT-d). This may allow a local user to perform a privilege escalation attack. (CVE-2020-24489) Joseph Nuzman discovered that some Intel processors may not properly apply EIBRS mitigations (originally developed for CVE-2017-5715) and hence may allow unauthorized memory reads via sidechannel attacks. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2020-24511) Travis Downs discovered that some Intel processors did not properly flush cache-lines for trivial-data values. This may allow an unauthorized user to infer the presence of these trivial-data-cache-lines via timing sidechannel attacks. A local attacker could use this to expose sensitive information. (CVE-2020-24512) It was discovered that certain Intel Atom processors could expose memory contents stored in microarchitectural buffers. A local attacker could use this to expose sensitive information. (CVE-2020-24513) Update Instructions: Run `sudo pro fix USN-4985-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20210608.0ubuntu0.16.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2020-24511 CVE-2020-24512 CVE-2020-24513 CVE-2020-24489 Ubuntu 16.04 LTS USN-4986-1 fixed a vulnerability in rpcbind. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that rpcbind incorrectly handled certain large data sizes. A remote attacker could use this issue to cause rpcbind to consume resources, leading to a denial of service. Update Instructions: Run `sudo pro fix USN-4986-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rpcbind - 0.2.3-0.2ubuntu0.16.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-8779 Ubuntu 16.04 LTS USN-4986-1 fixed a vulnerability in rpcbind. The update caused a regression resulting in rpcbind crashing in certain environments. This update fixes the problem for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that rpcbind incorrectly handled certain large data sizes. A remote attacker could use this issue to cause rpcbind to consume resources, leading to a denial of service. Update Instructions: Run `sudo pro fix USN-4986-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rpcbind - 0.2.3-0.2ubuntu0.16.04.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/1931507 Ubuntu 16.04 LTS USN-4987-1 fixed a vulnerability in ExifTool. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that ExifTool did not properly sanitize user data for the DjVu file format. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4987-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libimage-exiftool-perl - 10.10-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2021-22204 Ubuntu 16.04 LTS USN-4989-1 fixed several vulnerabilities in BlueZ. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that BlueZ incorrectly checked certain permissions when pairing. A local attacker could possibly use this issue to impersonate devices. (CVE-2020-26558) Jay LV discovered that BlueZ incorrectly handled redundant disconnect MGMT events. A local attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-27153) Update Instructions: Run `sudo pro fix USN-4989-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libbluetooth3 - 5.37-0ubuntu5.3+esm1 bluez-tests - 5.37-0ubuntu5.3+esm1 bluez-obexd - 5.37-0ubuntu5.3+esm1 bluetooth - 5.37-0ubuntu5.3+esm1 bluez - 5.37-0ubuntu5.3+esm1 bluez-hcidump - 5.37-0ubuntu5.3+esm1 bluez-cups - 5.37-0ubuntu5.3+esm1 libbluetooth-dev - 5.37-0ubuntu5.3+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-26558 CVE-2020-27153 Ubuntu 16.04 LTS Yunho Kim discovered that libxml2 incorrectly handled certain error conditions. A remote attacker could exploit this with a crafted XML file to cause a denial of service, or possibly cause libxml2 to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, and Ubuntu 16.04 ESM. (CVE-2017-8872) Zhipeng Xie discovered that libxml2 incorrectly handled certain XML schemas. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS. (CVE-2019-20388) It was discovered that libxml2 incorrectly handled invalid UTF-8 input. A remote attacker could possibly exploit this with a crafted XML file to cause libxml2 to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2020-24977) It was discovered that libxml2 incorrectly handled invalid UTF-8 input. A remote attacker could possibly exploit this with a crafted XML file to cause libxml2 to crash, resulting in a denial of service. (CVE-2021-3517) It was discovered that libxml2 did not properly handle certain crafted XML files. A local attacker could exploit this with a crafted input to cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-3516, CVE-2021-3518) It was discovered that libxml2 incorrectly handled error states. A remote attacker could exploit this with a crafted XML file to cause libxml2 to crash, resulting in a denial of service. (CVE-2021-3537) Sebastian Pipping discovered that libxml2 did not properly handle certain crafted XML files. A remote attacker could exploit this with a crafted XML file to cause libxml2 to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2021-3541) Update Instructions: Run `sudo pro fix USN-4991-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxml2 - 2.9.3+dfsg1-1ubuntu0.7+esm1 libxml2-utils - 2.9.3+dfsg1-1ubuntu0.7+esm1 libxml2 - 2.9.3+dfsg1-1ubuntu0.7+esm1 libxml2-udeb - 2.9.3+dfsg1-1ubuntu0.7+esm1 libxml2-doc - 2.9.3+dfsg1-1ubuntu0.7+esm1 libxml2-dev - 2.9.3+dfsg1-1ubuntu0.7+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-8872 CVE-2019-20388 CVE-2020-24977 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537 CVE-2021-3541 Ubuntu 16.04 LTS USN-4994-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Antonio Morales discovered that the Apache mod_auth_digest module incorrectly handled certain Digest nonces. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. (CVE-2020-35452) Antonio Morales discovered that the Apache mod_session module incorrectly handled certain Cookie headers. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. (CVE-2021-26690) Christophe Jaillet discovered that the Apache mod_session module incorrectly handled certain SessionHeader values. A remote attacker could use this issue to cause Apache to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-26691) Christoph Anton Mitterer discovered that the new MergeSlashes configuration option resulted in unexpected behaviour in certain situations. (CVE-2021-30641) Update Instructions: Run `sudo pro fix USN-4994-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2-data - 2.4.18-2ubuntu3.17+esm1 apache2-utils - 2.4.18-2ubuntu3.17+esm1 apache2-dev - 2.4.18-2ubuntu3.17+esm1 apache2-suexec-pristine - 2.4.18-2ubuntu3.17+esm1 apache2-suexec-custom - 2.4.18-2ubuntu3.17+esm1 apache2 - 2.4.18-2ubuntu3.17+esm1 apache2-doc - 2.4.18-2ubuntu3.17+esm1 apache2-bin - 2.4.18-2ubuntu3.17+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-35452 CVE-2021-26690 CVE-2021-26691 CVE-2021-30641 Ubuntu 16.04 LTS USN-4996-1 fixed several vulnerabilities in OpenEXR. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4996-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libopenexr-dev - 2.2.0-10ubuntu2.6+esm1 openexr - 2.2.0-10ubuntu2.6+esm1 libopenexr22 - 2.2.0-10ubuntu2.6+esm1 openexr-doc - 2.2.0-10ubuntu2.6+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-20296 CVE-2021-23215 CVE-2021-26260 CVE-2021-3598 CVE-2021-3605 Ubuntu 16.04 LTS Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. (CVE-2021-3609) It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code. (CVE-2021-3600) Or Cohen discovered that the SCTP implementation in the Linux kernel contained a race condition in some situations, leading to a use-after-free condition. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-23133) Update Instructions: Run `sudo pro fix USN-5003-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1075-oracle - 4.15.0-1075.83~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.15.0-1103-gcp - 4.15.0-1103.116~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.15.0-1106-aws - 4.15.0-1106.113~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.15.0-1118-azure - 4.15.0-1118.131~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.15.0-147-lowlatency - 4.15.0-147.151~16.04.1 linux-image-4.15.0-147-generic - 4.15.0-147.151~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-oracle - 4.15.0.1075.63 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-gke - 4.15.0.1103.104 linux-image-gcp - 4.15.0.1103.104 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-aws-hwe - 4.15.0.1106.97 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-azure-edge - 4.15.0.1118.109 linux-image-azure - 4.15.0.1118.109 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-virtual-hwe-16.04-edge - 4.15.0.147.143 linux-image-oem - 4.15.0.147.143 linux-image-lowlatency-hwe-16.04 - 4.15.0.147.143 linux-image-generic-hwe-16.04-edge - 4.15.0.147.143 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.147.143 linux-image-generic-hwe-16.04 - 4.15.0.147.143 linux-image-virtual-hwe-16.04 - 4.15.0.147.143 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-23133 CVE-2021-3600 CVE-2021-3609 Ubuntu 16.04 LTS It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2019-11287) Jonathan Knudsen discovered RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. (CVE-2021-22116) Update Instructions: Run `sudo pro fix USN-5004-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rabbitmq-server - 3.5.7-1ubuntu0.16.04.4+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-11287 CVE-2021-22116 Ubuntu 16.04 LTS It was discovered that DjVuLibre incorrectly handled certain djvu files. An attacker could possibly use this issue to execute arbitrary code or cause a crash. Update Instructions: Run `sudo pro fix USN-5005-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libdjvulibre21 - 3.5.27.1-5ubuntu0.1+esm2 libdjvulibre-text - 3.5.27.1-5ubuntu0.1+esm2 djvulibre-desktop - 3.5.27.1-5ubuntu0.1+esm2 djview3 - 3.5.27.1-5ubuntu0.1+esm2 djvuserve - 3.5.27.1-5ubuntu0.1+esm2 libdjvulibre-dev - 3.5.27.1-5ubuntu0.1+esm2 djview - 3.5.27.1-5ubuntu0.1+esm2 djvulibre-bin - 3.5.27.1-5ubuntu0.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-3630 Ubuntu 16.04 LTS USN-5006-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that PHP incorrectly handled certain PHAR files. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2020-7068) It was discovered that PHP incorrectly handled parsing URLs with passwords. A remote attacker could possibly use this issue to cause PHP to mis-parse the URL and produce wrong data. (CVE-2020-7071) It was discovered that PHP incorrectly handled certain malformed XML data when being parsed by the SOAP extension. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2021-21702) It was discovered that PHP incorrectly handled the pdo_firebase module. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2021-21704) It was discovered that PHP incorrectly handled the FILTER_VALIDATE_URL check. A remote attacker could possibly use this issue to perform a server- side request forgery attack. (CVE-2021-21705) Update Instructions: Run `sudo pro fix USN-5006-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.0-cgi - 7.0.33-0ubuntu0.16.04.16+esm1 php7.0-mcrypt - 7.0.33-0ubuntu0.16.04.16+esm1 php7.0-xsl - 7.0.33-0ubuntu0.16.04.16+esm1 php7.0-fpm - 7.0.33-0ubuntu0.16.04.16+esm1 libphp7.0-embed - 7.0.33-0ubuntu0.16.04.16+esm1 php7.0-cli - 7.0.33-0ubuntu0.16.04.16+esm1 php7.0-curl - 7.0.33-0ubuntu0.16.04.16+esm1 php7.0-ldap - 7.0.33-0ubuntu0.16.04.16+esm1 php7.0-mbstring - 7.0.33-0ubuntu0.16.04.16+esm1 php7.0-gmp - 7.0.33-0ubuntu0.16.04.16+esm1 php7.0-sqlite3 - 7.0.33-0ubuntu0.16.04.16+esm1 php7.0-gd - 7.0.33-0ubuntu0.16.04.16+esm1 php7.0-common - 7.0.33-0ubuntu0.16.04.16+esm1 php7.0-enchant - 7.0.33-0ubuntu0.16.04.16+esm1 php7.0-soap - 7.0.33-0ubuntu0.16.04.16+esm1 php7.0-odbc - 7.0.33-0ubuntu0.16.04.16+esm1 php7.0-phpdbg - 7.0.33-0ubuntu0.16.04.16+esm1 php7.0-json - 7.0.33-0ubuntu0.16.04.16+esm1 php7.0-pgsql - 7.0.33-0ubuntu0.16.04.16+esm1 libapache2-mod-php7.0 - 7.0.33-0ubuntu0.16.04.16+esm1 php7.0-imap - 7.0.33-0ubuntu0.16.04.16+esm1 php7.0-dba - 7.0.33-0ubuntu0.16.04.16+esm1 php7.0-sybase - 7.0.33-0ubuntu0.16.04.16+esm1 php7.0-pspell - 7.0.33-0ubuntu0.16.04.16+esm1 php7.0-xml - 7.0.33-0ubuntu0.16.04.16+esm1 php7.0-bz2 - 7.0.33-0ubuntu0.16.04.16+esm1 php7.0-recode - 7.0.33-0ubuntu0.16.04.16+esm1 php7.0-zip - 7.0.33-0ubuntu0.16.04.16+esm1 php7.0 - 7.0.33-0ubuntu0.16.04.16+esm1 php7.0-tidy - 7.0.33-0ubuntu0.16.04.16+esm1 php7.0-interbase - 7.0.33-0ubuntu0.16.04.16+esm1 php7.0-opcache - 7.0.33-0ubuntu0.16.04.16+esm1 php7.0-readline - 7.0.33-0ubuntu0.16.04.16+esm1 php7.0-intl - 7.0.33-0ubuntu0.16.04.16+esm1 php7.0-mysql - 7.0.33-0ubuntu0.16.04.16+esm1 php7.0-xmlrpc - 7.0.33-0ubuntu0.16.04.16+esm1 php7.0-bcmath - 7.0.33-0ubuntu0.16.04.16+esm1 php7.0-dev - 7.0.33-0ubuntu0.16.04.16+esm1 php7.0-snmp - 7.0.33-0ubuntu0.16.04.16+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-7068 CVE-2020-7071 CVE-2021-21702 CVE-2021-21704 CVE-2021-21705 Ubuntu 16.04 LTS USN-5008-1 fixed a vulnerability in avahi. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Thomas Kremer discovered that Avahi incorrectly handled termination signals on the Unix socket. A local attacker could possibly use this issue to cause Avahi to hang, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-5008-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libavahi-compat-libdnssd-dev - 0.6.32~rc+dfsg-1ubuntu2.3+esm1 libavahi-ui-gtk3-0 - 0.6.32~rc+dfsg-1ubuntu2.3+esm1 libavahi-core7-udeb - 0.6.32~rc+dfsg-1ubuntu2.3+esm1 libavahi-qt4-1 - 0.6.32~rc+dfsg-1ubuntu2.3+esm1 libavahi-core7 - 0.6.32~rc+dfsg-1ubuntu2.3+esm1 libavahi-client3 - 0.6.32~rc+dfsg-1ubuntu2.3+esm1 libavahi-core-dev - 0.6.32~rc+dfsg-1ubuntu2.3+esm1 libavahi-client-dev - 0.6.32~rc+dfsg-1ubuntu2.3+esm1 avahi-ui-utils - 0.6.32~rc+dfsg-1ubuntu2.3+esm1 libavahi-gobject-dev - 0.6.32~rc+dfsg-1ubuntu2.3+esm1 avahi-dnsconfd - 0.6.32~rc+dfsg-1ubuntu2.3+esm1 libavahi-compat-libdnssd1 - 0.6.32~rc+dfsg-1ubuntu2.3+esm1 libavahi-common3 - 0.6.32~rc+dfsg-1ubuntu2.3+esm1 avahi-daemon - 0.6.32~rc+dfsg-1ubuntu2.3+esm1 avahi-discover - 0.6.32~rc+dfsg-1ubuntu2.3+esm1 libavahi-common-dev - 0.6.32~rc+dfsg-1ubuntu2.3+esm1 libavahi-common-data - 0.6.32~rc+dfsg-1ubuntu2.3+esm1 avahi-utils - 0.6.32~rc+dfsg-1ubuntu2.3+esm1 libavahi-ui0 - 0.6.32~rc+dfsg-1ubuntu2.3+esm1 libavahi-ui-gtk3-dev - 0.6.32~rc+dfsg-1ubuntu2.3+esm1 libavahi-glib-dev - 0.6.32~rc+dfsg-1ubuntu2.3+esm1 libavahi-ui-dev - 0.6.32~rc+dfsg-1ubuntu2.3+esm1 libavahi-qt4-dev - 0.6.32~rc+dfsg-1ubuntu2.3+esm1 libavahi-gobject0 - 0.6.32~rc+dfsg-1ubuntu2.3+esm1 avahi-autoipd - 0.6.32~rc+dfsg-1ubuntu2.3+esm1 python-avahi - 0.6.32~rc+dfsg-1ubuntu2.3+esm1 libavahi-glib1 - 0.6.32~rc+dfsg-1ubuntu2.3+esm1 libavahi-common3-udeb - 0.6.32~rc+dfsg-1ubuntu2.3+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-3468 Ubuntu 16.04 LTS USN-5013-1 fixed several vulnerabilities in systemd. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that systemd incorrectly handled certain mount paths. A local attacker could possibly use this issue to cause systemd to crash, resulting in a denial of service. (CVE-2021-33910) Mitchell Frank discovered that systemd incorrectly handled DHCP FORCERENEW packets. A remote attacker could possibly use this issue to reconfigure servers. (CVE-2020-13529) Update Instructions: Run `sudo pro fix USN-5013-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: systemd-coredump - 229-4ubuntu21.31+esm1 systemd - 229-4ubuntu21.31+esm1 udev-udeb - 229-4ubuntu21.31+esm1 libsystemd0 - 229-4ubuntu21.31+esm1 systemd-container - 229-4ubuntu21.31+esm1 libnss-myhostname - 229-4ubuntu21.31+esm1 libudev1-udeb - 229-4ubuntu21.31+esm1 libudev1 - 229-4ubuntu21.31+esm1 libsystemd-dev - 229-4ubuntu21.31+esm1 systemd-journal-remote - 229-4ubuntu21.31+esm1 libpam-systemd - 229-4ubuntu21.31+esm1 libudev-dev - 229-4ubuntu21.31+esm1 libnss-mymachines - 229-4ubuntu21.31+esm1 libnss-resolve - 229-4ubuntu21.31+esm1 systemd-sysv - 229-4ubuntu21.31+esm1 udev - 229-4ubuntu21.31+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2020-13529 CVE-2021-33910 Ubuntu 16.04 LTS It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5014-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-headers-4.4.0-1095-kvm - 4.4.0-1095.104 linux-buildinfo-4.4.0-1095-kvm - 4.4.0-1095.104 linux-modules-4.4.0-1095-kvm - 4.4.0-1095.104 linux-kvm-headers-4.4.0-1095 - 4.4.0-1095.104 linux-kvm-cloud-tools-4.4.0-1095 - 4.4.0-1095.104 linux-tools-4.4.0-1095-kvm - 4.4.0-1095.104 linux-image-4.4.0-1095-kvm - 4.4.0-1095.104 linux-cloud-tools-4.4.0-1095-kvm - 4.4.0-1095.104 linux-kvm-tools-4.4.0-1095 - 4.4.0-1095.104 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-4.4.0-1130-aws - 4.4.0-1130.144 linux-headers-4.4.0-1130-aws - 4.4.0-1130.144 linux-cloud-tools-4.4.0-1130-aws - 4.4.0-1130.144 linux-image-4.4.0-1130-aws - 4.4.0-1130.144 linux-buildinfo-4.4.0-1130-aws - 4.4.0-1130.144 linux-aws-cloud-tools-4.4.0-1130 - 4.4.0-1130.144 linux-modules-extra-4.4.0-1130-aws - 4.4.0-1130.144 linux-aws-tools-4.4.0-1130 - 4.4.0-1130.144 linux-tools-4.4.0-1130-aws - 4.4.0-1130.144 linux-aws-headers-4.4.0-1130 - 4.4.0-1130.144 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-common - 4.4.0-212.244 linux-tools-host - 4.4.0-212.244 linux-source-4.4.0 - 4.4.0-212.244 linux-doc - 4.4.0-212.244 linux-cloud-tools-4.4.0-212-generic - 4.4.0-212.244 linux-modules-extra-4.4.0-212-generic - 4.4.0-212.244 linux-headers-4.4.0-212 - 4.4.0-212.244 linux-headers-4.4.0-212-lowlatency - 4.4.0-212.244 linux-libc-dev - 4.4.0-212.244 linux-modules-4.4.0-212-lowlatency - 4.4.0-212.244 linux-tools-4.4.0-212 - 4.4.0-212.244 linux-buildinfo-4.4.0-212-generic - 4.4.0-212.244 linux-image-unsigned-4.4.0-212-lowlatency - 4.4.0-212.244 linux-image-4.4.0-212-generic - 4.4.0-212.244 linux-tools-4.4.0-212-lowlatency - 4.4.0-212.244 linux-cloud-tools-4.4.0-212-lowlatency - 4.4.0-212.244 linux-headers-4.4.0-212-generic - 4.4.0-212.244 linux-cloud-tools-4.4.0-212 - 4.4.0-212.244 linux-image-4.4.0-212-lowlatency - 4.4.0-212.244 linux-cloud-tools-common - 4.4.0-212.244 linux-udebs-generic - 4.4.0-212.244 linux-image-unsigned-4.4.0-212-generic - 4.4.0-212.244 linux-modules-4.4.0-212-generic - 4.4.0-212.244 linux-buildinfo-4.4.0-212-lowlatency - 4.4.0-212.244 linux-tools-4.4.0-212-generic - 4.4.0-212.244 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-kvm - 4.4.0.1095.93 linux-kvm - 4.4.0.1095.93 linux-headers-kvm - 4.4.0.1095.93 linux-image-kvm - 4.4.0.1095.93 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-aws - 4.4.0.1130.135 linux-image-aws - 4.4.0.1130.135 linux-aws - 4.4.0.1130.135 linux-tools-aws - 4.4.0.1130.135 linux-modules-extra-aws - 4.4.0.1130.135 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-image-generic-lts-utopic - 4.4.0.212.219 linux-cloud-tools-generic-lts-wily - 4.4.0.212.219 linux-cloud-tools-virtual-lts-xenial - 4.4.0.212.219 linux-cloud-tools-virtual - 4.4.0.212.219 linux-cloud-tools-virtual-lts-utopic - 4.4.0.212.219 linux-tools-generic-lts-vivid - 4.4.0.212.219 linux-image-extra-virtual-lts-xenial - 4.4.0.212.219 linux-image-extra-virtual-lts-wily - 4.4.0.212.219 linux-headers-generic-lts-wily - 4.4.0.212.219 linux-headers-lowlatency-lts-wily - 4.4.0.212.219 linux-tools-virtual-lts-vivid - 4.4.0.212.219 linux-image-virtual - 4.4.0.212.219 linux-tools-virtual-lts-wily - 4.4.0.212.219 linux-image-lowlatency-lts-vivid - 4.4.0.212.219 linux-tools-lowlatency-lts-vivid - 4.4.0.212.219 linux-cloud-tools-generic-lts-utopic - 4.4.0.212.219 linux-headers-virtual-lts-vivid - 4.4.0.212.219 linux-image-lowlatency-lts-wily - 4.4.0.212.219 linux-image-generic - 4.4.0.212.219 linux-tools-lowlatency - 4.4.0.212.219 linux-tools-virtual-lts-xenial - 4.4.0.212.219 linux-signed-lowlatency-lts-wily - 4.4.0.212.219 linux-image-extra-virtual-lts-vivid - 4.4.0.212.219 linux-image-generic-lts-wily - 4.4.0.212.219 linux-virtual-lts-utopic - 4.4.0.212.219 linux-signed-generic-lts-wily - 4.4.0.212.219 linux-cloud-tools-lowlatency-lts-wily - 4.4.0.212.219 linux-image-extra-virtual-lts-utopic - 4.4.0.212.219 linux-signed-generic-lts-utopic - 4.4.0.212.219 linux-tools-lowlatency-lts-xenial - 4.4.0.212.219 linux-headers-generic-lts-xenial - 4.4.0.212.219 linux-signed-generic-lts-vivid - 4.4.0.212.219 linux-crashdump - 4.4.0.212.219 linux-virtual-lts-vivid - 4.4.0.212.219 linux-signed-lowlatency-lts-xenial - 4.4.0.212.219 linux-headers-lowlatency-lts-vivid - 4.4.0.212.219 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.212.219 linux-lowlatency-lts-xenial - 4.4.0.212.219 linux-signed-generic-lts-xenial - 4.4.0.212.219 linux-source - 4.4.0.212.219 linux-signed-image-generic - 4.4.0.212.219 linux-lowlatency - 4.4.0.212.219 linux-cloud-tools-lowlatency-lts-vivid - 4.4.0.212.219 linux-generic-lts-xenial - 4.4.0.212.219 linux-tools-virtual - 4.4.0.212.219 linux-virtual - 4.4.0.212.219 linux-cloud-tools-generic-lts-vivid - 4.4.0.212.219 linux-tools-generic-lts-utopic - 4.4.0.212.219 linux-signed-image-generic-lts-vivid - 4.4.0.212.219 linux-image-virtual-lts-xenial - 4.4.0.212.219 linux-image-virtual-lts-vivid - 4.4.0.212.219 linux-virtual-lts-xenial - 4.4.0.212.219 linux-cloud-tools-virtual-lts-vivid - 4.4.0.212.219 linux-tools-lowlatency-lts-utopic - 4.4.0.212.219 linux-signed-image-generic-lts-wily - 4.4.0.212.219 linux-signed-image-lowlatency-lts-xenial - 4.4.0.212.219 linux-image-extra-virtual - 4.4.0.212.219 linux-image-generic-lts-vivid - 4.4.0.212.219 linux-generic - 4.4.0.212.219 linux-tools-generic-lts-wily - 4.4.0.212.219 linux-tools-virtual-lts-utopic - 4.4.0.212.219 linux-virtual-lts-wily - 4.4.0.212.219 linux-headers-lowlatency - 4.4.0.212.219 linux-lowlatency-lts-vivid - 4.4.0.212.219 linux-generic-lts-wily - 4.4.0.212.219 linux-image-hwe-virtual-trusty - 4.4.0.212.219 linux-signed-image-generic-lts-xenial - 4.4.0.212.219 linux-generic-lts-vivid - 4.4.0.212.219 linux-tools-lowlatency-lts-wily - 4.4.0.212.219 linux-headers-virtual-lts-xenial - 4.4.0.212.219 linux-headers-lowlatency-lts-utopic - 4.4.0.212.219 linux-hwe-generic-trusty - 4.4.0.212.219 linux-tools-generic - 4.4.0.212.219 linux-cloud-tools-generic - 4.4.0.212.219 linux-image-generic-lts-xenial - 4.4.0.212.219 linux-headers-generic-lts-utopic - 4.4.0.212.219 linux-cloud-tools-virtual-lts-wily - 4.4.0.212.219 linux-cloud-tools-lowlatency - 4.4.0.212.219 linux-lowlatency-lts-utopic - 4.4.0.212.219 linux-tools-generic-lts-xenial - 4.4.0.212.219 linux-signed-image-lowlatency - 4.4.0.212.219 linux-image-generic-lts-utopic - 4.4.0.212.219 linux-image-virtual-lts-wily - 4.4.0.212.219 linux-signed-generic - 4.4.0.212.219 linux-lowlatency-lts-wily - 4.4.0.212.219 linux-image-virtual-lts-utopic - 4.4.0.212.219 linux-headers-generic - 4.4.0.212.219 linux-cloud-tools-lowlatency-lts-utopic - 4.4.0.212.219 linux-tools-lts-utopic - 4.4.0.212.219 linux-generic-lts-utopic - 4.4.0.212.219 linux-headers-lowlatency-lts-xenial - 4.4.0.212.219 linux-image-hwe-generic-trusty - 4.4.0.212.219 linux-signed-image-lowlatency-lts-wily - 4.4.0.212.219 linux-headers-generic-lts-vivid - 4.4.0.212.219 linux-headers-virtual - 4.4.0.212.219 linux-cloud-tools-generic-lts-xenial - 4.4.0.212.219 linux-image-lowlatency-lts-xenial - 4.4.0.212.219 linux-headers-virtual-lts-utopic - 4.4.0.212.219 linux-headers-virtual-lts-wily - 4.4.0.212.219 linux-hwe-virtual-trusty - 4.4.0.212.219 linux-signed-lowlatency - 4.4.0.212.219 linux-image-lowlatency-lts-utopic - 4.4.0.212.219 linux-image-lowlatency - 4.4.0.212.219 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-33909 Ubuntu 16.04 LTS It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-33909) Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly enforce limits for pointer operations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33200) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did not properly clear received fragments from memory in some situations. A physically proximate attacker could possibly use this issue to inject packets or expose sensitive information. (CVE-2020-24586) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled encrypted fragments. A physically proximate attacker could possibly use this issue to decrypt fragments. (CVE-2020-24587) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled EAPOL frames from unauthenticated senders. A physically proximate attacker could inject malicious packets to cause a denial of service (system crash). (CVE-2020-26139) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could reassemble mixed encrypted and plaintext fragments. A physically proximate attacker could possibly use this issue to inject packets or exfiltrate selected fragments. (CVE-2020-26147) It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. (CVE-2020-26558, CVE-2021-0129) Or Cohen and Nadav Markus discovered a use-after-free vulnerability in the nfc implementation in the Linux kernel. A privileged local attacker could use this issue to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-23134) Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly prevent speculative loads in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-31829) It was discovered that a race condition in the kernel Bluetooth subsystem could lead to use-after-free of slab objects. An attacker could use this issue to possibly execute arbitrary code. (CVE-2021-32399) It was discovered that a use-after-free existed in the Bluetooth HCI driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33034) Update Instructions: Run `sudo pro fix USN-5018-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1078-oracle - 4.15.0-1078.86~16.04.1 linux-image-unsigned-4.15.0-1078-oracle - 4.15.0-1078.86~16.04.1 linux-modules-4.15.0-1078-oracle - 4.15.0-1078.86~16.04.1 linux-modules-extra-4.15.0-1078-oracle - 4.15.0-1078.86~16.04.1 linux-oracle-headers-4.15.0-1078 - 4.15.0-1078.86~16.04.1 linux-headers-4.15.0-1078-oracle - 4.15.0-1078.86~16.04.1 linux-tools-4.15.0-1078-oracle - 4.15.0-1078.86~16.04.1 linux-buildinfo-4.15.0-1078-oracle - 4.15.0-1078.86~16.04.1 linux-oracle-tools-4.15.0-1078 - 4.15.0-1078.86~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-4.15.0-1106-gcp - 4.15.0-1106.120~16.04.1 linux-gcp-tools-4.15.0-1106 - 4.15.0-1106.120~16.04.1 linux-modules-4.15.0-1106-gcp - 4.15.0-1106.120~16.04.1 linux-buildinfo-4.15.0-1106-gcp - 4.15.0-1106.120~16.04.1 linux-gcp-headers-4.15.0-1106 - 4.15.0-1106.120~16.04.1 linux-image-unsigned-4.15.0-1106-gcp - 4.15.0-1106.120~16.04.1 linux-headers-4.15.0-1106-gcp - 4.15.0-1106.120~16.04.1 linux-modules-extra-4.15.0-1106-gcp - 4.15.0-1106.120~16.04.1 linux-image-4.15.0-1106-gcp - 4.15.0-1106.120~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-4.15.0-1109-aws - 4.15.0-1109.116~16.04.1 linux-modules-extra-4.15.0-1109-aws - 4.15.0-1109.116~16.04.1 linux-tools-4.15.0-1109-aws - 4.15.0-1109.116~16.04.1 linux-aws-hwe-cloud-tools-4.15.0-1109 - 4.15.0-1109.116~16.04.1 linux-modules-4.15.0-1109-aws - 4.15.0-1109.116~16.04.1 linux-aws-hwe-tools-4.15.0-1109 - 4.15.0-1109.116~16.04.1 linux-buildinfo-4.15.0-1109-aws - 4.15.0-1109.116~16.04.1 linux-cloud-tools-4.15.0-1109-aws - 4.15.0-1109.116~16.04.1 linux-image-4.15.0-1109-aws - 4.15.0-1109.116~16.04.1 linux-aws-headers-4.15.0-1109 - 4.15.0-1109.116~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-4.15.0-1121-azure - 4.15.0-1121.134~16.04.1 linux-azure-cloud-tools-4.15.0-1121 - 4.15.0-1121.134~16.04.1 linux-azure-headers-4.15.0-1121 - 4.15.0-1121.134~16.04.1 linux-modules-extra-4.15.0-1121-azure - 4.15.0-1121.134~16.04.1 linux-image-4.15.0-1121-azure - 4.15.0-1121.134~16.04.1 linux-tools-4.15.0-1121-azure - 4.15.0-1121.134~16.04.1 linux-cloud-tools-4.15.0-1121-azure - 4.15.0-1121.134~16.04.1 linux-modules-4.15.0-1121-azure - 4.15.0-1121.134~16.04.1 linux-image-unsigned-4.15.0-1121-azure - 4.15.0-1121.134~16.04.1 linux-azure-tools-4.15.0-1121 - 4.15.0-1121.134~16.04.1 linux-buildinfo-4.15.0-1121-azure - 4.15.0-1121.134~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro usb-modules-4.15.0-151-generic-di - 4.15.0-151.157~16.04.1 block-modules-4.15.0-151-generic-di - 4.15.0-151.157~16.04.1 plip-modules-4.15.0-151-generic-di - 4.15.0-151.157~16.04.1 fb-modules-4.15.0-151-generic-di - 4.15.0-151.157~16.04.1 firewire-core-modules-4.15.0-151-generic-di - 4.15.0-151.157~16.04.1 message-modules-4.15.0-151-generic-di - 4.15.0-151.157~16.04.1 linux-tools-4.15.0-151-generic - 4.15.0-151.157~16.04.1 linux-tools-4.15.0-151-lowlatency - 4.15.0-151.157~16.04.1 nic-modules-4.15.0-151-generic-di - 4.15.0-151.157~16.04.1 fs-core-modules-4.15.0-151-generic-di - 4.15.0-151.157~16.04.1 linux-headers-4.15.0-151-generic - 4.15.0-151.157~16.04.1 linux-image-4.15.0-151-lowlatency - 4.15.0-151.157~16.04.1 linux-buildinfo-4.15.0-151-generic - 4.15.0-151.157~16.04.1 pcmcia-modules-4.15.0-151-generic-di - 4.15.0-151.157~16.04.1 multipath-modules-4.15.0-151-generic-di - 4.15.0-151.157~16.04.1 linux-headers-4.15.0-151 - 4.15.0-151.157~16.04.1 nfs-modules-4.15.0-151-generic-di - 4.15.0-151.157~16.04.1 nic-pcmcia-modules-4.15.0-151-generic-di - 4.15.0-151.157~16.04.1 nic-usb-modules-4.15.0-151-generic-di - 4.15.0-151.157~16.04.1 floppy-modules-4.15.0-151-generic-di - 4.15.0-151.157~16.04.1 linux-modules-4.15.0-151-generic - 4.15.0-151.157~16.04.1 pcmcia-storage-modules-4.15.0-151-generic-di - 4.15.0-151.157~16.04.1 dasd-extra-modules-4.15.0-151-generic-di - 4.15.0-151.157~16.04.1 dasd-modules-4.15.0-151-generic-di - 4.15.0-151.157~16.04.1 input-modules-4.15.0-151-generic-di - 4.15.0-151.157~16.04.1 linux-cloud-tools-4.15.0-151-lowlatency - 4.15.0-151.157~16.04.1 fat-modules-4.15.0-151-generic-di - 4.15.0-151.157~16.04.1 ipmi-modules-4.15.0-151-generic-di - 4.15.0-151.157~16.04.1 serial-modules-4.15.0-151-generic-di - 4.15.0-151.157~16.04.1 irda-modules-4.15.0-151-generic-di - 4.15.0-151.157~16.04.1 virtio-modules-4.15.0-151-generic-di - 4.15.0-151.157~16.04.1 linux-hwe-tools-4.15.0-151 - 4.15.0-151.157~16.04.1 scsi-modules-4.15.0-151-generic-di - 4.15.0-151.157~16.04.1 linux-modules-extra-4.15.0-151-generic - 4.15.0-151.157~16.04.1 linux-image-4.15.0-151-generic - 4.15.0-151.157~16.04.1 linux-hwe-cloud-tools-4.15.0-151 - 4.15.0-151.157~16.04.1 linux-modules-4.15.0-151-lowlatency - 4.15.0-151.157~16.04.1 storage-core-modules-4.15.0-151-generic-di - 4.15.0-151.157~16.04.1 linux-headers-4.15.0-151-lowlatency - 4.15.0-151.157~16.04.1 crypto-modules-4.15.0-151-generic-di - 4.15.0-151.157~16.04.1 pata-modules-4.15.0-151-generic-di - 4.15.0-151.157~16.04.1 vlan-modules-4.15.0-151-generic-di - 4.15.0-151.157~16.04.1 mouse-modules-4.15.0-151-generic-di - 4.15.0-151.157~16.04.1 ppp-modules-4.15.0-151-generic-di - 4.15.0-151.157~16.04.1 linux-image-unsigned-4.15.0-151-generic - 4.15.0-151.157~16.04.1 linux-image-unsigned-4.15.0-151-lowlatency - 4.15.0-151.157~16.04.1 fs-secondary-modules-4.15.0-151-generic-di - 4.15.0-151.157~16.04.1 nic-shared-modules-4.15.0-151-generic-di - 4.15.0-151.157~16.04.1 linux-buildinfo-4.15.0-151-lowlatency - 4.15.0-151.157~16.04.1 linux-source-4.15.0 - 4.15.0-151.157~16.04.1 linux-cloud-tools-4.15.0-151-generic - 4.15.0-151.157~16.04.1 kernel-signed-image-4.15.0-151-generic-di - 4.15.0-151.157~16.04.1 sata-modules-4.15.0-151-generic-di - 4.15.0-151.157~16.04.1 md-modules-4.15.0-151-generic-di - 4.15.0-151.157~16.04.1 parport-modules-4.15.0-151-generic-di - 4.15.0-151.157~16.04.1 kernel-image-4.15.0-151-generic-di - 4.15.0-151.157~16.04.1 linux-hwe-udebs-generic - 4.15.0-151.157~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 4.15.0.1078.66 linux-tools-oracle - 4.15.0.1078.66 linux-signed-image-oracle - 4.15.0.1078.66 linux-signed-oracle - 4.15.0.1078.66 linux-image-oracle - 4.15.0.1078.66 linux-oracle - 4.15.0.1078.66 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-gke - 4.15.0.1106.107 linux-headers-gke - 4.15.0.1106.107 linux-modules-extra-gcp - 4.15.0.1106.107 linux-tools-gke - 4.15.0.1106.107 linux-tools-gcp - 4.15.0.1106.107 linux-gke - 4.15.0.1106.107 linux-gcp - 4.15.0.1106.107 linux-image-gke - 4.15.0.1106.107 linux-headers-gcp - 4.15.0.1106.107 linux-image-gcp - 4.15.0.1106.107 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-hwe - 4.15.0.1109.100 linux-modules-extra-aws-hwe - 4.15.0.1109.100 linux-aws-edge - 4.15.0.1109.100 linux-headers-aws-hwe - 4.15.0.1109.100 linux-image-aws-hwe - 4.15.0.1109.100 linux-tools-aws-hwe - 4.15.0.1109.100 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1121.112 linux-tools-azure-edge - 4.15.0.1121.112 linux-cloud-tools-azure - 4.15.0.1121.112 linux-tools-azure - 4.15.0.1121.112 linux-image-azure-edge - 4.15.0.1121.112 linux-cloud-tools-azure-edge - 4.15.0.1121.112 linux-signed-azure-edge - 4.15.0.1121.112 linux-azure - 4.15.0.1121.112 linux-image-azure - 4.15.0.1121.112 linux-signed-image-azure - 4.15.0.1121.112 linux-signed-image-azure-edge - 4.15.0.1121.112 linux-headers-azure-edge - 4.15.0.1121.112 linux-azure-edge - 4.15.0.1121.112 linux-modules-extra-azure-edge - 4.15.0.1121.112 linux-modules-extra-azure - 4.15.0.1121.112 linux-headers-azure - 4.15.0.1121.112 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.151.146 linux-image-extra-virtual-hwe-16.04 - 4.15.0.151.146 linux-image-oem - 4.15.0.151.146 linux-headers-generic-hwe-16.04-edge - 4.15.0.151.146 linux-image-lowlatency-hwe-16.04 - 4.15.0.151.146 linux-signed-generic-hwe-16.04-edge - 4.15.0.151.146 linux-tools-virtual-hwe-16.04 - 4.15.0.151.146 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.151.146 linux-image-virtual-hwe-16.04-edge - 4.15.0.151.146 linux-signed-lowlatency-hwe-16.04 - 4.15.0.151.146 linux-headers-oem - 4.15.0.151.146 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.151.146 linux-generic-hwe-16.04-edge - 4.15.0.151.146 linux-headers-lowlatency-hwe-16.04 - 4.15.0.151.146 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.151.146 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.151.146 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.151.146 linux-tools-oem - 4.15.0.151.146 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.151.146 linux-signed-image-generic-hwe-16.04 - 4.15.0.151.146 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.151.146 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.151.146 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.151.146 linux-headers-virtual-hwe-16.04-edge - 4.15.0.151.146 linux-lowlatency-hwe-16.04 - 4.15.0.151.146 linux-headers-generic-hwe-16.04 - 4.15.0.151.146 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.151.146 linux-generic-hwe-16.04 - 4.15.0.151.146 linux-tools-virtual-hwe-16.04-edge - 4.15.0.151.146 linux-oem - 4.15.0.151.146 linux-lowlatency-hwe-16.04-edge - 4.15.0.151.146 linux-image-generic-hwe-16.04 - 4.15.0.151.146 linux-image-generic-hwe-16.04-edge - 4.15.0.151.146 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.151.146 linux-virtual-hwe-16.04-edge - 4.15.0.151.146 linux-tools-lowlatency-hwe-16.04 - 4.15.0.151.146 linux-signed-generic-hwe-16.04 - 4.15.0.151.146 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.151.146 linux-headers-virtual-hwe-16.04 - 4.15.0.151.146 linux-virtual-hwe-16.04 - 4.15.0.151.146 linux-signed-oem - 4.15.0.151.146 linux-image-virtual-hwe-16.04 - 4.15.0.151.146 linux-signed-image-oem - 4.15.0.151.146 linux-tools-generic-hwe-16.04 - 4.15.0.151.146 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.151.146 linux-tools-generic-hwe-16.04-edge - 4.15.0.151.146 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2020-24586 CVE-2020-24587 CVE-2020-26139 CVE-2020-26147 CVE-2020-26558 CVE-2021-0129 CVE-2021-23134 CVE-2021-31829 CVE-2021-32399 CVE-2021-33034 CVE-2021-33200 CVE-2021-33909 Ubuntu 16.04 LTS It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-31799) It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to conduct port scans and service banner extractions. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2021-31810) It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to perform machine-in-the-middle attackers to bypass the TLS protection. (CVE-2021-32066) Update Instructions: Run `sudo pro fix USN-5020-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libruby2.3 - 2.3.1-2~ubuntu16.04.16+esm1 ruby2.3-tcltk - 2.3.1-2~ubuntu16.04.16+esm1 ruby2.3 - 2.3.1-2~ubuntu16.04.16+esm1 ruby2.3-dev - 2.3.1-2~ubuntu16.04.16+esm1 ruby2.3-doc - 2.3.1-2~ubuntu16.04.16+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 Ubuntu 16.04 LTS USN-5021-1 fixed vulnerabilities in curl. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled TELNET connections when the -t option was used on the command line. Uninitialized data possibly containing sensitive information could be sent to the remote server, contrary to expectations. (CVE-2021-22898, CVE-2021-22925) Update Instructions: Run `sudo pro fix USN-5021-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.47.0-1ubuntu2.19+esm3 libcurl4-openssl-dev - 7.47.0-1ubuntu2.19+esm3 libcurl3-gnutls - 7.47.0-1ubuntu2.19+esm3 libcurl4-doc - 7.47.0-1ubuntu2.19+esm3 libcurl3-nss - 7.47.0-1ubuntu2.19+esm3 libcurl4-nss-dev - 7.47.0-1ubuntu2.19+esm3 libcurl3 - 7.47.0-1ubuntu2.19+esm3 curl - 7.47.0-1ubuntu2.19+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-22898 CVE-2021-22925 Ubuntu 16.04 LTS USN-5022-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to MySQL 5.7.35 on Ubuntu 16.04 ESM. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-35.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-26.html https://www.oracle.com/security-alerts/cpujul2021.html Update Instructions: Run `sudo pro fix USN-5022-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.35-0ubuntu0.16.04.1+esm1 mysql-source-5.7 - 5.7.35-0ubuntu0.16.04.1+esm1 libmysqlclient-dev - 5.7.35-0ubuntu0.16.04.1+esm1 mysql-client-core-5.7 - 5.7.35-0ubuntu0.16.04.1+esm1 mysql-client-5.7 - 5.7.35-0ubuntu0.16.04.1+esm1 libmysqlclient20 - 5.7.35-0ubuntu0.16.04.1+esm1 mysql-server-5.7 - 5.7.35-0ubuntu0.16.04.1+esm1 mysql-common - 5.7.35-0ubuntu0.16.04.1+esm1 mysql-server - 5.7.35-0ubuntu0.16.04.1+esm1 mysql-server-core-5.7 - 5.7.35-0ubuntu0.16.04.1+esm1 mysql-testsuite - 5.7.35-0ubuntu0.16.04.1+esm1 libmysqld-dev - 5.7.35-0ubuntu0.16.04.1+esm1 mysql-testsuite-5.7 - 5.7.35-0ubuntu0.16.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-2146 CVE-2021-2154 CVE-2021-2162 CVE-2021-2166 CVE-2021-2169 CVE-2021-2171 CVE-2021-2179 CVE-2021-2180 CVE-2021-2194 CVE-2021-2226 CVE-2021-2307 CVE-2021-2342 CVE-2021-2372 CVE-2021-2385 CVE-2021-2389 CVE-2021-2390 Ubuntu 16.04 LTS It was discovered that Aspell incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a crash. Update Instructions: Run `sudo pro fix USN-5023-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libaspell15 - 0.60.7~20110707-3ubuntu0.1+esm1 aspell-doc - 0.60.7~20110707-3ubuntu0.1+esm1 aspell - 0.60.7~20110707-3ubuntu0.1+esm1 libpspell-dev - 0.60.7~20110707-3ubuntu0.1+esm1 libaspell-dev - 0.60.7~20110707-3ubuntu0.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-25051 Ubuntu 16.04 LTS USN-5025-1 fixed a vulnerability in libsndfile. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5025-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsndfile1 - 1.0.25-10ubuntu0.16.04.3+esm1 libsndfile1-dev - 1.0.25-10ubuntu0.16.04.3+esm1 sndfile-programs - 1.0.25-10ubuntu0.16.04.3+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-3246 Ubuntu 16.04 LTS USN-5026-1 fixed several vulnerabilities in QPDF. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that QPDF incorrectly handled certain malformed PDF files. A remote attacker could use this issue to cause QPDF to consume resources, resulting in a denial of service. (CVE-2018-18020) It was discovered that QPDF incorrectly handled certain malformed PDF files. A remote attacker could use this issue to cause QPDF to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-36978) Update Instructions: Run `sudo pro fix USN-5026-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libqpdf-dev - 8.0.2-3~16.04.1+esm1 qpdf - 8.0.2-3~16.04.1+esm1 libqpdf21 - 8.0.2-3~16.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-18020 CVE-2021-36978 Ubuntu 16.04 LTS USN-5027-1 fixed a vulnerability in PEAR. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that PEAR incorrectly handled symbolic links in archives. A remote attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5027-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php-pear - 1:1.10.1+submodules+notgz-6ubuntu0.3+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-32610 Ubuntu 16.04 LTS It was discovered that Exiv2 incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5028-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exiv2 - 0.25-2.1ubuntu16.04.7+esm3 libexiv2-14 - 0.25-2.1ubuntu16.04.7+esm3 libexiv2-doc - 0.25-2.1ubuntu16.04.7+esm3 libexiv2-dev - 0.25-2.1ubuntu16.04.7+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None Ubuntu 16.04 LTS USN-5030-1 addressed vulnerabilities in Perl DBI module. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: It was discovered that the Perl DBI module incorrectly opened files outside of the folder specified in the data source name. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2014-10402) It was discovered that the Perl DBI module incorrectly handled certain long strings. A local attacker could possibly use this issue to cause the DBI module to crash, resulting in a denial of service. (CVE-2020-14393) Update Instructions: Run `sudo pro fix USN-5030-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libdbi-perl - 1.634-1ubuntu0.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2014-10402 CVE-2020-14393 Ubuntu 16.04 LTS USN-5034-1 fixed a vulnerability in c-ares. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Philipp Jeitner and Haya Shulman discovered that c-ares incorrectly validated certain hostnames returned by DNS servers. A remote attacker could possibly use this issue to perform Domain Hijacking attacks. Update Instructions: Run `sudo pro fix USN-5034-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc-ares2 - 1.10.0-3ubuntu0.2+esm1 libc-ares-dev - 1.10.0-3ubuntu0.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-3672 Ubuntu 16.04 LTS It was discovered that Tor incorrectly handled certain memory operations. A remote attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 ESM. (CVE-2019-8955) It was discovered that Tor did not properly handle the input length to dump_desc() function. A remote attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-28089) It was discovered that Tor did not properly sanitize the relay nickname in dirvote_add_signatures_to_pending_consensus() function. An attacker could possibly use this issue to cause an assertion failure and then cause a denial of service. (CVE-2021-28090) It was discovered that Tor did not properly validate the layer hint on half-open streams. A remote attacker could possibly use this issue to bypass the access control, leading to remote code execution. This issue only affected Ubuntu 20.04 ESM. (CVE-2021-34548) It was discovered that Tor was using an insecure hash function. A remote attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-34549) It was discovered that Tor did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted request, a remote attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly reading sensitive data. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-34550) It was discovered that Tor mishandles the relationship between batch-signature verification and single-signature verification. An attacker could possibly use this issue to cause an assertion failure and then cause a denial of service. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-38385) Update Instructions: Run `sudo pro fix USN-5036-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tor - 0.2.9.14-1ubuntu1~16.04.3+esm1 tor-geoipdb - 0.2.9.14-1ubuntu1~16.04.3+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-8955 CVE-2021-28089 CVE-2021-28090 CVE-2021-34548 CVE-2021-34549 CVE-2021-34550 CVE-2021-38385 Ubuntu 16.04 LTS Andy Nguyen discovered that the netfilter subsystem in the Linux kernel contained an out-of-bounds write in its setsockopt() implementation. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5039-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.4.0-1096-kvm - 4.4.0-1096.105 linux-kvm-cloud-tools-4.4.0-1096 - 4.4.0-1096.105 linux-tools-4.4.0-1096-kvm - 4.4.0-1096.105 linux-headers-4.4.0-1096-kvm - 4.4.0-1096.105 linux-modules-4.4.0-1096-kvm - 4.4.0-1096.105 linux-image-4.4.0-1096-kvm - 4.4.0-1096.105 linux-kvm-headers-4.4.0-1096 - 4.4.0-1096.105 linux-cloud-tools-4.4.0-1096-kvm - 4.4.0-1096.105 linux-kvm-tools-4.4.0-1096 - 4.4.0-1096.105 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-4.4.0-1131-aws - 4.4.0-1131.145 linux-modules-4.4.0-1131-aws - 4.4.0-1131.145 linux-cloud-tools-4.4.0-1131-aws - 4.4.0-1131.145 linux-headers-4.4.0-1131-aws - 4.4.0-1131.145 linux-image-4.4.0-1131-aws - 4.4.0-1131.145 linux-tools-4.4.0-1131-aws - 4.4.0-1131.145 linux-aws-cloud-tools-4.4.0-1131 - 4.4.0-1131.145 linux-buildinfo-4.4.0-1131-aws - 4.4.0-1131.145 linux-aws-tools-4.4.0-1131 - 4.4.0-1131.145 linux-aws-headers-4.4.0-1131 - 4.4.0-1131.145 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro crypto-modules-4.4.0-213-generic-di - 4.4.0-213.245 linux-headers-4.4.0-213-generic - 4.4.0-213.245 firewire-core-modules-4.4.0-213-generic-di - 4.4.0-213.245 linux-tools-common - 4.4.0-213.245 floppy-modules-4.4.0-213-generic-di - 4.4.0-213.245 nic-shared-modules-4.4.0-213-generic-di - 4.4.0-213.245 plip-modules-4.4.0-213-generic-di - 4.4.0-213.245 linux-tools-host - 4.4.0-213.245 linux-source-4.4.0 - 4.4.0-213.245 nfs-modules-4.4.0-213-generic-di - 4.4.0-213.245 linux-doc - 4.4.0-213.245 dasd-modules-4.4.0-213-generic-di - 4.4.0-213.245 fs-core-modules-4.4.0-213-generic-di - 4.4.0-213.245 linux-image-unsigned-4.4.0-213-generic - 4.4.0-213.245 nic-modules-4.4.0-213-generic-di - 4.4.0-213.245 linux-headers-4.4.0-213 - 4.4.0-213.245 linux-modules-4.4.0-213-lowlatency - 4.4.0-213.245 speakup-modules-4.4.0-213-generic-di - 4.4.0-213.245 dasd-extra-modules-4.4.0-213-generic-di - 4.4.0-213.245 linux-headers-4.4.0-213-lowlatency - 4.4.0-213.245 message-modules-4.4.0-213-generic-di - 4.4.0-213.245 mouse-modules-4.4.0-213-generic-di - 4.4.0-213.245 nic-usb-modules-4.4.0-213-generic-di - 4.4.0-213.245 linux-libc-dev - 4.4.0-213.245 linux-buildinfo-4.4.0-213-generic - 4.4.0-213.245 serial-modules-4.4.0-213-generic-di - 4.4.0-213.245 irda-modules-4.4.0-213-generic-di - 4.4.0-213.245 parport-modules-4.4.0-213-generic-di - 4.4.0-213.245 linux-image-unsigned-4.4.0-213-lowlatency - 4.4.0-213.245 linux-tools-4.4.0-213 - 4.4.0-213.245 linux-cloud-tools-4.4.0-213-generic - 4.4.0-213.245 multipath-modules-4.4.0-213-generic-di - 4.4.0-213.245 pata-modules-4.4.0-213-generic-di - 4.4.0-213.245 ipmi-modules-4.4.0-213-generic-di - 4.4.0-213.245 fat-modules-4.4.0-213-generic-di - 4.4.0-213.245 ppp-modules-4.4.0-213-generic-di - 4.4.0-213.245 linux-tools-4.4.0-213-lowlatency - 4.4.0-213.245 usb-modules-4.4.0-213-generic-di - 4.4.0-213.245 fb-modules-4.4.0-213-generic-di - 4.4.0-213.245 linux-modules-extra-4.4.0-213-generic - 4.4.0-213.245 kernel-image-4.4.0-213-generic-di - 4.4.0-213.245 vlan-modules-4.4.0-213-generic-di - 4.4.0-213.245 block-modules-4.4.0-213-generic-di - 4.4.0-213.245 linux-cloud-tools-4.4.0-213 - 4.4.0-213.245 nic-pcmcia-modules-4.4.0-213-generic-di - 4.4.0-213.245 linux-tools-4.4.0-213-generic - 4.4.0-213.245 linux-image-4.4.0-213-lowlatency - 4.4.0-213.245 pcmcia-modules-4.4.0-213-generic-di - 4.4.0-213.245 md-modules-4.4.0-213-generic-di - 4.4.0-213.245 storage-core-modules-4.4.0-213-generic-di - 4.4.0-213.245 sata-modules-4.4.0-213-generic-di - 4.4.0-213.245 scsi-modules-4.4.0-213-generic-di - 4.4.0-213.245 linux-cloud-tools-common - 4.4.0-213.245 input-modules-4.4.0-213-generic-di - 4.4.0-213.245 linux-udebs-generic - 4.4.0-213.245 linux-cloud-tools-4.4.0-213-lowlatency - 4.4.0-213.245 linux-buildinfo-4.4.0-213-lowlatency - 4.4.0-213.245 virtio-modules-4.4.0-213-generic-di - 4.4.0-213.245 linux-image-4.4.0-213-generic - 4.4.0-213.245 kernel-signed-image-4.4.0-213-generic-di - 4.4.0-213.245 linux-modules-4.4.0-213-generic - 4.4.0-213.245 pcmcia-storage-modules-4.4.0-213-generic-di - 4.4.0-213.245 fs-secondary-modules-4.4.0-213-generic-di - 4.4.0-213.245 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-kvm - 4.4.0.1096.94 linux-headers-kvm - 4.4.0.1096.94 linux-tools-kvm - 4.4.0.1096.94 linux-image-kvm - 4.4.0.1096.94 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-aws - 4.4.0.1131.136 linux-image-aws - 4.4.0.1131.136 linux-aws - 4.4.0.1131.136 linux-modules-extra-aws - 4.4.0.1131.136 linux-tools-aws - 4.4.0.1131.136 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-image-generic-lts-utopic - 4.4.0.213.220 linux-cloud-tools-generic-lts-wily - 4.4.0.213.220 linux-cloud-tools-virtual-lts-xenial - 4.4.0.213.220 linux-cloud-tools-virtual - 4.4.0.213.220 linux-cloud-tools-virtual-lts-utopic - 4.4.0.213.220 linux-tools-generic-lts-vivid - 4.4.0.213.220 linux-image-extra-virtual-lts-xenial - 4.4.0.213.220 linux-image-extra-virtual-lts-wily - 4.4.0.213.220 linux-headers-generic-lts-wily - 4.4.0.213.220 linux-crashdump - 4.4.0.213.220 linux-tools-virtual-lts-vivid - 4.4.0.213.220 linux-tools-virtual-lts-utopic - 4.4.0.213.220 linux-tools-virtual-lts-wily - 4.4.0.213.220 linux-image-lowlatency-lts-vivid - 4.4.0.213.220 linux-cloud-tools-virtual-lts-vivid - 4.4.0.213.220 linux-tools-lowlatency-lts-vivid - 4.4.0.213.220 linux-cloud-tools-generic-lts-utopic - 4.4.0.213.220 linux-headers-virtual-lts-vivid - 4.4.0.213.220 linux-image-lowlatency-lts-wily - 4.4.0.213.220 linux-image-generic - 4.4.0.213.220 linux-image-lowlatency-lts-xenial - 4.4.0.213.220 linux-tools-lowlatency-lts-utopic - 4.4.0.213.220 linux-tools-virtual-lts-xenial - 4.4.0.213.220 linux-signed-lowlatency-lts-wily - 4.4.0.213.220 linux-lowlatency-lts-utopic - 4.4.0.213.220 linux-image-extra-virtual-lts-vivid - 4.4.0.213.220 linux-image-generic-lts-wily - 4.4.0.213.220 linux-virtual-lts-utopic - 4.4.0.213.220 linux-cloud-tools-lowlatency-lts-wily - 4.4.0.213.220 linux-image-extra-virtual-lts-utopic - 4.4.0.213.220 linux-signed-generic-lts-utopic - 4.4.0.213.220 linux-tools-lowlatency-lts-xenial - 4.4.0.213.220 linux-headers-generic-lts-xenial - 4.4.0.213.220 linux-signed-generic-lts-vivid - 4.4.0.213.220 linux-headers-lowlatency-lts-wily - 4.4.0.213.220 linux-virtual-lts-vivid - 4.4.0.213.220 linux-signed-lowlatency-lts-xenial - 4.4.0.213.220 linux-headers-lowlatency-lts-vivid - 4.4.0.213.220 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.213.220 linux-lowlatency-lts-xenial - 4.4.0.213.220 linux-image-virtual-lts-vivid - 4.4.0.213.220 linux-signed-generic-lts-xenial - 4.4.0.213.220 linux-source - 4.4.0.213.220 linux-signed-image-generic - 4.4.0.213.220 linux-lowlatency - 4.4.0.213.220 linux-cloud-tools-lowlatency-lts-vivid - 4.4.0.213.220 linux-generic-lts-xenial - 4.4.0.213.220 linux-virtual - 4.4.0.213.220 linux-cloud-tools-generic-lts-vivid - 4.4.0.213.220 linux-tools-generic-lts-utopic - 4.4.0.213.220 linux-cloud-tools-lowlatency-lts-utopic - 4.4.0.213.220 linux-signed-image-generic-lts-vivid - 4.4.0.213.220 linux-image-virtual-lts-xenial - 4.4.0.213.220 linux-tools-virtual - 4.4.0.213.220 linux-image-virtual - 4.4.0.213.220 linux-virtual-lts-xenial - 4.4.0.213.220 linux-signed-image-generic-lts-wily - 4.4.0.213.220 linux-signed-image-lowlatency-lts-xenial - 4.4.0.213.220 linux-image-extra-virtual - 4.4.0.213.220 linux-image-generic-lts-vivid - 4.4.0.213.220 linux-generic - 4.4.0.213.220 linux-tools-generic-lts-wily - 4.4.0.213.220 linux-signed-generic-lts-wily - 4.4.0.213.220 linux-headers-lowlatency - 4.4.0.213.220 linux-lowlatency-lts-vivid - 4.4.0.213.220 linux-generic-lts-wily - 4.4.0.213.220 linux-image-hwe-virtual-trusty - 4.4.0.213.220 linux-signed-image-generic-lts-xenial - 4.4.0.213.220 linux-generic-lts-vivid - 4.4.0.213.220 linux-headers-virtual-lts-xenial - 4.4.0.213.220 linux-headers-lowlatency-lts-utopic - 4.4.0.213.220 linux-hwe-generic-trusty - 4.4.0.213.220 linux-tools-generic - 4.4.0.213.220 linux-cloud-tools-generic - 4.4.0.213.220 linux-image-generic-lts-xenial - 4.4.0.213.220 linux-headers-generic-lts-utopic - 4.4.0.213.220 linux-cloud-tools-virtual-lts-wily - 4.4.0.213.220 linux-cloud-tools-lowlatency - 4.4.0.213.220 linux-tools-generic-lts-xenial - 4.4.0.213.220 linux-signed-image-lowlatency - 4.4.0.213.220 linux-image-generic-lts-utopic - 4.4.0.213.220 linux-image-virtual-lts-wily - 4.4.0.213.220 linux-signed-generic - 4.4.0.213.220 linux-lowlatency-lts-wily - 4.4.0.213.220 linux-image-virtual-lts-utopic - 4.4.0.213.220 linux-headers-generic - 4.4.0.213.220 linux-tools-lts-utopic - 4.4.0.213.220 linux-tools-lowlatency - 4.4.0.213.220 linux-generic-lts-utopic - 4.4.0.213.220 linux-headers-lowlatency-lts-xenial - 4.4.0.213.220 linux-image-hwe-generic-trusty - 4.4.0.213.220 linux-signed-image-lowlatency-lts-wily - 4.4.0.213.220 linux-headers-generic-lts-vivid - 4.4.0.213.220 linux-headers-virtual - 4.4.0.213.220 linux-cloud-tools-generic-lts-xenial - 4.4.0.213.220 linux-virtual-lts-wily - 4.4.0.213.220 linux-headers-virtual-lts-utopic - 4.4.0.213.220 linux-headers-virtual-lts-wily - 4.4.0.213.220 linux-hwe-virtual-trusty - 4.4.0.213.220 linux-tools-lowlatency-lts-wily - 4.4.0.213.220 linux-signed-lowlatency - 4.4.0.213.220 linux-image-lowlatency-lts-utopic - 4.4.0.213.220 linux-image-lowlatency - 4.4.0.213.220 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-22555 Ubuntu 16.04 LTS It was discovered that libapreq2 did not properly sanitize the Content-Type field in certain crafted HTTP requests. An attacker could possibly use the vulnerability to cause libapreq2 to crash. Update Instructions: Run `sudo pro fix USN-5041-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapreq2-doc - 2.13-4ubuntu2+esm1 libapache2-mod-apreq2 - 2.13-4ubuntu2+esm1 libapreq2-dev - 2.13-4ubuntu2+esm1 libapache2-request-perl - 2.13-4ubuntu2+esm1 libapreq2-3 - 2.13-4ubuntu2+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-12412 Ubuntu 16.04 LTS It was discovered that Exiv2 incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service. (CVE-2021-32815, CVE-2021-34334, CVE-2021-37620, CVE-2021-37622) It was discovered that Exiv2 incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service. These issues only affected Ubuntu 20.04 LTS and Ubuntu 21.04. (CVE-2021-34335, CVE-2021-37615, CVE-2021-37616, CVE-2021-37618, CVE-2021-37619, CVE-2021-37621, CVE-2021-37623) Update Instructions: Run `sudo pro fix USN-5043-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exiv2 - 0.25-2.1ubuntu16.04.7+esm4 libexiv2-14 - 0.25-2.1ubuntu16.04.7+esm4 libexiv2-doc - 0.25-2.1ubuntu16.04.7+esm4 libexiv2-dev - 0.25-2.1ubuntu16.04.7+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-32815 CVE-2021-34334 CVE-2021-34335 CVE-2021-37615 CVE-2021-37616 CVE-2021-37618 CVE-2021-37619 CVE-2021-37620 CVE-2021-37621 CVE-2021-37622 CVE-2021-37623 Ubuntu 16.04 LTS It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device initialization failure, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-3564) It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device detach events, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-3573) It was discovered that the NFC implementation in the Linux kernel did not properly handle failed connect events leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service. (CVE-2021-3587) Update Instructions: Run `sudo pro fix USN-5044-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1079-oracle - 4.15.0-1079.87~16.04.1 linux-tools-4.15.0-1079-oracle - 4.15.0-1079.87~16.04.1 linux-buildinfo-4.15.0-1079-oracle - 4.15.0-1079.87~16.04.1 linux-modules-4.15.0-1079-oracle - 4.15.0-1079.87~16.04.1 linux-oracle-headers-4.15.0-1079 - 4.15.0-1079.87~16.04.1 linux-headers-4.15.0-1079-oracle - 4.15.0-1079.87~16.04.1 linux-image-4.15.0-1079-oracle - 4.15.0-1079.87~16.04.1 linux-oracle-tools-4.15.0-1079 - 4.15.0-1079.87~16.04.1 linux-modules-extra-4.15.0-1079-oracle - 4.15.0-1079.87~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-unsigned-4.15.0-1107-gcp - 4.15.0-1107.121~16.04.1 linux-gcp-tools-4.15.0-1107 - 4.15.0-1107.121~16.04.1 linux-gcp-headers-4.15.0-1107 - 4.15.0-1107.121~16.04.1 linux-modules-4.15.0-1107-gcp - 4.15.0-1107.121~16.04.1 linux-modules-extra-4.15.0-1107-gcp - 4.15.0-1107.121~16.04.1 linux-image-4.15.0-1107-gcp - 4.15.0-1107.121~16.04.1 linux-buildinfo-4.15.0-1107-gcp - 4.15.0-1107.121~16.04.1 linux-tools-4.15.0-1107-gcp - 4.15.0-1107.121~16.04.1 linux-headers-4.15.0-1107-gcp - 4.15.0-1107.121~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-hwe-cloud-tools-4.15.0-1110 - 4.15.0-1110.117~16.04.1 linux-aws-hwe-tools-4.15.0-1110 - 4.15.0-1110.117~16.04.1 linux-headers-4.15.0-1110-aws - 4.15.0-1110.117~16.04.1 linux-buildinfo-4.15.0-1110-aws - 4.15.0-1110.117~16.04.1 linux-aws-headers-4.15.0-1110 - 4.15.0-1110.117~16.04.1 linux-modules-4.15.0-1110-aws - 4.15.0-1110.117~16.04.1 linux-cloud-tools-4.15.0-1110-aws - 4.15.0-1110.117~16.04.1 linux-image-4.15.0-1110-aws - 4.15.0-1110.117~16.04.1 linux-tools-4.15.0-1110-aws - 4.15.0-1110.117~16.04.1 linux-modules-extra-4.15.0-1110-aws - 4.15.0-1110.117~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-cloud-tools-4.15.0-1122 - 4.15.0-1122.135~16.04.1 linux-azure-headers-4.15.0-1122 - 4.15.0-1122.135~16.04.1 linux-modules-extra-4.15.0-1122-azure - 4.15.0-1122.135~16.04.1 linux-image-4.15.0-1122-azure - 4.15.0-1122.135~16.04.1 linux-headers-4.15.0-1122-azure - 4.15.0-1122.135~16.04.1 linux-buildinfo-4.15.0-1122-azure - 4.15.0-1122.135~16.04.1 linux-tools-4.15.0-1122-azure - 4.15.0-1122.135~16.04.1 linux-modules-4.15.0-1122-azure - 4.15.0-1122.135~16.04.1 linux-cloud-tools-4.15.0-1122-azure - 4.15.0-1122.135~16.04.1 linux-image-unsigned-4.15.0-1122-azure - 4.15.0-1122.135~16.04.1 linux-azure-tools-4.15.0-1122 - 4.15.0-1122.135~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-4.15.0-154-lowlatency - 4.15.0-154.161~16.04.1 linux-buildinfo-4.15.0-154-generic - 4.15.0-154.161~16.04.1 linux-modules-4.15.0-154-generic - 4.15.0-154.161~16.04.1 linux-image-unsigned-4.15.0-154-lowlatency - 4.15.0-154.161~16.04.1 linux-headers-4.15.0-154 - 4.15.0-154.161~16.04.1 linux-image-4.15.0-154-lowlatency - 4.15.0-154.161~16.04.1 linux-image-unsigned-4.15.0-154-generic - 4.15.0-154.161~16.04.1 linux-cloud-tools-4.15.0-154-lowlatency - 4.15.0-154.161~16.04.1 linux-hwe-tools-4.15.0-154 - 4.15.0-154.161~16.04.1 linux-tools-4.15.0-154-lowlatency - 4.15.0-154.161~16.04.1 linux-modules-4.15.0-154-lowlatency - 4.15.0-154.161~16.04.1 linux-buildinfo-4.15.0-154-lowlatency - 4.15.0-154.161~16.04.1 linux-hwe-cloud-tools-4.15.0-154 - 4.15.0-154.161~16.04.1 linux-cloud-tools-4.15.0-154-generic - 4.15.0-154.161~16.04.1 linux-modules-extra-4.15.0-154-generic - 4.15.0-154.161~16.04.1 linux-tools-4.15.0-154-generic - 4.15.0-154.161~16.04.1 linux-headers-4.15.0-154-generic - 4.15.0-154.161~16.04.1 linux-source-4.15.0 - 4.15.0-154.161~16.04.1 linux-image-4.15.0-154-generic - 4.15.0-154.161~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-oracle - 4.15.0.1079.67 linux-signed-image-oracle - 4.15.0.1079.67 linux-headers-oracle - 4.15.0.1079.67 linux-signed-oracle - 4.15.0.1079.67 linux-image-oracle - 4.15.0.1079.67 linux-oracle - 4.15.0.1079.67 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-gke - 4.15.0.1107.108 linux-tools-gcp - 4.15.0.1107.108 linux-modules-extra-gcp - 4.15.0.1107.108 linux-gke - 4.15.0.1107.108 linux-gcp - 4.15.0.1107.108 linux-image-gke - 4.15.0.1107.108 linux-headers-gke - 4.15.0.1107.108 linux-headers-gcp - 4.15.0.1107.108 linux-image-gcp - 4.15.0.1107.108 linux-tools-gke - 4.15.0.1107.108 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-hwe - 4.15.0.1110.101 linux-modules-extra-aws-hwe - 4.15.0.1110.101 linux-aws-edge - 4.15.0.1110.101 linux-image-aws-hwe - 4.15.0.1110.101 linux-headers-aws-hwe - 4.15.0.1110.101 linux-tools-aws-hwe - 4.15.0.1110.101 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1122.113 linux-tools-azure-edge - 4.15.0.1122.113 linux-cloud-tools-azure - 4.15.0.1122.113 linux-tools-azure - 4.15.0.1122.113 linux-image-azure-edge - 4.15.0.1122.113 linux-signed-image-azure-edge - 4.15.0.1122.113 linux-cloud-tools-azure-edge - 4.15.0.1122.113 linux-modules-extra-azure - 4.15.0.1122.113 linux-azure - 4.15.0.1122.113 linux-image-azure - 4.15.0.1122.113 linux-signed-image-azure - 4.15.0.1122.113 linux-headers-azure-edge - 4.15.0.1122.113 linux-azure-edge - 4.15.0.1122.113 linux-modules-extra-azure-edge - 4.15.0.1122.113 linux-signed-azure-edge - 4.15.0.1122.113 linux-headers-azure - 4.15.0.1122.113 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-virtual-hwe-16.04-edge - 4.15.0.154.148 linux-image-lowlatency-hwe-16.04 - 4.15.0.154.148 linux-signed-generic-hwe-16.04-edge - 4.15.0.154.148 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.154.148 linux-image-extra-virtual-hwe-16.04 - 4.15.0.154.148 linux-image-oem - 4.15.0.154.148 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.154.148 linux-headers-generic-hwe-16.04-edge - 4.15.0.154.148 linux-tools-virtual-hwe-16.04 - 4.15.0.154.148 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.154.148 linux-signed-lowlatency-hwe-16.04 - 4.15.0.154.148 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.154.148 linux-generic-hwe-16.04-edge - 4.15.0.154.148 linux-headers-lowlatency-hwe-16.04 - 4.15.0.154.148 linux-virtual-hwe-16.04 - 4.15.0.154.148 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.154.148 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.154.148 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.154.148 linux-tools-oem - 4.15.0.154.148 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.154.148 linux-headers-oem - 4.15.0.154.148 linux-signed-image-generic-hwe-16.04 - 4.15.0.154.148 linux-image-virtual-hwe-16.04-edge - 4.15.0.154.148 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.154.148 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.154.148 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.154.148 linux-lowlatency-hwe-16.04 - 4.15.0.154.148 linux-headers-generic-hwe-16.04 - 4.15.0.154.148 linux-generic-hwe-16.04 - 4.15.0.154.148 linux-tools-virtual-hwe-16.04-edge - 4.15.0.154.148 linux-oem - 4.15.0.154.148 linux-image-generic-hwe-16.04-edge - 4.15.0.154.148 linux-lowlatency-hwe-16.04-edge - 4.15.0.154.148 linux-image-generic-hwe-16.04 - 4.15.0.154.148 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.154.148 linux-virtual-hwe-16.04-edge - 4.15.0.154.148 linux-tools-lowlatency-hwe-16.04 - 4.15.0.154.148 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.154.148 linux-headers-virtual-hwe-16.04 - 4.15.0.154.148 linux-signed-oem - 4.15.0.154.148 linux-image-virtual-hwe-16.04 - 4.15.0.154.148 linux-signed-generic-hwe-16.04 - 4.15.0.154.148 linux-signed-image-oem - 4.15.0.154.148 linux-tools-generic-hwe-16.04 - 4.15.0.154.148 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.154.148 linux-tools-generic-hwe-16.04-edge - 4.15.0.154.148 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-3564 CVE-2021-3573 Ubuntu 16.04 LTS USN-5048-1 fixed a vulnerability in Inetutils for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update provides the corresponding fixes for Ubuntu 16.04 ESM. Original advisory details: It was discovered that Inetutils telnet server allows remote attackers to execute arbitrary code via short writes or urgent data. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5048-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: inetutils-tools - 2:1.9.4-1ubuntu0.1~esm1 inetutils-ftpd - 2:1.9.4-1ubuntu0.1~esm1 inetutils-talkd - 2:1.9.4-1ubuntu0.1~esm1 inetutils-traceroute - 2:1.9.4-1ubuntu0.1~esm1 inetutils-talk - 2:1.9.4-1ubuntu0.1~esm1 inetutils-telnetd - 2:1.9.4-1ubuntu0.1~esm1 inetutils-inetd - 2:1.9.4-1ubuntu0.1~esm1 inetutils-ping - 2:1.9.4-1ubuntu0.1~esm1 inetutils-syslogd - 2:1.9.4-1ubuntu0.1~esm1 inetutils-ftp - 2:1.9.4-1ubuntu0.1~esm1 inetutils-telnet - 2:1.9.4-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-10188 Ubuntu 16.04 LTS USN-5051-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Ingo Schwarze discovered that OpenSSL incorrectly handled certain ASN.1 strings. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2021-3712) Update Instructions: Run `sudo pro fix USN-5051-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl-dev - 1.0.2g-1ubuntu4.20+esm1 openssl - 1.0.2g-1ubuntu4.20+esm1 libssl-doc - 1.0.2g-1ubuntu4.20+esm1 libssl1.0.0 - 1.0.2g-1ubuntu4.20+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-3712 Ubuntu 16.04 LTS USN-5054-1 fixed a vulnerability in uWSGI for Ubuntu 18.04 LTS. This update provides the corresponding fixes for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Felix Wilhelm discovered a buffer overflow flaw in the mod_proxy_uwsgi module. An attacker could use this vulnerability to provoke an information disclosure or potentially remote code execution. Update Instructions: Run `sudo pro fix USN-5054-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-uwsgi - 2.0.12-5ubuntu3.2+esm1 uwsgi-plugin-rados - 2.0.12-5ubuntu3.2+esm1 uwsgi-plugin-xslt - 2.0.12-5ubuntu3.2+esm1 uwsgi-plugin-rack-ruby2.3 - 2.0.12-5ubuntu3.2+esm1 uwsgi-plugin-ring-openjdk-8 - 2.0.12-5ubuntu3.2+esm1 uwsgi-plugin-asyncio-python - 2.0.12-5ubuntu3.2+esm1 uwsgi-plugin-curl-cron - 2.0.12-5ubuntu3.2+esm1 uwsgi-infrastructure-plugins - 2.0.12-5ubuntu3.2+esm1 uwsgi-plugin-gevent-python - 2.0.12-5ubuntu3.2+esm1 python3-uwsgidecorators - 2.0.12-5ubuntu3.2+esm1 uwsgi-plugin-jwsgi-openjdk-8 - 2.0.12-5ubuntu3.2+esm1 uwsgi-plugin-php - 2.0.12-5ubuntu3.2+esm1 uwsgi-plugin-glusterfs - 2.0.12-5ubuntu3.2+esm1 uwsgi-plugin-greenlet-python - 2.0.12-5ubuntu3.2+esm1 uwsgi-plugin-v8 - 2.0.12-5ubuntu3.2+esm1 uwsgi-plugin-geoip - 2.0.12-5ubuntu3.2+esm1 uwsgi-app-integration-plugins - 2.0.12-5ubuntu3.2+esm1 uwsgi-plugin-alarm-curl - 2.0.12-5ubuntu3.2+esm1 uwsgi-plugin-lua5.1 - 2.0.12-5ubuntu3.2+esm1 uwsgi-plugin-lua5.2 - 2.0.12-5ubuntu3.2+esm1 uwsgi-plugin-python - 2.0.12-5ubuntu3.2+esm1 uwsgi-plugin-servlet-openjdk-8 - 2.0.12-5ubuntu3.2+esm1 uwsgi - 2.0.12-5ubuntu3.2+esm1 uwsgi-plugin-emperor-pg - 2.0.12-5ubuntu3.2+esm1 uwsgi-plugin-graylog2 - 2.0.12-5ubuntu3.2+esm1 uwsgi-plugin-asyncio-python3 - 2.0.12-5ubuntu3.2+esm1 uwsgi-emperor - 2.0.12-5ubuntu3.2+esm1 uwsgi-plugin-fiber - 2.0.12-5ubuntu3.2+esm1 uwsgi-plugins-all - 2.0.12-5ubuntu3.2+esm1 libapache2-mod-proxy-uwsgi - 2.0.12-5ubuntu3.2+esm1 libapache2-mod-ruwsgi - 2.0.12-5ubuntu3.2+esm1 uwsgi-plugin-rbthreads - 2.0.12-5ubuntu3.2+esm1 uwsgi-plugin-mono - 2.0.12-5ubuntu3.2+esm1 python-uwsgidecorators - 2.0.12-5ubuntu3.2+esm1 uwsgi-plugin-gccgo - 2.0.12-5ubuntu3.2+esm1 uwsgi-plugin-alarm-xmpp - 2.0.12-5ubuntu3.2+esm1 uwsgi-plugin-python3 - 2.0.12-5ubuntu3.2+esm1 uwsgi-plugin-router-access - 2.0.12-5ubuntu3.2+esm1 uwsgi-core - 2.0.12-5ubuntu3.2+esm1 uwsgi-extra - 2.0.12-5ubuntu3.2+esm1 uwsgi-plugin-jvm-openjdk-8 - 2.0.12-5ubuntu3.2+esm1 uwsgi-plugin-sqlite3 - 2.0.12-5ubuntu3.2+esm1 uwsgi-plugin-tornado-python - 2.0.12-5ubuntu3.2+esm1 uwsgi-plugin-luajit - 2.0.12-5ubuntu3.2+esm1 uwsgi-src - 2.0.12-5ubuntu3.2+esm1 uwsgi-plugin-psgi - 2.0.12-5ubuntu3.2+esm1 uwsgi-plugin-ldap - 2.0.12-5ubuntu3.2+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-11984 Ubuntu 16.04 LTS Michael Catanzaro discovered that grilo incorrectly handled certain TLS certificate verification. An attacker could possibly use this issue to MITM attacks. Update Instructions: Run `sudo pro fix USN-5055-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-grilo-0.2 - 0.2.15-1ubuntu0.1~esm1 libgrilo-0.2-doc - 0.2.15-1ubuntu0.1~esm1 libgrilo-0.2-bin - 0.2.15-1ubuntu0.1~esm1 libgrilo-0.2-dev - 0.2.15-1ubuntu0.1~esm1 libgrilo-0.2-1 - 0.2.15-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-39365 Ubuntu 16.04 LTS It was discovered that APR incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-5056-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapr1 - 1.5.2-3ubuntu0.1~esm1 libapr1-dev - 1.5.2-3ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-35940 Ubuntu 16.04 LTS USN-5060-1 fixed a vulnerability in NTFS-3G. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that NTFS-3G incorrectly handled certain image file. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5060-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ntfs-3g - 1:2015.3.14AR.1-1ubuntu0.3+esm1 ntfs-3g-dev - 1:2015.3.14AR.1-1ubuntu0.3+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/1942235 Ubuntu 16.04 LTS It was discovered that Scilab did not properly sanitize XML inputs. An atacker could use a crafted XML file to cause a denial of service or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5061-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: scilab-full-bin - 5.5.2-2ubuntu3+esm1 scilab-minimal-bin - 5.5.2-2ubuntu3+esm1 scilab-cli - 5.5.2-2ubuntu3+esm1 scilab-doc-ja - 5.5.2-2ubuntu3+esm1 scilab-include - 5.5.2-2ubuntu3+esm1 scilab-test - 5.5.2-2ubuntu3+esm1 scilab-doc - 5.5.2-2ubuntu3+esm1 scilab - 5.5.2-2ubuntu3+esm1 scilab-doc-pt-br - 5.5.2-2ubuntu3+esm1 scilab-data - 5.5.2-2ubuntu3+esm1 scilab-doc-fr - 5.5.2-2ubuntu3+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-30485 CVE-2021-31229 CVE-2021-31347 CVE-2021-31598 Ubuntu 16.04 LTS Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory. Update Instructions: Run `sudo pro fix USN-5062-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-cloud-tools-4.4.0-1097-kvm - 4.4.0-1097.106 linux-buildinfo-4.4.0-1097-kvm - 4.4.0-1097.106 linux-kvm-headers-4.4.0-1097 - 4.4.0-1097.106 linux-kvm-cloud-tools-4.4.0-1097 - 4.4.0-1097.106 linux-headers-4.4.0-1097-kvm - 4.4.0-1097.106 linux-tools-4.4.0-1097-kvm - 4.4.0-1097.106 linux-modules-4.4.0-1097-kvm - 4.4.0-1097.106 linux-image-4.4.0-1097-kvm - 4.4.0-1097.106 linux-kvm-tools-4.4.0-1097 - 4.4.0-1097.106 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-4.4.0-1132-aws - 4.4.0-1132.146 linux-headers-4.4.0-1132-aws - 4.4.0-1132.146 linux-modules-extra-4.4.0-1132-aws - 4.4.0-1132.146 linux-buildinfo-4.4.0-1132-aws - 4.4.0-1132.146 linux-image-4.4.0-1132-aws - 4.4.0-1132.146 linux-modules-4.4.0-1132-aws - 4.4.0-1132.146 linux-aws-cloud-tools-4.4.0-1132 - 4.4.0-1132.146 linux-aws-tools-4.4.0-1132 - 4.4.0-1132.146 linux-tools-4.4.0-1132-aws - 4.4.0-1132.146 linux-aws-headers-4.4.0-1132 - 4.4.0-1132.146 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-common - 4.4.0-214.246 linux-tools-host - 4.4.0-214.246 linux-source-4.4.0 - 4.4.0-214.246 linux-image-unsigned-4.4.0-214-generic - 4.4.0-214.246 linux-doc - 4.4.0-214.246 linux-buildinfo-4.4.0-214-generic - 4.4.0-214.246 linux-headers-4.4.0-214 - 4.4.0-214.246 linux-libc-dev - 4.4.0-214.246 linux-tools-4.4.0-214 - 4.4.0-214.246 linux-tools-4.4.0-214-generic - 4.4.0-214.246 linux-cloud-tools-4.4.0-214-generic - 4.4.0-214.246 linux-cloud-tools-4.4.0-214-lowlatency - 4.4.0-214.246 linux-image-unsigned-4.4.0-214-lowlatency - 4.4.0-214.246 linux-modules-extra-4.4.0-214-generic - 4.4.0-214.246 linux-cloud-tools-4.4.0-214 - 4.4.0-214.246 linux-modules-4.4.0-214-generic - 4.4.0-214.246 linux-image-4.4.0-214-lowlatency - 4.4.0-214.246 linux-buildinfo-4.4.0-214-lowlatency - 4.4.0-214.246 linux-tools-4.4.0-214-lowlatency - 4.4.0-214.246 linux-modules-4.4.0-214-lowlatency - 4.4.0-214.246 linux-headers-4.4.0-214-generic - 4.4.0-214.246 linux-cloud-tools-common - 4.4.0-214.246 linux-headers-4.4.0-214-lowlatency - 4.4.0-214.246 linux-image-4.4.0-214-generic - 4.4.0-214.246 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-kvm - 4.4.0.1097.95 linux-kvm - 4.4.0.1097.95 linux-headers-kvm - 4.4.0.1097.95 linux-image-kvm - 4.4.0.1097.95 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-aws - 4.4.0.1132.137 linux-image-aws - 4.4.0.1132.137 linux-aws - 4.4.0.1132.137 linux-modules-extra-aws - 4.4.0.1132.137 linux-tools-aws - 4.4.0.1132.137 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-image-generic-lts-utopic - 4.4.0.214.221 linux-cloud-tools-generic-lts-wily - 4.4.0.214.221 linux-cloud-tools-virtual-lts-xenial - 4.4.0.214.221 linux-cloud-tools-virtual - 4.4.0.214.221 linux-cloud-tools-virtual-lts-utopic - 4.4.0.214.221 linux-tools-generic-lts-vivid - 4.4.0.214.221 linux-image-extra-virtual-lts-xenial - 4.4.0.214.221 linux-image-extra-virtual-lts-wily - 4.4.0.214.221 linux-headers-generic-lts-wily - 4.4.0.214.221 linux-crashdump - 4.4.0.214.221 linux-tools-virtual-lts-vivid - 4.4.0.214.221 linux-image-virtual - 4.4.0.214.221 linux-image-lowlatency-lts-vivid - 4.4.0.214.221 linux-tools-lowlatency-lts-vivid - 4.4.0.214.221 linux-cloud-tools-generic-lts-utopic - 4.4.0.214.221 linux-headers-virtual-lts-vivid - 4.4.0.214.221 linux-image-lowlatency-lts-wily - 4.4.0.214.221 linux-image-generic - 4.4.0.214.221 linux-tools-lowlatency - 4.4.0.214.221 linux-image-lowlatency-lts-xenial - 4.4.0.214.221 linux-tools-virtual-lts-xenial - 4.4.0.214.221 linux-signed-lowlatency-lts-wily - 4.4.0.214.221 linux-image-extra-virtual-lts-vivid - 4.4.0.214.221 linux-image-generic-lts-wily - 4.4.0.214.221 linux-virtual-lts-utopic - 4.4.0.214.221 linux-signed-generic-lts-wily - 4.4.0.214.221 linux-cloud-tools-lowlatency-lts-wily - 4.4.0.214.221 linux-image-extra-virtual-lts-utopic - 4.4.0.214.221 linux-signed-generic-lts-utopic - 4.4.0.214.221 linux-tools-lowlatency-lts-xenial - 4.4.0.214.221 linux-headers-generic-lts-xenial - 4.4.0.214.221 linux-signed-generic-lts-vivid - 4.4.0.214.221 linux-headers-lowlatency-lts-wily - 4.4.0.214.221 linux-virtual-lts-vivid - 4.4.0.214.221 linux-signed-lowlatency-lts-xenial - 4.4.0.214.221 linux-headers-lowlatency-lts-vivid - 4.4.0.214.221 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.214.221 linux-lowlatency-lts-xenial - 4.4.0.214.221 linux-signed-generic-lts-xenial - 4.4.0.214.221 linux-source - 4.4.0.214.221 linux-signed-image-generic - 4.4.0.214.221 linux-lowlatency - 4.4.0.214.221 linux-cloud-tools-lowlatency-lts-vivid - 4.4.0.214.221 linux-generic-lts-xenial - 4.4.0.214.221 linux-tools-virtual - 4.4.0.214.221 linux-cloud-tools-generic-lts-xenial - 4.4.0.214.221 linux-virtual - 4.4.0.214.221 linux-cloud-tools-generic-lts-vivid - 4.4.0.214.221 linux-tools-generic-lts-utopic - 4.4.0.214.221 linux-cloud-tools-lowlatency-lts-utopic - 4.4.0.214.221 linux-signed-image-generic-lts-vivid - 4.4.0.214.221 linux-image-virtual-lts-xenial - 4.4.0.214.221 linux-image-virtual-lts-vivid - 4.4.0.214.221 linux-image-extra-virtual - 4.4.0.214.221 linux-virtual-lts-xenial - 4.4.0.214.221 linux-cloud-tools-virtual-lts-vivid - 4.4.0.214.221 linux-tools-lowlatency-lts-utopic - 4.4.0.214.221 linux-signed-image-generic-lts-wily - 4.4.0.214.221 linux-signed-image-lowlatency-lts-xenial - 4.4.0.214.221 linux-image-generic-lts-vivid - 4.4.0.214.221 linux-generic - 4.4.0.214.221 linux-tools-generic-lts-wily - 4.4.0.214.221 linux-tools-virtual-lts-utopic - 4.4.0.214.221 linux-headers-lowlatency - 4.4.0.214.221 linux-lowlatency-lts-vivid - 4.4.0.214.221 linux-generic-lts-wily - 4.4.0.214.221 linux-image-hwe-virtual-trusty - 4.4.0.214.221 linux-signed-image-generic-lts-xenial - 4.4.0.214.221 linux-generic-lts-vivid - 4.4.0.214.221 linux-tools-lowlatency-lts-wily - 4.4.0.214.221 linux-headers-virtual-lts-xenial - 4.4.0.214.221 linux-headers-lowlatency-lts-utopic - 4.4.0.214.221 linux-hwe-generic-trusty - 4.4.0.214.221 linux-tools-generic - 4.4.0.214.221 linux-cloud-tools-generic - 4.4.0.214.221 linux-headers-generic-lts-utopic - 4.4.0.214.221 linux-cloud-tools-virtual-lts-wily - 4.4.0.214.221 linux-cloud-tools-lowlatency - 4.4.0.214.221 linux-lowlatency-lts-utopic - 4.4.0.214.221 linux-tools-generic-lts-xenial - 4.4.0.214.221 linux-signed-image-lowlatency - 4.4.0.214.221 linux-image-generic-lts-utopic - 4.4.0.214.221 linux-image-virtual-lts-wily - 4.4.0.214.221 linux-signed-generic - 4.4.0.214.221 linux-lowlatency-lts-wily - 4.4.0.214.221 linux-image-virtual-lts-utopic - 4.4.0.214.221 linux-headers-generic - 4.4.0.214.221 linux-tools-lts-utopic - 4.4.0.214.221 linux-tools-virtual-lts-wily - 4.4.0.214.221 linux-generic-lts-utopic - 4.4.0.214.221 linux-headers-lowlatency-lts-xenial - 4.4.0.214.221 linux-image-hwe-generic-trusty - 4.4.0.214.221 linux-signed-image-lowlatency-lts-wily - 4.4.0.214.221 linux-headers-generic-lts-vivid - 4.4.0.214.221 linux-headers-virtual - 4.4.0.214.221 linux-image-generic-lts-xenial - 4.4.0.214.221 linux-virtual-lts-wily - 4.4.0.214.221 linux-headers-virtual-lts-utopic - 4.4.0.214.221 linux-headers-virtual-lts-wily - 4.4.0.214.221 linux-hwe-virtual-trusty - 4.4.0.214.221 linux-signed-lowlatency - 4.4.0.214.221 linux-image-lowlatency-lts-utopic - 4.4.0.214.221 linux-image-lowlatency - 4.4.0.214.221 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-3653 Ubuntu 16.04 LTS USN-5064-1 fixed vulnerabilities in GNU cpio. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled certain pattern files. A remote attacker could use this issue to cause cpio to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5064-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cpio - 2.11+dfsg-5ubuntu1.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-38185 Ubuntu 16.04 LTS USN-5066-1 fixed a vulnerability in PySAML2. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Brian Wolff discovered that PySAML2 incorrectly validated cryptographic signatures. A remote attacker could possibly use this issue to alter SAML documents. Update Instructions: Run `sudo pro fix USN-5066-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-pysaml2-doc - 3.0.0-3ubuntu1.16.04.4+esm1 python-pysaml2 - 3.0.0-3ubuntu1.16.04.4+esm1 python3-pysaml2 - 3.0.0-3ubuntu1.16.04.4+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-21239 Ubuntu 16.04 LTS It was discovered that GD Graphics Library incorrectly handled certain GD and GD2 files. An attacker could possibly use this issue to cause a crash or expose sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM. (CVE-2017-6363) It was discovered that GD Graphics Library incorrectly handled certain TGA files. An attacker could possibly use this issue to cause a denial of service or expose sensitive information. (CVE-2021-381) It was discovered that GD Graphics Library incorrectly handled certain files. An attacker could possibly use this issue to cause a crash. (CVE-2021-40145) Update Instructions: Run `sudo pro fix USN-5068-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgd3 - 2.1.1-4ubuntu0.16.04.12+esm1 libgd-tools - 2.1.1-4ubuntu0.16.04.12+esm1 libgd-dev - 2.1.1-4ubuntu0.16.04.12+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-6363 CVE-2021-38115 CVE-2021-40145 Ubuntu 16.04 LTS Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory. (CVE-2021-3656) Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory. (CVE-2021-3653) Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol implementation in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-34693) Murray McAllister discovered that the joystick device interface in the Linux kernel did not properly validate data passed via an ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code on systems with a joystick device registered. (CVE-2021-3612) It was discovered that the Virtio console implementation in the Linux kernel did not properly validate input lengths in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2021-38160) Update Instructions: Run `sudo pro fix USN-5073-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-4.15.0-1080-oracle - 4.15.0-1080.88~16.04.1 linux-buildinfo-4.15.0-1080-oracle - 4.15.0-1080.88~16.04.1 linux-headers-4.15.0-1080-oracle - 4.15.0-1080.88~16.04.1 linux-modules-extra-4.15.0-1080-oracle - 4.15.0-1080.88~16.04.1 linux-tools-4.15.0-1080-oracle - 4.15.0-1080.88~16.04.1 linux-image-unsigned-4.15.0-1080-oracle - 4.15.0-1080.88~16.04.1 linux-image-4.15.0-1080-oracle - 4.15.0-1080.88~16.04.1 linux-oracle-tools-4.15.0-1080 - 4.15.0-1080.88~16.04.1 linux-oracle-headers-4.15.0-1080 - 4.15.0-1080.88~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-hwe-cloud-tools-4.15.0-1111 - 4.15.0-1111.118~16.04.1 linux-aws-hwe-tools-4.15.0-1111 - 4.15.0-1111.118~16.04.1 linux-buildinfo-4.15.0-1111-aws - 4.15.0-1111.118~16.04.1 linux-headers-4.15.0-1111-aws - 4.15.0-1111.118~16.04.1 linux-modules-4.15.0-1111-aws - 4.15.0-1111.118~16.04.1 linux-tools-4.15.0-1111-aws - 4.15.0-1111.118~16.04.1 linux-modules-extra-4.15.0-1111-aws - 4.15.0-1111.118~16.04.1 linux-aws-headers-4.15.0-1111 - 4.15.0-1111.118~16.04.1 linux-image-4.15.0-1111-aws - 4.15.0-1111.118~16.04.1 linux-cloud-tools-4.15.0-1111-aws - 4.15.0-1111.118~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-4.15.0-1123-azure - 4.15.0-1123.136~16.04.1 linux-azure-cloud-tools-4.15.0-1123 - 4.15.0-1123.136~16.04.1 linux-azure-headers-4.15.0-1123 - 4.15.0-1123.136~16.04.1 linux-tools-4.15.0-1123-azure - 4.15.0-1123.136~16.04.1 linux-headers-4.15.0-1123-azure - 4.15.0-1123.136~16.04.1 linux-buildinfo-4.15.0-1123-azure - 4.15.0-1123.136~16.04.1 linux-modules-extra-4.15.0-1123-azure - 4.15.0-1123.136~16.04.1 linux-modules-4.15.0-1123-azure - 4.15.0-1123.136~16.04.1 linux-image-unsigned-4.15.0-1123-azure - 4.15.0-1123.136~16.04.1 linux-image-4.15.0-1123-azure - 4.15.0-1123.136~16.04.1 linux-azure-tools-4.15.0-1123 - 4.15.0-1123.136~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.15.0-156-lowlatency - 4.15.0-156.163~16.04.1 linux-modules-4.15.0-156-generic - 4.15.0-156.163~16.04.1 linux-modules-extra-4.15.0-156-generic - 4.15.0-156.163~16.04.1 linux-image-4.15.0-156-generic - 4.15.0-156.163~16.04.1 linux-cloud-tools-4.15.0-156-generic - 4.15.0-156.163~16.04.1 linux-headers-4.15.0-156 - 4.15.0-156.163~16.04.1 linux-modules-4.15.0-156-lowlatency - 4.15.0-156.163~16.04.1 linux-image-unsigned-4.15.0-156-lowlatency - 4.15.0-156.163~16.04.1 linux-image-unsigned-4.15.0-156-generic - 4.15.0-156.163~16.04.1 linux-hwe-tools-4.15.0-156 - 4.15.0-156.163~16.04.1 linux-buildinfo-4.15.0-156-lowlatency - 4.15.0-156.163~16.04.1 linux-headers-4.15.0-156-lowlatency - 4.15.0-156.163~16.04.1 linux-hwe-cloud-tools-4.15.0-156 - 4.15.0-156.163~16.04.1 linux-cloud-tools-4.15.0-156-lowlatency - 4.15.0-156.163~16.04.1 linux-tools-4.15.0-156-lowlatency - 4.15.0-156.163~16.04.1 linux-buildinfo-4.15.0-156-generic - 4.15.0-156.163~16.04.1 linux-headers-4.15.0-156-generic - 4.15.0-156.163~16.04.1 linux-tools-4.15.0-156-generic - 4.15.0-156.163~16.04.1 linux-source-4.15.0 - 4.15.0-156.163~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-oracle - 4.15.0.1080.68 linux-headers-oracle - 4.15.0.1080.68 linux-signed-image-oracle - 4.15.0.1080.68 linux-signed-oracle - 4.15.0.1080.68 linux-image-oracle - 4.15.0.1080.68 linux-oracle - 4.15.0.1080.68 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-hwe - 4.15.0.1111.102 linux-modules-extra-aws-hwe - 4.15.0.1111.102 linux-aws-edge - 4.15.0.1111.102 linux-image-aws-hwe - 4.15.0.1111.102 linux-headers-aws-hwe - 4.15.0.1111.102 linux-tools-aws-hwe - 4.15.0.1111.102 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1123.114 linux-tools-azure-edge - 4.15.0.1123.114 linux-cloud-tools-azure - 4.15.0.1123.114 linux-tools-azure - 4.15.0.1123.114 linux-image-azure-edge - 4.15.0.1123.114 linux-signed-image-azure-edge - 4.15.0.1123.114 linux-cloud-tools-azure-edge - 4.15.0.1123.114 linux-modules-extra-azure - 4.15.0.1123.114 linux-azure - 4.15.0.1123.114 linux-image-azure - 4.15.0.1123.114 linux-signed-image-azure - 4.15.0.1123.114 linux-headers-azure-edge - 4.15.0.1123.114 linux-azure-edge - 4.15.0.1123.114 linux-modules-extra-azure-edge - 4.15.0.1123.114 linux-signed-azure-edge - 4.15.0.1123.114 linux-headers-azure - 4.15.0.1123.114 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-lowlatency-hwe-16.04 - 4.15.0.156.149 linux-signed-generic-hwe-16.04-edge - 4.15.0.156.149 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.156.149 linux-image-extra-virtual-hwe-16.04 - 4.15.0.156.149 linux-image-oem - 4.15.0.156.149 linux-headers-generic-hwe-16.04-edge - 4.15.0.156.149 linux-tools-virtual-hwe-16.04 - 4.15.0.156.149 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.156.149 linux-image-virtual-hwe-16.04-edge - 4.15.0.156.149 linux-signed-lowlatency-hwe-16.04 - 4.15.0.156.149 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.156.149 linux-generic-hwe-16.04-edge - 4.15.0.156.149 linux-headers-lowlatency-hwe-16.04 - 4.15.0.156.149 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.156.149 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.156.149 linux-tools-generic-hwe-16.04 - 4.15.0.156.149 linux-tools-oem - 4.15.0.156.149 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.156.149 linux-headers-oem - 4.15.0.156.149 linux-signed-image-generic-hwe-16.04 - 4.15.0.156.149 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.156.149 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.156.149 linux-headers-virtual-hwe-16.04-edge - 4.15.0.156.149 linux-lowlatency-hwe-16.04 - 4.15.0.156.149 linux-headers-generic-hwe-16.04 - 4.15.0.156.149 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.156.149 linux-generic-hwe-16.04 - 4.15.0.156.149 linux-tools-virtual-hwe-16.04-edge - 4.15.0.156.149 linux-oem - 4.15.0.156.149 linux-virtual-hwe-16.04 - 4.15.0.156.149 linux-lowlatency-hwe-16.04-edge - 4.15.0.156.149 linux-image-generic-hwe-16.04-edge - 4.15.0.156.149 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.156.149 linux-virtual-hwe-16.04-edge - 4.15.0.156.149 linux-tools-lowlatency-hwe-16.04 - 4.15.0.156.149 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.156.149 linux-headers-virtual-hwe-16.04 - 4.15.0.156.149 linux-signed-oem - 4.15.0.156.149 linux-image-virtual-hwe-16.04 - 4.15.0.156.149 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.156.149 linux-signed-generic-hwe-16.04 - 4.15.0.156.149 linux-signed-image-oem - 4.15.0.156.149 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.156.149 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.156.149 linux-tools-generic-hwe-16.04-edge - 4.15.0.156.149 linux-image-generic-hwe-16.04 - 4.15.0.156.149 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-34693 CVE-2021-3612 CVE-2021-3653 CVE-2021-3656 CVE-2021-38160 Ubuntu 16.04 LTS Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory. (CVE-2021-3656) Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory. (CVE-2021-3653) Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol implementation in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-34693) Murray McAllister discovered that the joystick device interface in the Linux kernel did not properly validate data passed via an ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code on systems with a joystick device registered. (CVE-2021-3612) It was discovered that the Virtio console implementation in the Linux kernel did not properly validate input lengths in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2021-38160) Update Instructions: Run `sudo pro fix USN-5073-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-headers-4.15.0-1108-gcp - 4.15.0-1108.122~16.04.1 linux-image-4.15.0-1108-gcp - 4.15.0-1108.122~16.04.1 linux-modules-extra-4.15.0-1108-gcp - 4.15.0-1108.122~16.04.1 linux-gcp-tools-4.15.0-1108 - 4.15.0-1108.122~16.04.1 linux-tools-4.15.0-1108-gcp - 4.15.0-1108.122~16.04.1 linux-gcp-headers-4.15.0-1108 - 4.15.0-1108.122~16.04.1 linux-buildinfo-4.15.0-1108-gcp - 4.15.0-1108.122~16.04.1 linux-modules-4.15.0-1108-gcp - 4.15.0-1108.122~16.04.1 linux-image-unsigned-4.15.0-1108-gcp - 4.15.0-1108.122~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-gke - 4.15.0.1108.109 linux-image-gke - 4.15.0.1108.109 linux-headers-gcp - 4.15.0.1108.109 linux-tools-gcp - 4.15.0.1108.109 linux-image-gcp - 4.15.0.1108.109 linux-modules-extra-gcp - 4.15.0.1108.109 linux-headers-gke - 4.15.0.1108.109 linux-gke - 4.15.0.1108.109 linux-gcp - 4.15.0.1108.109 linux-tools-gke - 4.15.0.1108.109 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-34693 CVE-2021-3612 CVE-2021-3653 CVE-2021-3656 CVE-2021-38160 Ubuntu 16.04 LTS It was discovered that Git allowed newline characters in certain repository paths. An attacker could potentially use this issue to perform cross-protocol requests. Update Instructions: Run `sudo pro fix USN-5076-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:2.7.4-0ubuntu1.10+esm1 gitweb - 1:2.7.4-0ubuntu1.10+esm1 git-gui - 1:2.7.4-0ubuntu1.10+esm1 git-daemon-sysvinit - 1:2.7.4-0ubuntu1.10+esm1 git-arch - 1:2.7.4-0ubuntu1.10+esm1 git-el - 1:2.7.4-0ubuntu1.10+esm1 gitk - 1:2.7.4-0ubuntu1.10+esm1 git-all - 1:2.7.4-0ubuntu1.10+esm1 git-mediawiki - 1:2.7.4-0ubuntu1.10+esm1 git-daemon-run - 1:2.7.4-0ubuntu1.10+esm1 git-man - 1:2.7.4-0ubuntu1.10+esm1 git-doc - 1:2.7.4-0ubuntu1.10+esm1 git-svn - 1:2.7.4-0ubuntu1.10+esm1 git-cvs - 1:2.7.4-0ubuntu1.10+esm1 git-core - 1:2.7.4-0ubuntu1.10+esm1 git-email - 1:2.7.4-0ubuntu1.10+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-40330 Ubuntu 16.04 LTS USN-5077-1 fixed several vulnerabilities in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Maik Münch and Stephen Röttger discovered that Apport incorrectly handled certain information gathering operations. A local attacker could use this issue to gain read access to arbitrary files, possibly containing sensitive information. Update Instructions: Run `sudo pro fix USN-5077-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.20.1-0ubuntu2.30+esm2 python3-problem-report - 2.20.1-0ubuntu2.30+esm2 apport-kde - 2.20.1-0ubuntu2.30+esm2 apport-retrace - 2.20.1-0ubuntu2.30+esm2 apport-valgrind - 2.20.1-0ubuntu2.30+esm2 python3-apport - 2.20.1-0ubuntu2.30+esm2 dh-apport - 2.20.1-0ubuntu2.30+esm2 apport-gtk - 2.20.1-0ubuntu2.30+esm2 apport - 2.20.1-0ubuntu2.30+esm2 python-problem-report - 2.20.1-0ubuntu2.30+esm2 apport-noui - 2.20.1-0ubuntu2.30+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-3709 CVE-2021-3710 Ubuntu 16.04 LTS USN-5078-1 fixed several vulnerabilities in Squashfs-Tools. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Etienne Stalmans discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem. (CVE-2021-40153) Richard Weinberger discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem. (CVE-2021-41072) Update Instructions: Run `sudo pro fix USN-5078-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squashfs-tools - 1:4.3-3ubuntu2.16.04.3+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-40153 CVE-2021-41072 Ubuntu 16.04 LTS USN-5079-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS even when the option to require a successful upgrade to TLS was specified. (CVE-2021-22946) Patrick Monnerat discovered that curl incorrectly handled responses received before STARTTLS. A remote attacker could possibly use this issue to inject responses and intercept communications. (CVE-2021-22947) Update Instructions: Run `sudo pro fix USN-5079-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.47.0-1ubuntu2.19+esm1 libcurl4-openssl-dev - 7.47.0-1ubuntu2.19+esm1 libcurl3-gnutls - 7.47.0-1ubuntu2.19+esm1 libcurl4-doc - 7.47.0-1ubuntu2.19+esm1 libcurl3-nss - 7.47.0-1ubuntu2.19+esm1 libcurl4-nss-dev - 7.47.0-1ubuntu2.19+esm1 libcurl3 - 7.47.0-1ubuntu2.19+esm1 curl - 7.47.0-1ubuntu2.19+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-22946 CVE-2021-22947 Ubuntu 16.04 LTS USN-5079-2 fixed vulnerabilities in curl. One of the fixes introduced a regression. This update fixes the problem. Original advisory details: Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS even when the option to require a successful upgrade to TLS was specified. (CVE-2021-22946) Patrick Monnerat discovered that curl incorrectly handled responses received before STARTTLS. A remote attacker could possibly use this issue to inject responses and intercept communications. (CVE-2021-22947) Update Instructions: Run `sudo pro fix USN-5079-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.47.0-1ubuntu2.19+esm2 libcurl4-openssl-dev - 7.47.0-1ubuntu2.19+esm2 libcurl3-gnutls - 7.47.0-1ubuntu2.19+esm2 libcurl4-doc - 7.47.0-1ubuntu2.19+esm2 libcurl3-nss - 7.47.0-1ubuntu2.19+esm2 libcurl4-nss-dev - 7.47.0-1ubuntu2.19+esm2 libcurl3 - 7.47.0-1ubuntu2.19+esm2 curl - 7.47.0-1ubuntu2.19+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/1944120 Ubuntu 16.04 LTS USN-5080-1 fixed several vulnerabilities in Libgcrypt. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that Libgcrypt incorrectly handled ElGamal encryption. An attacker could possibly use this issue to recover sensitive information. Update Instructions: Run `sudo pro fix USN-5080-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgcrypt11-dev - 1.5.4-3+really1.6.5-2ubuntu0.6+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro libgcrypt20 - 1.6.5-2ubuntu0.6+esm1 libgcrypt20-doc - 1.6.5-2ubuntu0.6+esm1 libgcrypt20-dev - 1.6.5-2ubuntu0.6+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-33560 CVE-2021-40528 Ubuntu 16.04 LTS It was discovered that Python incorrectly handled certain RFCs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM. (CVE-2021-3733) It was discovered that Python incorrectly handled certain server responses. An attacker could possibly use this issue to cause a denial of service. (CVE-2021-3737) Update Instructions: Run `sudo pro fix USN-5083-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpython3.5-stdlib - 3.5.2-2ubuntu0~16.04.13+esm1 libpython3.5-minimal - 3.5.2-2ubuntu0~16.04.13+esm1 python3.5-venv - 3.5.2-2ubuntu0~16.04.13+esm1 python3.5 - 3.5.2-2ubuntu0~16.04.13+esm1 python3.5-minimal - 3.5.2-2ubuntu0~16.04.13+esm1 python3.5-doc - 3.5.2-2ubuntu0~16.04.13+esm1 libpython3.5-testsuite - 3.5.2-2ubuntu0~16.04.13+esm1 libpython3.5 - 3.5.2-2ubuntu0~16.04.13+esm1 libpython3.5-dev - 3.5.2-2ubuntu0~16.04.13+esm1 python3.5-examples - 3.5.2-2ubuntu0~16.04.13+esm1 python3.5-dev - 3.5.2-2ubuntu0~16.04.13+esm1 idle-python3.5 - 3.5.2-2ubuntu0~16.04.13+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-3733 CVE-2021-3737 Ubuntu 16.04 LTS Johan Almbladh discovered that the eBPF JIT implementation for IBM s390x systems in the Linux kernel miscompiled operations in some situations, allowing circumvention of the BPF verifier. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5086-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-headers-4.15.0-158-lowlatency - 4.15.0-158.166~16.04.1 linux-headers-4.15.0-158-generic - 4.15.0-158.166~16.04.1 linux-headers-4.15.0-158 - 4.15.0-158.166~16.04.1 linux-tools-4.15.0-158-generic - 4.15.0-158.166~16.04.1 linux-image-4.15.0-158-generic - 4.15.0-158.166~16.04.1 linux-buildinfo-4.15.0-158-generic - 4.15.0-158.166~16.04.1 linux-image-unsigned-4.15.0-158-lowlatency - 4.15.0-158.166~16.04.1 linux-hwe-tools-4.15.0-158 - 4.15.0-158.166~16.04.1 linux-cloud-tools-4.15.0-158-lowlatency - 4.15.0-158.166~16.04.1 linux-modules-4.15.0-158-generic - 4.15.0-158.166~16.04.1 linux-image-4.15.0-158-lowlatency - 4.15.0-158.166~16.04.1 linux-modules-extra-4.15.0-158-generic - 4.15.0-158.166~16.04.1 linux-cloud-tools-4.15.0-158-generic - 4.15.0-158.166~16.04.1 linux-buildinfo-4.15.0-158-lowlatency - 4.15.0-158.166~16.04.1 linux-image-unsigned-4.15.0-158-generic - 4.15.0-158.166~16.04.1 linux-modules-4.15.0-158-lowlatency - 4.15.0-158.166~16.04.1 linux-hwe-cloud-tools-4.15.0-158 - 4.15.0-158.166~16.04.1 linux-source-4.15.0 - 4.15.0-158.166~16.04.1 linux-tools-4.15.0-158-lowlatency - 4.15.0-158.166~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-lowlatency-hwe-16.04 - 4.15.0.158.151 linux-image-extra-virtual-hwe-16.04 - 4.15.0.158.151 linux-image-oem - 4.15.0.158.151 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.158.151 linux-headers-generic-hwe-16.04-edge - 4.15.0.158.151 linux-image-lowlatency-hwe-16.04 - 4.15.0.158.151 linux-signed-generic-hwe-16.04-edge - 4.15.0.158.151 linux-tools-virtual-hwe-16.04 - 4.15.0.158.151 linux-image-virtual-hwe-16.04-edge - 4.15.0.158.151 linux-oem - 4.15.0.158.151 linux-signed-lowlatency-hwe-16.04 - 4.15.0.158.151 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.158.151 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.158.151 linux-generic-hwe-16.04-edge - 4.15.0.158.151 linux-tools-virtual-hwe-16.04-edge - 4.15.0.158.151 linux-headers-lowlatency-hwe-16.04 - 4.15.0.158.151 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.158.151 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.158.151 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.158.151 linux-tools-oem - 4.15.0.158.151 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.158.151 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.158.151 linux-headers-oem - 4.15.0.158.151 linux-tools-generic-hwe-16.04-edge - 4.15.0.158.151 linux-signed-generic-hwe-16.04 - 4.15.0.158.151 linux-signed-image-generic-hwe-16.04 - 4.15.0.158.151 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.158.151 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.158.151 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.158.151 linux-headers-virtual-hwe-16.04-edge - 4.15.0.158.151 linux-headers-generic-hwe-16.04 - 4.15.0.158.151 linux-generic-hwe-16.04 - 4.15.0.158.151 linux-virtual-hwe-16.04 - 4.15.0.158.151 linux-lowlatency-hwe-16.04-edge - 4.15.0.158.151 linux-image-generic-hwe-16.04 - 4.15.0.158.151 linux-image-generic-hwe-16.04-edge - 4.15.0.158.151 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.158.151 linux-tools-lowlatency-hwe-16.04 - 4.15.0.158.151 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.158.151 linux-headers-virtual-hwe-16.04 - 4.15.0.158.151 linux-virtual-hwe-16.04-edge - 4.15.0.158.151 linux-signed-oem - 4.15.0.158.151 linux-image-virtual-hwe-16.04 - 4.15.0.158.151 linux-signed-image-oem - 4.15.0.158.151 linux-tools-generic-hwe-16.04 - 4.15.0.158.151 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.158.151 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-4.4.0-216-lowlatency - 4.4.0-216.249 linux-tools-common - 4.4.0-216.249 linux-cloud-tools-4.4.0-216-generic - 4.4.0-216.249 linux-modules-4.4.0-216-generic - 4.4.0-216.249 linux-tools-host - 4.4.0-216.249 linux-source-4.4.0 - 4.4.0-216.249 linux-doc - 4.4.0-216.249 linux-modules-extra-4.4.0-216-generic - 4.4.0-216.249 linux-tools-4.4.0-216-generic - 4.4.0-216.249 linux-headers-4.4.0-216 - 4.4.0-216.249 linux-buildinfo-4.4.0-216-generic - 4.4.0-216.249 linux-libc-dev - 4.4.0-216.249 linux-buildinfo-4.4.0-216-lowlatency - 4.4.0-216.249 linux-image-unsigned-4.4.0-216-lowlatency - 4.4.0-216.249 linux-headers-4.4.0-216-lowlatency - 4.4.0-216.249 linux-cloud-tools-4.4.0-216-lowlatency - 4.4.0-216.249 linux-cloud-tools-4.4.0-216 - 4.4.0-216.249 linux-tools-4.4.0-216 - 4.4.0-216.249 linux-image-4.4.0-216-lowlatency - 4.4.0-216.249 linux-cloud-tools-common - 4.4.0-216.249 linux-image-4.4.0-216-generic - 4.4.0-216.249 linux-headers-4.4.0-216-generic - 4.4.0-216.249 linux-modules-4.4.0-216-lowlatency - 4.4.0-216.249 linux-image-unsigned-4.4.0-216-generic - 4.4.0-216.249 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-image-generic-lts-utopic - 4.4.0.216.223 linux-cloud-tools-generic-lts-wily - 4.4.0.216.223 linux-cloud-tools-virtual-lts-xenial - 4.4.0.216.223 linux-cloud-tools-virtual - 4.4.0.216.223 linux-cloud-tools-virtual-lts-utopic - 4.4.0.216.223 linux-tools-generic-lts-vivid - 4.4.0.216.223 linux-image-hwe-virtual-trusty - 4.4.0.216.223 linux-image-extra-virtual-lts-xenial - 4.4.0.216.223 linux-image-extra-virtual-lts-wily - 4.4.0.216.223 linux-headers-generic-lts-wily - 4.4.0.216.223 linux-tools-virtual-lts-vivid - 4.4.0.216.223 linux-image-virtual - 4.4.0.216.223 linux-tools-virtual-lts-wily - 4.4.0.216.223 linux-image-lowlatency-lts-vivid - 4.4.0.216.223 linux-tools-lowlatency-lts-vivid - 4.4.0.216.223 linux-cloud-tools-generic-lts-utopic - 4.4.0.216.223 linux-headers-virtual-lts-vivid - 4.4.0.216.223 linux-image-lowlatency-lts-wily - 4.4.0.216.223 linux-image-generic - 4.4.0.216.223 linux-tools-lowlatency - 4.4.0.216.223 linux-image-lowlatency-lts-xenial - 4.4.0.216.223 linux-tools-virtual-lts-xenial - 4.4.0.216.223 linux-signed-lowlatency-lts-wily - 4.4.0.216.223 linux-image-extra-virtual-lts-vivid - 4.4.0.216.223 linux-image-generic-lts-wily - 4.4.0.216.223 linux-virtual-lts-utopic - 4.4.0.216.223 linux-signed-generic-lts-wily - 4.4.0.216.223 linux-cloud-tools-lowlatency-lts-wily - 4.4.0.216.223 linux-image-extra-virtual-lts-utopic - 4.4.0.216.223 linux-signed-generic-lts-utopic - 4.4.0.216.223 linux-tools-lowlatency-lts-xenial - 4.4.0.216.223 linux-signed-image-lowlatency-lts-xenial - 4.4.0.216.223 linux-headers-generic-lts-xenial - 4.4.0.216.223 linux-image-virtual-lts-vivid - 4.4.0.216.223 linux-crashdump - 4.4.0.216.223 linux-virtual-lts-vivid - 4.4.0.216.223 linux-signed-lowlatency-lts-xenial - 4.4.0.216.223 linux-headers-lowlatency-lts-vivid - 4.4.0.216.223 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.216.223 linux-lowlatency-lts-xenial - 4.4.0.216.223 linux-signed-generic-lts-xenial - 4.4.0.216.223 linux-source - 4.4.0.216.223 linux-signed-image-generic - 4.4.0.216.223 linux-lowlatency - 4.4.0.216.223 linux-cloud-tools-lowlatency-lts-vivid - 4.4.0.216.223 linux-generic-lts-xenial - 4.4.0.216.223 linux-cloud-tools-generic - 4.4.0.216.223 linux-image-generic-lts-vivid - 4.4.0.216.223 linux-virtual - 4.4.0.216.223 linux-cloud-tools-generic-lts-vivid - 4.4.0.216.223 linux-tools-generic-lts-utopic - 4.4.0.216.223 linux-cloud-tools-lowlatency-lts-utopic - 4.4.0.216.223 linux-signed-image-generic-lts-vivid - 4.4.0.216.223 linux-image-virtual-lts-xenial - 4.4.0.216.223 linux-tools-virtual - 4.4.0.216.223 linux-virtual-lts-xenial - 4.4.0.216.223 linux-cloud-tools-virtual-lts-vivid - 4.4.0.216.223 linux-tools-lowlatency-lts-utopic - 4.4.0.216.223 linux-signed-image-generic-lts-wily - 4.4.0.216.223 linux-generic - 4.4.0.216.223 linux-signed-generic-lts-vivid - 4.4.0.216.223 linux-tools-generic-lts-wily - 4.4.0.216.223 linux-tools-virtual-lts-utopic - 4.4.0.216.223 linux-headers-lowlatency - 4.4.0.216.223 linux-lowlatency-lts-vivid - 4.4.0.216.223 linux-generic-lts-wily - 4.4.0.216.223 linux-signed-image-generic-lts-xenial - 4.4.0.216.223 linux-generic-lts-vivid - 4.4.0.216.223 linux-tools-lowlatency-lts-wily - 4.4.0.216.223 linux-headers-virtual-lts-xenial - 4.4.0.216.223 linux-headers-lowlatency-lts-wily - 4.4.0.216.223 linux-headers-lowlatency-lts-utopic - 4.4.0.216.223 linux-hwe-generic-trusty - 4.4.0.216.223 linux-lowlatency-lts-utopic - 4.4.0.216.223 linux-image-extra-virtual - 4.4.0.216.223 linux-image-generic-lts-xenial - 4.4.0.216.223 linux-tools-generic-lts-xenial - 4.4.0.216.223 linux-headers-generic-lts-utopic - 4.4.0.216.223 linux-tools-generic - 4.4.0.216.223 linux-cloud-tools-virtual-lts-wily - 4.4.0.216.223 linux-cloud-tools-lowlatency - 4.4.0.216.223 linux-signed-image-lowlatency - 4.4.0.216.223 linux-image-generic-lts-utopic - 4.4.0.216.223 linux-image-virtual-lts-wily - 4.4.0.216.223 linux-signed-generic - 4.4.0.216.223 linux-lowlatency-lts-wily - 4.4.0.216.223 linux-image-virtual-lts-utopic - 4.4.0.216.223 linux-headers-generic - 4.4.0.216.223 linux-tools-lts-utopic - 4.4.0.216.223 linux-generic-lts-utopic - 4.4.0.216.223 linux-headers-lowlatency-lts-xenial - 4.4.0.216.223 linux-image-hwe-generic-trusty - 4.4.0.216.223 linux-signed-image-lowlatency-lts-wily - 4.4.0.216.223 linux-headers-generic-lts-vivid - 4.4.0.216.223 linux-headers-virtual - 4.4.0.216.223 linux-cloud-tools-generic-lts-xenial - 4.4.0.216.223 linux-virtual-lts-wily - 4.4.0.216.223 linux-headers-virtual-lts-utopic - 4.4.0.216.223 linux-headers-virtual-lts-wily - 4.4.0.216.223 linux-hwe-virtual-trusty - 4.4.0.216.223 linux-signed-lowlatency - 4.4.0.216.223 linux-image-lowlatency-lts-utopic - 4.4.0.216.223 linux-image-lowlatency - 4.4.0.216.223 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/1943960 Ubuntu 16.04 LTS USN-5089-1 updated ca-certificates. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: The ca-certificates package contained a CA certificate that will expire on 2021-09-30 and will cause connectivity issues. This update removes the “DST Root CA X3” CA. Update Instructions: Run `sudo pro fix USN-5089-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ca-certificates - 20210119~16.04.1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/1944481 Ubuntu 16.04 LTS USN-5090-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that the Apache HTTP Server incorrectly handled certain malformed requests. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2021-34798) It was discovered that the Apache HTTP Server incorrectly handled escaping quotes. If the server was configured with third-party modules, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-39275) It was discovered that the Apache mod_proxy module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to forward requests to arbitrary origin servers. (CVE-2021-40438) Update Instructions: Run `sudo pro fix USN-5090-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2-data - 2.4.18-2ubuntu3.17+esm2 apache2-utils - 2.4.18-2ubuntu3.17+esm2 apache2-dev - 2.4.18-2ubuntu3.17+esm2 apache2-suexec-pristine - 2.4.18-2ubuntu3.17+esm2 apache2-suexec-custom - 2.4.18-2ubuntu3.17+esm2 apache2 - 2.4.18-2ubuntu3.17+esm2 apache2-doc - 2.4.18-2ubuntu3.17+esm2 apache2-bin - 2.4.18-2ubuntu3.17+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-34798 CVE-2021-39275 CVE-2021-40438 Ubuntu 16.04 LTS USN-5090-1 fixed vulnerabilities in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem. Original advisory details: James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. (CVE-2021-33193) It was discovered that the Apache HTTP Server incorrectly handled certain malformed requests. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2021-34798) Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. (CVE-2021-36160) It was discovered that the Apache HTTP Server incorrectly handled escaping quotes. If the server was configured with third-party modules, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-39275) It was discovered that the Apache mod_proxy module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to forward requests to arbitrary origin servers. (CVE-2021-40438) Update Instructions: Run `sudo pro fix USN-5090-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2-data - 2.4.18-2ubuntu3.17+esm3 apache2-utils - 2.4.18-2ubuntu3.17+esm3 apache2-dev - 2.4.18-2ubuntu3.17+esm3 apache2-suexec-pristine - 2.4.18-2ubuntu3.17+esm3 apache2-suexec-custom - 2.4.18-2ubuntu3.17+esm3 apache2 - 2.4.18-2ubuntu3.17+esm3 apache2-doc - 2.4.18-2ubuntu3.17+esm3 apache2-bin - 2.4.18-2ubuntu3.17+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/1945311 Ubuntu 16.04 LTS Brian Carpenter discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. (CVE-2021-3770) Brian Carpenter discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2021-3778) Dhiraj Mishra discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2021-3796) Update Instructions: Run `sudo pro fix USN-5093-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:7.4.1689-3ubuntu1.5+esm2 vim-nox-py2 - 2:7.4.1689-3ubuntu1.5+esm2 vim-gnome - 2:7.4.1689-3ubuntu1.5+esm2 vim-athena-py2 - 2:7.4.1689-3ubuntu1.5+esm2 vim-athena - 2:7.4.1689-3ubuntu1.5+esm2 vim-gtk - 2:7.4.1689-3ubuntu1.5+esm2 vim-gui-common - 2:7.4.1689-3ubuntu1.5+esm2 vim - 2:7.4.1689-3ubuntu1.5+esm2 vim-gtk3-py2 - 2:7.4.1689-3ubuntu1.5+esm2 vim-doc - 2:7.4.1689-3ubuntu1.5+esm2 vim-gtk-py2 - 2:7.4.1689-3ubuntu1.5+esm2 vim-tiny - 2:7.4.1689-3ubuntu1.5+esm2 vim-gnome-py2 - 2:7.4.1689-3ubuntu1.5+esm2 vim-gtk3 - 2:7.4.1689-3ubuntu1.5+esm2 vim-nox - 2:7.4.1689-3ubuntu1.5+esm2 vim-runtime - 2:7.4.1689-3ubuntu1.5+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-3770 CVE-2021-3778 CVE-2021-3796 Ubuntu 16.04 LTS It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. An attacker who could start and control a VM could possibly use this to expose sensitive information or execute arbitrary code. (CVE-2021-22543) It was discovered that the tracing subsystem in the Linux kernel did not properly keep track of per-cpu ring buffer state. A privileged attacker could use this to cause a denial of service. (CVE-2021-3679) Alois Wohlschlager discovered that the overlay file system in the Linux kernel did not restrict private clones in some situations. An attacker could use this to expose sensitive information. (CVE-2021-3732) Alexey Kardashevskiy discovered that the KVM implementation for PowerPC systems in the Linux kernel did not properly validate RTAS arguments in some situations. An attacker in a guest vm could use this to cause a denial of service (host OS crash) or possibly execute arbitrary code. (CVE-2021-37576) It was discovered that the MAX-3421 host USB device driver in the Linux kernel did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2021-38204) It was discovered that the Xilinx 10/100 Ethernet Lite device driver in the Linux kernel could report pointer addresses in some situations. An attacker could use this information to ease the exploitation of another vulnerability. (CVE-2021-38205) Update Instructions: Run `sudo pro fix USN-5094-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1081-oracle - 4.15.0-1081.89~16.04.1 linux-image-4.15.0-1081-oracle - 4.15.0-1081.89~16.04.1 linux-image-unsigned-4.15.0-1081-oracle - 4.15.0-1081.89~16.04.1 linux-tools-4.15.0-1081-oracle - 4.15.0-1081.89~16.04.1 linux-modules-4.15.0-1081-oracle - 4.15.0-1081.89~16.04.1 linux-headers-4.15.0-1081-oracle - 4.15.0-1081.89~16.04.1 linux-modules-extra-4.15.0-1081-oracle - 4.15.0-1081.89~16.04.1 linux-oracle-tools-4.15.0-1081 - 4.15.0-1081.89~16.04.1 linux-oracle-headers-4.15.0-1081 - 4.15.0-1081.89~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp-tools-4.15.0-1109 - 4.15.0-1109.123~16.04.1 linux-buildinfo-4.15.0-1109-gcp - 4.15.0-1109.123~16.04.1 linux-gcp-headers-4.15.0-1109 - 4.15.0-1109.123~16.04.1 linux-tools-4.15.0-1109-gcp - 4.15.0-1109.123~16.04.1 linux-image-4.15.0-1109-gcp - 4.15.0-1109.123~16.04.1 linux-modules-extra-4.15.0-1109-gcp - 4.15.0-1109.123~16.04.1 linux-headers-4.15.0-1109-gcp - 4.15.0-1109.123~16.04.1 linux-modules-4.15.0-1109-gcp - 4.15.0-1109.123~16.04.1 linux-image-unsigned-4.15.0-1109-gcp - 4.15.0-1109.123~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-hwe-cloud-tools-4.15.0-1112 - 4.15.0-1112.119~16.04.1 linux-aws-hwe-tools-4.15.0-1112 - 4.15.0-1112.119~16.04.1 linux-tools-4.15.0-1112-aws - 4.15.0-1112.119~16.04.1 linux-modules-4.15.0-1112-aws - 4.15.0-1112.119~16.04.1 linux-buildinfo-4.15.0-1112-aws - 4.15.0-1112.119~16.04.1 linux-modules-extra-4.15.0-1112-aws - 4.15.0-1112.119~16.04.1 linux-headers-4.15.0-1112-aws - 4.15.0-1112.119~16.04.1 linux-aws-headers-4.15.0-1112 - 4.15.0-1112.119~16.04.1 linux-image-4.15.0-1112-aws - 4.15.0-1112.119~16.04.1 linux-cloud-tools-4.15.0-1112-aws - 4.15.0-1112.119~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-cloud-tools-4.15.0-1124 - 4.15.0-1124.137~16.04.1 linux-buildinfo-4.15.0-1124-azure - 4.15.0-1124.137~16.04.1 linux-image-4.15.0-1124-azure - 4.15.0-1124.137~16.04.1 linux-azure-headers-4.15.0-1124 - 4.15.0-1124.137~16.04.1 linux-headers-4.15.0-1124-azure - 4.15.0-1124.137~16.04.1 linux-cloud-tools-4.15.0-1124-azure - 4.15.0-1124.137~16.04.1 linux-tools-4.15.0-1124-azure - 4.15.0-1124.137~16.04.1 linux-modules-4.15.0-1124-azure - 4.15.0-1124.137~16.04.1 linux-modules-extra-4.15.0-1124-azure - 4.15.0-1124.137~16.04.1 linux-image-unsigned-4.15.0-1124-azure - 4.15.0-1124.137~16.04.1 linux-azure-tools-4.15.0-1124 - 4.15.0-1124.137~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-4.15.0-159-generic - 4.15.0-159.167~16.04.1 linux-buildinfo-4.15.0-159-generic - 4.15.0-159.167~16.04.1 linux-tools-4.15.0-159-generic - 4.15.0-159.167~16.04.1 linux-modules-4.15.0-159-lowlatency - 4.15.0-159.167~16.04.1 linux-image-unsigned-4.15.0-159-lowlatency - 4.15.0-159.167~16.04.1 linux-headers-4.15.0-159 - 4.15.0-159.167~16.04.1 linux-headers-4.15.0-159-generic - 4.15.0-159.167~16.04.1 linux-image-4.15.0-159-lowlatency - 4.15.0-159.167~16.04.1 linux-modules-extra-4.15.0-159-generic - 4.15.0-159.167~16.04.1 linux-hwe-tools-4.15.0-159 - 4.15.0-159.167~16.04.1 linux-buildinfo-4.15.0-159-lowlatency - 4.15.0-159.167~16.04.1 linux-hwe-cloud-tools-4.15.0-159 - 4.15.0-159.167~16.04.1 linux-modules-4.15.0-159-generic - 4.15.0-159.167~16.04.1 linux-tools-4.15.0-159-lowlatency - 4.15.0-159.167~16.04.1 linux-image-4.15.0-159-generic - 4.15.0-159.167~16.04.1 linux-cloud-tools-4.15.0-159-lowlatency - 4.15.0-159.167~16.04.1 linux-source-4.15.0 - 4.15.0-159.167~16.04.1 linux-image-unsigned-4.15.0-159-generic - 4.15.0-159.167~16.04.1 linux-headers-4.15.0-159-lowlatency - 4.15.0-159.167~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-oracle - 4.15.0.1081.69 linux-signed-image-oracle - 4.15.0.1081.69 linux-signed-oracle - 4.15.0.1081.69 linux-headers-oracle - 4.15.0.1081.69 linux-image-oracle - 4.15.0.1081.69 linux-oracle - 4.15.0.1081.69 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-gke - 4.15.0.1109.110 linux-headers-gke - 4.15.0.1109.110 linux-modules-extra-gcp - 4.15.0.1109.110 linux-tools-gke - 4.15.0.1109.110 linux-tools-gcp - 4.15.0.1109.110 linux-gke - 4.15.0.1109.110 linux-gcp - 4.15.0.1109.110 linux-image-gke - 4.15.0.1109.110 linux-headers-gcp - 4.15.0.1109.110 linux-image-gcp - 4.15.0.1109.110 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-hwe - 4.15.0.1112.103 linux-modules-extra-aws-hwe - 4.15.0.1112.103 linux-aws-edge - 4.15.0.1112.103 linux-image-aws-hwe - 4.15.0.1112.103 linux-headers-aws-hwe - 4.15.0.1112.103 linux-tools-aws-hwe - 4.15.0.1112.103 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1124.115 linux-tools-azure-edge - 4.15.0.1124.115 linux-cloud-tools-azure - 4.15.0.1124.115 linux-tools-azure - 4.15.0.1124.115 linux-image-azure-edge - 4.15.0.1124.115 linux-signed-image-azure-edge - 4.15.0.1124.115 linux-image-azure - 4.15.0.1124.115 linux-cloud-tools-azure-edge - 4.15.0.1124.115 linux-modules-extra-azure - 4.15.0.1124.115 linux-azure - 4.15.0.1124.115 linux-signed-image-azure - 4.15.0.1124.115 linux-headers-azure-edge - 4.15.0.1124.115 linux-azure-edge - 4.15.0.1124.115 linux-modules-extra-azure-edge - 4.15.0.1124.115 linux-signed-azure-edge - 4.15.0.1124.115 linux-headers-azure - 4.15.0.1124.115 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-lowlatency-hwe-16.04 - 4.15.0.159.152 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.159.152 linux-image-oem - 4.15.0.159.152 linux-headers-generic-hwe-16.04-edge - 4.15.0.159.152 linux-signed-generic-hwe-16.04-edge - 4.15.0.159.152 linux-tools-virtual-hwe-16.04 - 4.15.0.159.152 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.159.152 linux-image-virtual-hwe-16.04-edge - 4.15.0.159.152 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.159.152 linux-signed-lowlatency-hwe-16.04 - 4.15.0.159.152 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.159.152 linux-generic-hwe-16.04-edge - 4.15.0.159.152 linux-headers-lowlatency-hwe-16.04 - 4.15.0.159.152 linux-image-extra-virtual-hwe-16.04 - 4.15.0.159.152 linux-virtual-hwe-16.04 - 4.15.0.159.152 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.159.152 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.159.152 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.159.152 linux-tools-oem - 4.15.0.159.152 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.159.152 linux-headers-oem - 4.15.0.159.152 linux-signed-image-generic-hwe-16.04 - 4.15.0.159.152 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.159.152 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.159.152 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.159.152 linux-headers-virtual-hwe-16.04-edge - 4.15.0.159.152 linux-lowlatency-hwe-16.04 - 4.15.0.159.152 linux-headers-generic-hwe-16.04 - 4.15.0.159.152 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.159.152 linux-generic-hwe-16.04 - 4.15.0.159.152 linux-tools-virtual-hwe-16.04-edge - 4.15.0.159.152 linux-oem - 4.15.0.159.152 linux-image-generic-hwe-16.04-edge - 4.15.0.159.152 linux-lowlatency-hwe-16.04-edge - 4.15.0.159.152 linux-image-generic-hwe-16.04 - 4.15.0.159.152 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.159.152 linux-tools-lowlatency-hwe-16.04 - 4.15.0.159.152 linux-signed-generic-hwe-16.04 - 4.15.0.159.152 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.159.152 linux-headers-virtual-hwe-16.04 - 4.15.0.159.152 linux-virtual-hwe-16.04-edge - 4.15.0.159.152 linux-signed-oem - 4.15.0.159.152 linux-image-virtual-hwe-16.04 - 4.15.0.159.152 linux-signed-image-oem - 4.15.0.159.152 linux-tools-generic-hwe-16.04 - 4.15.0.159.152 linux-tools-generic-hwe-16.04-edge - 4.15.0.159.152 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-22543 CVE-2021-3679 CVE-2021-3732 CVE-2021-37576 CVE-2021-38204 CVE-2021-38205 Ubuntu 16.04 LTS USN-5102-1 fixed vulnerabilities in Mercurial. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Mercurial mishandled symlinks in subrepositories. An attacker could use this issue to write arbitrary files to the target’s filesystem. (CVE-2019-3902) It was discovered that Mercurial incorrectly handled certain manifest files. An attacker could use this issue to cause a denial of service and possibly execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. (CVE-2018-17983) Update Instructions: Run `sudo pro fix USN-5102-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mercurial - 3.7.3-1ubuntu1.2+esm2 mercurial-common - 3.7.3-1ubuntu1.2+esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-3902 CVE-2018-17983 Ubuntu 16.04 LTS Lei Wang and Ruizhi Xiao discovered that the Moby Docker engine in Docker incorrectly allowed the docker cp command to make permissions changes in the host filesystem in some situations. A local attacker could possibly use to this to expose sensitive information or gain administrative privileges. Update Instructions: Run `sudo pro fix USN-5103-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: golang-github-docker-docker-dev - 18.09.7-0ubuntu1~16.04.9+esm1 docker.io - 18.09.7-0ubuntu1~16.04.9+esm1 golang-docker-dev - 18.09.7-0ubuntu1~16.04.9+esm1 vim-syntax-docker - 18.09.7-0ubuntu1~16.04.9+esm1 docker-doc - 18.09.7-0ubuntu1~16.04.9+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-41089 Ubuntu 16.04 LTS USN-5108-1 fixed a vulnerability in Libntlm. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Libntlm incorrectly handled specially crafted NTML requests. An attacker could possibly use this issue to cause a denial of service or another unspecified impact. Update Instructions: Run `sudo pro fix USN-5108-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libntlm0 - 1.4-7ubuntu0.1~esm1 libntlm0-dev - 1.4-7ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-17455 Ubuntu 16.04 LTS It was discovered that nginx incorrectly handled files with certain modification dates. A remote attacker could possibly use this issue to cause a denial of service or other unspecified impact. Update Instructions: Run `sudo pro fix USN-5109-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nginx-extras - 1.10.3-0ubuntu0.16.04.5+esm2 nginx-core - 1.10.3-0ubuntu0.16.04.5+esm2 nginx-common - 1.10.3-0ubuntu0.16.04.5+esm2 nginx-full - 1.10.3-0ubuntu0.16.04.5+esm2 nginx - 1.10.3-0ubuntu0.16.04.5+esm2 nginx-light - 1.10.3-0ubuntu0.16.04.5+esm2 nginx-doc - 1.10.3-0ubuntu0.16.04.5+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-20005 Ubuntu 16.04 LTS USN-5111-1 fixed a vulnerability in strongSwan. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that strongSwan incorrectly handled replacing certificates in the cache. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-41991) Update Instructions: Run `sudo pro fix USN-5111-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: strongswan-plugin-xauth-pam - 5.3.5-1ubuntu3.8+esm1 libcharon-extra-plugins - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-eap-simaka-pseudonym - 5.3.5-1ubuntu3.8+esm1 libstrongswan-extra-plugins - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-xauth-noauth - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-farp - 5.3.5-1ubuntu3.8+esm1 strongswan-charon - 5.3.5-1ubuntu3.8+esm1 strongswan-ikev1 - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-xauth-eap - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-sshkey - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-error-notify - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-ipseckey - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-sql - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-coupling - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-xauth-generic - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-lookip - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-eap-ttls - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-af-alg - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-eap-aka-3gpp2 - 5.3.5-1ubuntu3.8+esm1 strongswan-ike - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-eap-sim-pcsc - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-eap-aka - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-eap-sim-file - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-unbound - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-eap-simaka-sql - 5.3.5-1ubuntu3.8+esm1 libstrongswan-standard-plugins - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-sqlite - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-duplicheck - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-ntru - 5.3.5-1ubuntu3.8+esm1 strongswan-tnc-server - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-attr-sql - 5.3.5-1ubuntu3.8+esm1 strongswan-tnc-base - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-eap-peap - 5.3.5-1ubuntu3.8+esm1 strongswan-starter - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-curl - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-radattr - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-soup - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-eap-dynamic - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-eap-gtc - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-eap-tls - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-eap-tnc - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-eap-radius - 5.3.5-1ubuntu3.8+esm1 strongswan-ikev2 - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-systime-fix - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-mysql - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-eap-simaka-reauth - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-openssl - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-dnscert - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-pubkey - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-eap-md5 - 5.3.5-1ubuntu3.8+esm1 charon-cmd - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-whitelist - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-fips-prf - 5.3.5-1ubuntu3.8+esm1 strongswan-libcharon - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-eap-mschapv2 - 5.3.5-1ubuntu3.8+esm1 strongswan-nm - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-ldap - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-certexpire - 5.3.5-1ubuntu3.8+esm1 strongswan-tnc-pdp - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-eap-sim - 5.3.5-1ubuntu3.8+esm1 strongswan-tnc-client - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-gcrypt - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-led - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-dhcp - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-dnskey - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-gmp - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-agent - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-pgp - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-kernel-libipsec - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-load-tester - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-unity - 5.3.5-1ubuntu3.8+esm1 strongswan - 5.3.5-1ubuntu3.8+esm1 strongswan-plugin-pkcs11 - 5.3.5-1ubuntu3.8+esm1 strongswan-tnc-ifmap - 5.3.5-1ubuntu3.8+esm1 libstrongswan - 5.3.5-1ubuntu3.8+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-41991 Ubuntu 16.04 LTS It was discovered that a race condition existed in the Atheros Ath9k WiFi driver in the Linux kernel. An attacker could possibly use this to expose sensitive information (WiFi network traffic). (CVE-2020-3702) It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly compute the access permissions for shadow pages in some situations. A local attacker could use this to cause a denial of service. (CVE-2021-38198) It was discovered that the ext4 file system in the Linux kernel contained a race condition when writing xattrs to an inode. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. (CVE-2021-40490) It was discovered that the 6pack network protocol driver in the Linux kernel did not properly perform validation checks. A privileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-42008) Update Instructions: Run `sudo pro fix USN-5114-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1082-oracle - 4.15.0-1082.90~16.04.1 linux-modules-extra-4.15.0-1082-oracle - 4.15.0-1082.90~16.04.1 linux-tools-4.15.0-1082-oracle - 4.15.0-1082.90~16.04.1 linux-buildinfo-4.15.0-1082-oracle - 4.15.0-1082.90~16.04.1 linux-image-4.15.0-1082-oracle - 4.15.0-1082.90~16.04.1 linux-oracle-tools-4.15.0-1082 - 4.15.0-1082.90~16.04.1 linux-oracle-headers-4.15.0-1082 - 4.15.0-1082.90~16.04.1 linux-headers-4.15.0-1082-oracle - 4.15.0-1082.90~16.04.1 linux-modules-4.15.0-1082-oracle - 4.15.0-1082.90~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp-tools-4.15.0-1110 - 4.15.0-1110.124~16.04.1 linux-modules-extra-4.15.0-1110-gcp - 4.15.0-1110.124~16.04.1 linux-buildinfo-4.15.0-1110-gcp - 4.15.0-1110.124~16.04.1 linux-tools-4.15.0-1110-gcp - 4.15.0-1110.124~16.04.1 linux-image-unsigned-4.15.0-1110-gcp - 4.15.0-1110.124~16.04.1 linux-gcp-headers-4.15.0-1110 - 4.15.0-1110.124~16.04.1 linux-image-4.15.0-1110-gcp - 4.15.0-1110.124~16.04.1 linux-modules-4.15.0-1110-gcp - 4.15.0-1110.124~16.04.1 linux-headers-4.15.0-1110-gcp - 4.15.0-1110.124~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-hwe-cloud-tools-4.15.0-1113 - 4.15.0-1113.120~16.04.1 linux-aws-hwe-tools-4.15.0-1113 - 4.15.0-1113.120~16.04.1 linux-image-4.15.0-1113-aws - 4.15.0-1113.120~16.04.1 linux-modules-4.15.0-1113-aws - 4.15.0-1113.120~16.04.1 linux-modules-extra-4.15.0-1113-aws - 4.15.0-1113.120~16.04.1 linux-cloud-tools-4.15.0-1113-aws - 4.15.0-1113.120~16.04.1 linux-headers-4.15.0-1113-aws - 4.15.0-1113.120~16.04.1 linux-buildinfo-4.15.0-1113-aws - 4.15.0-1113.120~16.04.1 linux-aws-headers-4.15.0-1113 - 4.15.0-1113.120~16.04.1 linux-tools-4.15.0-1113-aws - 4.15.0-1113.120~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-4.15.0-1125-azure - 4.15.0-1125.138~16.04.1 linux-azure-cloud-tools-4.15.0-1125 - 4.15.0-1125.138~16.04.1 linux-image-4.15.0-1125-azure - 4.15.0-1125.138~16.04.1 linux-azure-headers-4.15.0-1125 - 4.15.0-1125.138~16.04.1 linux-modules-extra-4.15.0-1125-azure - 4.15.0-1125.138~16.04.1 linux-tools-4.15.0-1125-azure - 4.15.0-1125.138~16.04.1 linux-buildinfo-4.15.0-1125-azure - 4.15.0-1125.138~16.04.1 linux-headers-4.15.0-1125-azure - 4.15.0-1125.138~16.04.1 linux-azure-tools-4.15.0-1125 - 4.15.0-1125.138~16.04.1 linux-image-unsigned-4.15.0-1125-azure - 4.15.0-1125.138~16.04.1 linux-modules-4.15.0-1125-azure - 4.15.0-1125.138~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-4.15.0-161-generic - 4.15.0-161.169~16.04.1 linux-cloud-tools-4.15.0-161-lowlatency - 4.15.0-161.169~16.04.1 linux-modules-4.15.0-161-generic - 4.15.0-161.169~16.04.1 linux-buildinfo-4.15.0-161-lowlatency - 4.15.0-161.169~16.04.1 linux-image-4.15.0-161-lowlatency - 4.15.0-161.169~16.04.1 linux-headers-4.15.0-161-lowlatency - 4.15.0-161.169~16.04.1 linux-modules-4.15.0-161-lowlatency - 4.15.0-161.169~16.04.1 linux-headers-4.15.0-161 - 4.15.0-161.169~16.04.1 linux-image-4.15.0-161-generic - 4.15.0-161.169~16.04.1 linux-tools-4.15.0-161-generic - 4.15.0-161.169~16.04.1 linux-image-unsigned-4.15.0-161-generic - 4.15.0-161.169~16.04.1 linux-buildinfo-4.15.0-161-generic - 4.15.0-161.169~16.04.1 linux-image-unsigned-4.15.0-161-lowlatency - 4.15.0-161.169~16.04.1 linux-tools-4.15.0-161-lowlatency - 4.15.0-161.169~16.04.1 linux-hwe-tools-4.15.0-161 - 4.15.0-161.169~16.04.1 linux-headers-4.15.0-161-generic - 4.15.0-161.169~16.04.1 linux-hwe-cloud-tools-4.15.0-161 - 4.15.0-161.169~16.04.1 linux-source-4.15.0 - 4.15.0-161.169~16.04.1 linux-cloud-tools-4.15.0-161-generic - 4.15.0-161.169~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-oracle - 4.15.0.1082.70 linux-signed-image-oracle - 4.15.0.1082.70 linux-headers-oracle - 4.15.0.1082.70 linux-signed-oracle - 4.15.0.1082.70 linux-image-oracle - 4.15.0.1082.70 linux-oracle - 4.15.0.1082.70 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-gke - 4.15.0.1110.111 linux-headers-gke - 4.15.0.1110.111 linux-modules-extra-gcp - 4.15.0.1110.111 linux-tools-gke - 4.15.0.1110.111 linux-tools-gcp - 4.15.0.1110.111 linux-gke - 4.15.0.1110.111 linux-gcp - 4.15.0.1110.111 linux-image-gke - 4.15.0.1110.111 linux-headers-gcp - 4.15.0.1110.111 linux-image-gcp - 4.15.0.1110.111 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-hwe - 4.15.0.1113.104 linux-modules-extra-aws-hwe - 4.15.0.1113.104 linux-aws-edge - 4.15.0.1113.104 linux-image-aws-hwe - 4.15.0.1113.104 linux-headers-aws-hwe - 4.15.0.1113.104 linux-tools-aws-hwe - 4.15.0.1113.104 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1125.116 linux-tools-azure-edge - 4.15.0.1125.116 linux-cloud-tools-azure - 4.15.0.1125.116 linux-tools-azure - 4.15.0.1125.116 linux-image-azure-edge - 4.15.0.1125.116 linux-cloud-tools-azure-edge - 4.15.0.1125.116 linux-modules-extra-azure - 4.15.0.1125.116 linux-azure - 4.15.0.1125.116 linux-signed-image-azure-edge - 4.15.0.1125.116 linux-image-azure - 4.15.0.1125.116 linux-signed-image-azure - 4.15.0.1125.116 linux-headers-azure-edge - 4.15.0.1125.116 linux-azure-edge - 4.15.0.1125.116 linux-modules-extra-azure-edge - 4.15.0.1125.116 linux-signed-azure-edge - 4.15.0.1125.116 linux-headers-azure - 4.15.0.1125.116 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-lowlatency-hwe-16.04 - 4.15.0.161.154 linux-signed-generic-hwe-16.04-edge - 4.15.0.161.154 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.161.154 linux-image-extra-virtual-hwe-16.04 - 4.15.0.161.154 linux-image-oem - 4.15.0.161.154 linux-headers-generic-hwe-16.04-edge - 4.15.0.161.154 linux-tools-virtual-hwe-16.04 - 4.15.0.161.154 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.161.154 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.161.154 linux-signed-lowlatency-hwe-16.04 - 4.15.0.161.154 linux-headers-oem - 4.15.0.161.154 linux-oem - 4.15.0.161.154 linux-generic-hwe-16.04-edge - 4.15.0.161.154 linux-headers-lowlatency-hwe-16.04 - 4.15.0.161.154 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.161.154 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.161.154 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.161.154 linux-tools-oem - 4.15.0.161.154 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.161.154 linux-signed-image-generic-hwe-16.04 - 4.15.0.161.154 linux-image-virtual-hwe-16.04-edge - 4.15.0.161.154 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.161.154 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.161.154 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.161.154 linux-headers-virtual-hwe-16.04-edge - 4.15.0.161.154 linux-lowlatency-hwe-16.04 - 4.15.0.161.154 linux-headers-generic-hwe-16.04 - 4.15.0.161.154 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.161.154 linux-generic-hwe-16.04 - 4.15.0.161.154 linux-tools-virtual-hwe-16.04-edge - 4.15.0.161.154 linux-image-generic-hwe-16.04-edge - 4.15.0.161.154 linux-lowlatency-hwe-16.04-edge - 4.15.0.161.154 linux-image-generic-hwe-16.04 - 4.15.0.161.154 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.161.154 linux-virtual-hwe-16.04-edge - 4.15.0.161.154 linux-tools-lowlatency-hwe-16.04 - 4.15.0.161.154 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.161.154 linux-headers-virtual-hwe-16.04 - 4.15.0.161.154 linux-virtual-hwe-16.04 - 4.15.0.161.154 linux-signed-oem - 4.15.0.161.154 linux-image-virtual-hwe-16.04 - 4.15.0.161.154 linux-signed-generic-hwe-16.04 - 4.15.0.161.154 linux-signed-image-oem - 4.15.0.161.154 linux-tools-generic-hwe-16.04 - 4.15.0.161.154 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.161.154 linux-tools-generic-hwe-16.04-edge - 4.15.0.161.154 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-3702 CVE-2021-38198 CVE-2021-40490 CVE-2021-42008 Ubuntu 16.04 LTS It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to cause a crash. (CVE-2021-30498, CVE-2021-30499) Update Instructions: Run `sudo pro fix USN-5119-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: caca-utils - 0.99.beta19-2ubuntu0.16.04.2+esm1 libcaca-dev - 0.99.beta19-2ubuntu0.16.04.2+esm1 libcaca0 - 0.99.beta19-2ubuntu0.16.04.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-30498 CVE-2021-30499 Ubuntu 16.04 LTS Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman did not properly associate cross-site request forgery (CSRF) tokens to specific accounts. A remote attacker could use this to perform a CSRF attack to gain access to another account. (CVE-2021-42097) Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman's cross-site request forgery (CSRF) tokens for the options page are derived from the admin password. A remote attacker could possibly use this to assist in performing a brute force attack against the admin password. (CVE-2021-42096) Update Instructions: Run `sudo pro fix USN-5121-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mailman - 1:2.1.20-1ubuntu0.6+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-42096 CVE-2021-42097 Ubuntu 16.04 LTS USN-5122-1 fixed a vulnerability in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Apport could be tricked into writing core files as root into arbitrary directories in certain scenarios. A local attacker could possibly use this issue to escalate privileges. On Ubuntu 16.04 ESM This update will cause Apport to generate all core files in the /var/lib/apport/coredump directory. On Ubuntu 14.04 ESM, core file generation has been disabled by default. Update Instructions: Run `sudo pro fix USN-5122-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apport - 2.20.1-0ubuntu2.30+esm3 python3-problem-report - 2.20.1-0ubuntu2.30+esm3 apport-kde - 2.20.1-0ubuntu2.30+esm3 apport-retrace - 2.20.1-0ubuntu2.30+esm3 apport-valgrind - 2.20.1-0ubuntu2.30+esm3 python3-apport - 2.20.1-0ubuntu2.30+esm3 dh-apport - 2.20.1-0ubuntu2.30+esm3 apport-gtk - 2.20.1-0ubuntu2.30+esm3 python-apport - 2.20.1-0ubuntu2.30+esm3 python-problem-report - 2.20.1-0ubuntu2.30+esm3 apport-noui - 2.20.1-0ubuntu2.30+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/1948657 Ubuntu 16.04 LTS USN-5123-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.27 in Ubuntu 20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.36. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-36.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-27.html https://www.oracle.com/security-alerts/cpuoct2021.html Update Instructions: Run `sudo pro fix USN-5123-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.36-0ubuntu0.16.04.1+esm1 mysql-source-5.7 - 5.7.36-0ubuntu0.16.04.1+esm1 libmysqlclient-dev - 5.7.36-0ubuntu0.16.04.1+esm1 mysql-client-core-5.7 - 5.7.36-0ubuntu0.16.04.1+esm1 mysql-client-5.7 - 5.7.36-0ubuntu0.16.04.1+esm1 libmysqlclient20 - 5.7.36-0ubuntu0.16.04.1+esm1 mysql-server-5.7 - 5.7.36-0ubuntu0.16.04.1+esm1 mysql-common - 5.7.36-0ubuntu0.16.04.1+esm1 mysql-server - 5.7.36-0ubuntu0.16.04.1+esm1 mysql-server-core-5.7 - 5.7.36-0ubuntu0.16.04.1+esm1 mysql-testsuite - 5.7.36-0ubuntu0.16.04.1+esm1 libmysqld-dev - 5.7.36-0ubuntu0.16.04.1+esm1 mysql-testsuite-5.7 - 5.7.36-0ubuntu0.16.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-35604 CVE-2021-35624 Ubuntu 16.04 LTS It was discovered that PHP-FPM in PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5125-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.0-cgi - 7.0.33-0ubuntu0.16.04.16+esm2 php7.0-mcrypt - 7.0.33-0ubuntu0.16.04.16+esm2 php7.0-xsl - 7.0.33-0ubuntu0.16.04.16+esm2 php7.0-fpm - 7.0.33-0ubuntu0.16.04.16+esm2 libphp7.0-embed - 7.0.33-0ubuntu0.16.04.16+esm2 php7.0-cli - 7.0.33-0ubuntu0.16.04.16+esm2 php7.0-curl - 7.0.33-0ubuntu0.16.04.16+esm2 php7.0-ldap - 7.0.33-0ubuntu0.16.04.16+esm2 php7.0-mbstring - 7.0.33-0ubuntu0.16.04.16+esm2 php7.0-gmp - 7.0.33-0ubuntu0.16.04.16+esm2 php7.0-sqlite3 - 7.0.33-0ubuntu0.16.04.16+esm2 php7.0-gd - 7.0.33-0ubuntu0.16.04.16+esm2 php7.0-common - 7.0.33-0ubuntu0.16.04.16+esm2 php7.0-enchant - 7.0.33-0ubuntu0.16.04.16+esm2 php7.0-odbc - 7.0.33-0ubuntu0.16.04.16+esm2 php7.0-phpdbg - 7.0.33-0ubuntu0.16.04.16+esm2 php7.0-json - 7.0.33-0ubuntu0.16.04.16+esm2 php7.0-pgsql - 7.0.33-0ubuntu0.16.04.16+esm2 libapache2-mod-php7.0 - 7.0.33-0ubuntu0.16.04.16+esm2 php7.0-zip - 7.0.33-0ubuntu0.16.04.16+esm2 php7.0-imap - 7.0.33-0ubuntu0.16.04.16+esm2 php7.0-dba - 7.0.33-0ubuntu0.16.04.16+esm2 php7.0-sybase - 7.0.33-0ubuntu0.16.04.16+esm2 php7.0-pspell - 7.0.33-0ubuntu0.16.04.16+esm2 php7.0-xml - 7.0.33-0ubuntu0.16.04.16+esm2 php7.0-bz2 - 7.0.33-0ubuntu0.16.04.16+esm2 php7.0-recode - 7.0.33-0ubuntu0.16.04.16+esm2 php7.0-soap - 7.0.33-0ubuntu0.16.04.16+esm2 php7.0 - 7.0.33-0ubuntu0.16.04.16+esm2 php7.0-tidy - 7.0.33-0ubuntu0.16.04.16+esm2 php7.0-interbase - 7.0.33-0ubuntu0.16.04.16+esm2 php7.0-opcache - 7.0.33-0ubuntu0.16.04.16+esm2 php7.0-readline - 7.0.33-0ubuntu0.16.04.16+esm2 php7.0-intl - 7.0.33-0ubuntu0.16.04.16+esm2 php7.0-mysql - 7.0.33-0ubuntu0.16.04.16+esm2 php7.0-xmlrpc - 7.0.33-0ubuntu0.16.04.16+esm2 php7.0-bcmath - 7.0.33-0ubuntu0.16.04.16+esm2 php7.0-dev - 7.0.33-0ubuntu0.16.04.16+esm2 php7.0-snmp - 7.0.33-0ubuntu0.16.04.16+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-21703 Ubuntu 16.04 LTS USN-5126-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Kishore Kumar Kothapalli discovered that Bind incorrectly handled the lame cache when processing responses. A remote attacker could possibly use this issue to cause Bind to consume resources, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-5126-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libisc160 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm1 libisccc-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm1 libdns162 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm1 libbind-dev - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm1 liblwres141 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm1 libisccc-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm1 libisccfg-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm1 bind9 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm1 libisc-export160 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm1 bind9-doc - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm1 libbind-export-dev - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm1 libisccc140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm1 host - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm1 libisccfg140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm1 bind9-host - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm1 dnsutils - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm1 libdns-export162 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm1 bind9utils - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm1 libbind9-140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm1 libirs141 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm1 libirs-export141 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm1 lwresd - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-25219 Ubuntu 16.04 LTS It was discovered that ICU contains a use after free issue. An attacker could use this issue to cause a denial of service with crafted input. Update Instructions: Run `sudo pro fix USN-5133-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: icu-devtools - 55.1-7ubuntu0.5+esm1 libicu55 - 55.1-7ubuntu0.5+esm1 libicu-dev - 55.1-7ubuntu0.5+esm1 icu-doc - 55.1-7ubuntu0.5+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2020-21913 Ubuntu 16.04 LTS It was discovered that the f2fs file system in the Linux kernel did not properly validate metadata in some situations. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19449) It was discovered that the FUSE user space file system implementation in the Linux kernel did not properly handle bad inodes in some situations. A local attacker could possibly use this to cause a denial of service. (CVE-2020-36322) It was discovered that the Infiniband RDMA userspace connection manager implementation in the Linux kernel contained a race condition leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possible execute arbitrary code. (CVE-2020-36385) Ilja Van Sprundel discovered that the SCTP implementation in the Linux kernel did not properly perform size validations on incoming packets in some situations. An attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2021-3655) It was discovered that the Qualcomm IPC Router protocol implementation in the Linux kernel did not properly validate metadata in some situations. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2021-3743) It was discovered that the virtual terminal (vt) device implementation in the Linux kernel contained a race condition in its ioctl handling that led to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information. (CVE-2021-3753) It was discovered that the Linux kernel did not properly account for the memory usage of certain IPC objects. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-3759) Michael Wakabayashi discovered that the NFSv4 client implementation in the Linux kernel did not properly order connection setup operations. An attacker controlling a remote NFS server could use this to cause a denial of service on the client. (CVE-2021-38199) It was discovered that the Aspeed Low Pin Count (LPC) Bus Controller implementation in the Linux kernel did not properly perform boundary checks in some situations, allowing out-of-bounds write access. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. In Ubuntu, this issue only affected systems running armhf kernels. (CVE-2021-42252) Update Instructions: Run `sudo pro fix USN-5136-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1083-oracle - 4.15.0-1083.91~16.04.1 linux-headers-4.15.0-1083-oracle - 4.15.0-1083.91~16.04.1 linux-buildinfo-4.15.0-1083-oracle - 4.15.0-1083.91~16.04.1 linux-image-4.15.0-1083-oracle - 4.15.0-1083.91~16.04.1 linux-tools-4.15.0-1083-oracle - 4.15.0-1083.91~16.04.1 linux-modules-4.15.0-1083-oracle - 4.15.0-1083.91~16.04.1 linux-modules-extra-4.15.0-1083-oracle - 4.15.0-1083.91~16.04.1 linux-oracle-tools-4.15.0-1083 - 4.15.0-1083.91~16.04.1 linux-oracle-headers-4.15.0-1083 - 4.15.0-1083.91~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-4.15.0-1111-gcp - 4.15.0-1111.125~16.04.1 linux-gcp-tools-4.15.0-1111 - 4.15.0-1111.125~16.04.1 linux-modules-extra-4.15.0-1111-gcp - 4.15.0-1111.125~16.04.1 linux-image-4.15.0-1111-gcp - 4.15.0-1111.125~16.04.1 linux-gcp-headers-4.15.0-1111 - 4.15.0-1111.125~16.04.1 linux-image-unsigned-4.15.0-1111-gcp - 4.15.0-1111.125~16.04.1 linux-modules-4.15.0-1111-gcp - 4.15.0-1111.125~16.04.1 linux-buildinfo-4.15.0-1111-gcp - 4.15.0-1111.125~16.04.1 linux-headers-4.15.0-1111-gcp - 4.15.0-1111.125~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-1115-aws - 4.15.0-1115.122~16.04.1 linux-tools-4.15.0-1115-aws - 4.15.0-1115.122~16.04.1 linux-aws-hwe-cloud-tools-4.15.0-1115 - 4.15.0-1115.122~16.04.1 linux-aws-hwe-tools-4.15.0-1115 - 4.15.0-1115.122~16.04.1 linux-modules-4.15.0-1115-aws - 4.15.0-1115.122~16.04.1 linux-headers-4.15.0-1115-aws - 4.15.0-1115.122~16.04.1 linux-cloud-tools-4.15.0-1115-aws - 4.15.0-1115.122~16.04.1 linux-image-4.15.0-1115-aws - 4.15.0-1115.122~16.04.1 linux-modules-extra-4.15.0-1115-aws - 4.15.0-1115.122~16.04.1 linux-aws-headers-4.15.0-1115 - 4.15.0-1115.122~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-cloud-tools-4.15.0-1126 - 4.15.0-1126.139~16.04.1 linux-buildinfo-4.15.0-1126-azure - 4.15.0-1126.139~16.04.1 linux-modules-4.15.0-1126-azure - 4.15.0-1126.139~16.04.1 linux-image-unsigned-4.15.0-1126-azure - 4.15.0-1126.139~16.04.1 linux-azure-headers-4.15.0-1126 - 4.15.0-1126.139~16.04.1 linux-headers-4.15.0-1126-azure - 4.15.0-1126.139~16.04.1 linux-tools-4.15.0-1126-azure - 4.15.0-1126.139~16.04.1 linux-modules-extra-4.15.0-1126-azure - 4.15.0-1126.139~16.04.1 linux-image-4.15.0-1126-azure - 4.15.0-1126.139~16.04.1 linux-azure-tools-4.15.0-1126 - 4.15.0-1126.139~16.04.1 linux-cloud-tools-4.15.0-1126-azure - 4.15.0-1126.139~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-4.15.0-162-lowlatency - 4.15.0-162.170~16.04.1 linux-image-unsigned-4.15.0-162-generic - 4.15.0-162.170~16.04.1 linux-cloud-tools-4.15.0-162-generic - 4.15.0-162.170~16.04.1 linux-headers-4.15.0-162-lowlatency - 4.15.0-162.170~16.04.1 linux-tools-4.15.0-162-generic - 4.15.0-162.170~16.04.1 linux-headers-4.15.0-162 - 4.15.0-162.170~16.04.1 linux-modules-4.15.0-162-generic - 4.15.0-162.170~16.04.1 linux-image-unsigned-4.15.0-162-lowlatency - 4.15.0-162.170~16.04.1 linux-buildinfo-4.15.0-162-generic - 4.15.0-162.170~16.04.1 linux-headers-4.15.0-162-generic - 4.15.0-162.170~16.04.1 linux-tools-4.15.0-162-lowlatency - 4.15.0-162.170~16.04.1 linux-image-4.15.0-162-generic - 4.15.0-162.170~16.04.1 linux-hwe-tools-4.15.0-162 - 4.15.0-162.170~16.04.1 linux-cloud-tools-4.15.0-162-lowlatency - 4.15.0-162.170~16.04.1 linux-buildinfo-4.15.0-162-lowlatency - 4.15.0-162.170~16.04.1 linux-hwe-cloud-tools-4.15.0-162 - 4.15.0-162.170~16.04.1 linux-source-4.15.0 - 4.15.0-162.170~16.04.1 linux-image-4.15.0-162-lowlatency - 4.15.0-162.170~16.04.1 linux-modules-extra-4.15.0-162-generic - 4.15.0-162.170~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-oracle - 4.15.0.1083.71 linux-headers-oracle - 4.15.0.1083.71 linux-signed-image-oracle - 4.15.0.1083.71 linux-signed-oracle - 4.15.0.1083.71 linux-image-oracle - 4.15.0.1083.71 linux-oracle - 4.15.0.1083.71 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-gke - 4.15.0.1111.112 linux-modules-extra-gcp - 4.15.0.1111.112 linux-tools-gke - 4.15.0.1111.112 linux-tools-gcp - 4.15.0.1111.112 linux-gke - 4.15.0.1111.112 linux-gcp - 4.15.0.1111.112 linux-image-gke - 4.15.0.1111.112 linux-headers-gke - 4.15.0.1111.112 linux-headers-gcp - 4.15.0.1111.112 linux-image-gcp - 4.15.0.1111.112 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-hwe - 4.15.0.1115.105 linux-modules-extra-aws-hwe - 4.15.0.1115.105 linux-aws-edge - 4.15.0.1115.105 linux-image-aws-hwe - 4.15.0.1115.105 linux-headers-aws-hwe - 4.15.0.1115.105 linux-tools-aws-hwe - 4.15.0.1115.105 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1126.117 linux-tools-azure-edge - 4.15.0.1126.117 linux-cloud-tools-azure - 4.15.0.1126.117 linux-tools-azure - 4.15.0.1126.117 linux-image-azure-edge - 4.15.0.1126.117 linux-cloud-tools-azure-edge - 4.15.0.1126.117 linux-modules-extra-azure - 4.15.0.1126.117 linux-azure - 4.15.0.1126.117 linux-signed-image-azure-edge - 4.15.0.1126.117 linux-image-azure - 4.15.0.1126.117 linux-signed-image-azure - 4.15.0.1126.117 linux-headers-azure-edge - 4.15.0.1126.117 linux-azure-edge - 4.15.0.1126.117 linux-modules-extra-azure-edge - 4.15.0.1126.117 linux-signed-azure-edge - 4.15.0.1126.117 linux-headers-azure - 4.15.0.1126.117 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-virtual-hwe-16.04-edge - 4.15.0.162.155 linux-image-lowlatency-hwe-16.04 - 4.15.0.162.155 linux-signed-generic-hwe-16.04-edge - 4.15.0.162.155 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.162.155 linux-image-extra-virtual-hwe-16.04 - 4.15.0.162.155 linux-image-oem - 4.15.0.162.155 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.162.155 linux-headers-generic-hwe-16.04-edge - 4.15.0.162.155 linux-tools-virtual-hwe-16.04-edge - 4.15.0.162.155 linux-tools-virtual-hwe-16.04 - 4.15.0.162.155 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.162.155 linux-image-virtual-hwe-16.04-edge - 4.15.0.162.155 linux-signed-lowlatency-hwe-16.04 - 4.15.0.162.155 linux-headers-oem - 4.15.0.162.155 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.162.155 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.162.155 linux-oem - 4.15.0.162.155 linux-generic-hwe-16.04-edge - 4.15.0.162.155 linux-headers-lowlatency-hwe-16.04 - 4.15.0.162.155 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.162.155 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.162.155 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.162.155 linux-tools-oem - 4.15.0.162.155 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.162.155 linux-signed-image-generic-hwe-16.04 - 4.15.0.162.155 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.162.155 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.162.155 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.162.155 linux-lowlatency-hwe-16.04 - 4.15.0.162.155 linux-headers-generic-hwe-16.04 - 4.15.0.162.155 linux-generic-hwe-16.04 - 4.15.0.162.155 linux-virtual-hwe-16.04 - 4.15.0.162.155 linux-lowlatency-hwe-16.04-edge - 4.15.0.162.155 linux-image-generic-hwe-16.04 - 4.15.0.162.155 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.162.155 linux-virtual-hwe-16.04-edge - 4.15.0.162.155 linux-tools-lowlatency-hwe-16.04 - 4.15.0.162.155 linux-image-generic-hwe-16.04-edge - 4.15.0.162.155 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.162.155 linux-headers-virtual-hwe-16.04 - 4.15.0.162.155 linux-signed-oem - 4.15.0.162.155 linux-image-virtual-hwe-16.04 - 4.15.0.162.155 linux-signed-generic-hwe-16.04 - 4.15.0.162.155 linux-signed-image-oem - 4.15.0.162.155 linux-tools-generic-hwe-16.04 - 4.15.0.162.155 linux-tools-generic-hwe-16.04-edge - 4.15.0.162.155 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-19449 CVE-2020-36322 CVE-2020-36385 CVE-2021-3655 CVE-2021-3743 CVE-2021-3753 CVE-2021-3759 CVE-2021-38199 CVE-2021-42252 Ubuntu 16.04 LTS It was discovered that OpenEXR incorrectly handled certain EXR image files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5144-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libopenexr-dev - 2.2.0-10ubuntu2.6+esm2 openexr - 2.2.0-10ubuntu2.6+esm2 libopenexr22 - 2.2.0-10ubuntu2.6+esm2 openexr-doc - 2.2.0-10ubuntu2.6+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-3933 Ubuntu 16.04 LTS It was discovered that Vim incorrectly handled permissions on the .swp file. A local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 ESM. (CVE-2017-17087) It was discovered that Vim incorrectly handled restricted mode. A local attacker could possibly use this issue to bypass restricted mode and execute arbitrary commands. Note: This update only makes executing shell commands more difficult. Restricted mode should not be considered a complete security measure. This issue only affected Ubuntu 14.04 ESM. (CVE-2019-20807) Brian Carpenter discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possible execute arbitrary code with user privileges. This issue only affected Ubuntu 20.04 LTS, Ubuntu 21.04 and Ubuntu 21.10. (CVE-2021-3872) It was discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possible execute arbitrary code with user privileges. (CVE-2021-3903) It was discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possible execute arbitrary code with user privileges. (CVE-2021-3927) It was discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possible execute arbitrary code with user privileges. (CVE-2021-3928) Update Instructions: Run `sudo pro fix USN-5147-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:7.4.1689-3ubuntu1.5+esm3 vim-nox-py2 - 2:7.4.1689-3ubuntu1.5+esm3 vim-gnome - 2:7.4.1689-3ubuntu1.5+esm3 vim-athena-py2 - 2:7.4.1689-3ubuntu1.5+esm3 vim-athena - 2:7.4.1689-3ubuntu1.5+esm3 vim-gtk - 2:7.4.1689-3ubuntu1.5+esm3 vim-gui-common - 2:7.4.1689-3ubuntu1.5+esm3 vim - 2:7.4.1689-3ubuntu1.5+esm3 vim-gtk3-py2 - 2:7.4.1689-3ubuntu1.5+esm3 vim-doc - 2:7.4.1689-3ubuntu1.5+esm3 vim-gtk-py2 - 2:7.4.1689-3ubuntu1.5+esm3 vim-tiny - 2:7.4.1689-3ubuntu1.5+esm3 vim-gnome-py2 - 2:7.4.1689-3ubuntu1.5+esm3 vim-gtk3 - 2:7.4.1689-3ubuntu1.5+esm3 vim-nox - 2:7.4.1689-3ubuntu1.5+esm3 vim-runtime - 2:7.4.1689-3ubuntu1.5+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-17087 CVE-2019-20807 CVE-2021-3872 CVE-2021-3903 CVE-2021-3927 CVE-2021-3928 Ubuntu 16.04 LTS USN-5148-1 fixed a vulnerability in hivex. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that hivex incorrectly handled certain input. An attacker could use this vulnerability to cause a crash or obtain sensitive information. Update Instructions: Run `sudo pro fix USN-5148-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libhivex-bin - 1.3.13-1ubuntu0.1~esm1 libhivex-ocaml-dev - 1.3.13-1ubuntu0.1~esm1 libhivex-dev - 1.3.13-1ubuntu0.1~esm1 libhivex0 - 1.3.13-1ubuntu0.1~esm1 python3-hivex - 1.3.13-1ubuntu0.1~esm1 libwin-hivex-perl - 1.3.13-1ubuntu0.1~esm1 libhivex-ocaml - 1.3.13-1ubuntu0.1~esm1 python-hivex - 1.3.13-1ubuntu0.1~esm1 ruby-hivex - 1.3.13-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-3504 Ubuntu 16.04 LTS It was discovered that OpenEXR incorrectly handled certain EXR image files. An attacker could possibly use this issue to cause a crash. Update Instructions: Run `sudo pro fix USN-5150-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libopenexr-dev - 2.2.0-10ubuntu2.6+esm3 openexr - 2.2.0-10ubuntu2.6+esm3 libopenexr22 - 2.2.0-10ubuntu2.6+esm3 openexr-doc - 2.2.0-10ubuntu2.6+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2021-3941 Ubuntu 16.04 LTS It was discovered that Mailman incorrectly handled certain URL. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-43331) It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2021-43332) Update Instructions: Run `sudo pro fix USN-5151-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mailman - 1:2.1.20-1ubuntu0.6+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-43331 CVE-2021-43332 https://launchpad.net/bugs/1949401 https://launchpad.net/mailman/+bug/1949403 Ubuntu 16.04 LTS It was discovered that ImageMagick incorrectly handled certain values when processing visual effects based image files. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. (CVE-2021-20244) It was discovered that ImageMagick incorrectly handled certain values when performing resampling operations. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. (CVE-2021-20246) It was discovered that ImageMagick incorrectly handled certain values when processing visual effects based image files. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service (CVE-2021-20309) It was discovered that ImageMagick incorrectly handled certain values when processing thumbnail image data. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. (CVE-2021-20312) It was discovered that ImageMagick incorrectly handled memory cleanup when performing certain cryptographic operations. Under certain conditions sensitive cryptographic information could be disclosed. (CVE-2021-20313) Update Instructions: Run `sudo pro fix USN-5158-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.8.9.9-7ubuntu5.16+esm1 libmagickcore-6.q16-dev - 8:6.8.9.9-7ubuntu5.16+esm1 imagemagick - 8:6.8.9.9-7ubuntu5.16+esm1 imagemagick-doc - 8:6.8.9.9-7ubuntu5.16+esm1 libmagickwand-6.q16-dev - 8:6.8.9.9-7ubuntu5.16+esm1 libmagick++-6-headers - 8:6.8.9.9-7ubuntu5.16+esm1 libimage-magick-q16-perl - 8:6.8.9.9-7ubuntu5.16+esm1 libmagickwand-dev - 8:6.8.9.9-7ubuntu5.16+esm1 libimage-magick-perl - 8:6.8.9.9-7ubuntu5.16+esm1 libmagick++-dev - 8:6.8.9.9-7ubuntu5.16+esm1 imagemagick-6.q16 - 8:6.8.9.9-7ubuntu5.16+esm1 libmagick++-6.q16-5v5 - 8:6.8.9.9-7ubuntu5.16+esm1 perlmagick - 8:6.8.9.9-7ubuntu5.16+esm1 libmagickwand-6.q16-2 - 8:6.8.9.9-7ubuntu5.16+esm1 libmagickcore-6-headers - 8:6.8.9.9-7ubuntu5.16+esm1 libmagickcore-6-arch-config - 8:6.8.9.9-7ubuntu5.16+esm1 libmagick++-6.q16-dev - 8:6.8.9.9-7ubuntu5.16+esm1 libmagickcore-6.q16-2-extra - 8:6.8.9.9-7ubuntu5.16+esm1 libmagickcore-dev - 8:6.8.9.9-7ubuntu5.16+esm1 libmagickwand-6-headers - 8:6.8.9.9-7ubuntu5.16+esm1 libmagickcore-6.q16-2 - 8:6.8.9.9-7ubuntu5.16+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-20244 CVE-2021-20246 CVE-2021-20309 CVE-2021-20312 CVE-2021-20313 Ubuntu 16.04 LTS It was discovered that bl incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5159-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: node-bl - 0.9.3-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-8244 Ubuntu 16.04 LTS It was discovered that Midnight Commander would not check server fingerprints when establishing an SFTP connection. If a remote attacker were able to intercept communications this flaw could be exploited to impersonate the SFTP server. Update Instructions: Run `sudo pro fix USN-5160-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mc-data - 3:4.8.15-2ubuntu0.1~esm1 mc - 3:4.8.15-2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-36370 Ubuntu 16.04 LTS It was discovered that the Option USB High Speed Mobile device driver in the Linux kernel did not properly handle error conditions. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-37159) It was discovered that the AMD Cryptographic Coprocessor (CCP) driver in the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-3744, CVE-2021-3764) Update Instructions: Run `sudo pro fix USN-5164-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1084-oracle - 4.15.0-1084.92~16.04.1 linux-image-unsigned-4.15.0-1084-oracle - 4.15.0-1084.92~16.04.1 linux-modules-4.15.0-1084-oracle - 4.15.0-1084.92~16.04.1 linux-tools-4.15.0-1084-oracle - 4.15.0-1084.92~16.04.1 linux-headers-4.15.0-1084-oracle - 4.15.0-1084.92~16.04.1 linux-image-4.15.0-1084-oracle - 4.15.0-1084.92~16.04.1 linux-modules-extra-4.15.0-1084-oracle - 4.15.0-1084.92~16.04.1 linux-oracle-tools-4.15.0-1084 - 4.15.0-1084.92~16.04.1 linux-oracle-headers-4.15.0-1084 - 4.15.0-1084.92~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-1112-gcp - 4.15.0-1112.126~16.04.1 linux-gcp-tools-4.15.0-1112 - 4.15.0-1112.126~16.04.1 linux-headers-4.15.0-1112-gcp - 4.15.0-1112.126~16.04.1 linux-gcp-headers-4.15.0-1112 - 4.15.0-1112.126~16.04.1 linux-image-4.15.0-1112-gcp - 4.15.0-1112.126~16.04.1 linux-modules-extra-4.15.0-1112-gcp - 4.15.0-1112.126~16.04.1 linux-modules-4.15.0-1112-gcp - 4.15.0-1112.126~16.04.1 linux-tools-4.15.0-1112-gcp - 4.15.0-1112.126~16.04.1 linux-image-unsigned-4.15.0-1112-gcp - 4.15.0-1112.126~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-hwe-cloud-tools-4.15.0-1116 - 4.15.0-1116.123~16.04.1 linux-aws-hwe-tools-4.15.0-1116 - 4.15.0-1116.123~16.04.1 linux-cloud-tools-4.15.0-1116-aws - 4.15.0-1116.123~16.04.1 linux-image-4.15.0-1116-aws - 4.15.0-1116.123~16.04.1 linux-tools-4.15.0-1116-aws - 4.15.0-1116.123~16.04.1 linux-buildinfo-4.15.0-1116-aws - 4.15.0-1116.123~16.04.1 linux-headers-4.15.0-1116-aws - 4.15.0-1116.123~16.04.1 linux-modules-extra-4.15.0-1116-aws - 4.15.0-1116.123~16.04.1 linux-aws-headers-4.15.0-1116 - 4.15.0-1116.123~16.04.1 linux-modules-4.15.0-1116-aws - 4.15.0-1116.123~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-cloud-tools-4.15.0-1127 - 4.15.0-1127.140~16.04.1 linux-modules-4.15.0-1127-azure - 4.15.0-1127.140~16.04.1 linux-cloud-tools-4.15.0-1127-azure - 4.15.0-1127.140~16.04.1 linux-headers-4.15.0-1127-azure - 4.15.0-1127.140~16.04.1 linux-buildinfo-4.15.0-1127-azure - 4.15.0-1127.140~16.04.1 linux-image-4.15.0-1127-azure - 4.15.0-1127.140~16.04.1 linux-tools-4.15.0-1127-azure - 4.15.0-1127.140~16.04.1 linux-image-unsigned-4.15.0-1127-azure - 4.15.0-1127.140~16.04.1 linux-azure-headers-4.15.0-1127 - 4.15.0-1127.140~16.04.1 linux-modules-extra-4.15.0-1127-azure - 4.15.0-1127.140~16.04.1 linux-azure-tools-4.15.0-1127 - 4.15.0-1127.140~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-4.15.0-163-generic - 4.15.0-163.171~16.04.1 linux-buildinfo-4.15.0-163-lowlatency - 4.15.0-163.171~16.04.1 linux-tools-4.15.0-163-generic - 4.15.0-163.171~16.04.1 linux-buildinfo-4.15.0-163-generic - 4.15.0-163.171~16.04.1 linux-modules-4.15.0-163-generic - 4.15.0-163.171~16.04.1 linux-headers-4.15.0-163-generic - 4.15.0-163.171~16.04.1 linux-image-4.15.0-163-generic - 4.15.0-163.171~16.04.1 linux-modules-4.15.0-163-lowlatency - 4.15.0-163.171~16.04.1 linux-image-unsigned-4.15.0-163-lowlatency - 4.15.0-163.171~16.04.1 linux-headers-4.15.0-163 - 4.15.0-163.171~16.04.1 linux-modules-extra-4.15.0-163-generic - 4.15.0-163.171~16.04.1 linux-headers-4.15.0-163-lowlatency - 4.15.0-163.171~16.04.1 linux-tools-4.15.0-163-lowlatency - 4.15.0-163.171~16.04.1 linux-hwe-tools-4.15.0-163 - 4.15.0-163.171~16.04.1 linux-image-unsigned-4.15.0-163-generic - 4.15.0-163.171~16.04.1 linux-hwe-cloud-tools-4.15.0-163 - 4.15.0-163.171~16.04.1 linux-cloud-tools-4.15.0-163-lowlatency - 4.15.0-163.171~16.04.1 linux-source-4.15.0 - 4.15.0-163.171~16.04.1 linux-image-4.15.0-163-lowlatency - 4.15.0-163.171~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 4.15.0.1084.72 linux-tools-oracle - 4.15.0.1084.72 linux-signed-image-oracle - 4.15.0.1084.72 linux-signed-oracle - 4.15.0.1084.72 linux-image-oracle - 4.15.0.1084.72 linux-oracle - 4.15.0.1084.72 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-gke - 4.15.0.1112.113 linux-headers-gke - 4.15.0.1112.113 linux-modules-extra-gcp - 4.15.0.1112.113 linux-tools-gke - 4.15.0.1112.113 linux-tools-gcp - 4.15.0.1112.113 linux-gke - 4.15.0.1112.113 linux-gcp - 4.15.0.1112.113 linux-headers-gcp - 4.15.0.1112.113 linux-image-gcp - 4.15.0.1112.113 linux-image-gke - 4.15.0.1112.113 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-hwe - 4.15.0.1116.106 linux-modules-extra-aws-hwe - 4.15.0.1116.106 linux-aws-edge - 4.15.0.1116.106 linux-image-aws-hwe - 4.15.0.1116.106 linux-headers-aws-hwe - 4.15.0.1116.106 linux-tools-aws-hwe - 4.15.0.1116.106 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1127.118 linux-tools-azure-edge - 4.15.0.1127.118 linux-cloud-tools-azure - 4.15.0.1127.118 linux-tools-azure - 4.15.0.1127.118 linux-image-azure-edge - 4.15.0.1127.118 linux-cloud-tools-azure-edge - 4.15.0.1127.118 linux-modules-extra-azure - 4.15.0.1127.118 linux-azure - 4.15.0.1127.118 linux-signed-image-azure-edge - 4.15.0.1127.118 linux-image-azure - 4.15.0.1127.118 linux-signed-image-azure - 4.15.0.1127.118 linux-azure-edge - 4.15.0.1127.118 linux-modules-extra-azure-edge - 4.15.0.1127.118 linux-headers-azure-edge - 4.15.0.1127.118 linux-signed-azure-edge - 4.15.0.1127.118 linux-headers-azure - 4.15.0.1127.118 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-generic-hwe-16.04-edge - 4.15.0.163.156 linux-image-extra-virtual-hwe-16.04 - 4.15.0.163.156 linux-image-oem - 4.15.0.163.156 linux-headers-generic-hwe-16.04-edge - 4.15.0.163.156 linux-image-lowlatency-hwe-16.04 - 4.15.0.163.156 linux-tools-virtual-hwe-16.04 - 4.15.0.163.156 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.163.156 linux-image-virtual-hwe-16.04-edge - 4.15.0.163.156 linux-signed-lowlatency-hwe-16.04 - 4.15.0.163.156 linux-headers-oem - 4.15.0.163.156 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.163.156 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.163.156 linux-generic-hwe-16.04-edge - 4.15.0.163.156 linux-headers-lowlatency-hwe-16.04 - 4.15.0.163.156 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.163.156 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.163.156 linux-tools-oem - 4.15.0.163.156 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.163.156 linux-signed-image-generic-hwe-16.04 - 4.15.0.163.156 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.163.156 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.163.156 linux-headers-virtual-hwe-16.04-edge - 4.15.0.163.156 linux-lowlatency-hwe-16.04 - 4.15.0.163.156 linux-headers-generic-hwe-16.04 - 4.15.0.163.156 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.163.156 linux-generic-hwe-16.04 - 4.15.0.163.156 linux-tools-virtual-hwe-16.04-edge - 4.15.0.163.156 linux-oem - 4.15.0.163.156 linux-lowlatency-hwe-16.04-edge - 4.15.0.163.156 linux-image-generic-hwe-16.04 - 4.15.0.163.156 linux-image-generic-hwe-16.04-edge - 4.15.0.163.156 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.163.156 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.163.156 linux-tools-lowlatency-hwe-16.04 - 4.15.0.163.156 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.163.156 linux-headers-virtual-hwe-16.04 - 4.15.0.163.156 linux-virtual-hwe-16.04 - 4.15.0.163.156 linux-virtual-hwe-16.04-edge - 4.15.0.163.156 linux-signed-oem - 4.15.0.163.156 linux-image-virtual-hwe-16.04 - 4.15.0.163.156 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.163.156 linux-signed-generic-hwe-16.04 - 4.15.0.163.156 linux-signed-image-oem - 4.15.0.163.156 linux-tools-generic-hwe-16.04 - 4.15.0.163.156 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.163.156 linux-tools-generic-hwe-16.04-edge - 4.15.0.163.156 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-37159 CVE-2021-3744 CVE-2021-3764 Ubuntu 16.04 LTS It was discovered that FFmpeg did not properly verify certain input when processing video and audio files. An attacker could possibly use this to send specially crafted input to the application, force a division by zero, and cause a denial of service (application crash). (CVE-2020-20445, CVE-2020-20446, CVE-2020-20453, CVE-2020-20892) It was discovered that FFmpeg did not properly perform certain bit shift and memory operations. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-20902) It was discovered that FFmpeg did not properly perform memory management operations in various of its functions. An attacker could possibly use this issue to send specially crafted input to the application and cause a denial of service (application crash) or execute arbitrary code. (CVE-2020-21041, CVE-2020-20451, CVE-2020-21688, CVE-2020-21697, CVE-2020-22020, CVE-2020-22021, CVE-2020-22022, CVE-2020-22025, CVE-2020-22031, CVE-2020-22032, CVE-2020-22037, CVE-2020-22040, CVE-2020-22041, CVE-2020-22042, CVE-2020-22044) It was discovered that FFmpeg did not properly perform memory management operations in various of its functions. An attacker could possibly use this issue to send specially crafted input to the application and cause a denial of service (application crash) or execute arbitrary code. (CVE-2020-22016, CVE-2020-22046, CVE-2020-22049, CVE-2020-22054) It was discovered that FFmpeg did not properly perform memory management operations in various of its functions. An attacker could possibly use this issue to send specially crafted input to the application and cause a denial of service (application crash) or execute arbitrary code. (CVE-2020-35965) It was discovered that FFmpeg did not properly handle data assigned to the tty demuxer. An attacker could possibly use this issue to send specially crafted input to the application and expose sensitive information. (CVE-2021-3566) It was discovered that FFmpeg did not perform checks on function return values when encoding and formatting input video and audio files. An attacker could possibly use this issue to cause a denial of service (application crash) or execute arbitrary code. (CVE-2021-38114, CVE-2021-38171) It was discovered that FFmpeg did not properly sanitize function returned data when calculating frame duration values. An attacker could possibly use this issue to cause an assertion failure and then cause a denial of service (application crash). (CVE-2021-38291) Update Instructions: Run `sudo pro fix USN-5167-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libavresample-dev - 7:2.8.17-0ubuntu0.1+esm4 libswresample-ffmpeg1 - 7:2.8.17-0ubuntu0.1+esm4 libavresample-ffmpeg2 - 7:2.8.17-0ubuntu0.1+esm4 libavcodec-extra - 7:2.8.17-0ubuntu0.1+esm4 libswscale-ffmpeg3 - 7:2.8.17-0ubuntu0.1+esm4 libavcodec-dev - 7:2.8.17-0ubuntu0.1+esm4 libavutil-dev - 7:2.8.17-0ubuntu0.1+esm4 libavfilter-ffmpeg5 - 7:2.8.17-0ubuntu0.1+esm4 libpostproc-ffmpeg53 - 7:2.8.17-0ubuntu0.1+esm4 libavcodec-ffmpeg56 - 7:2.8.17-0ubuntu0.1+esm4 libswscale-dev - 7:2.8.17-0ubuntu0.1+esm4 libavformat-ffmpeg56 - 7:2.8.17-0ubuntu0.1+esm4 libswresample-dev - 7:2.8.17-0ubuntu0.1+esm4 libavdevice-dev - 7:2.8.17-0ubuntu0.1+esm4 libavcodec-ffmpeg-extra56 - 7:2.8.17-0ubuntu0.1+esm4 libavfilter-dev - 7:2.8.17-0ubuntu0.1+esm4 libpostproc-dev - 7:2.8.17-0ubuntu0.1+esm4 libavformat-dev - 7:2.8.17-0ubuntu0.1+esm4 ffmpeg - 7:2.8.17-0ubuntu0.1+esm4 libavutil-ffmpeg54 - 7:2.8.17-0ubuntu0.1+esm4 ffmpeg-doc - 7:2.8.17-0ubuntu0.1+esm4 libav-tools - 7:2.8.17-0ubuntu0.1+esm4 libavdevice-ffmpeg56 - 7:2.8.17-0ubuntu0.1+esm4 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-20445 CVE-2020-20446 CVE-2020-20451 CVE-2020-20453 CVE-2020-20892 CVE-2020-20902 CVE-2020-21041 CVE-2020-21688 CVE-2020-21697 CVE-2020-22016 CVE-2020-22020 CVE-2020-22021 CVE-2020-22022 CVE-2020-22025 CVE-2020-22031 CVE-2020-22032 CVE-2020-22037 CVE-2020-22040 CVE-2020-22041 CVE-2020-22042 CVE-2020-22044 CVE-2020-22046 CVE-2020-22049 CVE-2020-22054 CVE-2020-35965 CVE-2021-3566 CVE-2021-38114 CVE-2021-38171 CVE-2021-38291 Ubuntu 16.04 LTS USN-5168-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Tavis Ormandy discovered that NSS incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5168-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.28.4-0ubuntu0.16.04.14+esm1 libnss3-dev - 2:3.28.4-0ubuntu0.16.04.14+esm1 libnss3 - 2:3.28.4-0ubuntu0.16.04.14+esm1 libnss3-1d - 2:3.28.4-0ubuntu0.16.04.14+esm1 libnss3-tools - 2:3.28.4-0ubuntu0.16.04.14+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-43527 Ubuntu 16.04 LTS USN-5168-3 fixed a vulnerability in NSS. Unfortunately that update introduced a regression that could break SSL connections. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Tavis Ormandy discovered that NSS incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5168-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.28.4-0ubuntu0.16.04.14+esm2 libnss3-dev - 2:3.28.4-0ubuntu0.16.04.14+esm2 libnss3 - 2:3.28.4-0ubuntu0.16.04.14+esm2 libnss3-1d - 2:3.28.4-0ubuntu0.16.04.14+esm2 libnss3-tools - 2:3.28.4-0ubuntu0.16.04.14+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-43527 Ubuntu 16.04 LTS Matthias Gerstner discovered that there was a race condition in the mkhomedir tool shipped with the oddjob package. An authenticated attacker could use this to setup a symlink attack and change permissions on files on the host filesystem. Update Instructions: Run `sudo pro fix USN-5169-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: oddjob - 0.34.3-2ubuntu0.1~esm1 oddjob-mkhomedir - 0.34.3-2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-10737 Ubuntu 16.04 LTS USN-5171-1 fixed vulnerabilities in Long Range ZIP. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Long Range ZIP incorrectly handled certain specially crafted lrz files. A remote attacker could possibly use this issue to cause a denial of service (crash) or other unspecified impact. Update Instructions: Run `sudo pro fix USN-5171-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lrzip - 0.621-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-8844 CVE-2017-8846 CVE-2017-9928 CVE-2017-9929 CVE-2018-10685 CVE-2018-11496 CVE-2018-5650 CVE-2018-5747 CVE-2018-5786 CVE-2018-9058 Ubuntu 16.04 LTS USN-5172-1 fixed vulnerabilities in uriparser. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that uriparser mishandled certain input. An attacker could use this vulnerability to cause uriparser to crash or possibly execute arbitrary code. (CVE-2018-19198, CVE-2018-19199, CVE-2018-19200) It was discovered that uriparser incorrectly handled certain URIs. An attacker could use this vulnerability to cause a crash or possibly leak sensitive information. (CVE-2018-20721) Update Instructions: Run `sudo pro fix USN-5172-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liburiparser-doc - 0.8.4-1ubuntu0.16.04.1~esm2 liburiparser-dev - 0.8.4-1ubuntu0.16.04.1~esm2 liburiparser1 - 0.8.4-1ubuntu0.16.04.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-19198 CVE-2018-19199 CVE-2018-19200 CVE-2018-20721 Ubuntu 16.04 LTS USN-5173-1 fixed vulnerabilities in libmodbus. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that libmodbus incorrectly handled inputs. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. Update Instructions: Run `sudo pro fix USN-5173-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmodbus-dev - 3.0.6-1ubuntu0.1~esm1 libmodbus5 - 3.0.6-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-14462 CVE-2019-14463 Ubuntu 16.04 LTS It was discovered that Inetutils did not properly check the response of ftp requests. A remote attacker could use this vulnerability to cause a crash or run programs in the user machine. Update Instructions: Run `sudo pro fix USN-5177-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: inetutils-tools - 2:1.9.4-1ubuntu0.1~esm2 inetutils-ftpd - 2:1.9.4-1ubuntu0.1~esm2 inetutils-talkd - 2:1.9.4-1ubuntu0.1~esm2 inetutils-traceroute - 2:1.9.4-1ubuntu0.1~esm2 inetutils-talk - 2:1.9.4-1ubuntu0.1~esm2 inetutils-telnetd - 2:1.9.4-1ubuntu0.1~esm2 inetutils-inetd - 2:1.9.4-1ubuntu0.1~esm2 inetutils-ping - 2:1.9.4-1ubuntu0.1~esm2 inetutils-syslogd - 2:1.9.4-1ubuntu0.1~esm2 inetutils-ftp - 2:1.9.4-1ubuntu0.1~esm2 inetutils-telnet - 2:1.9.4-1ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-40491 Ubuntu 16.04 LTS USN-5179-1 fixed vulnerabilities in BusyBox. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: It was discovered that BusyBox incorrectly handled certain malformed gzip archives. If a user or automated system were tricked into processing a specially crafted gzip archive, a remote attacker could use this issue to cause BusyBox to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-28831) Update Instructions: Run `sudo pro fix USN-5179-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: busybox - 1:1.22.0-15ubuntu1.4+esm1 busybox-syslogd - 1:1.22.0-15ubuntu1.4+esm1 udhcpd - 1:1.22.0-15ubuntu1.4+esm1 busybox-initramfs - 1:1.22.0-15ubuntu1.4+esm1 udhcpc - 1:1.22.0-15ubuntu1.4+esm1 busybox-static - 1:1.22.0-15ubuntu1.4+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2021-28831 Ubuntu 16.04 LTS It was discovered that Roundcube Webmail allowed JavaScript code to be present in the CDATA of an HTML message. A remote attacker could possibly use this issue to execute a cross-site scripting (XSS) attack. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-12625) It was discovered that Roundcube Webmail incorrectly processed login and logout POST requests. An attacker could possibly use this issue to launch a cross-site request forgery (CSRF) attack and force an authenticated user to be logged out. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-12626) It was discovered that Roundcube Webmail incorrectly processed new plugin names in rcube_plugin_api.php. An attacker could possibly use this issue to obtain sensitive information from local files or to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-12640) It was discovered that Roundcube Webmail did not sanitize shell metacharacters recovered from variables in its configuration settings. An attacker could possibly use this issue to execute arbitrary code in the server. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-12641) It was discovered that Roundcube Webmail incorrectly sanitized characters in the username template object. An attacker could possibly use this issue to execute a cross-site scripting (XSS) attack. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-13964) It was discovered that Roundcube Webmail allowed preview of text/html content. A remote attacker could possibly use this issue to send a malicious XML attachment via an email message and execute a cross-site scripting (XSS) attack. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-13965) Andrea Cardaci discovered that Roundcube Webmail did not properly sanitize HTML special characters when dealing with HTML messages that contained an SVG element in the XML namespace. A remote attacker could possibly use this issue to execute a cross-site scripting (XSS) attack. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-15562) Lukasz Pilorz discovered that Roundcube Webmail did not properly sanitize HTML special characters when dealing with HTML messages that contained SVG documents. A remote attacker could possibly use this issue to execute a cross-site scripting (XSS) attack. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-16145) Alex Birnberg discovered that Roundcube Webmail incorrectly sanitized characters in plain text e-mail messages that included link reference elements. A remote attacker could possibly use this issue to execute a cross-site scripting (XSS) attack. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-35730) It was discovered that Roundcube Webmail did not properly sanitize HTML special characters in warning messages that contained an attachment's filename extension. A remote attacker could possibly use this issue to execute a cross-site scripting (XSS) attack. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-44025) It was discovered that Roundcube Webmail incorrectly managed session variables related to search functionalities. A remote attacker could possibly use this issue to execute a SQL injection attack. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-44026) It was discovered that Roundcube Webmail did not properly sanitize HTML special characters when dealing with HTML messages that contained CSS content. A remote attacker could possibly use this issue to execute a cross-site scripting (XSS) attack. This issue only affected Ubuntu 18.04 ESM, Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. (CVE-2021-46144) Update Instructions: Run `sudo pro fix USN-5182-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: roundcube-pgsql - 1.2~beta+dfsg.1-0ubuntu1+esm2 roundcube-mysql - 1.2~beta+dfsg.1-0ubuntu1+esm2 roundcube-plugins - 1.2~beta+dfsg.1-0ubuntu1+esm2 roundcube - 1.2~beta+dfsg.1-0ubuntu1+esm2 roundcube-core - 1.2~beta+dfsg.1-0ubuntu1+esm2 roundcube-sqlite3 - 1.2~beta+dfsg.1-0ubuntu1+esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-12625 CVE-2020-12626 CVE-2020-12640 CVE-2020-12641 CVE-2020-13964 CVE-2020-13965 CVE-2020-15562 CVE-2020-16145 CVE-2020-35730 CVE-2021-44025 CVE-2021-44026 CVE-2021-46144 Ubuntu 16.04 LTS It was discovered that MATIO incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. Update Instructions: Run `sudo pro fix USN-5185-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmatio-doc - 1.5.3-1ubuntu0.1~esm1 libmatio2 - 1.5.3-1ubuntu0.1~esm1 libmatio-dev - 1.5.3-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-17533 Ubuntu 16.04 LTS It was discovered that Glances incorrectly parsed untrusted XML data due to usage of xmlrpclib. An attacker could possibly use this to perform an External Entity (XXE) Injection and cause the host system to crash. Update Instructions: Run `sudo pro fix USN-5187-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: glances - 2.3-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-23418 Ubuntu 16.04 LTS It was discovered that GLib incorrectly handled certain environment variables. An attacker could possibly use this issue to escalate privileges. Update Instructions: Run `sudo pro fix USN-5189-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libglib2.0-0 - 2.48.2-0ubuntu4.8+esm1 libglib2.0-0-refdbg - 2.48.2-0ubuntu4.8+esm1 libglib2.0-data - 2.48.2-0ubuntu4.8+esm1 libglib2.0-tests - 2.48.2-0ubuntu4.8+esm1 libglib2.0-doc - 2.48.2-0ubuntu4.8+esm1 libglib2.0-bin - 2.48.2-0ubuntu4.8+esm1 libglib2.0-dev - 2.48.2-0ubuntu4.8+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-3800 Ubuntu 16.04 LTS It was discovered that GraphicsMagick allowed reading arbitrary files via specially crafted images. An attacker could use this issue to expose sensitive information. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. (CVE-2019-12921) It was discovered that GraphicsMagick did not correctly handle memory allocations for error messages. An attacker could use this issue to corrupt memory or possibly execute arbitrary code. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. (CVE-2019-19950) It was discovered that GraphicsMagick did not correctly handle type limits. An attacker could use these issues to cause heap-based buffer overflows, leading to a denial of service (application crash) or possibly execute arbitrary code. These issues only affect Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. (CVE-2019-19951, CVE-2019-19953) It was discovered that GraphicsMagick did not correctly handle the signed integer limit in 32-bit applications. An attacker could use this issue to cause a heap-based buffer overflow, leading to a denial of service (application crash) or possibly execute arbitrary code. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. (CVE-2020-10938) It was discovered that GraphicsMagick did not properly magnify certain images. An attacker could use this issue to cause a heap-based buffer overflow, leading to a denial of service (application crash) or possibly execute arbitrary code. (CVE-2020-12672) Update Instructions: Run `sudo pro fix USN-5190-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgraphics-magick-perl - 1.3.23-1ubuntu0.6+esm1 libgraphicsmagick-q16-3 - 1.3.23-1ubuntu0.6+esm1 libgraphicsmagick1-dev - 1.3.23-1ubuntu0.6+esm1 graphicsmagick - 1.3.23-1ubuntu0.6+esm1 graphicsmagick-imagemagick-compat - 1.3.23-1ubuntu0.6+esm1 graphicsmagick-libmagick-dev-compat - 1.3.23-1ubuntu0.6+esm1 libgraphicsmagick++1-dev - 1.3.23-1ubuntu0.6+esm1 libgraphicsmagick++-q16-12 - 1.3.23-1ubuntu0.6+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-12921 CVE-2019-19950 CVE-2019-19951 CVE-2019-19953 CVE-2020-10938 CVE-2020-12672 Ubuntu 16.04 LTS USN-5192-1 fixed a vulnerability in Apache Log4j 2. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Chen Zhaojun discovered that Apache Log4j 2 allows remote attackers to run programs via a special crafted input. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5192-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblog4j2-java - 2.4-2ubuntu0.1~esm1 liblog4j2-java-doc - 2.4-2ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-44228 Ubuntu 16.04 LTS USN-5193-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges. Update Instructions: Run `sudo pro fix USN-5193-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xserver-xorg-core - 2:1.18.4-0ubuntu0.12+esm1 xmir - 2:1.18.4-0ubuntu0.12+esm1 xorg-server-source - 2:1.18.4-0ubuntu0.12+esm1 xwayland - 2:1.18.4-0ubuntu0.12+esm1 xdmx - 2:1.18.4-0ubuntu0.12+esm1 xserver-xorg-xmir - 2:1.18.4-0ubuntu0.12+esm1 xserver-xorg-dev - 2:1.18.4-0ubuntu0.12+esm1 xvfb - 2:1.18.4-0ubuntu0.12+esm1 xnest - 2:1.18.4-0ubuntu0.12+esm1 xserver-xorg-legacy - 2:1.18.4-0ubuntu0.12+esm1 xdmx-tools - 2:1.18.4-0ubuntu0.12+esm1 xserver-xephyr - 2:1.18.4-0ubuntu0.12+esm1 xserver-common - 2:1.18.4-0ubuntu0.12+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-4008 CVE-2021-4009 CVE-2021-4011 Ubuntu 16.04 LTS USN-5193-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges. Update Instructions: Run `sudo pro fix USN-5193-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xmir-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.6+esm5 xorg-server-source-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.6+esm5 xserver-xephyr-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.6+esm5 xserver-xorg-core-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.6+esm5 xserver-xorg-dev-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.6+esm5 xserver-xorg-legacy-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.6+esm5 xwayland-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.6+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-4008 CVE-2021-4009 CVE-2021-4011 Ubuntu 16.04 LTS It was discovered that the Mumble client supported websites for public servers with arbitrary URL schemes. If a user were tricked into visiting a malicious website from the public server list, a remote attacker could possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5195-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mumble - 1.2.12-1ubuntu1+esm1 mumble-server - 1.2.12-1ubuntu1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-27229 Ubuntu 16.04 LTS Varnavas Papaioannou discovered that the FTP client implementation in OpenJDK accepted alternate server IP addresses when connecting with FTP passive mode. An attacker controlling an FTP server that an application connects to could possibly use this to expose sensitive information (rudimentary port scans). This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.04. (CVE-2021-2341) Markus Loewe discovered that OpenJDK did not properly handle JAR files containing multiple manifest files. An attacker could possibly use this to bypass JAR signature verification. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.04. (CVE-2021-2369) Huixin Ma discovered that the Hotspot VM in OpenJDK did not properly perform range check elimination in some situations. An attacker could possibly use this to construct a Java class that could bypass Java sandbox restrictions. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.04. (CVE-2021-2388) Asaf Greenholts discovered that OpenJDK preferred certain weak ciphers by default. An attacker could possibly use this to expose sensitive information. (CVE-2021-35550) It was discovered that the Rich Text Format (RTF) Parser in OpenJDK did not properly restrict the amount of memory allocated in some situations. An attacker could use this to specially craft an RTF file that caused a denial of service. (CVE-2021-35556) It was discovered that the Rich Text Format (RTF) Reader in OpenJDK did not properly restrict the amount of memory allocated in some situations. An attacker could use this to specially craft an RTF file that caused a denial of service. (CVE-2021-35559) Markus Loewe discovered that the HashMap and HashSet implementations in OpenJDK did not properly validate load factors during deserialization. An attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2021-35561) It was discovered that the Keytool component in OpenJDK did not properly handle certificates with validity ending dates in the far future. An attacker could use this to specially craft a certificate that when imported could corrupt a keystore. (CVE-2021-35564) Tristen Hayfield discovered that the HTTP server implementation in OpenJDK did not properly handle TLS session close in some situations. A remote attacker could possibly use this to cause a denial of service (application infinite loop). (CVE-2021-35565) Chuck Hunley discovered that the Kerberos implementation in OpenJDK did not correctly report subject principals when using Kerberos Constrained Delegation. An attacker could possibly use this to cause incorrect Kerberos tickets to be used. (CVE-2021-35567) it was discovered that the TLS implementation in OpenJDK did not properly handle TLS handshakes in certain situations where a Java application is acting as a TLS server. A remote attacker could possibly use this to cause a denial of service (application crash). (CVE-2021-35578) it was discovered that OpenJDK did not properly restrict the amount of memory allocated when processing BMP images. An attacker could use this to specially craft a BMP image file that could cause a denial of service. (CVE-2021-35586) It was discovered that the HotSpot VM in OpenJDK 8 did not properly perform validation of inner class index values in some situations. An attacker could use this to specially craft a class file that when loaded could cause a denial of service (Java VM crash). (CVE-2021-35588) Artem Smotrakov discovered that the TLS implementation in OpenJDK used non- constant time comparisons during TLS handshakes. A remote attacker could use this to expose sensitive information. (CVE-2021-35603) Update Instructions: Run `sudo pro fix USN-5202-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-8-doc - 8u312-b07-0ubuntu1~16.04 openjdk-8-jdk - 8u312-b07-0ubuntu1~16.04 openjdk-8-jre-headless - 8u312-b07-0ubuntu1~16.04 openjdk-8-jre - 8u312-b07-0ubuntu1~16.04 openjdk-8-jdk-headless - 8u312-b07-0ubuntu1~16.04 openjdk-8-source - 8u312-b07-0ubuntu1~16.04 openjdk-8-jre-zero - 8u312-b07-0ubuntu1~16.04 openjdk-8-demo - 8u312-b07-0ubuntu1~16.04 openjdk-8-jre-jamvm - 8u312-b07-0ubuntu1~16.04 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35567 CVE-2021-35578 CVE-2021-35586 CVE-2021-35588 CVE-2021-35603 Ubuntu 16.04 LTS It was discovered that Tcpreplay incorrectly handled certain specially crafted packet capture input when processed by tcpprep. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 ESM. (CVE-2018-13112) It was discovered that Tcpreplay incorrectly handled certain specially crafted packet capture input. An attacker could possibly use this issue to cause a denial of service or expose sensitive information. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-17580, CVE-2018-17582) It was discovered that Tcpreplay incorrectly handled certain specially crafted packet capture input. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-17974, CVE-2018-18407) It was discovered that a use-after-free existed in Tcpreplay in the tcpbridge binary. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-18408) It was discovered that Tcpreplay incorrectly handled certain specially crafted packet capture input. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2018-20552, CVE-2018-20553) It was discovered that a heap-based buffer over-read that existed in Tcpreplay caused an application crash when tcprewrite or tcpreplay-edit received specially crafted packet capture input. An attacker could possibly use this to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-12740) It was discovered that Tcpreplay incorrectly handled certain specially crafted packet capture input when processed by tcpprep. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-24265, CVE-2020-24266) It was discovered that Tcpreplay incorrectly handled certain specially crafted packet capture input when processed by tcprewrite. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 ESM. (CVE-2022-27416) It was discovered that Tcpreplay did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted packet capture file, a remote attacker could possibly use this issue to cause Tcpreplay crash, resulting in a denial of service, or possibly read sensitive data. This issue only affected Ubuntu 18.04 ESM, Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. (CVE-2022-28487) Update Instructions: Run `sudo pro fix USN-5205-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tcpreplay - 3.4.4-2+deb8u1ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-13112 CVE-2018-17974 CVE-2018-18407 CVE-2018-18408 CVE-2018-17580 CVE-2018-17582 CVE-2018-20552 CVE-2018-20553 CVE-2020-12740 CVE-2020-24265 CVE-2020-24266 CVE-2022-27416 CVE-2022-28487 Ubuntu 16.04 LTS Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. (CVE-2021-4002) It was discovered that a race condition existed in the timer implementation in the Linux kernel. A privileged attacker could use this to cause a denial of service. (CVE-2021-20317) It was discovered that a race condition existed in the overlay file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-20321) It was discovered that the NFC subsystem in the Linux kernel contained a use-after-free vulnerability in its NFC Controller Interface (NCI) implementation. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-3760) It was discovered that an integer overflow could be triggered in the eBPF implementation in the Linux kernel when preallocating objects for stack maps. A privileged local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-41864) It was discovered that the ISDN CAPI implementation in the Linux kernel contained a race condition in certain situations that could trigger an array out-of-bounds bug. A privileged local attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2021-43389) Update Instructions: Run `sudo pro fix USN-5209-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-extra-4.15.0-1085-oracle - 4.15.0-1085.93~16.04.1 linux-headers-4.15.0-1085-oracle - 4.15.0-1085.93~16.04.1 linux-tools-4.15.0-1085-oracle - 4.15.0-1085.93~16.04.1 linux-image-unsigned-4.15.0-1085-oracle - 4.15.0-1085.93~16.04.1 linux-buildinfo-4.15.0-1085-oracle - 4.15.0-1085.93~16.04.1 linux-oracle-tools-4.15.0-1085 - 4.15.0-1085.93~16.04.1 linux-modules-4.15.0-1085-oracle - 4.15.0-1085.93~16.04.1 linux-oracle-headers-4.15.0-1085 - 4.15.0-1085.93~16.04.1 linux-image-4.15.0-1085-oracle - 4.15.0-1085.93~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp-tools-4.15.0-1114 - 4.15.0-1114.128~16.04.1 linux-image-4.15.0-1114-gcp - 4.15.0-1114.128~16.04.1 linux-modules-4.15.0-1114-gcp - 4.15.0-1114.128~16.04.1 linux-modules-extra-4.15.0-1114-gcp - 4.15.0-1114.128~16.04.1 linux-gcp-headers-4.15.0-1114 - 4.15.0-1114.128~16.04.1 linux-buildinfo-4.15.0-1114-gcp - 4.15.0-1114.128~16.04.1 linux-tools-4.15.0-1114-gcp - 4.15.0-1114.128~16.04.1 linux-image-unsigned-4.15.0-1114-gcp - 4.15.0-1114.128~16.04.1 linux-headers-4.15.0-1114-gcp - 4.15.0-1114.128~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-hwe-cloud-tools-4.15.0-1118 - 4.15.0-1118.125~16.04.1 linux-aws-hwe-tools-4.15.0-1118 - 4.15.0-1118.125~16.04.1 linux-headers-4.15.0-1118-aws - 4.15.0-1118.125~16.04.1 linux-buildinfo-4.15.0-1118-aws - 4.15.0-1118.125~16.04.1 linux-image-4.15.0-1118-aws - 4.15.0-1118.125~16.04.1 linux-modules-extra-4.15.0-1118-aws - 4.15.0-1118.125~16.04.1 linux-modules-4.15.0-1118-aws - 4.15.0-1118.125~16.04.1 linux-tools-4.15.0-1118-aws - 4.15.0-1118.125~16.04.1 linux-aws-headers-4.15.0-1118 - 4.15.0-1118.125~16.04.1 linux-cloud-tools-4.15.0-1118-aws - 4.15.0-1118.125~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-cloud-tools-4.15.0-1129 - 4.15.0-1129.142~16.04.1 linux-image-4.15.0-1129-azure - 4.15.0-1129.142~16.04.1 linux-cloud-tools-4.15.0-1129-azure - 4.15.0-1129.142~16.04.1 linux-azure-headers-4.15.0-1129 - 4.15.0-1129.142~16.04.1 linux-buildinfo-4.15.0-1129-azure - 4.15.0-1129.142~16.04.1 linux-modules-extra-4.15.0-1129-azure - 4.15.0-1129.142~16.04.1 linux-tools-4.15.0-1129-azure - 4.15.0-1129.142~16.04.1 linux-headers-4.15.0-1129-azure - 4.15.0-1129.142~16.04.1 linux-modules-4.15.0-1129-azure - 4.15.0-1129.142~16.04.1 linux-azure-tools-4.15.0-1129 - 4.15.0-1129.142~16.04.1 linux-image-unsigned-4.15.0-1129-azure - 4.15.0-1129.142~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-4.15.0-166-generic - 4.15.0-166.174~16.04.1 linux-image-unsigned-4.15.0-166-generic - 4.15.0-166.174~16.04.1 linux-tools-4.15.0-166-generic - 4.15.0-166.174~16.04.1 linux-buildinfo-4.15.0-166-generic - 4.15.0-166.174~16.04.1 linux-cloud-tools-4.15.0-166-lowlatency - 4.15.0-166.174~16.04.1 linux-modules-4.15.0-166-lowlatency - 4.15.0-166.174~16.04.1 linux-headers-4.15.0-166-lowlatency - 4.15.0-166.174~16.04.1 linux-image-4.15.0-166-lowlatency - 4.15.0-166.174~16.04.1 linux-hwe-tools-4.15.0-166 - 4.15.0-166.174~16.04.1 linux-image-unsigned-4.15.0-166-lowlatency - 4.15.0-166.174~16.04.1 linux-hwe-cloud-tools-4.15.0-166 - 4.15.0-166.174~16.04.1 linux-image-4.15.0-166-generic - 4.15.0-166.174~16.04.1 linux-buildinfo-4.15.0-166-lowlatency - 4.15.0-166.174~16.04.1 linux-tools-4.15.0-166-lowlatency - 4.15.0-166.174~16.04.1 linux-source-4.15.0 - 4.15.0-166.174~16.04.1 linux-modules-extra-4.15.0-166-generic - 4.15.0-166.174~16.04.1 linux-headers-4.15.0-166 - 4.15.0-166.174~16.04.1 linux-headers-4.15.0-166-generic - 4.15.0-166.174~16.04.1 linux-cloud-tools-4.15.0-166-generic - 4.15.0-166.174~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 4.15.0.1085.73 linux-tools-oracle - 4.15.0.1085.73 linux-signed-image-oracle - 4.15.0.1085.73 linux-signed-oracle - 4.15.0.1085.73 linux-image-oracle - 4.15.0.1085.73 linux-oracle - 4.15.0.1085.73 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-gke - 4.15.0.1114.115 linux-headers-gke - 4.15.0.1114.115 linux-modules-extra-gcp - 4.15.0.1114.115 linux-tools-gke - 4.15.0.1114.115 linux-tools-gcp - 4.15.0.1114.115 linux-gke - 4.15.0.1114.115 linux-gcp - 4.15.0.1114.115 linux-image-gke - 4.15.0.1114.115 linux-headers-gcp - 4.15.0.1114.115 linux-image-gcp - 4.15.0.1114.115 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-hwe - 4.15.0.1118.108 linux-modules-extra-aws-hwe - 4.15.0.1118.108 linux-aws-edge - 4.15.0.1118.108 linux-image-aws-hwe - 4.15.0.1118.108 linux-headers-aws-hwe - 4.15.0.1118.108 linux-tools-aws-hwe - 4.15.0.1118.108 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1129.120 linux-tools-azure-edge - 4.15.0.1129.120 linux-cloud-tools-azure - 4.15.0.1129.120 linux-tools-azure - 4.15.0.1129.120 linux-image-azure-edge - 4.15.0.1129.120 linux-cloud-tools-azure-edge - 4.15.0.1129.120 linux-modules-extra-azure - 4.15.0.1129.120 linux-azure - 4.15.0.1129.120 linux-signed-image-azure-edge - 4.15.0.1129.120 linux-image-azure - 4.15.0.1129.120 linux-signed-image-azure - 4.15.0.1129.120 linux-headers-azure-edge - 4.15.0.1129.120 linux-azure-edge - 4.15.0.1129.120 linux-modules-extra-azure-edge - 4.15.0.1129.120 linux-signed-azure-edge - 4.15.0.1129.120 linux-headers-azure - 4.15.0.1129.120 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.166.158 linux-image-extra-virtual-hwe-16.04 - 4.15.0.166.158 linux-image-oem - 4.15.0.166.158 linux-headers-generic-hwe-16.04-edge - 4.15.0.166.158 linux-image-lowlatency-hwe-16.04 - 4.15.0.166.158 linux-signed-generic-hwe-16.04-edge - 4.15.0.166.158 linux-tools-virtual-hwe-16.04 - 4.15.0.166.158 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.166.158 linux-image-virtual-hwe-16.04-edge - 4.15.0.166.158 linux-signed-lowlatency-hwe-16.04 - 4.15.0.166.158 linux-headers-oem - 4.15.0.166.158 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.166.158 linux-generic-hwe-16.04-edge - 4.15.0.166.158 linux-headers-lowlatency-hwe-16.04 - 4.15.0.166.158 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.166.158 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.166.158 linux-tools-generic-hwe-16.04 - 4.15.0.166.158 linux-tools-oem - 4.15.0.166.158 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.166.158 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.166.158 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.166.158 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.166.158 linux-headers-virtual-hwe-16.04-edge - 4.15.0.166.158 linux-lowlatency-hwe-16.04 - 4.15.0.166.158 linux-headers-generic-hwe-16.04 - 4.15.0.166.158 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.166.158 linux-generic-hwe-16.04 - 4.15.0.166.158 linux-tools-virtual-hwe-16.04-edge - 4.15.0.166.158 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.166.158 linux-signed-image-generic-hwe-16.04 - 4.15.0.166.158 linux-oem - 4.15.0.166.158 linux-lowlatency-hwe-16.04-edge - 4.15.0.166.158 linux-image-generic-hwe-16.04 - 4.15.0.166.158 linux-image-generic-hwe-16.04-edge - 4.15.0.166.158 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.166.158 linux-virtual-hwe-16.04-edge - 4.15.0.166.158 linux-tools-lowlatency-hwe-16.04 - 4.15.0.166.158 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.166.158 linux-headers-virtual-hwe-16.04 - 4.15.0.166.158 linux-virtual-hwe-16.04 - 4.15.0.166.158 linux-signed-oem - 4.15.0.166.158 linux-image-virtual-hwe-16.04 - 4.15.0.166.158 linux-signed-generic-hwe-16.04 - 4.15.0.166.158 linux-signed-image-oem - 4.15.0.166.158 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.166.158 linux-tools-generic-hwe-16.04-edge - 4.15.0.166.158 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-20317 CVE-2021-20321 CVE-2021-3760 CVE-2021-4002 CVE-2021-41864 CVE-2021-43389 Ubuntu 16.04 LTS Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. Update Instructions: Run `sudo pro fix USN-5211-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-kvm-cloud-tools-4.4.0-1099 - 4.4.0-1099.108 linux-tools-4.4.0-1099-kvm - 4.4.0-1099.108 linux-buildinfo-4.4.0-1099-kvm - 4.4.0-1099.108 linux-kvm-tools-4.4.0-1099 - 4.4.0-1099.108 linux-cloud-tools-4.4.0-1099-kvm - 4.4.0-1099.108 linux-headers-4.4.0-1099-kvm - 4.4.0-1099.108 linux-kvm-headers-4.4.0-1099 - 4.4.0-1099.108 linux-image-4.4.0-1099-kvm - 4.4.0-1099.108 linux-modules-4.4.0-1099-kvm - 4.4.0-1099.108 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-4.4.0-1134-aws - 4.4.0-1134.148 linux-image-4.4.0-1134-aws - 4.4.0-1134.148 linux-headers-4.4.0-1134-aws - 4.4.0-1134.148 linux-buildinfo-4.4.0-1134-aws - 4.4.0-1134.148 linux-modules-extra-4.4.0-1134-aws - 4.4.0-1134.148 linux-tools-4.4.0-1134-aws - 4.4.0-1134.148 linux-aws-cloud-tools-4.4.0-1134 - 4.4.0-1134.148 linux-aws-tools-4.4.0-1134 - 4.4.0-1134.148 linux-aws-headers-4.4.0-1134 - 4.4.0-1134.148 linux-cloud-tools-4.4.0-1134-aws - 4.4.0-1134.148 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-unsigned-4.4.0-218-generic - 4.4.0-218.251 linux-tools-common - 4.4.0-218.251 linux-tools-host - 4.4.0-218.251 linux-doc - 4.4.0-218.251 linux-headers-4.4.0-218 - 4.4.0-218.251 linux-libc-dev - 4.4.0-218.251 linux-tools-4.4.0-218 - 4.4.0-218.251 linux-buildinfo-4.4.0-218-generic - 4.4.0-218.251 linux-modules-extra-4.4.0-218-generic - 4.4.0-218.251 linux-image-unsigned-4.4.0-218-lowlatency - 4.4.0-218.251 linux-image-4.4.0-218-generic - 4.4.0-218.251 linux-image-4.4.0-218-lowlatency - 4.4.0-218.251 linux-buildinfo-4.4.0-218-lowlatency - 4.4.0-218.251 linux-headers-4.4.0-218-generic - 4.4.0-218.251 linux-headers-4.4.0-218-lowlatency - 4.4.0-218.251 linux-cloud-tools-4.4.0-218 - 4.4.0-218.251 linux-cloud-tools-4.4.0-218-generic - 4.4.0-218.251 linux-tools-4.4.0-218-lowlatency - 4.4.0-218.251 linux-cloud-tools-common - 4.4.0-218.251 linux-modules-4.4.0-218-generic - 4.4.0-218.251 linux-source-4.4.0 - 4.4.0-218.251 linux-cloud-tools-4.4.0-218-lowlatency - 4.4.0-218.251 linux-modules-4.4.0-218-lowlatency - 4.4.0-218.251 linux-tools-4.4.0-218-generic - 4.4.0-218.251 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-kvm - 4.4.0.1099.97 linux-headers-kvm - 4.4.0.1099.97 linux-image-kvm - 4.4.0.1099.97 linux-tools-kvm - 4.4.0.1099.97 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-aws - 4.4.0.1134.139 linux-image-aws - 4.4.0.1134.139 linux-aws - 4.4.0.1134.139 linux-modules-extra-aws - 4.4.0.1134.139 linux-tools-aws - 4.4.0.1134.139 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-image-generic-lts-utopic - 4.4.0.218.225 linux-cloud-tools-generic-lts-wily - 4.4.0.218.225 linux-cloud-tools-virtual-lts-xenial - 4.4.0.218.225 linux-cloud-tools-virtual - 4.4.0.218.225 linux-cloud-tools-virtual-lts-utopic - 4.4.0.218.225 linux-tools-generic-lts-vivid - 4.4.0.218.225 linux-image-extra-virtual-lts-xenial - 4.4.0.218.225 linux-image-extra-virtual-lts-wily - 4.4.0.218.225 linux-headers-generic-lts-wily - 4.4.0.218.225 linux-headers-lowlatency-lts-wily - 4.4.0.218.225 linux-tools-virtual-lts-vivid - 4.4.0.218.225 linux-image-virtual - 4.4.0.218.225 linux-generic-lts-vivid - 4.4.0.218.225 linux-image-lowlatency-lts-vivid - 4.4.0.218.225 linux-tools-lowlatency-lts-vivid - 4.4.0.218.225 linux-cloud-tools-generic-lts-utopic - 4.4.0.218.225 linux-headers-virtual-lts-vivid - 4.4.0.218.225 linux-image-lowlatency-lts-wily - 4.4.0.218.225 linux-image-generic - 4.4.0.218.225 linux-tools-lowlatency - 4.4.0.218.225 linux-image-lowlatency-lts-xenial - 4.4.0.218.225 linux-tools-virtual-lts-xenial - 4.4.0.218.225 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.218.225 linux-image-extra-virtual-lts-vivid - 4.4.0.218.225 linux-image-generic-lts-wily - 4.4.0.218.225 linux-virtual-lts-utopic - 4.4.0.218.225 linux-signed-generic-lts-wily - 4.4.0.218.225 linux-cloud-tools-lowlatency-lts-wily - 4.4.0.218.225 linux-image-extra-virtual-lts-utopic - 4.4.0.218.225 linux-signed-generic-lts-utopic - 4.4.0.218.225 linux-tools-lowlatency-lts-xenial - 4.4.0.218.225 linux-headers-generic-lts-xenial - 4.4.0.218.225 linux-signed-generic-lts-vivid - 4.4.0.218.225 linux-crashdump - 4.4.0.218.225 linux-virtual-lts-vivid - 4.4.0.218.225 linux-signed-lowlatency-lts-xenial - 4.4.0.218.225 linux-headers-lowlatency-lts-vivid - 4.4.0.218.225 linux-signed-lowlatency-lts-wily - 4.4.0.218.225 linux-lowlatency-lts-xenial - 4.4.0.218.225 linux-image-virtual-lts-utopic - 4.4.0.218.225 linux-signed-generic-lts-xenial - 4.4.0.218.225 linux-source - 4.4.0.218.225 linux-signed-image-generic - 4.4.0.218.225 linux-lowlatency - 4.4.0.218.225 linux-cloud-tools-lowlatency-lts-vivid - 4.4.0.218.225 linux-generic-lts-xenial - 4.4.0.218.225 linux-tools-virtual - 4.4.0.218.225 linux-virtual - 4.4.0.218.225 linux-cloud-tools-generic-lts-vivid - 4.4.0.218.225 linux-tools-generic-lts-utopic - 4.4.0.218.225 linux-cloud-tools-lowlatency-lts-utopic - 4.4.0.218.225 linux-signed-image-generic-lts-vivid - 4.4.0.218.225 linux-image-virtual-lts-xenial - 4.4.0.218.225 linux-image-virtual-lts-vivid - 4.4.0.218.225 linux-image-extra-virtual - 4.4.0.218.225 linux-virtual-lts-xenial - 4.4.0.218.225 linux-cloud-tools-virtual-lts-vivid - 4.4.0.218.225 linux-tools-lowlatency-lts-utopic - 4.4.0.218.225 linux-signed-image-generic-lts-wily - 4.4.0.218.225 linux-signed-image-lowlatency-lts-xenial - 4.4.0.218.225 linux-image-generic-lts-vivid - 4.4.0.218.225 linux-generic - 4.4.0.218.225 linux-tools-generic-lts-wily - 4.4.0.218.225 linux-tools-virtual-lts-utopic - 4.4.0.218.225 linux-headers-lowlatency - 4.4.0.218.225 linux-lowlatency-lts-vivid - 4.4.0.218.225 linux-generic-lts-wily - 4.4.0.218.225 linux-image-hwe-virtual-trusty - 4.4.0.218.225 linux-signed-image-generic-lts-xenial - 4.4.0.218.225 linux-tools-virtual-lts-wily - 4.4.0.218.225 linux-tools-lowlatency-lts-wily - 4.4.0.218.225 linux-headers-virtual-lts-xenial - 4.4.0.218.225 linux-headers-lowlatency-lts-utopic - 4.4.0.218.225 linux-hwe-generic-trusty - 4.4.0.218.225 linux-tools-generic - 4.4.0.218.225 linux-cloud-tools-generic - 4.4.0.218.225 linux-image-generic-lts-xenial - 4.4.0.218.225 linux-headers-generic-lts-utopic - 4.4.0.218.225 linux-cloud-tools-virtual-lts-wily - 4.4.0.218.225 linux-cloud-tools-lowlatency - 4.4.0.218.225 linux-lowlatency-lts-utopic - 4.4.0.218.225 linux-tools-generic-lts-xenial - 4.4.0.218.225 linux-signed-image-lowlatency - 4.4.0.218.225 linux-hwe-virtual-trusty - 4.4.0.218.225 linux-image-generic-lts-utopic - 4.4.0.218.225 linux-image-virtual-lts-wily - 4.4.0.218.225 linux-signed-generic - 4.4.0.218.225 linux-lowlatency-lts-wily - 4.4.0.218.225 linux-headers-generic - 4.4.0.218.225 linux-tools-lts-utopic - 4.4.0.218.225 linux-headers-virtual-lts-utopic - 4.4.0.218.225 linux-generic-lts-utopic - 4.4.0.218.225 linux-headers-lowlatency-lts-xenial - 4.4.0.218.225 linux-image-hwe-generic-trusty - 4.4.0.218.225 linux-signed-image-lowlatency-lts-wily - 4.4.0.218.225 linux-headers-generic-lts-vivid - 4.4.0.218.225 linux-headers-virtual - 4.4.0.218.225 linux-cloud-tools-generic-lts-xenial - 4.4.0.218.225 linux-virtual-lts-wily - 4.4.0.218.225 linux-headers-virtual-lts-wily - 4.4.0.218.225 linux-signed-lowlatency - 4.4.0.218.225 linux-image-lowlatency-lts-utopic - 4.4.0.218.225 linux-image-lowlatency - 4.4.0.218.225 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-4002 Ubuntu 16.04 LTS USN-5212-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that the Apache HTTP Server incorrectly handled certain forward proxy requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly perform a Server Side Request Forgery attack. (CVE-2021-44224) It was discovered that the Apache HTTP Server Lua module incorrectly handled memory in the multipart parser. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-44790) Update Instructions: Run `sudo pro fix USN-5212-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2-data - 2.4.18-2ubuntu3.17+esm4 apache2-utils - 2.4.18-2ubuntu3.17+esm4 apache2-dev - 2.4.18-2ubuntu3.17+esm4 apache2-suexec-pristine - 2.4.18-2ubuntu3.17+esm4 apache2-suexec-custom - 2.4.18-2ubuntu3.17+esm4 apache2 - 2.4.18-2ubuntu3.17+esm4 apache2-doc - 2.4.18-2ubuntu3.17+esm4 apache2-bin - 2.4.18-2ubuntu3.17+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-44224 CVE-2021-44790 Ubuntu 16.04 LTS It was discovered that Cacti was incorrectly validating permissions for user accounts that had been recently disabled. An authenticated attacker could possibly use this to obtain unauthorized access to application and system data. (CVE-2020-13230) It was discovered that Cacti was incorrectly performing authorization checks in auth_profile.php. A remote unauthenticated attacker could use this to perform a CSRF attack and set a new admin email or make other changes. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-13231) It was discovered that Cacti incorrectly handled user provided input sent through request parameters to the color.php script. A remote authenticated attacker could use this issue to perform SQL injection attacks. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-14295) It was discovered that Cacti did not properly escape file input fields when performing template import operations for various themes. An authenticated attacker could use this to perform XSS attacks. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-14424) It was discovered that Cacti incorrectly handled user provided input sent through request parameters to the data_debug.php script. A remote authenticated attacker could use this issue to perform SQL injection attacks. This issue only affected Ubuntu 20.04 ESM. (CVE-2020-35701) Update Instructions: Run `sudo pro fix USN-5214-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cacti - 0.8.8f+ds1-4ubuntu4.16.04.2+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-13230 CVE-2020-13231 CVE-2020-14295 CVE-2020-14424 CVE-2020-35701 Ubuntu 16.04 LTS Srikantha Prathi discovered that NLTK incorrectly handled specially crafted input. An attacker could use this vulnerability to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5215-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-nltk - 3.1-1ubuntu0.1+esm1 python3-nltk - 3.1-1ubuntu0.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-3828 Ubuntu 16.04 LTS It was discovered that Composer did not properly sanitize URLs for Mercurial repositories in the root composer.json and package source download URLs. A remote attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5220-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: composer - 1.0.0~beta2-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-29472 Ubuntu 16.04 LTS It was discovered that Redis incorrectly handled certain specially crafted Lua scripts. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2021-32626) It was discovered that Redis incorrectly handled some malformed requests when using Redis Lua Debugger. A remote attacker could possibly use this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-32672) It was discovered that Redis incorrectly handled certain Redis Standard Protocol (RESP) requests. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2021-32675) It was discovered that Redis incorrectly handled some configuration parameters with specially crafted network payloads. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Vulnerabilities CVE-2021-32627 and CVE-2021-41099 only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-32627, CVE-2021-32628, CVE-2021-32687, CVE-2021-41099). It was discovered that Redis incorrectly handled memory when processing certain input in 32-bit systems. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. One vulnerability (CVE-2021-32761) only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM and another vulnerability (CVE-2021-21309) only affected Ubuntu 18.04 ESM. (CVE-2021-32761, CVE-2021-21309). Update Instructions: Run `sudo pro fix USN-5221-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: redis-tools - 2:3.0.6-1ubuntu0.4+esm1 redis-server - 2:3.0.6-1ubuntu0.4+esm1 redis-sentinel - 2:3.0.6-1ubuntu0.4+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-32626 CVE-2021-32627 CVE-2021-32628 CVE-2021-32672 CVE-2021-32675 CVE-2021-32687 CVE-2021-41099 CVE-2021-32761 CVE-2021-21309 Ubuntu 16.04 LTS USN-5223-1 fixed a vulnerability in Apache Log4j 1.2. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that Apache Log4j 1.2 was vulnerable to deserialization of untrusted data if the configuration file was editable. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5223-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblog4j1.2-java-doc - 1.2.17-7ubuntu1+esm1 liblog4j1.2-java - 1.2.17-7ubuntu1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-4104 Ubuntu 16.04 LTS USN-5224-1 fixed several vulnerabilities in Ghostscript. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5224-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.16.04.14+esm1 ghostscript-x - 9.26~dfsg+0-0ubuntu0.16.04.14+esm1 libgs-dev - 9.26~dfsg+0-0ubuntu0.16.04.14+esm1 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.16.04.14+esm1 libgs9 - 9.26~dfsg+0-0ubuntu0.16.04.14+esm1 libgs9-common - 9.26~dfsg+0-0ubuntu0.16.04.14+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-45944 CVE-2021-45949 Ubuntu 16.04 LTS It was discovered that lxml incorrectly handled certain XML and HTML files. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5225-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-lxml - 3.5.0-1ubuntu0.4+esm2 python-lxml - 3.5.0-1ubuntu0.4+esm2 python-lxml-doc - 3.5.0-1ubuntu0.4+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-43818 Ubuntu 16.04 LTS USN-5227-1 fixed several vulnerabilities in Pillow. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to hang, resulting in a denial of service. (CVE-2021-23437) It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to crash, resulting in a denial of service. This issue ony affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.04. (CVE-2021-34552) It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-22815) It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to crash, resulting in a denial of service. (CVE-2022-22816) It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-22817) Update Instructions: Run `sudo pro fix USN-5227-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-pil.imagetk - 3.1.2-0ubuntu1.6+esm1 python-pil-doc - 3.1.2-0ubuntu1.6+esm1 python3-pil - 3.1.2-0ubuntu1.6+esm1 python-pil.imagetk - 3.1.2-0ubuntu1.6+esm1 python-imaging - 3.1.2-0ubuntu1.6+esm1 python-pil - 3.1.2-0ubuntu1.6+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-23437 CVE-2021-34552 CVE-2022-22815 CVE-2022-22816 CVE-2022-22817 Ubuntu 16.04 LTS It was discovered that App::cpanminus did not properly verify CHECKSUMS files. An attacker could possibly use this issue to bypass signature verification, gaining access to sensitive data or possibly executing unauthorized code. Update Instructions: Run `sudo pro fix USN-5230-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cpanminus - 1.7040-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-16154 Ubuntu 16.04 LTS It was discovered that 389 Directory Server presented to users, during authentication, an error message which could be used to discover if a certain LDAP DN existed or not. A remote unauthenticated attacker could possibly use this to check the existence of an entry in a LDAP database and expose sensitive information. This issue affected only Ubuntu 20.04 ESM. (CVE-2020-35518) It was discovered that 389 Directory Server was incorrectly validating data used to access memory addresses. An authenticated attacker using a Syncrepl client could use this issue with a specially crafted query to cause 389 Directory Server to crash, resulting in a denial of service. (CVE-2021-3514) Update Instructions: Run `sudo pro fix USN-5231-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: 389-ds-base - 1.3.4.9-1ubuntu0.1~esm1 389-ds - 1.3.4.9-1ubuntu0.1~esm1 389-ds-base-libs - 1.3.4.9-1ubuntu0.1~esm1 389-ds-base-dev - 1.3.4.9-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-35518 CVE-2021-3514 Ubuntu 16.04 LTS Jakub Żoczek discovered that certain Fail2ban actions handled whois responses in an insecure way. If Fail2ban was configured to use certain mail actions like 'mail-whois' on a target system, a remote attacker who was able to control whois responses to this target system could possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5232-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: fail2ban - 0.9.3-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-32749 Ubuntu 16.04 LTS USN-5233-1 fixed a vulnerability in ClamAV. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled memory when the CL_SCAN_GENERAL_COLLECT_METADATA scan option was enabled. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-5233-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.103.5+dfsg-0ubuntu0.16.04.1+esm1 clamav-testfiles - 0.103.5+dfsg-0ubuntu0.16.04.1+esm1 clamav-base - 0.103.5+dfsg-0ubuntu0.16.04.1+esm1 clamav - 0.103.5+dfsg-0ubuntu0.16.04.1+esm1 clamav-daemon - 0.103.5+dfsg-0ubuntu0.16.04.1+esm1 clamav-milter - 0.103.5+dfsg-0ubuntu0.16.04.1+esm1 clamav-docs - 0.103.5+dfsg-0ubuntu0.16.04.1+esm1 clamav-freshclam - 0.103.5+dfsg-0ubuntu0.16.04.1+esm1 libclamav9 - 0.103.5+dfsg-0ubuntu0.16.04.1+esm1 clamdscan - 0.103.5+dfsg-0ubuntu0.16.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-20698 Ubuntu 16.04 LTS Sander Bos discovered that Byobu incorrectly handled certain Apport data. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-5234-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: byobu - 5.106-0ubuntu1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2019-7306 Ubuntu 16.04 LTS It was discovered that Ruby incorrectly handled certain HTML files. An attacker could possibly use this issue to cause a crash. This issue only affected Ubuntu 20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10. (CVE-2021-41816) It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a regular expression denial of service. (CVE-2021-41817) It was discovered that Ruby incorrectly handled certain cookie names. An attacker could possibly use this issue to access or expose sensitive information. (CVE-2021-41819) Update Instructions: Run `sudo pro fix USN-5235-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libruby2.3 - 2.3.1-2~ubuntu16.04.16+esm2 ruby2.3 - 2.3.1-2~ubuntu16.04.16+esm2 ruby2.3-dev - 2.3.1-2~ubuntu16.04.16+esm2 ruby2.3-doc - 2.3.1-2~ubuntu16.04.16+esm2 ruby2.3-tcltk - 2.3.1-2~ubuntu16.04.16+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-41816 CVE-2021-41817 CVE-2021-41819 Ubuntu 16.04 LTS Brian Carpenter discovered that pngcrush incorrectly handled specially crafted file. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5236-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: pngcrush - 1.7.85-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Low CVE-2015-7700 Ubuntu 16.04 LTS It was discovered that MediaInfoLib incorrectly handled certain specially crafted files. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-26797) It was discovered that MediaInfoLib incorrectly handled certain specially crafted MpegPs files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-15395) Update Instructions: Run `sudo pro fix USN-5237-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-mediainfodll - 0.7.82-1ubuntu0.1~esm2 libmediainfo-dev - 0.7.82-1ubuntu0.1~esm2 python3-mediainfodll - 0.7.82-1ubuntu0.1~esm2 libmediainfo0v5 - 0.7.82-1ubuntu0.1~esm2 libmediainfo-doc - 0.7.82-1ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-15395 CVE-2020-26797 Ubuntu 16.04 LTS It was discovered that HttpClient mishandled certain input. An attacker could use this vulnerability to cause a crash or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5239-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libhttpmime-java - 4.5.1-1ubuntu0.1~esm1 libhttpclient-java - 4.5.1-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-13956 Ubuntu 16.04 LTS USN-5243-1 fixed a vulnerability in aide. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: David Bouman discovered that AIDE incorrectly handled base64 operations. A local attacker could use this issue to cause AIDE to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5243-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: aide-dynamic - 0.16~a2.git20130520-3ubuntu0.1~esm1 aide-common - 0.16~a2.git20130520-3ubuntu0.1~esm1 aide-xen - 0.16~a2.git20130520-3ubuntu0.1~esm1 aide - 0.16~a2.git20130520-3ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-45417 Ubuntu 16.04 LTS Daniel Onaca discovered that DBus contained a use-after-free vulnerability, caused by the incorrect handling of usernames sharing the same UID. An attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-5244-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dbus-1-doc - 1.10.6-1ubuntu3.6+esm1 dbus - 1.10.6-1ubuntu3.6+esm1 libdbus-1-dev - 1.10.6-1ubuntu3.6+esm1 dbus-user-session - 1.10.6-1ubuntu3.6+esm1 dbus-x11 - 1.10.6-1ubuntu3.6+esm1 dbus-tests - 1.10.6-1ubuntu3.6+esm1 libdbus-1-3 - 1.10.6-1ubuntu3.6+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2020-35512 Ubuntu 16.04 LTS It was discovered that Apache Maven followed repositories that are defined in a dependency's Project Object Model (pom) even if the repositories weren't encrypted (http protocol). An attacker could use this vulnerability to take over a repository, execute arbitrary code or cause a denial of service. Update Instructions: Run `sudo pro fix USN-5245-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: maven - 3.3.9-3ubuntu0.1~esm1 libmaven3-core-java - 3.3.9-3ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-26291 Ubuntu 16.04 LTS USN-5250-1 fixed a vulnerability in strongSwan. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Zhuowei Zhang discovered that stringSwan incorrectly handled EAP authentication. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly bypass client and server authentication. Update Instructions: Run `sudo pro fix USN-5250-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: strongswan-plugin-xauth-pam - 5.3.5-1ubuntu3.8+esm2 libcharon-extra-plugins - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-eap-simaka-pseudonym - 5.3.5-1ubuntu3.8+esm2 libstrongswan-extra-plugins - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-xauth-noauth - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-farp - 5.3.5-1ubuntu3.8+esm2 strongswan-charon - 5.3.5-1ubuntu3.8+esm2 strongswan-ikev1 - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-xauth-eap - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-sshkey - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-error-notify - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-ipseckey - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-coupling - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-xauth-generic - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-lookip - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-eap-ttls - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-af-alg - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-eap-aka-3gpp2 - 5.3.5-1ubuntu3.8+esm2 strongswan-ike - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-eap-sim-pcsc - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-eap-aka - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-eap-sim-file - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-unbound - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-eap-simaka-sql - 5.3.5-1ubuntu3.8+esm2 libstrongswan-standard-plugins - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-sqlite - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-duplicheck - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-ntru - 5.3.5-1ubuntu3.8+esm2 strongswan-tnc-server - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-attr-sql - 5.3.5-1ubuntu3.8+esm2 strongswan-tnc-base - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-eap-peap - 5.3.5-1ubuntu3.8+esm2 strongswan-starter - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-curl - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-radattr - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-soup - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-eap-dynamic - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-eap-gtc - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-eap-tls - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-eap-tnc - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-eap-radius - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-mysql - 5.3.5-1ubuntu3.8+esm2 strongswan-ikev2 - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-systime-fix - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-sql - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-eap-simaka-reauth - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-openssl - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-dnscert - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-pubkey - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-eap-md5 - 5.3.5-1ubuntu3.8+esm2 charon-cmd - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-whitelist - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-fips-prf - 5.3.5-1ubuntu3.8+esm2 strongswan-libcharon - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-eap-mschapv2 - 5.3.5-1ubuntu3.8+esm2 strongswan-nm - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-ldap - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-certexpire - 5.3.5-1ubuntu3.8+esm2 strongswan-tnc-pdp - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-eap-sim - 5.3.5-1ubuntu3.8+esm2 strongswan-tnc-client - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-gcrypt - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-led - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-dhcp - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-dnskey - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-gmp - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-agent - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-pgp - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-kernel-libipsec - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-load-tester - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-unity - 5.3.5-1ubuntu3.8+esm2 strongswan - 5.3.5-1ubuntu3.8+esm2 strongswan-plugin-pkcs11 - 5.3.5-1ubuntu3.8+esm2 strongswan-tnc-ifmap - 5.3.5-1ubuntu3.8+esm2 libstrongswan - 5.3.5-1ubuntu3.8+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-45079 Ubuntu 16.04 LTS It was discovered that GEGL incorrectly filtered and escaped file path input data when using the C system() function for execution of the ImageMagick convert command. An attacker could possibly use this to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5251-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgegl-0.3-0 - 0.3.4-1ubuntu2+esm1 gegl - 0.3.4-1ubuntu2+esm1 libgegl-doc - 0.3.4-1ubuntu2+esm1 libgegl-dev - 0.3.4-1ubuntu2+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-45463 Ubuntu 16.04 LTS USN-5252-1 fixed a vulnerability in policykit-1. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that the PolicyKit pkexec tool incorrectly handled command-line arguments. A local attacker could use this issue to escalate privileges to an administrator. Update Instructions: Run `sudo pro fix USN-5252-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpolkit-backend-1-0 - 0.105-14.1ubuntu0.5+esm1 policykit-1-doc - 0.105-14.1ubuntu0.5+esm1 libpolkit-agent-1-0 - 0.105-14.1ubuntu0.5+esm1 libpolkit-gobject-1-dev - 0.105-14.1ubuntu0.5+esm1 libpolkit-gobject-1-0 - 0.105-14.1ubuntu0.5+esm1 policykit-1 - 0.105-14.1ubuntu0.5+esm1 gir1.2-polkit-1.0 - 0.105-14.1ubuntu0.5+esm1 libpolkit-backend-1-dev - 0.105-14.1ubuntu0.5+esm1 libpolkit-agent-1-dev - 0.105-14.1ubuntu0.5+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-4034 Ubuntu 16.04 LTS It was discovered that Rack insecurely handled session ids. An unauthenticated remote attacker could possibly use this issue to perform a timing attack and hijack sessions. (CVE-2019-16782) It was discovered that Rack was incorrectly handling cookies during parsing, not validating them or performing the necessary integrity checks. An attacker could possibly use this issue to overwrite existing cookie data and gain control over a remote system's behaviour. This issue only affected Ubuntu 14.04 ESM. (CVE-2020-8184) It was discovered that Rack was not properly parsing data when processing multipart POST requests. If a user or automated system were tricked into sending a specially crafted multipart POST request to an application using Rack, a remote attacker could possibly use this issue to cause a denial of service. This issue was only fixed in Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2022-30122) It was discovered that Rack was not properly escaping untrusted data when performing logging operations, which could cause shell escaped sequences to be written to a terminal. If a user or automated system were tricked into sending a specially crafted request to an application using Rack, a remote attacker could possibly use this issue to execute arbitrary code in the machine running the application. This issue was only fixed in Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2022-30123) Update Instructions: Run `sudo pro fix USN-5253-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby-rack - 1.6.4-3ubuntu0.2+esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-16782 CVE-2020-8184 CVE-2022-30122 CVE-2022-30123 Ubuntu 16.04 LTS It was discovered that shadow incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or expose sensitive information. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2017-12424) It was discovered that shadow incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2018-7169) Update Instructions: Run `sudo pro fix USN-5254-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: passwd - 1:4.2-3.1ubuntu5.5+esm1 login - 1:4.2-3.1ubuntu5.5+esm1 uidmap - 1:4.2-3.1ubuntu5.5+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2017-12424 CVE-2018-7169 Ubuntu 16.04 LTS USN-5256-1 fixed several vulnerabilities in uriparser. This update provides the corresponding update for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 20.04 ESM. Original advisory details: It was discovered that uriparser incorrectly handled certain memory operations. An attacker could use this to cause a denial of service. (CVE-2021-46141, CVE-2021-46142) Update Instructions: Run `sudo pro fix USN-5256-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liburiparser-doc - 0.8.4-1ubuntu0.16.04.1~esm3 liburiparser-dev - 0.8.4-1ubuntu0.16.04.1~esm3 liburiparser1 - 0.8.4-1ubuntu0.16.04.1~esm3 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-46141 CVE-2021-46142 Ubuntu 16.04 LTS It was discovered that ldns incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-19860, CVE-2020-19861) Update Instructions: Run `sudo pro fix USN-5257-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libldns-dev - 1.6.17-8ubuntu0.1+esm1 python-ldns - 1.6.17-8ubuntu0.1+esm1 ldnsutils - 1.6.17-8ubuntu0.1+esm1 libldns1 - 1.6.17-8ubuntu0.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-19860 CVE-2020-19861 Ubuntu 16.04 LTS Stuart Nevans Locke discovered that WeeChat's relay plugin insecurely handled malformed websocket frames. A remote attacker in control of a server could possibly use this issue to cause denial of service in a client. (CVE-2021-40516) Stuart Nevans Locke discovered that WeeChat insecurely handled certain IRC messages. A remote attacker in control of a server could possibly use this issue to cause denial of service in a client. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2020-9760) Stuart Nevans Locke discovered that WeeChat insecurely handled certain IRC messages. A remote unauthenticated attacker could possibly use these issues to cause denial of service in a client. These issues only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2020-9759, CVE-2020-8955) Joseph Bisch discovered that WeeChat's logger incorrectly handled certain memory operations when handling log file names. A remote attacker could possibly use this issue to cause denial of service in a client. This issue only affected Ubuntu 16.04 ESM. (CVE-2017-14727) Update Instructions: Run `sudo pro fix USN-5258-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: weechat-dev - 1.4-2ubuntu0.1+esm1 weechat-core - 1.4-2ubuntu0.1+esm1 weechat-curses - 1.4-2ubuntu0.1+esm1 weechat-doc - 1.4-2ubuntu0.1+esm1 weechat-plugins - 1.4-2ubuntu0.1+esm1 weechat - 1.4-2ubuntu0.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-14727 CVE-2020-8955 CVE-2020-9759 CVE-2020-9760 CVE-2021-40516 Ubuntu 16.04 LTS It was discovered that the postinst maintainer script in Cron unsafely handled file permissions during package install or update operations. An attacker could possibly use this issue to perform a privilege escalation attack. (CVE-2017-9525) Florian Weimer discovered that Cron incorrectly handled certain memory operations during crontab file creation. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-9704) It was discovered that Cron incorrectly handled user input during crontab file creation. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-9705) It was discovered that Cron contained a use-after-free vulnerability in its force_rescan_user function. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-9706) Update Instructions: Run `sudo pro fix USN-5259-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cron - 3.0pl1-128ubuntu2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2017-9525 CVE-2019-9704 CVE-2019-9705 CVE-2019-9706 Ubuntu 16.04 LTS USN-5259-1 and USN-5259-2 fixed vulnerabilities in Cron. Unfortunately that update was incomplete and could introduce a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the postinst maintainer script in Cron unsafely handled file permissions during package install or update operations. An attacker could possibly use this issue to perform a privilege escalation attack. (CVE-2017-9525) Florian Weimer discovered that Cron incorrectly handled certain memory operations during crontab file creation. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-9704) It was discovered that Cron incorrectly handled user input during crontab file creation. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-9705) It was discovered that Cron contained a use-after-free vulnerability in its force_rescan_user function. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-9706) Update Instructions: Run `sudo pro fix USN-5259-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cron - 3.0pl1-128ubuntu2+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2017-9525 https://launchpad.net/bugs/1971895 https://ubuntu.com/security/notices/USN-5259-2 Ubuntu 16.04 LTS USN-5260-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Orange Tsai discovered that the Samba vfs_fruit module incorrectly handled certain memory operations. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code as root. (CVE-2021-44142) Update Instructions: Run `sudo pro fix USN-5260-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.3.11+dfsg-0ubuntu0.16.04.34+esm1 samba - 2:4.3.11+dfsg-0ubuntu0.16.04.34+esm1 libnss-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.34+esm1 libpam-winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.34+esm1 winbind - 2:4.3.11+dfsg-0ubuntu0.16.04.34+esm1 smbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.34+esm1 samba-vfs-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.34+esm1 libwbclient0 - 2:4.3.11+dfsg-0ubuntu0.16.04.34+esm1 samba-testsuite - 2:4.3.11+dfsg-0ubuntu0.16.04.34+esm1 samba-common-bin - 2:4.3.11+dfsg-0ubuntu0.16.04.34+esm1 libsmbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.34+esm1 libwbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.34+esm1 samba-dsdb-modules - 2:4.3.11+dfsg-0ubuntu0.16.04.34+esm1 samba-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.34+esm1 libsmbclient-dev - 2:4.3.11+dfsg-0ubuntu0.16.04.34+esm1 python-samba - 2:4.3.11+dfsg-0ubuntu0.16.04.34+esm1 samba-common - 2:4.3.11+dfsg-0ubuntu0.16.04.34+esm1 registry-tools - 2:4.3.11+dfsg-0ubuntu0.16.04.34+esm1 samba-libs - 2:4.3.11+dfsg-0ubuntu0.16.04.34+esm1 ctdb - 2:4.3.11+dfsg-0ubuntu0.16.04.34+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-44142 Ubuntu 16.04 LTS It was discovered that Phusion Passenger incorrectly handled a file path in the application root folder. An attacker could possibly use this issue to read arbitrary files. (CVE-2017-16355) It was discovered that Phusion Passenger had a race condition in the nginx module that could be used to perform a symlink attack. An attacker could possibly use this issue to escalate privileges. (CVE-2018-12029) Update Instructions: Run `sudo pro fix USN-5261-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby-passenger-doc - 5.0.27-2ubuntu0.1~esm1 passenger - 5.0.27-2ubuntu0.1~esm1 ruby-passenger - 5.0.27-2ubuntu0.1~esm1 passenger-doc - 5.0.27-2ubuntu0.1~esm1 libapache2-mod-passenger - 5.0.27-2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-16355 CVE-2018-12029 Ubuntu 16.04 LTS The potential for an out of bounds write due to a missing bounds check was discovered to impact the sgdisk utility of GPT fdisk. Exploitation requires the use of a maliciously formatted storage device and could cause sgdisk to crash as well as possibly allow for local privilege escalation. Update Instructions: Run `sudo pro fix USN-5262-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gdisk - 1.0.1-1ubuntu0.1~esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2020-0256 CVE-2021-0308 Ubuntu 16.04 LTS It was discovered that graphviz contains null pointer dereference vulnerabilities. Exploitation via a specially crafted input file can cause a denial of service. (CVE-2018-10196, CVE-2019-11023) It was discovered that graphviz contains a buffer overflow vulnerability. Exploitation via a specially crafted input file can cause a denial of service or possibly allow for arbitrary code execution. (CVE-2020-18032) Update Instructions: Run `sudo pro fix USN-5264-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgv-perl - 2.38.0-12ubuntu2.1+esm1 libcgraph6 - 2.38.0-12ubuntu2.1+esm1 libgv-tcl - 2.38.0-12ubuntu2.1+esm1 libgv-guile - 2.38.0-12ubuntu2.1+esm1 libxdot4 - 2.38.0-12ubuntu2.1+esm1 libgvc6-plugins-gtk - 2.38.0-12ubuntu2.1+esm1 libcdt5 - 2.38.0-12ubuntu2.1+esm1 graphviz - 2.38.0-12ubuntu2.1+esm1 libgv-python - 2.38.0-12ubuntu2.1+esm1 libgv-lua - 2.38.0-12ubuntu2.1+esm1 libpathplan4 - 2.38.0-12ubuntu2.1+esm1 graphviz-doc - 2.38.0-12ubuntu2.1+esm1 libgvpr2 - 2.38.0-12ubuntu2.1+esm1 libgraphviz-dev - 2.38.0-12ubuntu2.1+esm1 graphviz-dev - 2.38.0-12ubuntu2.1+esm1 libgvc6 - 2.38.0-12ubuntu2.1+esm1 libgv-ruby - 2.38.0-12ubuntu2.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-10196 CVE-2019-11023 CVE-2020-18032 Ubuntu 16.04 LTS Keyu Man discovered that the ICMP implementation in the Linux kernel did not properly handle received ICMP error packets. A remote attacker could use this to facilitate attacks on UDP based services that depend on source port randomization. (CVE-2021-20322) It was discovered that the Bluetooth subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3640) Likang Luo discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3752) Luo Likang discovered that the FireDTV Firewire driver in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-42739) Update Instructions: Run `sudo pro fix USN-5268-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1086-oracle - 4.15.0-1086.94~16.04.1 linux-image-unsigned-4.15.0-1086-oracle - 4.15.0-1086.94~16.04.1 linux-headers-4.15.0-1086-oracle - 4.15.0-1086.94~16.04.1 linux-modules-4.15.0-1086-oracle - 4.15.0-1086.94~16.04.1 linux-tools-4.15.0-1086-oracle - 4.15.0-1086.94~16.04.1 linux-oracle-tools-4.15.0-1086 - 4.15.0-1086.94~16.04.1 linux-oracle-headers-4.15.0-1086 - 4.15.0-1086.94~16.04.1 linux-modules-extra-4.15.0-1086-oracle - 4.15.0-1086.94~16.04.1 linux-buildinfo-4.15.0-1086-oracle - 4.15.0-1086.94~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp-tools-4.15.0-1115 - 4.15.0-1115.129~16.04.1 linux-modules-extra-4.15.0-1115-gcp - 4.15.0-1115.129~16.04.1 linux-image-4.15.0-1115-gcp - 4.15.0-1115.129~16.04.1 linux-buildinfo-4.15.0-1115-gcp - 4.15.0-1115.129~16.04.1 linux-gcp-headers-4.15.0-1115 - 4.15.0-1115.129~16.04.1 linux-image-unsigned-4.15.0-1115-gcp - 4.15.0-1115.129~16.04.1 linux-tools-4.15.0-1115-gcp - 4.15.0-1115.129~16.04.1 linux-modules-4.15.0-1115-gcp - 4.15.0-1115.129~16.04.1 linux-headers-4.15.0-1115-gcp - 4.15.0-1115.129~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-hwe-cloud-tools-4.15.0-1119 - 4.15.0-1119.126~16.04.2 linux-aws-hwe-tools-4.15.0-1119 - 4.15.0-1119.126~16.04.2 linux-modules-4.15.0-1119-aws - 4.15.0-1119.126~16.04.2 linux-tools-4.15.0-1119-aws - 4.15.0-1119.126~16.04.2 linux-aws-headers-4.15.0-1119 - 4.15.0-1119.126~16.04.2 linux-buildinfo-4.15.0-1119-aws - 4.15.0-1119.126~16.04.2 linux-image-unsigned-4.15.0-1119-aws - 4.15.0-1119.126~16.04.2 linux-cloud-tools-4.15.0-1119-aws - 4.15.0-1119.126~16.04.2 linux-modules-extra-4.15.0-1119-aws - 4.15.0-1119.126~16.04.2 linux-headers-4.15.0-1119-aws - 4.15.0-1119.126~16.04.2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-1130-azure - 4.15.0-1130.143~16.04.1 linux-azure-tools-4.15.0-1130 - 4.15.0-1130.143~16.04.1 linux-tools-4.15.0-1130-azure - 4.15.0-1130.143~16.04.1 linux-azure-cloud-tools-4.15.0-1130 - 4.15.0-1130.143~16.04.1 linux-azure-headers-4.15.0-1130 - 4.15.0-1130.143~16.04.1 linux-cloud-tools-4.15.0-1130-azure - 4.15.0-1130.143~16.04.1 linux-modules-4.15.0-1130-azure - 4.15.0-1130.143~16.04.1 linux-headers-4.15.0-1130-azure - 4.15.0-1130.143~16.04.1 linux-image-4.15.0-1130-azure - 4.15.0-1130.143~16.04.1 linux-modules-extra-4.15.0-1130-azure - 4.15.0-1130.143~16.04.1 linux-image-unsigned-4.15.0-1130-azure - 4.15.0-1130.143~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-4.15.0-167-lowlatency - 4.15.0-167.175~16.04.1 linux-modules-extra-4.15.0-167-generic - 4.15.0-167.175~16.04.1 linux-tools-4.15.0-167-generic - 4.15.0-167.175~16.04.1 linux-tools-4.15.0-167-lowlatency - 4.15.0-167.175~16.04.1 linux-image-unsigned-4.15.0-167-generic - 4.15.0-167.175~16.04.1 linux-image-4.15.0-167-lowlatency - 4.15.0-167.175~16.04.1 linux-cloud-tools-4.15.0-167-generic - 4.15.0-167.175~16.04.1 linux-headers-4.15.0-167 - 4.15.0-167.175~16.04.1 linux-image-4.15.0-167-generic - 4.15.0-167.175~16.04.1 linux-headers-4.15.0-167-generic - 4.15.0-167.175~16.04.1 linux-hwe-tools-4.15.0-167 - 4.15.0-167.175~16.04.1 linux-modules-4.15.0-167-lowlatency - 4.15.0-167.175~16.04.1 linux-image-unsigned-4.15.0-167-lowlatency - 4.15.0-167.175~16.04.1 linux-buildinfo-4.15.0-167-lowlatency - 4.15.0-167.175~16.04.1 linux-hwe-cloud-tools-4.15.0-167 - 4.15.0-167.175~16.04.1 linux-modules-4.15.0-167-generic - 4.15.0-167.175~16.04.1 linux-source-4.15.0 - 4.15.0-167.175~16.04.1 linux-cloud-tools-4.15.0-167-lowlatency - 4.15.0-167.175~16.04.1 linux-buildinfo-4.15.0-167-generic - 4.15.0-167.175~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 4.15.0.1086.74 linux-tools-oracle - 4.15.0.1086.74 linux-signed-image-oracle - 4.15.0.1086.74 linux-signed-oracle - 4.15.0.1086.74 linux-image-oracle - 4.15.0.1086.74 linux-oracle - 4.15.0.1086.74 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-gke - 4.15.0.1115.116 linux-headers-gke - 4.15.0.1115.116 linux-tools-gcp - 4.15.0.1115.116 linux-modules-extra-gcp - 4.15.0.1115.116 linux-tools-gke - 4.15.0.1115.116 linux-gke - 4.15.0.1115.116 linux-gcp - 4.15.0.1115.116 linux-image-gke - 4.15.0.1115.116 linux-headers-gcp - 4.15.0.1115.116 linux-image-gcp - 4.15.0.1115.116 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-hwe - 4.15.0.1119.110 linux-headers-aws-hwe - 4.15.0.1119.110 linux-aws-edge - 4.15.0.1119.110 linux-image-aws-hwe - 4.15.0.1119.110 linux-modules-extra-aws-hwe - 4.15.0.1119.110 linux-tools-aws-hwe - 4.15.0.1119.110 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1130.121 linux-tools-azure-edge - 4.15.0.1130.121 linux-cloud-tools-azure - 4.15.0.1130.121 linux-tools-azure - 4.15.0.1130.121 linux-image-azure-edge - 4.15.0.1130.121 linux-cloud-tools-azure-edge - 4.15.0.1130.121 linux-modules-extra-azure - 4.15.0.1130.121 linux-azure - 4.15.0.1130.121 linux-signed-image-azure-edge - 4.15.0.1130.121 linux-image-azure - 4.15.0.1130.121 linux-signed-image-azure - 4.15.0.1130.121 linux-headers-azure-edge - 4.15.0.1130.121 linux-azure-edge - 4.15.0.1130.121 linux-modules-extra-azure-edge - 4.15.0.1130.121 linux-signed-azure-edge - 4.15.0.1130.121 linux-headers-azure - 4.15.0.1130.121 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-generic-hwe-16.04-edge - 4.15.0.167.159 linux-tools-oem - 4.15.0.167.159 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.167.159 linux-image-extra-virtual-hwe-16.04 - 4.15.0.167.159 linux-image-oem - 4.15.0.167.159 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.167.159 linux-headers-generic-hwe-16.04-edge - 4.15.0.167.159 linux-image-lowlatency-hwe-16.04 - 4.15.0.167.159 linux-tools-virtual-hwe-16.04 - 4.15.0.167.159 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.167.159 linux-image-virtual-hwe-16.04-edge - 4.15.0.167.159 linux-signed-lowlatency-hwe-16.04 - 4.15.0.167.159 linux-headers-oem - 4.15.0.167.159 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.167.159 linux-generic-hwe-16.04-edge - 4.15.0.167.159 linux-headers-lowlatency-hwe-16.04 - 4.15.0.167.159 linux-virtual-hwe-16.04 - 4.15.0.167.159 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.167.159 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.167.159 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.167.159 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.167.159 linux-signed-image-generic-hwe-16.04 - 4.15.0.167.159 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.167.159 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.167.159 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.167.159 linux-headers-virtual-hwe-16.04-edge - 4.15.0.167.159 linux-lowlatency-hwe-16.04 - 4.15.0.167.159 linux-headers-generic-hwe-16.04 - 4.15.0.167.159 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.167.159 linux-generic-hwe-16.04 - 4.15.0.167.159 linux-tools-virtual-hwe-16.04-edge - 4.15.0.167.159 linux-oem - 4.15.0.167.159 linux-lowlatency-hwe-16.04-edge - 4.15.0.167.159 linux-image-generic-hwe-16.04 - 4.15.0.167.159 linux-image-generic-hwe-16.04-edge - 4.15.0.167.159 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.167.159 linux-virtual-hwe-16.04-edge - 4.15.0.167.159 linux-tools-lowlatency-hwe-16.04 - 4.15.0.167.159 linux-headers-virtual-hwe-16.04 - 4.15.0.167.159 linux-signed-oem - 4.15.0.167.159 linux-image-virtual-hwe-16.04 - 4.15.0.167.159 linux-signed-generic-hwe-16.04 - 4.15.0.167.159 linux-signed-image-oem - 4.15.0.167.159 linux-tools-generic-hwe-16.04 - 4.15.0.167.159 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.167.159 linux-tools-generic-hwe-16.04-edge - 4.15.0.167.159 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-20322 CVE-2021-3640 CVE-2021-3752 CVE-2021-42739 Ubuntu 16.04 LTS USN-5269-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Keryn Knight discovered that Django incorrectly handled certain template tags. A remote attacker could possibly use this issue to perform a cross-site scripting attack. (CVE-2022-22818) Alan Ryan discovered that Django incorrectly handled file uploads. A remote attacker could possibly use this issue to cause Django to hang, resulting in a denial of service. (CVE-2022-23833) Update Instructions: Run `sudo pro fix USN-5269-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1.8.7-1ubuntu5.15+esm4 python-django-doc - 1.8.7-1ubuntu5.15+esm4 python-django-common - 1.8.7-1ubuntu5.15+esm4 python-django - 1.8.7-1ubuntu5.15+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-22818 CVE-2022-23833 Ubuntu 16.04 LTS USN-5270-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.7.37 in Ubuntu 16.04 ESM. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-37.html https://www.oracle.com/security-alerts/cpujan2022.html Update Instructions: Run `sudo pro fix USN-5270-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.37-0ubuntu0.16.04.1+esm1 mysql-source-5.7 - 5.7.37-0ubuntu0.16.04.1+esm1 libmysqlclient-dev - 5.7.37-0ubuntu0.16.04.1+esm1 mysql-client-core-5.7 - 5.7.37-0ubuntu0.16.04.1+esm1 mysql-client-5.7 - 5.7.37-0ubuntu0.16.04.1+esm1 libmysqlclient20 - 5.7.37-0ubuntu0.16.04.1+esm1 mysql-server-5.7 - 5.7.37-0ubuntu0.16.04.1+esm1 mysql-common - 5.7.37-0ubuntu0.16.04.1+esm1 mysql-server - 5.7.37-0ubuntu0.16.04.1+esm1 mysql-server-core-5.7 - 5.7.37-0ubuntu0.16.04.1+esm1 mysql-testsuite - 5.7.37-0ubuntu0.16.04.1+esm1 libmysqld-dev - 5.7.37-0ubuntu0.16.04.1+esm1 mysql-testsuite-5.7 - 5.7.37-0ubuntu0.16.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-21245 CVE-2022-21270 CVE-2022-21303 CVE-2022-21304 CVE-2022-21344 CVE-2022-21367 Ubuntu 16.04 LTS It was discovered that Adminer did not escape data in the history parameter of the default URI. A remote attacker could possibly use this issue to perform cross-site scripting (XSS) attacks. This issue only affected Ubuntu 20.04 ESM. (CVE-2020-35572) Adam Crosser and Brian Sizemore discovered that Adminer incorrectly handled redirection requests to internal servers. An unauthenticated remote attacker could possibly use this to perform a server-side request forgery attack and expose sensitive information. (CVE-2021-21311) It was discovered that Adminer was incorrectly escaping data in the doc_link function. A remote attacker could possibly use this issue to perform cross-site scripting (XSS) attacks. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-29625) Update Instructions: Run `sudo pro fix USN-5271-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: adminer - 4.2.1-1ubuntu1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-35572 CVE-2021-21311 CVE-2021-29625 Ubuntu 16.04 LTS It was discovered that HDF5 incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5272-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libhdf5-doc - 1.8.16+docs-4ubuntu1.1+esm2 libhdf5-10 - 1.8.16+docs-4ubuntu1.1+esm2 libhdf5-dev - 1.8.16+docs-4ubuntu1.1+esm2 libhdf5-cpp-11 - 1.8.16+docs-4ubuntu1.1+esm2 hdf5-helpers - 1.8.16+docs-4ubuntu1.1+esm2 libhdf5-openmpi-dev - 1.8.16+docs-4ubuntu1.1+esm2 libhdf5-openmpi-10 - 1.8.16+docs-4ubuntu1.1+esm2 libhdf5-mpich-10 - 1.8.16+docs-4ubuntu1.1+esm2 libhdf5-mpich-dev - 1.8.16+docs-4ubuntu1.1+esm2 libhdf5-mpi-dev - 1.8.16+docs-4ubuntu1.1+esm2 libhdf5-serial-dev - 1.8.16+docs-4ubuntu1.1+esm2 hdf5-tools - 1.8.16+docs-4ubuntu1.1+esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-17233 CVE-2018-17234 CVE-2018-17237 Ubuntu 16.04 LTS Demi M. Obenour discovered that RPM Package Manager incorrectly handled certain files. An attacker could possibly use this issue to corrupt the database and cause a denial of service. (CVE-2021-3421, CVE-2021-20271) Demi M. Obenour discovered that RPM Package Manager incorrectly handled memory when processing certain data from the database. An attacker could possibly use this issue to cause a denial of service. This issue only affects Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-20266) Update Instructions: Run `sudo pro fix USN-5273-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: debugedit - 4.12.0.1+dfsg1-3ubuntu0.1~esm1 rpm-i18n - 4.12.0.1+dfsg1-3ubuntu0.1~esm1 python-rpm - 4.12.0.1+dfsg1-3ubuntu0.1~esm1 rpm-common - 4.12.0.1+dfsg1-3ubuntu0.1~esm1 rpm - 4.12.0.1+dfsg1-3ubuntu0.1~esm1 librpm-dev - 4.12.0.1+dfsg1-3ubuntu0.1~esm1 librpmsign3 - 4.12.0.1+dfsg1-3ubuntu0.1~esm1 rpm2cpio - 4.12.0.1+dfsg1-3ubuntu0.1~esm1 python3-rpm - 4.12.0.1+dfsg1-3ubuntu0.1~esm1 librpmbuild3 - 4.12.0.1+dfsg1-3ubuntu0.1~esm1 librpm3 - 4.12.0.1+dfsg1-3ubuntu0.1~esm1 librpmio3 - 4.12.0.1+dfsg1-3ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Low CVE-2021-20266 CVE-2021-20271 CVE-2021-3421 Ubuntu 16.04 LTS Ziming Zhang discovered that BlueZ incorrectly handled memory write operations in its gatt server. A remote attacker could possibly use this to cause BlueZ to crash leading to a denial of service, or potentially remotely execute code. (CVE-2022-0204) Update Instructions: Run `sudo pro fix USN-5275-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libbluetooth3 - 5.37-0ubuntu5.3+esm2 bluez-tests - 5.37-0ubuntu5.3+esm2 bluez-obexd - 5.37-0ubuntu5.3+esm2 bluetooth - 5.37-0ubuntu5.3+esm2 bluez - 5.37-0ubuntu5.3+esm2 bluez-hcidump - 5.37-0ubuntu5.3+esm2 bluez-cups - 5.37-0ubuntu5.3+esm2 libbluetooth-dev - 5.37-0ubuntu5.3+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-0204 Ubuntu 16.04 LTS It was discovered that Speex incorrectly handled certain WAV files. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5280-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: speex - 1.2~rc1.2-1ubuntu1+esm1 libspeexdsp-dev - 1.2~rc1.2-1ubuntu1+esm1 libspeex-dev - 1.2~rc1.2-1ubuntu1+esm1 libspeexdsp1 - 1.2~rc1.2-1ubuntu1+esm1 speex-doc - 1.2~rc1.2-1ubuntu1+esm1 libspeex1 - 1.2~rc1.2-1ubuntu1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-23903 Ubuntu 16.04 LTS It was discovered that some OpenSC smart card drivers mishandled memory when performing certain decoding operations. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2019-15945, CVE-2019-15946) It was discovered that some OpenSC smart card drivers had buffer overflow vulnerabilities. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. (CVE-2020-26570, CVE-2020-26571, CVE-2020-26572) Update Instructions: Run `sudo pro fix USN-5281-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: opensc-pkcs11 - 0.15.0-1ubuntu1+esm1 opensc - 0.15.0-1ubuntu1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-15945 CVE-2019-15946 CVE-2020-26570 CVE-2020-26571 CVE-2020-26572 Ubuntu 16.04 LTS It was discovered that PDFResurrect was incorrectly handling corrupted PDF files. An attacker could possibly use this issue to cause a buffer overflow, resulting in a denial of service, or arbitrary code execution. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2019-14267) It was discovered that PDFResurrect incorrectly handled memory when loading PDF pages. An attacker could possibly use this issue to cause a heap buffer overflow, resulting in a denial of service, or arbitrary code execution. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2019-14934) It was discovered that PDFResurrect was incorrectly validating header data in input PDF files. An attacker could possibly use this issue to cause a heap buffer overflow, resulting in a denial of service, or arbitrary code execution. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-20740) Carter Yagemann discovered that PDFResurrect incorrectly handled certain memory operations during PDF summary generation. An attacker could use this to cause out-of-bounds writes, resulting in a denial of service (system crash) or arbitrary code execution. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-9549) It was discovered that PDFResurrect was incorrectly processing data when performing trailer search operations. An attacker could possibly use this issue to cause an infinite loop, resulting in a denial of service. (CVE-2021-3508) Update Instructions: Run `sudo pro fix USN-5282-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: pdfresurrect - 0.12-6ubuntu0.2+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-14267 CVE-2019-14934 CVE-2020-20740 CVE-2020-9549 CVE-2021-3508 Ubuntu 16.04 LTS It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5288-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lib64expat1 - 2.1.0-7ubuntu0.16.04.5+esm2 lib64expat1-dev - 2.1.0-7ubuntu0.16.04.5+esm2 expat - 2.1.0-7ubuntu0.16.04.5+esm2 libexpat1-dev - 2.1.0-7ubuntu0.16.04.5+esm2 libexpat1 - 2.1.0-7ubuntu0.16.04.5+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-23990 CVE-2022-25235 CVE-2022-25236 Ubuntu 16.04 LTS USN-5292-1 fixed several vulnerabilities in snapd. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: James Troup discovered that snap did not properly manage the permissions for the snap directories. A local attacker could possibly use this issue to expose sensitive information. (CVE-2021-3155) Ian Johnson discovered that snapd did not properly validate content interfaces and layout paths. A local attacker could possibly use this issue to inject arbitrary AppArmor policy rules, resulting in a bypass of intended access restrictions. (CVE-2021-4120) The Qualys Research Team discovered that snapd did not properly validate the location of the snap-confine binary. A local attacker could possibly use this issue to execute other arbitrary binaries and escalate privileges. (CVE-2021-44730) The Qualys Research Team discovered that a race condition existed in the snapd snap-confine binary when preparing a private mount namespace for a snap. A local attacker could possibly use this issue to escalate privileges and execute arbitrary code. (CVE-2021-44731) Update Instructions: Run `sudo pro fix USN-5292-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ubuntu-core-snapd-units - 2.54.3+16.04~esm2 ubuntu-core-launcher - 2.54.3+16.04~esm2 snap-confine - 2.54.3+16.04~esm2 ubuntu-snappy-cli - 2.54.3+16.04~esm2 golang-github-snapcore-snapd-dev - 2.54.3+16.04~esm2 snapd-xdg-open - 2.54.3+16.04~esm2 snapd - 2.54.3+16.04~esm2 golang-github-ubuntu-core-snappy-dev - 2.54.3+16.04~esm2 ubuntu-snappy - 2.54.3+16.04~esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-3155 CVE-2021-4120 CVE-2021-44730 CVE-2021-44731 Ubuntu 16.04 LTS USN-5292-1 fixed a vulnerability in snapd. Unfortunately that update introduced a regression that could break the fish shell. This update fixes the problem. We apologize for the inconvenience. Original advisory details: James Troup discovered that snap did not properly manage the permissions for the snap directories. A local attacker could possibly use this issue to expose sensitive information. (CVE-2021-3155) Ian Johnson discovered that snapd did not properly validate content interfaces and layout paths. A local attacker could possibly use this issue to inject arbitrary AppArmor policy rules, resulting in a bypass of intended access restrictions. (CVE-2021-4120) The Qualys Research Team discovered that snapd did not properly validate the location of the snap-confine binary. A local attacker could possibly use this issue to execute other arbitrary binaries and escalate privileges. (CVE-2021-44730) The Qualys Research Team discovered that a race condition existed in the snapd snap-confine binary when preparing a private mount namespace for a snap. A local attacker could possibly use this issue to escalate privileges and execute arbitrary code. (CVE-2021-44731) Update Instructions: Run `sudo pro fix USN-5292-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ubuntu-core-snapd-units - 2.54.3+16.04.0ubuntu0.1~esm4 ubuntu-core-launcher - 2.54.3+16.04.0ubuntu0.1~esm4 snap-confine - 2.54.3+16.04.0ubuntu0.1~esm4 ubuntu-snappy-cli - 2.54.3+16.04.0ubuntu0.1~esm4 golang-github-snapcore-snapd-dev - 2.54.3+16.04.0ubuntu0.1~esm4 snapd-xdg-open - 2.54.3+16.04.0ubuntu0.1~esm4 snapd - 2.54.3+16.04.0ubuntu0.1~esm4 golang-github-ubuntu-core-snappy-dev - 2.54.3+16.04.0ubuntu0.1~esm4 ubuntu-snappy - 2.54.3+16.04.0ubuntu0.1~esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1961365 https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1961791 Ubuntu 16.04 LTS USN-5293-1 fixed a vulnerability in c3p0. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Aaron Massey discovered that c3p0 could be made to crash when parsing certain input. An attacker able to modify the application's XML configuration file could cause a denial of service. Update Instructions: Run `sudo pro fix USN-5293-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc3p0-java-doc - 0.9.1.2-9+deb8u1ubuntu0.16.04.1~esm1 libc3p0-java - 0.9.1.2-9+deb8u1ubuntu0.16.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-5427 Ubuntu 16.04 LTS It was discovered that the Packet network protocol implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-22600) Jürgen Groß discovered that the Xen subsystem within the Linux kernel did not adequately limit the number of events driver domains (unprivileged PV backends) could send to other guest VMs. An attacker in a driver domain could use this to cause a denial of service in other guest VMs. (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713) Jürgen Groß discovered that the Xen network backend driver in the Linux kernel did not adequately limit the amount of queued packets when a guest did not process them. An attacker in a guest VM can use this to cause a denial of service (excessive kernel memory consumption) in the network backend domain. (CVE-2021-28714, CVE-2021-28715) Szymon Heidrich discovered that the USB Gadget subsystem in the Linux kernel did not properly restrict the size of control requests for certain gadget types, leading to possible out of bounds reads or writes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-39685) Jann Horn discovered a race condition in the Unix domain socket implementation in the Linux kernel that could result in a read-after-free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-4083) Kirill Tkhai discovered that the XFS file system implementation in the Linux kernel did not calculate size correctly when pre-allocating space in some situations. A local attacker could use this to expose sensitive information. (CVE-2021-4155) Lin Ma discovered that the NFC Controller Interface (NCI) implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-4202) Sushma Venkatesh Reddy discovered that the Intel i915 graphics driver in the Linux kernel did not perform a GPU TLB flush in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-0330) It was discovered that the VMware Virtual GPU driver in the Linux kernel did not properly handle certain failure conditions, leading to a stale entry in the file descriptor table. A local attacker could use this to expose sensitive information or possibly gain administrative privileges. (CVE-2022-22942) Update Instructions: Run `sudo pro fix USN-5298-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-headers-4.15.0-1087-oracle - 4.15.0-1087.95~16.04.1 linux-modules-extra-4.15.0-1087-oracle - 4.15.0-1087.95~16.04.1 linux-image-unsigned-4.15.0-1087-oracle - 4.15.0-1087.95~16.04.1 linux-tools-4.15.0-1087-oracle - 4.15.0-1087.95~16.04.1 linux-buildinfo-4.15.0-1087-oracle - 4.15.0-1087.95~16.04.1 linux-modules-4.15.0-1087-oracle - 4.15.0-1087.95~16.04.1 linux-image-4.15.0-1087-oracle - 4.15.0-1087.95~16.04.1 linux-oracle-tools-4.15.0-1087 - 4.15.0-1087.95~16.04.1 linux-oracle-headers-4.15.0-1087 - 4.15.0-1087.95~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp-tools-4.15.0-1116 - 4.15.0-1116.130~16.04.1 linux-headers-4.15.0-1116-gcp - 4.15.0-1116.130~16.04.1 linux-buildinfo-4.15.0-1116-gcp - 4.15.0-1116.130~16.04.1 linux-gcp-headers-4.15.0-1116 - 4.15.0-1116.130~16.04.1 linux-modules-4.15.0-1116-gcp - 4.15.0-1116.130~16.04.1 linux-tools-4.15.0-1116-gcp - 4.15.0-1116.130~16.04.1 linux-image-4.15.0-1116-gcp - 4.15.0-1116.130~16.04.1 linux-modules-extra-4.15.0-1116-gcp - 4.15.0-1116.130~16.04.1 linux-image-unsigned-4.15.0-1116-gcp - 4.15.0-1116.130~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-4.15.0-1120-aws - 4.15.0-1120.128~16.04.1 linux-buildinfo-4.15.0-1120-aws - 4.15.0-1120.128~16.04.1 linux-tools-4.15.0-1120-aws - 4.15.0-1120.128~16.04.1 linux-headers-4.15.0-1120-aws - 4.15.0-1120.128~16.04.1 linux-image-unsigned-4.15.0-1120-aws - 4.15.0-1120.128~16.04.1 linux-modules-4.15.0-1120-aws - 4.15.0-1120.128~16.04.1 linux-aws-headers-4.15.0-1120 - 4.15.0-1120.128~16.04.1 linux-modules-extra-4.15.0-1120-aws - 4.15.0-1120.128~16.04.1 linux-aws-hwe-cloud-tools-4.15.0-1120 - 4.15.0-1120.128~16.04.1 linux-aws-hwe-tools-4.15.0-1120 - 4.15.0-1120.128~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-4.15.0-1131-azure - 4.15.0-1131.144~16.04.1 linux-azure-tools-4.15.0-1131 - 4.15.0-1131.144~16.04.1 linux-image-4.15.0-1131-azure - 4.15.0-1131.144~16.04.1 linux-azure-cloud-tools-4.15.0-1131 - 4.15.0-1131.144~16.04.1 linux-azure-headers-4.15.0-1131 - 4.15.0-1131.144~16.04.1 linux-cloud-tools-4.15.0-1131-azure - 4.15.0-1131.144~16.04.1 linux-headers-4.15.0-1131-azure - 4.15.0-1131.144~16.04.1 linux-modules-4.15.0-1131-azure - 4.15.0-1131.144~16.04.1 linux-buildinfo-4.15.0-1131-azure - 4.15.0-1131.144~16.04.1 linux-image-unsigned-4.15.0-1131-azure - 4.15.0-1131.144~16.04.1 linux-tools-4.15.0-1131-azure - 4.15.0-1131.144~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-169-lowlatency - 4.15.0-169.177~16.04.1 linux-image-4.15.0-169-generic - 4.15.0-169.177~16.04.1 linux-headers-4.15.0-169-lowlatency - 4.15.0-169.177~16.04.1 linux-image-4.15.0-169-lowlatency - 4.15.0-169.177~16.04.1 linux-cloud-tools-4.15.0-169-lowlatency - 4.15.0-169.177~16.04.1 linux-modules-extra-4.15.0-169-generic - 4.15.0-169.177~16.04.1 linux-image-unsigned-4.15.0-169-generic - 4.15.0-169.177~16.04.1 linux-modules-4.15.0-169-lowlatency - 4.15.0-169.177~16.04.1 linux-headers-4.15.0-169 - 4.15.0-169.177~16.04.1 linux-modules-4.15.0-169-generic - 4.15.0-169.177~16.04.1 linux-image-unsigned-4.15.0-169-lowlatency - 4.15.0-169.177~16.04.1 linux-tools-4.15.0-169-generic - 4.15.0-169.177~16.04.1 linux-headers-4.15.0-169-generic - 4.15.0-169.177~16.04.1 linux-tools-4.15.0-169-lowlatency - 4.15.0-169.177~16.04.1 linux-hwe-tools-4.15.0-169 - 4.15.0-169.177~16.04.1 linux-cloud-tools-4.15.0-169-generic - 4.15.0-169.177~16.04.1 linux-buildinfo-4.15.0-169-generic - 4.15.0-169.177~16.04.1 linux-hwe-cloud-tools-4.15.0-169 - 4.15.0-169.177~16.04.1 linux-source-4.15.0 - 4.15.0-169.177~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-oracle - 4.15.0.1087.75 linux-headers-oracle - 4.15.0.1087.75 linux-signed-image-oracle - 4.15.0.1087.75 linux-signed-oracle - 4.15.0.1087.75 linux-image-oracle - 4.15.0.1087.75 linux-oracle - 4.15.0.1087.75 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-gke - 4.15.0.1116.117 linux-modules-extra-gcp - 4.15.0.1116.117 linux-tools-gke - 4.15.0.1116.117 linux-tools-gcp - 4.15.0.1116.117 linux-gke - 4.15.0.1116.117 linux-gcp - 4.15.0.1116.117 linux-image-gke - 4.15.0.1116.117 linux-headers-gke - 4.15.0.1116.117 linux-headers-gcp - 4.15.0.1116.117 linux-image-gcp - 4.15.0.1116.117 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-hwe - 4.15.0.1120.111 linux-modules-extra-aws-hwe - 4.15.0.1120.111 linux-aws-edge - 4.15.0.1120.111 linux-image-aws-hwe - 4.15.0.1120.111 linux-headers-aws-hwe - 4.15.0.1120.111 linux-tools-aws-hwe - 4.15.0.1120.111 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1131.122 linux-tools-azure-edge - 4.15.0.1131.122 linux-cloud-tools-azure - 4.15.0.1131.122 linux-tools-azure - 4.15.0.1131.122 linux-cloud-tools-azure-edge - 4.15.0.1131.122 linux-modules-extra-azure - 4.15.0.1131.122 linux-azure - 4.15.0.1131.122 linux-signed-image-azure-edge - 4.15.0.1131.122 linux-image-azure - 4.15.0.1131.122 linux-signed-image-azure - 4.15.0.1131.122 linux-headers-azure-edge - 4.15.0.1131.122 linux-azure-edge - 4.15.0.1131.122 linux-modules-extra-azure-edge - 4.15.0.1131.122 linux-signed-azure-edge - 4.15.0.1131.122 linux-image-azure-edge - 4.15.0.1131.122 linux-headers-azure - 4.15.0.1131.122 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-virtual-hwe-16.04-edge - 4.15.0.169.161 linux-image-lowlatency-hwe-16.04 - 4.15.0.169.161 linux-signed-generic-hwe-16.04-edge - 4.15.0.169.161 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.169.161 linux-image-extra-virtual-hwe-16.04 - 4.15.0.169.161 linux-image-oem - 4.15.0.169.161 linux-headers-generic-hwe-16.04-edge - 4.15.0.169.161 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.169.161 linux-image-virtual-hwe-16.04-edge - 4.15.0.169.161 linux-signed-lowlatency-hwe-16.04 - 4.15.0.169.161 linux-headers-oem - 4.15.0.169.161 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.169.161 linux-generic-hwe-16.04-edge - 4.15.0.169.161 linux-headers-lowlatency-hwe-16.04 - 4.15.0.169.161 linux-tools-virtual-hwe-16.04 - 4.15.0.169.161 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.169.161 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.169.161 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.169.161 linux-tools-oem - 4.15.0.169.161 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.169.161 linux-signed-image-generic-hwe-16.04 - 4.15.0.169.161 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.169.161 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.169.161 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.169.161 linux-lowlatency-hwe-16.04 - 4.15.0.169.161 linux-headers-generic-hwe-16.04 - 4.15.0.169.161 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.169.161 linux-generic-hwe-16.04 - 4.15.0.169.161 linux-tools-virtual-hwe-16.04-edge - 4.15.0.169.161 linux-oem - 4.15.0.169.161 linux-image-generic-hwe-16.04-edge - 4.15.0.169.161 linux-lowlatency-hwe-16.04-edge - 4.15.0.169.161 linux-image-generic-hwe-16.04 - 4.15.0.169.161 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.169.161 linux-virtual-hwe-16.04-edge - 4.15.0.169.161 linux-tools-lowlatency-hwe-16.04 - 4.15.0.169.161 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.169.161 linux-headers-virtual-hwe-16.04 - 4.15.0.169.161 linux-virtual-hwe-16.04 - 4.15.0.169.161 linux-signed-oem - 4.15.0.169.161 linux-image-virtual-hwe-16.04 - 4.15.0.169.161 linux-signed-generic-hwe-16.04 - 4.15.0.169.161 linux-signed-image-oem - 4.15.0.169.161 linux-tools-generic-hwe-16.04 - 4.15.0.169.161 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.169.161 linux-tools-generic-hwe-16.04-edge - 4.15.0.169.161 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-22600 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-39685 CVE-2021-4083 CVE-2021-4155 CVE-2021-4202 CVE-2022-0330 CVE-2022-22942 Ubuntu 16.04 LTS Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could reassemble mixed encrypted and plaintext fragments. A physically proximate attacker could possibly use this issue to inject packets or exfiltrate selected fragments. (CVE-2020-26147) It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. (CVE-2020-26558, CVE-2021-0129) It was discovered that the RPA PCI Hotplug driver implementation in the Linux kernel did not properly handle device name writes via sysfs, leading to a buffer overflow. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-28972) It was discovered that a use-after-free existed in the Bluetooth HCI driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33034) Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol implementation in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-34693) 马哲宇 discovered that the IEEE 1394 (Firewire) nosy packet sniffer driver in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3483) It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device initialization failure, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-3564) Murray McAllister discovered that the joystick device interface in the Linux kernel did not properly validate data passed via an ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code on systems with a joystick device registered. (CVE-2021-3612) It was discovered that the tracing subsystem in the Linux kernel did not properly keep track of per-cpu ring buffer state. A privileged attacker could use this to cause a denial of service. (CVE-2021-3679) It was discovered that the MAX-3421 host USB device driver in the Linux kernel did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2021-38204) It was discovered that the 6pack network protocol driver in the Linux kernel did not properly perform validation checks. A privileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-42008) Amit Klein discovered that the IPv6 implementation in the Linux kernel could disclose internal state in some situations. An attacker could possibly use this to expose sensitive information. (CVE-2021-45485) Update Instructions: Run `sudo pro fix USN-5299-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.4.0-1100-kvm - 4.4.0-1100.109 linux-cloud-tools-4.4.0-1100-kvm - 4.4.0-1100.109 linux-modules-4.4.0-1100-kvm - 4.4.0-1100.109 linux-image-4.4.0-1100-kvm - 4.4.0-1100.109 linux-kvm-tools-4.4.0-1100 - 4.4.0-1100.109 linux-kvm-headers-4.4.0-1100 - 4.4.0-1100.109 linux-kvm-cloud-tools-4.4.0-1100 - 4.4.0-1100.109 linux-tools-4.4.0-1100-kvm - 4.4.0-1100.109 linux-headers-4.4.0-1100-kvm - 4.4.0-1100.109 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.4.0-1135-aws - 4.4.0-1135.149 linux-headers-4.4.0-1135-aws - 4.4.0-1135.149 linux-image-4.4.0-1135-aws - 4.4.0-1135.149 linux-aws-cloud-tools-4.4.0-1135 - 4.4.0-1135.149 linux-modules-4.4.0-1135-aws - 4.4.0-1135.149 linux-cloud-tools-4.4.0-1135-aws - 4.4.0-1135.149 linux-aws-tools-4.4.0-1135 - 4.4.0-1135.149 linux-aws-headers-4.4.0-1135 - 4.4.0-1135.149 linux-tools-4.4.0-1135-aws - 4.4.0-1135.149 linux-modules-extra-4.4.0-1135-aws - 4.4.0-1135.149 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-common - 4.4.0-219.252 linux-tools-host - 4.4.0-219.252 linux-source-4.4.0 - 4.4.0-219.252 linux-doc - 4.4.0-219.252 linux-cloud-tools-4.4.0-219-lowlatency - 4.4.0-219.252 linux-headers-4.4.0-219 - 4.4.0-219.252 linux-libc-dev - 4.4.0-219.252 linux-tools-4.4.0-219 - 4.4.0-219.252 linux-headers-4.4.0-219-generic - 4.4.0-219.252 linux-image-4.4.0-219-lowlatency - 4.4.0-219.252 linux-cloud-tools-4.4.0-219 - 4.4.0-219.252 linux-buildinfo-4.4.0-219-lowlatency - 4.4.0-219.252 linux-cloud-tools-4.4.0-219-generic - 4.4.0-219.252 linux-headers-4.4.0-219-lowlatency - 4.4.0-219.252 linux-modules-4.4.0-219-generic - 4.4.0-219.252 linux-image-unsigned-4.4.0-219-lowlatency - 4.4.0-219.252 linux-modules-extra-4.4.0-219-generic - 4.4.0-219.252 linux-modules-4.4.0-219-lowlatency - 4.4.0-219.252 linux-cloud-tools-common - 4.4.0-219.252 linux-tools-4.4.0-219-lowlatency - 4.4.0-219.252 linux-image-unsigned-4.4.0-219-generic - 4.4.0-219.252 linux-tools-4.4.0-219-generic - 4.4.0-219.252 linux-buildinfo-4.4.0-219-generic - 4.4.0-219.252 linux-image-4.4.0-219-generic - 4.4.0-219.252 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-kvm - 4.4.0.1100.98 linux-headers-kvm - 4.4.0.1100.98 linux-tools-kvm - 4.4.0.1100.98 linux-image-kvm - 4.4.0.1100.98 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-aws - 4.4.0.1135.140 linux-image-aws - 4.4.0.1135.140 linux-aws - 4.4.0.1135.140 linux-tools-aws - 4.4.0.1135.140 linux-modules-extra-aws - 4.4.0.1135.140 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-image-generic-lts-utopic - 4.4.0.219.226 linux-cloud-tools-generic-lts-wily - 4.4.0.219.226 linux-cloud-tools-virtual-lts-xenial - 4.4.0.219.226 linux-cloud-tools-virtual - 4.4.0.219.226 linux-cloud-tools-virtual-lts-utopic - 4.4.0.219.226 linux-tools-generic-lts-vivid - 4.4.0.219.226 linux-signed-generic-lts-utopic - 4.4.0.219.226 linux-image-extra-virtual-lts-xenial - 4.4.0.219.226 linux-image-extra-virtual-lts-wily - 4.4.0.219.226 linux-headers-generic-lts-wily - 4.4.0.219.226 linux-crashdump - 4.4.0.219.226 linux-tools-virtual-lts-vivid - 4.4.0.219.226 linux-image-virtual - 4.4.0.219.226 linux-tools-virtual-lts-wily - 4.4.0.219.226 linux-image-lowlatency-lts-vivid - 4.4.0.219.226 linux-cloud-tools-virtual-lts-vivid - 4.4.0.219.226 linux-tools-lowlatency-lts-vivid - 4.4.0.219.226 linux-cloud-tools-generic-lts-utopic - 4.4.0.219.226 linux-headers-virtual-lts-vivid - 4.4.0.219.226 linux-image-lowlatency-lts-wily - 4.4.0.219.226 linux-image-generic - 4.4.0.219.226 linux-tools-lowlatency - 4.4.0.219.226 linux-image-lowlatency-lts-xenial - 4.4.0.219.226 linux-tools-virtual-lts-xenial - 4.4.0.219.226 linux-signed-lowlatency-lts-wily - 4.4.0.219.226 linux-image-extra-virtual-lts-vivid - 4.4.0.219.226 linux-image-generic-lts-wily - 4.4.0.219.226 linux-virtual-lts-utopic - 4.4.0.219.226 linux-signed-generic-lts-wily - 4.4.0.219.226 linux-cloud-tools-lowlatency-lts-wily - 4.4.0.219.226 linux-image-extra-virtual-lts-utopic - 4.4.0.219.226 linux-signed-image-lowlatency - 4.4.0.219.226 linux-tools-lowlatency-lts-xenial - 4.4.0.219.226 linux-headers-generic-lts-xenial - 4.4.0.219.226 linux-signed-generic-lts-vivid - 4.4.0.219.226 linux-headers-lowlatency-lts-wily - 4.4.0.219.226 linux-virtual-lts-vivid - 4.4.0.219.226 linux-signed-lowlatency-lts-xenial - 4.4.0.219.226 linux-headers-lowlatency-lts-vivid - 4.4.0.219.226 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.219.226 linux-lowlatency-lts-xenial - 4.4.0.219.226 linux-signed-generic-lts-xenial - 4.4.0.219.226 linux-source - 4.4.0.219.226 linux-signed-image-generic - 4.4.0.219.226 linux-lowlatency - 4.4.0.219.226 linux-cloud-tools-lowlatency-lts-vivid - 4.4.0.219.226 linux-generic-lts-xenial - 4.4.0.219.226 linux-tools-virtual - 4.4.0.219.226 linux-virtual - 4.4.0.219.226 linux-cloud-tools-generic-lts-vivid - 4.4.0.219.226 linux-tools-generic-lts-utopic - 4.4.0.219.226 linux-cloud-tools-lowlatency-lts-utopic - 4.4.0.219.226 linux-signed-image-generic-lts-vivid - 4.4.0.219.226 linux-image-virtual-lts-xenial - 4.4.0.219.226 linux-image-virtual-lts-vivid - 4.4.0.219.226 linux-virtual-lts-xenial - 4.4.0.219.226 linux-tools-lowlatency-lts-utopic - 4.4.0.219.226 linux-signed-image-generic-lts-wily - 4.4.0.219.226 linux-cloud-tools-generic-lts-xenial - 4.4.0.219.226 linux-signed-image-lowlatency-lts-xenial - 4.4.0.219.226 linux-image-extra-virtual - 4.4.0.219.226 linux-image-generic-lts-vivid - 4.4.0.219.226 linux-generic - 4.4.0.219.226 linux-tools-generic-lts-wily - 4.4.0.219.226 linux-tools-virtual-lts-utopic - 4.4.0.219.226 linux-headers-lowlatency - 4.4.0.219.226 linux-lowlatency-lts-vivid - 4.4.0.219.226 linux-generic-lts-wily - 4.4.0.219.226 linux-image-hwe-virtual-trusty - 4.4.0.219.226 linux-signed-image-generic-lts-xenial - 4.4.0.219.226 linux-generic-lts-vivid - 4.4.0.219.226 linux-tools-lowlatency-lts-wily - 4.4.0.219.226 linux-headers-virtual-lts-xenial - 4.4.0.219.226 linux-headers-lowlatency-lts-utopic - 4.4.0.219.226 linux-hwe-generic-trusty - 4.4.0.219.226 linux-tools-generic - 4.4.0.219.226 linux-cloud-tools-generic - 4.4.0.219.226 linux-headers-generic-lts-utopic - 4.4.0.219.226 linux-cloud-tools-virtual-lts-wily - 4.4.0.219.226 linux-cloud-tools-lowlatency - 4.4.0.219.226 linux-lowlatency-lts-utopic - 4.4.0.219.226 linux-tools-generic-lts-xenial - 4.4.0.219.226 linux-image-generic-lts-utopic - 4.4.0.219.226 linux-image-virtual-lts-wily - 4.4.0.219.226 linux-signed-generic - 4.4.0.219.226 linux-lowlatency-lts-wily - 4.4.0.219.226 linux-image-virtual-lts-utopic - 4.4.0.219.226 linux-headers-generic - 4.4.0.219.226 linux-tools-lts-utopic - 4.4.0.219.226 linux-generic-lts-utopic - 4.4.0.219.226 linux-headers-lowlatency-lts-xenial - 4.4.0.219.226 linux-image-hwe-generic-trusty - 4.4.0.219.226 linux-signed-image-lowlatency-lts-wily - 4.4.0.219.226 linux-headers-generic-lts-vivid - 4.4.0.219.226 linux-headers-virtual - 4.4.0.219.226 linux-image-generic-lts-xenial - 4.4.0.219.226 linux-virtual-lts-wily - 4.4.0.219.226 linux-headers-virtual-lts-utopic - 4.4.0.219.226 linux-headers-virtual-lts-wily - 4.4.0.219.226 linux-hwe-virtual-trusty - 4.4.0.219.226 linux-signed-lowlatency - 4.4.0.219.226 linux-image-lowlatency-lts-utopic - 4.4.0.219.226 linux-image-lowlatency - 4.4.0.219.226 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-26147 CVE-2020-26558 CVE-2021-0129 CVE-2021-28972 CVE-2021-33034 CVE-2021-34693 CVE-2021-3483 CVE-2021-3564 CVE-2021-3612 CVE-2021-3679 CVE-2021-38204 CVE-2021-42008 CVE-2021-45485 Ubuntu 16.04 LTS It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. (CVE-2015-9253, CVE-2017-8923, CVE-2017-9118, CVE-2017-9120) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly obtain sensitive information. (CVE-2017-9119) It was discovered that PHP incorrectly handled certain scripts with XML parsing functions. An attacker could possibly use this issue to obtain sensitive information. (CVE-2021-21707) Update Instructions: Run `sudo pro fix USN-5300-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.0-cgi - 7.0.33-0ubuntu0.16.04.16+esm3 php7.0-mcrypt - 7.0.33-0ubuntu0.16.04.16+esm3 php7.0-xsl - 7.0.33-0ubuntu0.16.04.16+esm3 php7.0-fpm - 7.0.33-0ubuntu0.16.04.16+esm3 libphp7.0-embed - 7.0.33-0ubuntu0.16.04.16+esm3 php7.0-cli - 7.0.33-0ubuntu0.16.04.16+esm3 php7.0-curl - 7.0.33-0ubuntu0.16.04.16+esm3 php7.0-ldap - 7.0.33-0ubuntu0.16.04.16+esm3 php7.0-mbstring - 7.0.33-0ubuntu0.16.04.16+esm3 php7.0-gmp - 7.0.33-0ubuntu0.16.04.16+esm3 php7.0-sqlite3 - 7.0.33-0ubuntu0.16.04.16+esm3 php7.0-gd - 7.0.33-0ubuntu0.16.04.16+esm3 php7.0-common - 7.0.33-0ubuntu0.16.04.16+esm3 php7.0-enchant - 7.0.33-0ubuntu0.16.04.16+esm3 php7.0-odbc - 7.0.33-0ubuntu0.16.04.16+esm3 php7.0-phpdbg - 7.0.33-0ubuntu0.16.04.16+esm3 php7.0-json - 7.0.33-0ubuntu0.16.04.16+esm3 php7.0-pgsql - 7.0.33-0ubuntu0.16.04.16+esm3 libapache2-mod-php7.0 - 7.0.33-0ubuntu0.16.04.16+esm3 php7.0-zip - 7.0.33-0ubuntu0.16.04.16+esm3 php7.0-imap - 7.0.33-0ubuntu0.16.04.16+esm3 php7.0-dba - 7.0.33-0ubuntu0.16.04.16+esm3 php7.0-sybase - 7.0.33-0ubuntu0.16.04.16+esm3 php7.0-pspell - 7.0.33-0ubuntu0.16.04.16+esm3 php7.0-xml - 7.0.33-0ubuntu0.16.04.16+esm3 php7.0-bz2 - 7.0.33-0ubuntu0.16.04.16+esm3 php7.0-recode - 7.0.33-0ubuntu0.16.04.16+esm3 php7.0-soap - 7.0.33-0ubuntu0.16.04.16+esm3 php7.0 - 7.0.33-0ubuntu0.16.04.16+esm3 php7.0-tidy - 7.0.33-0ubuntu0.16.04.16+esm3 php7.0-interbase - 7.0.33-0ubuntu0.16.04.16+esm3 php7.0-opcache - 7.0.33-0ubuntu0.16.04.16+esm3 php7.0-readline - 7.0.33-0ubuntu0.16.04.16+esm3 php7.0-intl - 7.0.33-0ubuntu0.16.04.16+esm3 php7.0-mysql - 7.0.33-0ubuntu0.16.04.16+esm3 php7.0-xmlrpc - 7.0.33-0ubuntu0.16.04.16+esm3 php7.0-bcmath - 7.0.33-0ubuntu0.16.04.16+esm3 php7.0-dev - 7.0.33-0ubuntu0.16.04.16+esm3 php7.0-snmp - 7.0.33-0ubuntu0.16.04.16+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2015-9253 CVE-2017-8923 CVE-2017-9118 CVE-2017-9119 CVE-2017-9120 CVE-2021-21707 Ubuntu 16.04 LTS USN-5301-1 fixed a vulnerability in Cyrus. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that the Cyrus SASL SQL plugin incorrectly handled SQL input. A remote attacker could use this issue to execute arbitrary SQL commands. Update Instructions: Run `sudo pro fix USN-5301-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsasl2-2 - 2.1.26.dfsg1-14ubuntu0.2+esm1 libsasl2-modules-gssapi-heimdal - 2.1.26.dfsg1-14ubuntu0.2+esm1 sasl2-bin - 2.1.26.dfsg1-14ubuntu0.2+esm1 libsasl2-modules-db - 2.1.26.dfsg1-14ubuntu0.2+esm1 libsasl2-modules-gssapi-mit - 2.1.26.dfsg1-14ubuntu0.2+esm1 libsasl2-dev - 2.1.26.dfsg1-14ubuntu0.2+esm1 libsasl2-modules-sql - 2.1.26.dfsg1-14ubuntu0.2+esm1 libsasl2-modules - 2.1.26.dfsg1-14ubuntu0.2+esm1 libsasl2-modules-otp - 2.1.26.dfsg1-14ubuntu0.2+esm1 libsasl2-modules-ldap - 2.1.26.dfsg1-14ubuntu0.2+esm1 cyrus-sasl2-doc - 2.1.26.dfsg1-14ubuntu0.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-24407 Ubuntu 16.04 LTS It was discovered that libssh2 mishandled certain input. If libssh2 were used to connect to a malicious or compromised SSH server, a remote, unauthenticated attacker could possibly execute arbitrary code on the client system. (CVE-2019-3855) It was discovered that libssh2 incorrectly handled prompt requests. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2019-3856) It was discovered that libssh2 incorrectly handled SSH_MSG_CHANNEL_REQUEST packets. A remote attacker could possibly use this issue to execute arbitrary code, cause a denial of service, or obtain sensitive information. (CVE-2019-3857, CVE-2019-3862) It was discovered that libssh2 incorrectly handled specially crafted SFTP packets. A remote attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2019-3858) It was discovered that libssh2 incorrectly handled certain specially crafted packets. A remote attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2019-3859) It was discovered that libssh2 incorrectly handled SFTP packets with empty payloads. A remote attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2019-3860) It was discovered that libssh2 incorrectly handled padding values in SSH packets. A remote attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2019-3861) It was discovered that libssh2 incorrectly handled interactive response messages length. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2019-3863) It was discovered that libssh2 incorrectly handled the Diffie Hellman key exchange. A remote attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2019-13115) It was discovered that libssh2 incorrectly handled bound checks in SSH_MSG_DISCONNECT. A remote attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2019-17498) Update Instructions: Run `sudo pro fix USN-5308-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssh2-1-dev - 1.5.0-2ubuntu0.1+esm1 libssh2-1 - 1.5.0-2ubuntu0.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-13115 CVE-2019-17498 CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 Ubuntu 16.04 LTS USN-5310-1 fixed several vulnerabilities in GNU. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that the GNU C library getcwd function incorrectly handled buffers. An attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-3999) It was discovered that the GNU C Library sunrpc module incorrectly handled buffer lengths. An attacker could possibly use this issue to cause the GNU C Library to crash, resulting in a denial of service. (CVE-2022-23218, CVE-2022-23219) Update Instructions: Run `sudo pro fix USN-5310-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc-bin - 2.23-0ubuntu11.3+esm1 glibc-doc - 2.23-0ubuntu11.3+esm1 libc6-i386 - 2.23-0ubuntu11.3+esm1 libc6-s390 - 2.23-0ubuntu11.3+esm1 libc6-dev-i386 - 2.23-0ubuntu11.3+esm1 libc6-dev-s390 - 2.23-0ubuntu11.3+esm1 libc6-armel - 2.23-0ubuntu11.3+esm1 libc6-dev-armel - 2.23-0ubuntu11.3+esm1 multiarch-support - 2.23-0ubuntu11.3+esm1 libc6-dev - 2.23-0ubuntu11.3+esm1 libc6-amd64 - 2.23-0ubuntu11.3+esm1 libc6-x32 - 2.23-0ubuntu11.3+esm1 libc6-dev-amd64 - 2.23-0ubuntu11.3+esm1 libc-dev-bin - 2.23-0ubuntu11.3+esm1 libc6 - 2.23-0ubuntu11.3+esm1 locales-all - 2.23-0ubuntu11.3+esm1 libc6-pic - 2.23-0ubuntu11.3+esm1 nscd - 2.23-0ubuntu11.3+esm1 glibc-source - 2.23-0ubuntu11.3+esm1 libc6-dev-x32 - 2.23-0ubuntu11.3+esm1 locales - 2.23-0ubuntu11.3+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-3999 CVE-2022-23218 CVE-2022-23219 Ubuntu 16.04 LTS It was discovered that Ansible did not properly manage directory permissions when running playbooks with an unprivileged become user. A local attacker could possibly use this issue to cause a race condition, escalate privileges and execute arbitrary code. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-1733) It was discovered that the fix to address CVE-2020-1733 in Ansible was incomplete on systems using ACLs and FUSE filesystems. A local attacker could possibly use this issue to cause a race condition, escalate privileges and execute arbitrary code. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-10744) It was discovered that Ansible did not properly manage multi-line YAML strings and special template characters. A local attacker could possibly use this issue to cause a template injection, resulting in the disclosure of sensitive information or other unspecified impact. (CVE-2021-3583) It was discovered that the ansible-connection module in Ansible did not properly manage certain error messages. A local attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. (CVE-2021-3620) Update Instructions: Run `sudo pro fix USN-5315-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ansible-node-fireball - 2.0.0.2-2ubuntu1.3+esm1 ansible - 2.0.0.2-2ubuntu1.3+esm1 ansible-fireball - 2.0.0.2-2ubuntu1.3+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-10744 CVE-2020-1733 CVE-2021-3583 CVE-2021-3620 Ubuntu 16.04 LTS Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida discovered that hardware mitigations added by Intel to their processors to address Spectre-BTI were insufficient. A local attacker could potentially use this to expose sensitive information. Update Instructions: Run `sudo pro fix USN-5319-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-headers-4.15.0-1089-oracle - 4.15.0-1089.98~16.04.1 linux-tools-4.15.0-1089-oracle - 4.15.0-1089.98~16.04.1 linux-modules-4.15.0-1089-oracle - 4.15.0-1089.98~16.04.1 linux-buildinfo-4.15.0-1089-oracle - 4.15.0-1089.98~16.04.1 linux-modules-extra-4.15.0-1089-oracle - 4.15.0-1089.98~16.04.1 linux-image-4.15.0-1089-oracle - 4.15.0-1089.98~16.04.1 linux-oracle-tools-4.15.0-1089 - 4.15.0-1089.98~16.04.1 linux-image-unsigned-4.15.0-1089-oracle - 4.15.0-1089.98~16.04.1 linux-oracle-headers-4.15.0-1089 - 4.15.0-1089.98~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp-tools-4.15.0-1118 - 4.15.0-1118.132~16.04.1 linux-modules-extra-4.15.0-1118-gcp - 4.15.0-1118.132~16.04.1 linux-tools-4.15.0-1118-gcp - 4.15.0-1118.132~16.04.1 linux-buildinfo-4.15.0-1118-gcp - 4.15.0-1118.132~16.04.1 linux-image-unsigned-4.15.0-1118-gcp - 4.15.0-1118.132~16.04.1 linux-gcp-headers-4.15.0-1118 - 4.15.0-1118.132~16.04.1 linux-modules-4.15.0-1118-gcp - 4.15.0-1118.132~16.04.1 linux-image-4.15.0-1118-gcp - 4.15.0-1118.132~16.04.1 linux-headers-4.15.0-1118-gcp - 4.15.0-1118.132~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-4.15.0-1123-aws - 4.15.0-1123.132~16.04.1 linux-image-4.15.0-1123-aws-hwe - 4.15.0-1123.132~16.04.1 linux-aws-headers-4.15.0-1123 - 4.15.0-1123.132~16.04.1 linux-tools-4.15.0-1123-aws - 4.15.0-1123.132~16.04.1 linux-buildinfo-4.15.0-1123-aws - 4.15.0-1123.132~16.04.1 linux-headers-4.15.0-1123-aws - 4.15.0-1123.132~16.04.1 linux-cloud-tools-4.15.0-1123-aws - 4.15.0-1123.132~16.04.1 linux-aws-hwe-cloud-tools-4.15.0-1123 - 4.15.0-1123.132~16.04.1 linux-modules-4.15.0-1123-aws - 4.15.0-1123.132~16.04.1 linux-aws-hwe-tools-4.15.0-1123 - 4.15.0-1123.132~16.04.1 linux-image-unsigned-4.15.0-1123-aws - 4.15.0-1123.132~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-4.15.0-1133-azure - 4.15.0-1133.146~16.04.1 linux-azure-tools-4.15.0-1133 - 4.15.0-1133.146~16.04.1 linux-image-4.15.0-1133-azure - 4.15.0-1133.146~16.04.1 linux-buildinfo-4.15.0-1133-azure - 4.15.0-1133.146~16.04.1 linux-modules-extra-4.15.0-1133-azure - 4.15.0-1133.146~16.04.1 linux-azure-cloud-tools-4.15.0-1133 - 4.15.0-1133.146~16.04.1 linux-azure-headers-4.15.0-1133 - 4.15.0-1133.146~16.04.1 linux-cloud-tools-4.15.0-1133-azure - 4.15.0-1133.146~16.04.1 linux-image-unsigned-4.15.0-1133-azure - 4.15.0-1133.146~16.04.1 linux-tools-4.15.0-1133-azure - 4.15.0-1133.146~16.04.1 linux-headers-4.15.0-1133-azure - 4.15.0-1133.146~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-hwe-cloud-tools-4.15.0-171 - 4.15.0-171.180~16.04.1 linux-image-4.15.0-171-generic - 4.15.0-171.180~16.04.1 linux-cloud-tools-4.15.0-171-lowlatency - 4.15.0-171.180~16.04.1 linux-buildinfo-4.15.0-171-generic - 4.15.0-171.180~16.04.1 linux-modules-4.15.0-171-generic - 4.15.0-171.180~16.04.1 linux-tools-4.15.0-171-generic - 4.15.0-171.180~16.04.1 linux-headers-4.15.0-171 - 4.15.0-171.180~16.04.1 linux-buildinfo-4.15.0-171-lowlatency - 4.15.0-171.180~16.04.1 linux-cloud-tools-4.15.0-171-generic - 4.15.0-171.180~16.04.1 linux-tools-4.15.0-171-lowlatency - 4.15.0-171.180~16.04.1 linux-image-unsigned-4.15.0-171-generic - 4.15.0-171.180~16.04.1 linux-modules-extra-4.15.0-171-generic - 4.15.0-171.180~16.04.1 linux-modules-4.15.0-171-lowlatency - 4.15.0-171.180~16.04.1 linux-headers-4.15.0-171-generic - 4.15.0-171.180~16.04.1 linux-hwe-tools-4.15.0-171 - 4.15.0-171.180~16.04.1 linux-image-unsigned-4.15.0-171-lowlatency - 4.15.0-171.180~16.04.1 linux-image-4.15.0-171-lowlatency - 4.15.0-171.180~16.04.1 linux-source-4.15.0 - 4.15.0-171.180~16.04.1 linux-headers-4.15.0-171-lowlatency - 4.15.0-171.180~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 4.15.0.1089.77 linux-signed-image-oracle - 4.15.0.1089.77 linux-signed-oracle - 4.15.0.1089.77 linux-image-oracle - 4.15.0.1089.77 linux-tools-oracle - 4.15.0.1089.77 linux-oracle - 4.15.0.1089.77 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-gke - 4.15.0.1118.119 linux-modules-extra-gcp - 4.15.0.1118.119 linux-tools-gke - 4.15.0.1118.119 linux-tools-gcp - 4.15.0.1118.119 linux-gcp - 4.15.0.1118.119 linux-image-gke - 4.15.0.1118.119 linux-gke - 4.15.0.1118.119 linux-headers-gke - 4.15.0.1118.119 linux-headers-gcp - 4.15.0.1118.119 linux-image-gcp - 4.15.0.1118.119 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-aws-hwe - 4.15.0.1123.113 linux-aws-edge - 4.15.0.1123.113 linux-image-aws-hwe - 4.15.0.1123.113 linux-aws-hwe - 4.15.0.1123.113 linux-headers-aws-hwe - 4.15.0.1123.113 linux-tools-aws-hwe - 4.15.0.1123.113 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-azure - 4.15.0.1133.124 linux-tools-azure - 4.15.0.1133.124 linux-image-azure-edge - 4.15.0.1133.124 linux-cloud-tools-azure-edge - 4.15.0.1133.124 linux-signed-azure-edge - 4.15.0.1133.124 linux-modules-extra-azure - 4.15.0.1133.124 linux-azure - 4.15.0.1133.124 linux-image-azure - 4.15.0.1133.124 linux-signed-image-azure - 4.15.0.1133.124 linux-signed-azure - 4.15.0.1133.124 linux-signed-image-azure-edge - 4.15.0.1133.124 linux-headers-azure-edge - 4.15.0.1133.124 linux-azure-edge - 4.15.0.1133.124 linux-modules-extra-azure-edge - 4.15.0.1133.124 linux-tools-azure-edge - 4.15.0.1133.124 linux-headers-azure - 4.15.0.1133.124 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-generic-hwe-16.04-edge - 4.15.0.171.163 linux-image-extra-virtual-hwe-16.04 - 4.15.0.171.163 linux-image-oem - 4.15.0.171.163 linux-headers-generic-hwe-16.04-edge - 4.15.0.171.163 linux-image-lowlatency-hwe-16.04 - 4.15.0.171.163 linux-tools-virtual-hwe-16.04 - 4.15.0.171.163 linux-image-virtual-hwe-16.04-edge - 4.15.0.171.163 linux-signed-lowlatency-hwe-16.04 - 4.15.0.171.163 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.171.163 linux-signed-oem - 4.15.0.171.163 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.171.163 linux-oem - 4.15.0.171.163 linux-headers-lowlatency-hwe-16.04 - 4.15.0.171.163 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.171.163 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.171.163 linux-tools-generic-hwe-16.04 - 4.15.0.171.163 linux-tools-oem - 4.15.0.171.163 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.171.163 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.171.163 linux-headers-oem - 4.15.0.171.163 linux-generic-hwe-16.04-edge - 4.15.0.171.163 linux-signed-image-generic-hwe-16.04 - 4.15.0.171.163 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.171.163 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.171.163 linux-headers-generic-hwe-16.04 - 4.15.0.171.163 linux-generic-hwe-16.04 - 4.15.0.171.163 linux-tools-virtual-hwe-16.04-edge - 4.15.0.171.163 linux-image-generic-hwe-16.04 - 4.15.0.171.163 linux-lowlatency-hwe-16.04 - 4.15.0.171.163 linux-virtual-hwe-16.04 - 4.15.0.171.163 linux-image-generic-hwe-16.04-edge - 4.15.0.171.163 linux-headers-virtual-hwe-16.04-edge - 4.15.0.171.163 linux-lowlatency-hwe-16.04-edge - 4.15.0.171.163 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.171.163 linux-tools-lowlatency-hwe-16.04 - 4.15.0.171.163 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.171.163 linux-virtual-hwe-16.04-edge - 4.15.0.171.163 linux-image-virtual-hwe-16.04 - 4.15.0.171.163 linux-signed-generic-hwe-16.04 - 4.15.0.171.163 linux-signed-image-oem - 4.15.0.171.163 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.171.163 linux-headers-virtual-hwe-16.04 - 4.15.0.171.163 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.171.163 linux-tools-generic-hwe-16.04-edge - 4.15.0.171.163 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.171.163 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.171.163 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-4.4.0-1102-kvm - 4.4.0-1102.111 linux-buildinfo-4.4.0-1102-kvm - 4.4.0-1102.111 linux-image-4.4.0-1102-kvm - 4.4.0-1102.111 linux-kvm-tools-4.4.0-1102 - 4.4.0-1102.111 linux-kvm-cloud-tools-4.4.0-1102 - 4.4.0-1102.111 linux-kvm-headers-4.4.0-1102 - 4.4.0-1102.111 linux-tools-4.4.0-1102-kvm - 4.4.0-1102.111 linux-modules-4.4.0-1102-kvm - 4.4.0-1102.111 linux-cloud-tools-4.4.0-1102-kvm - 4.4.0-1102.111 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-4.4.0-1137-aws - 4.4.0-1137.151 linux-cloud-tools-4.4.0-1137-aws - 4.4.0-1137.151 linux-modules-extra-4.4.0-1137-aws - 4.4.0-1137.151 linux-buildinfo-4.4.0-1137-aws - 4.4.0-1137.151 linux-modules-4.4.0-1137-aws - 4.4.0-1137.151 linux-image-4.4.0-1137-aws - 4.4.0-1137.151 linux-headers-4.4.0-1137-aws - 4.4.0-1137.151 linux-aws-cloud-tools-4.4.0-1137 - 4.4.0-1137.151 linux-aws-headers-4.4.0-1137 - 4.4.0-1137.151 linux-aws-tools-4.4.0-1137 - 4.4.0-1137.151 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-4.4.0-221-generic - 4.4.0-221.254 linux-tools-common - 4.4.0-221.254 linux-headers-4.4.0-221-generic - 4.4.0-221.254 linux-modules-4.4.0-221-lowlatency - 4.4.0-221.254 linux-headers-4.4.0-221 - 4.4.0-221.254 linux-modules-extra-4.4.0-221-generic - 4.4.0-221.254 linux-tools-host - 4.4.0-221.254 linux-tools-4.4.0-221-lowlatency - 4.4.0-221.254 linux-doc - 4.4.0-221.254 linux-headers-4.4.0-221-lowlatency - 4.4.0-221.254 linux-cloud-tools-4.4.0-221 - 4.4.0-221.254 linux-libc-dev - 4.4.0-221.254 linux-tools-4.4.0-221 - 4.4.0-221.254 linux-tools-4.4.0-221-generic - 4.4.0-221.254 linux-buildinfo-4.4.0-221-lowlatency - 4.4.0-221.254 linux-image-4.4.0-221-lowlatency - 4.4.0-221.254 linux-image-unsigned-4.4.0-221-generic - 4.4.0-221.254 linux-image-4.4.0-221-generic - 4.4.0-221.254 linux-cloud-tools-common - 4.4.0-221.254 linux-cloud-tools-4.4.0-221-lowlatency - 4.4.0-221.254 linux-source-4.4.0 - 4.4.0-221.254 linux-buildinfo-4.4.0-221-generic - 4.4.0-221.254 linux-modules-4.4.0-221-generic - 4.4.0-221.254 linux-image-unsigned-4.4.0-221-lowlatency - 4.4.0-221.254 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-kvm - 4.4.0.1102.100 linux-headers-kvm - 4.4.0.1102.100 linux-image-kvm - 4.4.0.1102.100 linux-tools-kvm - 4.4.0.1102.100 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-aws - 4.4.0.1137.142 linux-modules-extra-aws - 4.4.0.1137.142 linux-tools-aws - 4.4.0.1137.142 linux-headers-aws - 4.4.0.1137.142 linux-aws - 4.4.0.1137.142 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-image-generic-lts-utopic - 4.4.0.221.228 linux-cloud-tools-generic-lts-wily - 4.4.0.221.228 linux-cloud-tools-virtual-lts-utopic - 4.4.0.221.228 linux-image-extra-virtual-lts-xenial - 4.4.0.221.228 linux-tools-virtual-lts-vivid - 4.4.0.221.228 linux-virtual-lts-xenial - 4.4.0.221.228 linux-tools-virtual-lts-utopic - 4.4.0.221.228 linux-tools-virtual-lts-wily - 4.4.0.221.228 linux-image-lowlatency-lts-vivid - 4.4.0.221.228 linux-headers-virtual - 4.4.0.221.228 linux-tools-lowlatency-lts-vivid - 4.4.0.221.228 linux-headers-virtual-lts-vivid - 4.4.0.221.228 linux-image-lowlatency-lts-wily - 4.4.0.221.228 linux-tools-lts-utopic - 4.4.0.221.228 linux-tools-lowlatency - 4.4.0.221.228 linux-image-lowlatency-lts-xenial - 4.4.0.221.228 linux-lowlatency-lts-vivid - 4.4.0.221.228 linux-tools-lowlatency-lts-utopic - 4.4.0.221.228 linux-tools-virtual-lts-xenial - 4.4.0.221.228 linux-cloud-tools-virtual - 4.4.0.221.228 linux-signed-lowlatency-lts-wily - 4.4.0.221.228 linux-lowlatency-lts-utopic - 4.4.0.221.228 linux-image-extra-virtual-lts-vivid - 4.4.0.221.228 linux-image-generic-lts-wily - 4.4.0.221.228 linux-tools-generic-lts-vivid - 4.4.0.221.228 linux-virtual-lts-utopic - 4.4.0.221.228 linux-signed-generic-lts-wily - 4.4.0.221.228 linux-cloud-tools-lowlatency-lts-wily - 4.4.0.221.228 linux-image-extra-virtual-lts-utopic - 4.4.0.221.228 linux-signed-generic-lts-utopic - 4.4.0.221.228 linux-tools-lowlatency-lts-xenial - 4.4.0.221.228 linux-image-hwe-virtual-trusty - 4.4.0.221.228 linux-headers-generic-lts-xenial - 4.4.0.221.228 linux-signed-generic-lts-vivid - 4.4.0.221.228 linux-headers-lowlatency-lts-wily - 4.4.0.221.228 linux-virtual-lts-vivid - 4.4.0.221.228 linux-image-virtual-lts-utopic - 4.4.0.221.228 linux-signed-lowlatency-lts-xenial - 4.4.0.221.228 linux-headers-lowlatency-lts-vivid - 4.4.0.221.228 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.221.228 linux-lowlatency-lts-xenial - 4.4.0.221.228 linux-image-virtual-lts-vivid - 4.4.0.221.228 linux-signed-generic-lts-xenial - 4.4.0.221.228 linux-image-extra-virtual-lts-wily - 4.4.0.221.228 linux-source - 4.4.0.221.228 linux-signed-image-generic - 4.4.0.221.228 linux-lowlatency - 4.4.0.221.228 linux-generic-lts-xenial - 4.4.0.221.228 linux-cloud-tools-generic-lts-utopic - 4.4.0.221.228 linux-cloud-tools-generic - 4.4.0.221.228 linux-signed-lowlatency - 4.4.0.221.228 linux-virtual - 4.4.0.221.228 linux-headers-generic-lts-wily - 4.4.0.221.228 linux-cloud-tools-generic-lts-vivid - 4.4.0.221.228 linux-tools-generic-lts-utopic - 4.4.0.221.228 linux-cloud-tools-lowlatency-lts-utopic - 4.4.0.221.228 linux-signed-image-generic-lts-vivid - 4.4.0.221.228 linux-image-virtual-lts-xenial - 4.4.0.221.228 linux-tools-virtual - 4.4.0.221.228 linux-cloud-tools-virtual-lts-vivid - 4.4.0.221.228 linux-image-generic-lts-xenial - 4.4.0.221.228 linux-signed-image-generic-lts-wily - 4.4.0.221.228 linux-signed-image-lowlatency-lts-xenial - 4.4.0.221.228 linux-image-generic-lts-vivid - 4.4.0.221.228 linux-generic - 4.4.0.221.228 linux-tools-generic-lts-wily - 4.4.0.221.228 linux-image-virtual - 4.4.0.221.228 linux-headers-lowlatency - 4.4.0.221.228 linux-generic-lts-wily - 4.4.0.221.228 linux-signed-image-generic-lts-xenial - 4.4.0.221.228 linux-generic-lts-vivid - 4.4.0.221.228 linux-tools-lowlatency-lts-wily - 4.4.0.221.228 linux-headers-virtual-lts-xenial - 4.4.0.221.228 linux-headers-lowlatency-lts-utopic - 4.4.0.221.228 linux-hwe-generic-trusty - 4.4.0.221.228 linux-crashdump - 4.4.0.221.228 linux-image-extra-virtual - 4.4.0.221.228 linux-tools-generic-lts-xenial - 4.4.0.221.228 linux-headers-generic-lts-utopic - 4.4.0.221.228 linux-tools-generic - 4.4.0.221.228 linux-cloud-tools-virtual-lts-wily - 4.4.0.221.228 linux-cloud-tools-lowlatency - 4.4.0.221.228 linux-signed-image-lowlatency - 4.4.0.221.228 linux-signed-image-lowlatency-lts-wily - 4.4.0.221.228 linux-image-virtual-lts-wily - 4.4.0.221.228 linux-signed-generic - 4.4.0.221.228 linux-image-lowlatency-lts-utopic - 4.4.0.221.228 linux-lowlatency-lts-wily - 4.4.0.221.228 linux-headers-generic - 4.4.0.221.228 linux-image-generic - 4.4.0.221.228 linux-image-generic-lts-utopic - 4.4.0.221.228 linux-headers-virtual-lts-utopic - 4.4.0.221.228 linux-cloud-tools-lowlatency-lts-vivid - 4.4.0.221.228 linux-generic-lts-utopic - 4.4.0.221.228 linux-headers-lowlatency-lts-xenial - 4.4.0.221.228 linux-image-hwe-generic-trusty - 4.4.0.221.228 linux-cloud-tools-virtual-lts-xenial - 4.4.0.221.228 linux-headers-generic-lts-vivid - 4.4.0.221.228 linux-cloud-tools-generic-lts-xenial - 4.4.0.221.228 linux-virtual-lts-wily - 4.4.0.221.228 linux-headers-virtual-lts-wily - 4.4.0.221.228 linux-hwe-virtual-trusty - 4.4.0.221.228 linux-image-lowlatency - 4.4.0.221.228 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-0001 CVE-2022-0002 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/BHI Ubuntu 16.04 LTS USN-5288-1 fixed several vulnerabilities in Expat. For CVE-2022-25236 it caused a regression and an additional patch was required. This update address this regression and several other vulnerabilities. It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-25313) It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10. (CVE-2022-25314) It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-25315) Original advisory details: It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-25236) Update Instructions: Run `sudo pro fix USN-5320-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lib64expat1-dev - 2.1.0-7ubuntu0.16.04.5+esm5 expat - 2.1.0-7ubuntu0.16.04.5+esm5 libexpat1-dev - 2.1.0-7ubuntu0.16.04.5+esm5 libexpat1 - 2.1.0-7ubuntu0.16.04.5+esm5 lib64expat1 - 2.1.0-7ubuntu0.16.04.5+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 https://launchpad.net/bugs/1963903 Ubuntu 16.04 LTS Thomas Akesson discovered that Subversion incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5322-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsvn-dev - 1.9.3-2ubuntu1.3+esm1 ruby-svn - 1.9.3-2ubuntu1.3+esm1 subversion-tools - 1.9.3-2ubuntu1.3+esm1 libapache2-svn - 1.9.3-2ubuntu1.3+esm1 libapache2-mod-svn - 1.9.3-2ubuntu1.3+esm1 python-subversion - 1.9.3-2ubuntu1.3+esm1 libsvn-java - 1.9.3-2ubuntu1.3+esm1 subversion - 1.9.3-2ubuntu1.3+esm1 libsvn-doc - 1.9.3-2ubuntu1.3+esm1 libsvn1 - 1.9.3-2ubuntu1.3+esm1 libsvn-perl - 1.9.3-2ubuntu1.3+esm1 libsvn-ruby1.8 - 1.9.3-2ubuntu1.3+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-17525 Ubuntu 16.04 LTS Sam Foxman discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this issue to regain dropped privileges. (CVE-2019-20044) It was discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-45444) Update Instructions: Run `sudo pro fix USN-5325-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: zsh-static - 5.1.1-1ubuntu2.3+esm1 zsh-common - 5.1.1-1ubuntu2.3+esm1 zsh-dev - 5.1.1-1ubuntu2.3+esm1 zsh - 5.1.1-1ubuntu2.3+esm1 zsh-doc - 5.1.1-1ubuntu2.3+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2019-20044 CVE-2021-45444 Ubuntu 16.04 LTS It was discovered that FUSE is susceptible to a restriction bypass flaw on a system that has SELinux active. A local attacker with non-root privileges could mount a FUSE file system that is accessible to other users and trick them into accessing files on that file system, which could result in a Denial of Service or other unspecified conditions. Update Instructions: Run `sudo pro fix USN-5326-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfuse2 - 2.9.4-1ubuntu3.1+esm1 fuse - 2.9.4-1ubuntu3.1+esm1 libfuse-dev - 2.9.4-1ubuntu3.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2018-10906 Ubuntu 16.04 LTS USN-5328-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Tavis Ormandy discovered that OpenSSL incorrectly parsed certain certificates. A remote attacker could possibly use this issue to cause OpenSSH to stop responding, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-5328-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl-dev - 1.0.2g-1ubuntu4.20+esm2 openssl - 1.0.2g-1ubuntu4.20+esm2 libssl-doc - 1.0.2g-1ubuntu4.20+esm2 libssl1.0.0 - 1.0.2g-1ubuntu4.20+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-0778 Ubuntu 16.04 LTS It was discovered that tar incorrectly handled certain files. An attacker could possibly use this issue to cause tar to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-5329-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tar-scripts - 1.28-2.1ubuntu0.2+esm1 tar - 1.28-2.1ubuntu0.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2021-20193 Ubuntu 16.04 LTS It was discovered that tcpdump incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2018-16301) It was discovered that tcpdump incorrectly handled certain captured data. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-8037) Update Instructions: Run `sudo pro fix USN-5331-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tcpdump - 4.9.3-0ubuntu0.16.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2018-16301 CVE-2020-8037 Ubuntu 16.04 LTS USN-5332-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Xiang Li, Baojun Liu, Chaoyi Lu, and Changgen Zou discovered that Bind incorrectly handled certain bogus NS records when using forwarders. A remote attacker could possibly use this issue to manipulate cache results. (CVE-2021-25220) Update Instructions: Run `sudo pro fix USN-5332-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libisc160 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm2 libisccc-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm2 libdns162 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm2 libbind-dev - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm2 liblwres141 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm2 libisccc-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm2 libisccfg-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm2 bind9 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm2 libisc-export160 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm2 bind9-doc - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm2 libbind-export-dev - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm2 libisccc140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm2 host - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm2 libisccfg140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm2 bind9-host - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm2 dnsutils - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm2 libdns-export162 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm2 bind9utils - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm2 libbind9-140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm2 libirs141 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm2 libirs-export141 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm2 lwresd - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-25220 Ubuntu 16.04 LTS USN-5333-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Chamal De Silva discovered that the Apache HTTP Server mod_lua module incorrectly handled certain crafted request bodies. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2022-22719) James Kettle discovered that the Apache HTTP Server incorrectly closed inbound connection when certain errors are encountered. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. (CVE-2022-22720) It was discovered that the Apache HTTP Server incorrectly handled large LimitXMLRequestBody settings on certain platforms. In certain configurations, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-22721) Ronald Crane discovered that the Apache HTTP Server mod_sed module incorrectly handled memory. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-23943) Update Instructions: Run `sudo pro fix USN-5333-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2-data - 2.4.18-2ubuntu3.17+esm5 apache2-utils - 2.4.18-2ubuntu3.17+esm5 apache2-dev - 2.4.18-2ubuntu3.17+esm5 apache2-suexec-pristine - 2.4.18-2ubuntu3.17+esm5 apache2-suexec-custom - 2.4.18-2ubuntu3.17+esm5 apache2 - 2.4.18-2ubuntu3.17+esm5 apache2-doc - 2.4.18-2ubuntu3.17+esm5 apache2-bin - 2.4.18-2ubuntu3.17+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 CVE-2022-23943 Ubuntu 16.04 LTS It was discovered that man-db incorrectly handled permission changing operations in its daily cron job, and was therefore affected by a race condition. An attacker could possibly use this issue to escalate privileges and execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5334-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: man-db - 2.7.5-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2015-1336 Ubuntu 16.04 LTS It was discovered that ImageMagick incorrectly handled certain values when processing XPM image data or large images. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. (CVE-2020-19667, CVE-2017-13144) Suhwan Song discovered that ImageMagick incorrectly handled memory when processing PNG,PALM,MIFF image data. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. (CVE-2020-25664, CVE-2020-25665, CVE-2020-25674, CVE-2020-27753) Suhwan Song discovered that ImageMagick incorrectly handled certain values when processing image data. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. (CVE-2020-25676, CVE-2020-27750, CVE-2020-27760, CVE-2020-27762, CVE-2020-27766, CVE-2020-27770) Zhang Xiaohui discovered that ImageMagick incorrectly handled certain values when processing image data. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. (CVE-2021-20176, CVE-2021-20241, CVE-2021-20243) Update Instructions: Run `sudo pro fix USN-5335-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.8.9.9-7ubuntu5.16+esm2 libmagickcore-6.q16-dev - 8:6.8.9.9-7ubuntu5.16+esm2 imagemagick - 8:6.8.9.9-7ubuntu5.16+esm2 imagemagick-doc - 8:6.8.9.9-7ubuntu5.16+esm2 libmagickwand-6.q16-dev - 8:6.8.9.9-7ubuntu5.16+esm2 libmagick++-6-headers - 8:6.8.9.9-7ubuntu5.16+esm2 libimage-magick-q16-perl - 8:6.8.9.9-7ubuntu5.16+esm2 libmagickwand-dev - 8:6.8.9.9-7ubuntu5.16+esm2 libimage-magick-perl - 8:6.8.9.9-7ubuntu5.16+esm2 libmagick++-dev - 8:6.8.9.9-7ubuntu5.16+esm2 imagemagick-6.q16 - 8:6.8.9.9-7ubuntu5.16+esm2 libmagick++-6.q16-5v5 - 8:6.8.9.9-7ubuntu5.16+esm2 perlmagick - 8:6.8.9.9-7ubuntu5.16+esm2 libmagickwand-6.q16-2 - 8:6.8.9.9-7ubuntu5.16+esm2 libmagickcore-6-headers - 8:6.8.9.9-7ubuntu5.16+esm2 libmagickcore-6-arch-config - 8:6.8.9.9-7ubuntu5.16+esm2 libmagick++-6.q16-dev - 8:6.8.9.9-7ubuntu5.16+esm2 libmagickcore-6.q16-2-extra - 8:6.8.9.9-7ubuntu5.16+esm2 libmagickcore-dev - 8:6.8.9.9-7ubuntu5.16+esm2 libmagickwand-6-headers - 8:6.8.9.9-7ubuntu5.16+esm2 libmagickcore-6.q16-2 - 8:6.8.9.9-7ubuntu5.16+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-13144 CVE-2020-19667 CVE-2020-25664 CVE-2020-25665 CVE-2020-25674 CVE-2020-25676 CVE-2020-27750 CVE-2020-27753 CVE-2020-27760 CVE-2020-27762 CVE-2020-27766 CVE-2020-27770 CVE-2021-20176 CVE-2021-20241 CVE-2021-20243 Ubuntu 16.04 LTS Aladdin Mubaied discovered that the cjpeg utility in libjpeg9 did not properly validate the input image's size. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2016-3616) It was discovered that the cjpeg utility in libjpeg9 incorrectly handled certain input. An attacker could possibly use these issues to cause a denial of service. (CVE-2018-11212, CVE-2018-11813, CVE-2020-14152, CVE-2020-14153) It was discovered that the cjpeg utility in libjpeg9 incorrectly handled memory when supplied with certain input. An attacker could possibly use these issues to cause a denial of service or execute arbitrary code. (CVE-2018-11213, CVE-2018-11214) Update Instructions: Run `sudo pro fix USN-5336-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjpeg-progs - 1:9b-1ubuntu1+esm1 libjpeg9 - 1:9b-1ubuntu1+esm1 libjpeg9-dev - 1:9b-1ubuntu1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2016-3616 CVE-2018-11212 CVE-2018-11213 CVE-2018-11214 CVE-2018-11813 CVE-2020-14152 CVE-2020-14153 Ubuntu 16.04 LTS Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. (CVE-2022-0492) It was discovered that an out-of-bounds (OOB) memory access flaw existed in the f2fs module of the Linux kernel. A local attacker could use this issue to cause a denial of service (system crash). (CVE-2021-3506) Brendan Dolan-Gavitt discovered that the Marvell WiFi-Ex USB device driver in the Linux kernel did not properly handle some error conditions. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2021-43976) It was discovered that the ARM Trusted Execution Environment (TEE) subsystem in the Linux kernel contained a race condition leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-44733) It was discovered that the Phone Network protocol (PhoNet) implementation in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2021-45095) Samuel Page discovered that the Transparent Inter-Process Communication (TIPC) protocol implementation in the Linux kernel contained a stack-based buffer overflow. A remote attacker could use this to cause a denial of service (system crash) for systems that have a TIPC bearer configured. (CVE-2022-0435) Update Instructions: Run `sudo pro fix USN-5339-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-oracle-tools-4.15.0-1090 - 4.15.0-1090.99~16.04.1 linux-buildinfo-4.15.0-1090-oracle - 4.15.0-1090.99~16.04.1 linux-headers-4.15.0-1090-oracle - 4.15.0-1090.99~16.04.1 linux-image-unsigned-4.15.0-1090-oracle - 4.15.0-1090.99~16.04.1 linux-image-4.15.0-1090-oracle - 4.15.0-1090.99~16.04.1 linux-oracle-headers-4.15.0-1090 - 4.15.0-1090.99~16.04.1 linux-modules-extra-4.15.0-1090-oracle - 4.15.0-1090.99~16.04.1 linux-modules-4.15.0-1090-oracle - 4.15.0-1090.99~16.04.1 linux-tools-4.15.0-1090-oracle - 4.15.0-1090.99~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp-tools-4.15.0-1119 - 4.15.0-1119.133~16.04.1 linux-image-unsigned-4.15.0-1119-gcp - 4.15.0-1119.133~16.04.1 linux-headers-4.15.0-1119-gcp - 4.15.0-1119.133~16.04.1 linux-image-4.15.0-1119-gcp - 4.15.0-1119.133~16.04.1 linux-gcp-headers-4.15.0-1119 - 4.15.0-1119.133~16.04.1 linux-modules-4.15.0-1119-gcp - 4.15.0-1119.133~16.04.1 linux-buildinfo-4.15.0-1119-gcp - 4.15.0-1119.133~16.04.1 linux-tools-4.15.0-1119-gcp - 4.15.0-1119.133~16.04.1 linux-modules-extra-4.15.0-1119-gcp - 4.15.0-1119.133~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-1124-aws - 4.15.0-1124.133~16.04.1 linux-image-4.15.0-1124-aws-hwe - 4.15.0-1124.133~16.04.1 linux-modules-4.15.0-1124-aws - 4.15.0-1124.133~16.04.1 linux-tools-4.15.0-1124-aws - 4.15.0-1124.133~16.04.1 linux-modules-extra-4.15.0-1124-aws - 4.15.0-1124.133~16.04.1 linux-headers-4.15.0-1124-aws - 4.15.0-1124.133~16.04.1 linux-image-unsigned-4.15.0-1124-aws - 4.15.0-1124.133~16.04.1 linux-aws-headers-4.15.0-1124 - 4.15.0-1124.133~16.04.1 linux-cloud-tools-4.15.0-1124-aws - 4.15.0-1124.133~16.04.1 linux-aws-hwe-cloud-tools-4.15.0-1124 - 4.15.0-1124.133~16.04.1 linux-aws-hwe-tools-4.15.0-1124 - 4.15.0-1124.133~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-tools-4.15.0-1134 - 4.15.0-1134.147~16.04.1 linux-modules-extra-4.15.0-1134-azure - 4.15.0-1134.147~16.04.1 linux-buildinfo-4.15.0-1134-azure - 4.15.0-1134.147~16.04.1 linux-azure-cloud-tools-4.15.0-1134 - 4.15.0-1134.147~16.04.1 linux-azure-headers-4.15.0-1134 - 4.15.0-1134.147~16.04.1 linux-headers-4.15.0-1134-azure - 4.15.0-1134.147~16.04.1 linux-tools-4.15.0-1134-azure - 4.15.0-1134.147~16.04.1 linux-image-4.15.0-1134-azure - 4.15.0-1134.147~16.04.1 linux-cloud-tools-4.15.0-1134-azure - 4.15.0-1134.147~16.04.1 linux-modules-4.15.0-1134-azure - 4.15.0-1134.147~16.04.1 linux-image-unsigned-4.15.0-1134-azure - 4.15.0-1134.147~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-unsigned-4.15.0-173-lowlatency - 4.15.0-173.182~16.04.1 linux-buildinfo-4.15.0-173-lowlatency - 4.15.0-173.182~16.04.1 linux-image-4.15.0-173-generic - 4.15.0-173.182~16.04.1 linux-headers-4.15.0-173-generic - 4.15.0-173.182~16.04.1 linux-cloud-tools-4.15.0-173-lowlatency - 4.15.0-173.182~16.04.1 linux-tools-4.15.0-173-generic - 4.15.0-173.182~16.04.1 linux-image-unsigned-4.15.0-173-generic - 4.15.0-173.182~16.04.1 linux-tools-4.15.0-173-lowlatency - 4.15.0-173.182~16.04.1 linux-headers-4.15.0-173-lowlatency - 4.15.0-173.182~16.04.1 linux-modules-4.15.0-173-lowlatency - 4.15.0-173.182~16.04.1 linux-headers-4.15.0-173 - 4.15.0-173.182~16.04.1 linux-buildinfo-4.15.0-173-generic - 4.15.0-173.182~16.04.1 linux-image-4.15.0-173-lowlatency - 4.15.0-173.182~16.04.1 linux-hwe-cloud-tools-4.15.0-173 - 4.15.0-173.182~16.04.1 linux-modules-extra-4.15.0-173-generic - 4.15.0-173.182~16.04.1 linux-modules-4.15.0-173-generic - 4.15.0-173.182~16.04.1 linux-cloud-tools-4.15.0-173-generic - 4.15.0-173.182~16.04.1 linux-hwe-tools-4.15.0-173 - 4.15.0-173.182~16.04.1 linux-source-4.15.0 - 4.15.0-173.182~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 4.15.0.1090.78 linux-signed-image-oracle - 4.15.0.1090.78 linux-signed-oracle - 4.15.0.1090.78 linux-image-oracle - 4.15.0.1090.78 linux-tools-oracle - 4.15.0.1090.78 linux-oracle - 4.15.0.1090.78 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-gke - 4.15.0.1119.120 linux-modules-extra-gcp - 4.15.0.1119.120 linux-tools-gke - 4.15.0.1119.120 linux-tools-gcp - 4.15.0.1119.120 linux-gke - 4.15.0.1119.120 linux-gcp - 4.15.0.1119.120 linux-image-gke - 4.15.0.1119.120 linux-headers-gke - 4.15.0.1119.120 linux-headers-gcp - 4.15.0.1119.120 linux-image-gcp - 4.15.0.1119.120 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-hwe - 4.15.0.1124.114 linux-modules-extra-aws-hwe - 4.15.0.1124.114 linux-aws-edge - 4.15.0.1124.114 linux-image-aws-hwe - 4.15.0.1124.114 linux-headers-aws-hwe - 4.15.0.1124.114 linux-tools-aws-hwe - 4.15.0.1124.114 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1134.125 linux-cloud-tools-azure - 4.15.0.1134.125 linux-tools-azure - 4.15.0.1134.125 linux-image-azure-edge - 4.15.0.1134.125 linux-tools-azure-edge - 4.15.0.1134.125 linux-cloud-tools-azure-edge - 4.15.0.1134.125 linux-modules-extra-azure - 4.15.0.1134.125 linux-azure - 4.15.0.1134.125 linux-signed-image-azure-edge - 4.15.0.1134.125 linux-image-azure - 4.15.0.1134.125 linux-signed-image-azure - 4.15.0.1134.125 linux-headers-azure-edge - 4.15.0.1134.125 linux-azure-edge - 4.15.0.1134.125 linux-modules-extra-azure-edge - 4.15.0.1134.125 linux-signed-azure-edge - 4.15.0.1134.125 linux-headers-azure - 4.15.0.1134.125 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-virtual-hwe-16.04-edge - 4.15.0.173.165 linux-image-lowlatency-hwe-16.04 - 4.15.0.173.165 linux-signed-generic-hwe-16.04-edge - 4.15.0.173.165 linux-image-extra-virtual-hwe-16.04 - 4.15.0.173.165 linux-image-oem - 4.15.0.173.165 linux-headers-generic-hwe-16.04-edge - 4.15.0.173.165 linux-tools-virtual-hwe-16.04 - 4.15.0.173.165 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.173.165 linux-image-virtual-hwe-16.04-edge - 4.15.0.173.165 linux-signed-lowlatency-hwe-16.04 - 4.15.0.173.165 linux-headers-oem - 4.15.0.173.165 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.173.165 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.173.165 linux-generic-hwe-16.04-edge - 4.15.0.173.165 linux-headers-lowlatency-hwe-16.04 - 4.15.0.173.165 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.173.165 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.173.165 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.173.165 linux-tools-oem - 4.15.0.173.165 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.173.165 linux-signed-image-generic-hwe-16.04 - 4.15.0.173.165 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.173.165 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.173.165 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.173.165 linux-lowlatency-hwe-16.04 - 4.15.0.173.165 linux-headers-generic-hwe-16.04 - 4.15.0.173.165 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.173.165 linux-generic-hwe-16.04 - 4.15.0.173.165 linux-tools-virtual-hwe-16.04-edge - 4.15.0.173.165 linux-oem - 4.15.0.173.165 linux-virtual-hwe-16.04 - 4.15.0.173.165 linux-image-generic-hwe-16.04-edge - 4.15.0.173.165 linux-lowlatency-hwe-16.04-edge - 4.15.0.173.165 linux-image-generic-hwe-16.04 - 4.15.0.173.165 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.173.165 linux-tools-lowlatency-hwe-16.04 - 4.15.0.173.165 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.173.165 linux-headers-virtual-hwe-16.04 - 4.15.0.173.165 linux-virtual-hwe-16.04-edge - 4.15.0.173.165 linux-signed-oem - 4.15.0.173.165 linux-image-virtual-hwe-16.04 - 4.15.0.173.165 linux-signed-generic-hwe-16.04 - 4.15.0.173.165 linux-signed-image-oem - 4.15.0.173.165 linux-tools-generic-hwe-16.04 - 4.15.0.173.165 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.173.165 linux-tools-generic-hwe-16.04-edge - 4.15.0.173.165 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-3506 CVE-2021-43976 CVE-2021-44733 CVE-2021-45095 CVE-2022-0435 CVE-2022-0492 Ubuntu 16.04 LTS USN-5340-1 fixed several vulnerabilities in CKEditor. This update provides the fixes for CVE-2018-9861, CVE-2020-9281, CVE-2021-32809, CVE-2021-33829 and CVE-2021-37695 for Ubuntu 16.04 ESM. Original advisory details: Kyaw Min Thein discovered that CKEditor incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affects Ubuntu 18.04 LTS. (CVE-2018-9861) Micha Bentkowski discovered that CKEditor incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-9281) Anton Subbotin discovered that CKEditor incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affects Ubuntu 21.10. (CVE-2021-32808) Anton Subbotin discovered that CKEditor incorrectly handled certain inputs. An attacker could possibly use this issue to inject arbitrary code. (CVE-2021-32809) Or Sahar discovered that CKEditor incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-33829) Mika Kulmala discovered that CKEditor incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-37695) Update Instructions: Run `sudo pro fix USN-5340-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ckeditor - 4.5.7+dfsg-2ubuntu0.16.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-9861 CVE-2020-9281 CVE-2021-32809 CVE-2021-33829 CVE-2021-37695 Ubuntu 16.04 LTS It was discovered that GNU binutils incorrectly handled checks for memory allocation when parsing relocs in a corrupt file. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-17122) It was discovered that GNU binutils incorrectly handled certain corrupt DWARF debug sections. An attacker could possibly use this issue to cause GNU binutils to consume memory, resulting in a denial of service. (CVE-2021-3487) It was discovered that GNU binutils incorrectly performed bounds checking operations when parsing stabs debugging information. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2021-45078) Update Instructions: Run `sudo pro fix USN-5341-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: binutils-dev - 2.26.1-1ubuntu1~16.04.8+esm3 binutils-arm-linux-gnueabihf - 2.26.1-1ubuntu1~16.04.8+esm3 binutils-hppa64-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm3 binutils-multiarch - 2.26.1-1ubuntu1~16.04.8+esm3 binutils-powerpc64le-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm3 binutils-mipsel-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm3 binutils-m68k-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm3 binutils-s390x-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm3 binutils-multiarch-dev - 2.26.1-1ubuntu1~16.04.8+esm3 binutils-doc - 2.26.1-1ubuntu1~16.04.8+esm3 binutils-sh4-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm3 binutils-mips64-linux-gnuabi64 - 2.26.1-1ubuntu1~16.04.8+esm3 binutils-aarch64-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm3 binutils-source - 2.26.1-1ubuntu1~16.04.8+esm3 binutils-mips64el-linux-gnuabi64 - 2.26.1-1ubuntu1~16.04.8+esm3 binutils-mips-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm3 binutils-powerpc-linux-gnuspe - 2.26.1-1ubuntu1~16.04.8+esm3 binutils-powerpc64-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm3 binutils-hppa-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm3 binutils-sparc64-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm3 binutils-arm-linux-gnueabi - 2.26.1-1ubuntu1~16.04.8+esm3 binutils-alpha-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm3 binutils-powerpc-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm3 binutils - 2.26.1-1ubuntu1~16.04.8+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2017-17122 CVE-2021-45078 Ubuntu 16.04 LTS David Schwörer discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2021-3426) It was discovered that Python incorrectly handled certain FTP requests. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS. (CVE-2021-4189) It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-0391) Update Instructions: Run `sudo pro fix USN-5342-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python2.7-dev - 2.7.12-1ubuntu0~16.04.18+esm1 python2.7-doc - 2.7.12-1ubuntu0~16.04.18+esm1 libpython2.7-stdlib - 2.7.12-1ubuntu0~16.04.18+esm1 libpython2.7-minimal - 2.7.12-1ubuntu0~16.04.18+esm1 libpython2.7 - 2.7.12-1ubuntu0~16.04.18+esm1 libpython2.7-testsuite - 2.7.12-1ubuntu0~16.04.18+esm1 python2.7 - 2.7.12-1ubuntu0~16.04.18+esm1 idle-python2.7 - 2.7.12-1ubuntu0~16.04.18+esm1 python2.7-examples - 2.7.12-1ubuntu0~16.04.18+esm1 libpython2.7-dev - 2.7.12-1ubuntu0~16.04.18+esm1 python2.7-minimal - 2.7.12-1ubuntu0~16.04.18+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro libpython3.5-stdlib - 3.5.2-2ubuntu0~16.04.13+esm2 python3.5-venv - 3.5.2-2ubuntu0~16.04.13+esm2 python3.5-doc - 3.5.2-2ubuntu0~16.04.13+esm2 python3.5-dev - 3.5.2-2ubuntu0~16.04.13+esm2 libpython3.5-dev - 3.5.2-2ubuntu0~16.04.13+esm2 libpython3.5-minimal - 3.5.2-2ubuntu0~16.04.13+esm2 python3.5 - 3.5.2-2ubuntu0~16.04.13+esm2 idle-python3.5 - 3.5.2-2ubuntu0~16.04.13+esm2 libpython3.5-testsuite - 3.5.2-2ubuntu0~16.04.13+esm2 python3.5-examples - 3.5.2-2ubuntu0~16.04.13+esm2 python3.5-minimal - 3.5.2-2ubuntu0~16.04.13+esm2 libpython3.5 - 3.5.2-2ubuntu0~16.04.13+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-3426 CVE-2021-4189 CVE-2022-0391 Ubuntu 16.04 LTS Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. (CVE-2022-0492) It was discovered that the aufs file system in the Linux kernel did not properly restrict mount namespaces, when mounted with the non-default allow_userns option set. A local attacker could use this to gain administrative privileges. (CVE-2016-2853) It was discovered that the aufs file system in the Linux kernel did not properly maintain POSIX ACL xattr data, when mounted with the non-default allow_userns option. A local attacker could possibly use this to gain elevated privileges. (CVE-2016-2854) It was discovered that the f2fs file system in the Linux kernel did not properly validate metadata in some situations. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19449) It was discovered that the XFS file system implementation in the Linux kernel did not properly validate meta data in some circumstances. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. (CVE-2020-12655) Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-25670) Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel did not properly deallocate memory in certain error situations. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2020-25671, CVE-2020-25672) Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel did not properly handle error conditions in some situations, leading to an infinite loop. A local attacker could use this to cause a denial of service. (CVE-2020-25673) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled EAPOL frames from unauthenticated senders. A physically proximate attacker could inject malicious packets to cause a denial of service (system crash). (CVE-2020-26139) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could reassemble mixed encrypted and plaintext fragments. A physically proximate attacker could possibly use this issue to inject packets or exfiltrate selected fragments. (CVE-2020-26147) It was discovered that the BR/EDR pin-code pairing procedure in the Linux kernel was vulnerable to an impersonation attack. A physically proximate attacker could possibly use this to pair to a device without knowledge of the pin-code. (CVE-2020-26555) It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. (CVE-2020-26558, CVE-2021-0129) It was discovered that the FUSE user space file system implementation in the Linux kernel did not properly handle bad inodes in some situations. A local attacker could possibly use this to cause a denial of service. (CVE-2020-36322) It was discovered that the Infiniband RDMA userspace connection manager implementation in the Linux kernel contained a race condition leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possible execute arbitrary code. (CVE-2020-36385) It was discovered that the DRM subsystem in the Linux kernel contained double-free vulnerabilities. A privileged attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-20292) It was discovered that a race condition existed in the timer implementation in the Linux kernel. A privileged attacker could use this to cause a denial of service. (CVE-2021-20317) Or Cohen and Nadav Markus discovered a use-after-free vulnerability in the nfc implementation in the Linux kernel. A privileged local attacker could use this issue to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-23134) It was discovered that the Xen paravirtualization backend in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-28688) It was discovered that the RPA PCI Hotplug driver implementation in the Linux kernel did not properly handle device name writes via sysfs, leading to a buffer overflow. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-28972) It was discovered that a race condition existed in the netfilter subsystem of the Linux kernel when replacing tables. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-29650) It was discovered that a race condition in the kernel Bluetooth subsystem could lead to use-after-free of slab objects. An attacker could use this issue to possibly execute arbitrary code. (CVE-2021-32399) It was discovered that the CIPSO implementation in the Linux kernel did not properly perform reference counting in some situations, leading to use- after-free vulnerabilities. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33033) It was discovered that a use-after-free existed in the Bluetooth HCI driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33034) Asaf Modelevsky discovered that the Intel(R) Ethernet ixgbe driver for the Linux kernel did not properly validate large MTU requests from Virtual Function (VF) devices. A local attacker could possibly use this to cause a denial of service. (CVE-2021-33098) Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol implementation in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-34693) 马哲宇 discovered that the IEEE 1394 (Firewire) nosy packet sniffer driver in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3483) It was discovered that an out-of-bounds (OOB) memory access flaw existed in the f2fs module of the Linux kernel. A local attacker could use this issue to cause a denial of service (system crash). (CVE-2021-3506) It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device initialization failure, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-3564) It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device detach events, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-3573) Murray McAllister discovered that the joystick device interface in the Linux kernel did not properly validate data passed via an ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code on systems with a joystick device registered. (CVE-2021-3612) It was discovered that the tracing subsystem in the Linux kernel did not properly keep track of per-cpu ring buffer state. A privileged attacker could use this to cause a denial of service. (CVE-2021-3679) It was discovered that the Virtio console implementation in the Linux kernel did not properly validate input lengths in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2021-38160) It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly compute the access permissions for shadow pages in some situations. A local attacker could use this to cause a denial of service. (CVE-2021-38198) It was discovered that the MAX-3421 host USB device driver in the Linux kernel did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2021-38204) It was discovered that the NFC implementation in the Linux kernel did not properly handle failed connect events leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service. (CVE-2021-38208) It was discovered that the configfs interface for USB gadgets in the Linux kernel contained a race condition. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2021-39648) It was discovered that the ext4 file system in the Linux kernel contained a race condition when writing xattrs to an inode. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. (CVE-2021-40490) It was discovered that the 6pack network protocol driver in the Linux kernel did not properly perform validation checks. A privileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-42008) It was discovered that the ISDN CAPI implementation in the Linux kernel contained a race condition in certain situations that could trigger an array out-of-bounds bug. A privileged local attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2021-43389) It was discovered that the Phone Network protocol (PhoNet) implementation in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2021-45095) Wenqing Liu discovered that the f2fs file system in the Linux kernel did not properly validate the last xattr entry in an inode. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-45469) Amit Klein discovered that the IPv6 implementation in the Linux kernel could disclose internal state in some situations. An attacker could possibly use this to expose sensitive information. (CVE-2021-45485) It was discovered that the per cpu memory allocator in the Linux kernel could report kernel pointers via dmesg. An attacker could use this to expose sensitive information or in conjunction with another kernel vulnerability. (CVE-2018-5995) Update Instructions: Run `sudo pro fix USN-5343-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-tools-4.4.0-1103-kvm - 4.4.0-1103.112 linux-headers-4.4.0-1103-kvm - 4.4.0-1103.112 linux-image-4.4.0-1103-kvm - 4.4.0-1103.112 linux-buildinfo-4.4.0-1103-kvm - 4.4.0-1103.112 linux-modules-4.4.0-1103-kvm - 4.4.0-1103.112 linux-kvm-tools-4.4.0-1103 - 4.4.0-1103.112 linux-kvm-cloud-tools-4.4.0-1103 - 4.4.0-1103.112 linux-kvm-headers-4.4.0-1103 - 4.4.0-1103.112 linux-cloud-tools-4.4.0-1103-kvm - 4.4.0-1103.112 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-4.4.0-1138-aws - 4.4.0-1138.152 linux-image-4.4.0-1138-aws - 4.4.0-1138.152 linux-buildinfo-4.4.0-1138-aws - 4.4.0-1138.152 linux-modules-4.4.0-1138-aws - 4.4.0-1138.152 linux-cloud-tools-4.4.0-1138-aws - 4.4.0-1138.152 linux-tools-4.4.0-1138-aws - 4.4.0-1138.152 linux-aws-cloud-tools-4.4.0-1138 - 4.4.0-1138.152 linux-aws-tools-4.4.0-1138 - 4.4.0-1138.152 linux-headers-4.4.0-1138-aws - 4.4.0-1138.152 linux-aws-headers-4.4.0-1138 - 4.4.0-1138.152 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.4.0-222-lowlatency - 4.4.0-222.255 linux-tools-common - 4.4.0-222.255 linux-modules-4.4.0-222-lowlatency - 4.4.0-222.255 linux-image-unsigned-4.4.0-222-generic - 4.4.0-222.255 linux-headers-4.4.0-222 - 4.4.0-222.255 linux-tools-host - 4.4.0-222.255 linux-source-4.4.0 - 4.4.0-222.255 linux-doc - 4.4.0-222.255 linux-tools-4.4.0-222-generic - 4.4.0-222.255 linux-cloud-tools-4.4.0-222 - 4.4.0-222.255 linux-modules-4.4.0-222-generic - 4.4.0-222.255 linux-image-4.4.0-222-lowlatency - 4.4.0-222.255 linux-libc-dev - 4.4.0-222.255 linux-tools-4.4.0-222-lowlatency - 4.4.0-222.255 linux-image-4.4.0-222-generic - 4.4.0-222.255 linux-headers-4.4.0-222-generic - 4.4.0-222.255 linux-cloud-tools-4.4.0-222-lowlatency - 4.4.0-222.255 linux-cloud-tools-4.4.0-222-generic - 4.4.0-222.255 linux-cloud-tools-common - 4.4.0-222.255 linux-modules-extra-4.4.0-222-generic - 4.4.0-222.255 linux-image-unsigned-4.4.0-222-lowlatency - 4.4.0-222.255 linux-buildinfo-4.4.0-222-generic - 4.4.0-222.255 linux-tools-4.4.0-222 - 4.4.0-222.255 linux-headers-4.4.0-222-lowlatency - 4.4.0-222.255 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-kvm - 4.4.0.1103.101 linux-headers-kvm - 4.4.0.1103.101 linux-tools-kvm - 4.4.0.1103.101 linux-image-kvm - 4.4.0.1103.101 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-aws - 4.4.0.1138.143 linux-image-aws - 4.4.0.1138.143 linux-aws - 4.4.0.1138.143 linux-modules-extra-aws - 4.4.0.1138.143 linux-tools-aws - 4.4.0.1138.143 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-image-generic-lts-utopic - 4.4.0.222.229 linux-cloud-tools-generic-lts-wily - 4.4.0.222.229 linux-cloud-tools-virtual-lts-xenial - 4.4.0.222.229 linux-cloud-tools-virtual - 4.4.0.222.229 linux-cloud-tools-virtual-lts-utopic - 4.4.0.222.229 linux-tools-generic-lts-vivid - 4.4.0.222.229 linux-image-extra-virtual-lts-xenial - 4.4.0.222.229 linux-image-extra-virtual-lts-wily - 4.4.0.222.229 linux-headers-generic-lts-wily - 4.4.0.222.229 linux-headers-lowlatency-lts-wily - 4.4.0.222.229 linux-tools-virtual-lts-vivid - 4.4.0.222.229 linux-image-virtual - 4.4.0.222.229 linux-tools-virtual-lts-wily - 4.4.0.222.229 linux-image-lowlatency-lts-vivid - 4.4.0.222.229 linux-tools-lowlatency-lts-vivid - 4.4.0.222.229 linux-cloud-tools-generic-lts-utopic - 4.4.0.222.229 linux-headers-virtual-lts-vivid - 4.4.0.222.229 linux-image-lowlatency-lts-wily - 4.4.0.222.229 linux-image-generic - 4.4.0.222.229 linux-image-lowlatency-lts-xenial - 4.4.0.222.229 linux-tools-virtual-lts-xenial - 4.4.0.222.229 linux-signed-lowlatency-lts-wily - 4.4.0.222.229 linux-image-generic-lts-wily - 4.4.0.222.229 linux-virtual-lts-utopic - 4.4.0.222.229 linux-signed-generic-lts-wily - 4.4.0.222.229 linux-cloud-tools-lowlatency-lts-wily - 4.4.0.222.229 linux-image-extra-virtual-lts-utopic - 4.4.0.222.229 linux-signed-generic-lts-utopic - 4.4.0.222.229 linux-tools-lowlatency-lts-xenial - 4.4.0.222.229 linux-headers-generic-lts-xenial - 4.4.0.222.229 linux-signed-generic-lts-vivid - 4.4.0.222.229 linux-crashdump - 4.4.0.222.229 linux-virtual-lts-vivid - 4.4.0.222.229 linux-signed-lowlatency-lts-xenial - 4.4.0.222.229 linux-headers-lowlatency-lts-vivid - 4.4.0.222.229 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.222.229 linux-lowlatency-lts-xenial - 4.4.0.222.229 linux-signed-generic-lts-xenial - 4.4.0.222.229 linux-source - 4.4.0.222.229 linux-signed-image-generic - 4.4.0.222.229 linux-lowlatency - 4.4.0.222.229 linux-cloud-tools-lowlatency-lts-vivid - 4.4.0.222.229 linux-generic-lts-xenial - 4.4.0.222.229 linux-cloud-tools-generic - 4.4.0.222.229 linux-virtual - 4.4.0.222.229 linux-tools-virtual - 4.4.0.222.229 linux-cloud-tools-generic-lts-vivid - 4.4.0.222.229 linux-tools-generic-lts-utopic - 4.4.0.222.229 linux-signed-image-lowlatency-lts-wily - 4.4.0.222.229 linux-cloud-tools-lowlatency-lts-utopic - 4.4.0.222.229 linux-signed-image-generic-lts-vivid - 4.4.0.222.229 linux-image-virtual-lts-vivid - 4.4.0.222.229 linux-image-extra-virtual-lts-vivid - 4.4.0.222.229 linux-virtual-lts-xenial - 4.4.0.222.229 linux-cloud-tools-virtual-lts-vivid - 4.4.0.222.229 linux-tools-lowlatency-lts-utopic - 4.4.0.222.229 linux-signed-image-generic-lts-wily - 4.4.0.222.229 linux-signed-image-lowlatency-lts-xenial - 4.4.0.222.229 linux-image-generic-lts-vivid - 4.4.0.222.229 linux-generic - 4.4.0.222.229 linux-tools-generic-lts-wily - 4.4.0.222.229 linux-tools-virtual-lts-utopic - 4.4.0.222.229 linux-headers-lowlatency - 4.4.0.222.229 linux-lowlatency-lts-vivid - 4.4.0.222.229 linux-generic-lts-wily - 4.4.0.222.229 linux-image-hwe-virtual-trusty - 4.4.0.222.229 linux-signed-image-generic-lts-xenial - 4.4.0.222.229 linux-generic-lts-vivid - 4.4.0.222.229 linux-tools-lowlatency-lts-wily - 4.4.0.222.229 linux-headers-virtual-lts-xenial - 4.4.0.222.229 linux-headers-lowlatency-lts-utopic - 4.4.0.222.229 linux-hwe-generic-trusty - 4.4.0.222.229 linux-tools-generic - 4.4.0.222.229 linux-image-extra-virtual - 4.4.0.222.229 linux-image-generic-lts-xenial - 4.4.0.222.229 linux-headers-generic-lts-utopic - 4.4.0.222.229 linux-cloud-tools-virtual-lts-wily - 4.4.0.222.229 linux-cloud-tools-lowlatency - 4.4.0.222.229 linux-lowlatency-lts-utopic - 4.4.0.222.229 linux-tools-generic-lts-xenial - 4.4.0.222.229 linux-signed-image-lowlatency - 4.4.0.222.229 linux-image-generic-lts-utopic - 4.4.0.222.229 linux-signed-generic - 4.4.0.222.229 linux-lowlatency-lts-wily - 4.4.0.222.229 linux-image-virtual-lts-utopic - 4.4.0.222.229 linux-headers-generic - 4.4.0.222.229 linux-tools-lts-utopic - 4.4.0.222.229 linux-tools-lowlatency - 4.4.0.222.229 linux-generic-lts-utopic - 4.4.0.222.229 linux-headers-lowlatency-lts-xenial - 4.4.0.222.229 linux-image-hwe-generic-trusty - 4.4.0.222.229 linux-headers-generic-lts-vivid - 4.4.0.222.229 linux-headers-virtual - 4.4.0.222.229 linux-cloud-tools-generic-lts-xenial - 4.4.0.222.229 linux-image-virtual-lts-wily - 4.4.0.222.229 linux-virtual-lts-wily - 4.4.0.222.229 linux-headers-virtual-lts-utopic - 4.4.0.222.229 linux-headers-virtual-lts-wily - 4.4.0.222.229 linux-hwe-virtual-trusty - 4.4.0.222.229 linux-signed-lowlatency - 4.4.0.222.229 linux-image-virtual-lts-xenial - 4.4.0.222.229 linux-image-lowlatency-lts-utopic - 4.4.0.222.229 linux-image-lowlatency - 4.4.0.222.229 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2016-2853 CVE-2016-2854 CVE-2018-5995 CVE-2019-19449 CVE-2020-12655 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-26139 CVE-2020-26147 CVE-2020-26555 CVE-2020-26558 CVE-2020-36322 CVE-2020-36385 CVE-2021-0129 CVE-2021-20292 CVE-2021-20317 CVE-2021-23134 CVE-2021-28688 CVE-2021-28972 CVE-2021-29650 CVE-2021-32399 CVE-2021-33033 CVE-2021-33034 CVE-2021-33098 CVE-2021-34693 CVE-2021-3483 CVE-2021-3506 CVE-2021-3564 CVE-2021-3573 CVE-2021-3612 CVE-2021-3679 CVE-2021-38160 CVE-2021-38198 CVE-2021-38204 CVE-2021-38208 CVE-2021-39648 CVE-2021-40490 CVE-2021-42008 CVE-2021-43389 CVE-2021-45095 CVE-2021-45469 CVE-2021-45485 CVE-2022-0492 Ubuntu 16.04 LTS It was discovered that the DBD::mysql module, when configured with server-side prepared statement support, was susceptible to operations that would result in improper memory access. An attacker could possibly use this issue to cause DBD::mysql to crash, resulting in a denial of service. (CVE-2016-1249, CVE-2016-1251) It was discovered that the DBD::mysql module was susceptible to an operation that would result in improper memory access, introduced through incorrect documentation and code examples. An attacker could possibly use this issue to cause DBD::mysql to crash or potentially cause other, unspecified, impact. (CVE-2017-10788) It was discovered that the DBD::mysql module processed SSL/TLS settings in a way that did not fully correlate with the respective documentation for each setting. An attacker could possibly use this to perform a cleartext-downgrade attack. (CVE-2017-10789) Update Instructions: Run `sudo pro fix USN-5344-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libdbd-mysql-perl - 4.033-1ubuntu0.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Low CVE-2016-1249 CVE-2016-1251 CVE-2017-10788 CVE-2017-10789 Ubuntu 16.04 LTS USN-5348-1 fixed several vulnerabilities in Smarty. This update provides the fixes for CVE-2021-21408, CVE-2021-26119, CVE-2021-26120 and CVE-2021-29454 for Ubuntu 16.04 ESM. Original advisory details: David Gnedt and Thomas Konrad discovered that Smarty was incorrectly sanitizing the paths present in the templates. An attacker could possibly use this use to read arbitrary files when controlling the executed template. (CVE-2018-13982) It was discovered that Smarty was incorrectly sanitizing the paths present in the templates. An attacker could possibly use this use to read arbitrary files when controlling the executed template. (CVE-2018-16831) It was discovered that Smarty was incorrectly validating security policy data, allowing the execution of static classes even when not permitted by the security settings. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-21408) It was discovered that Smarty was incorrectly managing access control to template objects, which allowed users to perform a sandbox escape. An attacker could possibly use this issue to send specially crafted input to applications that use Smarty and execute arbitrary code. (CVE-2021-26119) It was discovered that Smarty was not checking for special characters when setting function names during plugin compile operations. An attacker could possibly use this issue to send specially crafted input to applications that use Smarty and execute arbitrary code. (CVE-2021-26120) It was discovered that Smarty was incorrectly sanitizing characters in math strings processed by the math function. An attacker could possibly use this issue to send specially crafted input to applications that use Smarty and execute arbitrary code. (CVE-2021-29454) Update Instructions: Run `sudo pro fix USN-5348-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: smarty3 - 3.1.21-1ubuntu1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2021-21408 CVE-2021-26119 CVE-2021-26120 CVE-2021-29454 Ubuntu 16.04 LTS It was discovered that GNU binutils gold incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5349-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: binutils-dev - 2.26.1-1ubuntu1~16.04.8+esm4 binutils-arm-linux-gnueabihf - 2.26.1-1ubuntu1~16.04.8+esm4 binutils-hppa64-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm4 binutils-multiarch - 2.26.1-1ubuntu1~16.04.8+esm4 binutils-powerpc64le-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm4 binutils-mipsel-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm4 binutils-m68k-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm4 binutils-s390x-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm4 binutils-multiarch-dev - 2.26.1-1ubuntu1~16.04.8+esm4 binutils-doc - 2.26.1-1ubuntu1~16.04.8+esm4 binutils-sh4-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm4 binutils-mips64-linux-gnuabi64 - 2.26.1-1ubuntu1~16.04.8+esm4 binutils-aarch64-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm4 binutils-source - 2.26.1-1ubuntu1~16.04.8+esm4 binutils-mips64el-linux-gnuabi64 - 2.26.1-1ubuntu1~16.04.8+esm4 binutils-mips-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm4 binutils-powerpc-linux-gnuspe - 2.26.1-1ubuntu1~16.04.8+esm4 binutils-powerpc64-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm4 binutils-hppa-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm4 binutils-sparc64-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm4 binutils-arm-linux-gnueabi - 2.26.1-1ubuntu1~16.04.8+esm4 binutils-alpha-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm4 binutils-powerpc-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm4 binutils - 2.26.1-1ubuntu1~16.04.8+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2019-1010204 Ubuntu 16.04 LTS USN-5351-1 fixed a vulnerability in Paramiko. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Jan Schejbal discovered that Paramiko incorrectly handled permissions when writing private key files. A local attacker could possibly use this issue to gain access to private keys. Update Instructions: Run `sudo pro fix USN-5351-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-paramiko - 1.16.0-1ubuntu0.2+esm2 paramiko-doc - 1.16.0-1ubuntu0.2+esm2 python-paramiko - 1.16.0-1ubuntu0.2+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-24302 Ubuntu 16.04 LTS It was discovered that Libtasn1 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5352-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtasn1-6-dev - 4.7-3ubuntu0.16.04.3+esm2 libtasn1-3-bin - 4.7-3ubuntu0.16.04.3+esm2 libtasn1-doc - 4.7-3ubuntu0.16.04.3+esm2 libtasn1-bin - 4.7-3ubuntu0.16.04.3+esm2 libtasn1-6 - 4.7-3ubuntu0.16.04.3+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Negligible CVE-2018-1000654 Ubuntu 16.04 LTS USN-5354-1 fixed vulnerabilities in Twisted. This update provides the corresponding updates for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 22.04 LTS. Original advisory details: It was discovered that Twisted incorrectly processed SSH handshake data on connection establishments. A remote attacker could use this issue to cause Twisted to crash, resulting in a denial of service. (CVE-2022-21716) Update Instructions: Run `sudo pro fix USN-5354-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: twisted-doc - 16.0.0-1ubuntu0.4+esm1 python-twisted-news - 16.0.0-1ubuntu0.4+esm1 python-twisted-words - 16.0.0-1ubuntu0.4+esm1 python-twisted-names - 16.0.0-1ubuntu0.4+esm1 python3-twisted - 16.0.0-1ubuntu0.4+esm1 python-twisted-runner - 16.0.0-1ubuntu0.4+esm1 python-twisted-core - 16.0.0-1ubuntu0.4+esm1 python-twisted-web - 16.0.0-1ubuntu0.4+esm1 python-twisted - 16.0.0-1ubuntu0.4+esm1 python-twisted-mail - 16.0.0-1ubuntu0.4+esm1 python-twisted-bin - 16.0.0-1ubuntu0.4+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro python-twisted-conch - 1:16.0.0-1ubuntu0.4+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-21716 Ubuntu 16.04 LTS USN-5355-1 fixed a vulnerability in zlib. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Danilo Ramos discovered that zlib incorrectly handled memory when performing certain deflating operations. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5355-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libx32z1-dev - 1:1.2.8.dfsg-2ubuntu4.3+esm1 lib64z1 - 1:1.2.8.dfsg-2ubuntu4.3+esm1 libx32z1 - 1:1.2.8.dfsg-2ubuntu4.3+esm1 lib64z1-dev - 1:1.2.8.dfsg-2ubuntu4.3+esm1 lib32z1 - 1:1.2.8.dfsg-2ubuntu4.3+esm1 zlib1g - 1:1.2.8.dfsg-2ubuntu4.3+esm1 lib32z1-dev - 1:1.2.8.dfsg-2ubuntu4.3+esm1 zlib1g-dev - 1:1.2.8.dfsg-2ubuntu4.3+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-25032 Ubuntu 16.04 LTS It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based buffer overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5357-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-cloud-tools-4.15.0-175-generic - 4.15.0-175.184~16.04.1 linux-image-4.15.0-175-lowlatency - 4.15.0-175.184~16.04.1 linux-headers-4.15.0-175-lowlatency - 4.15.0-175.184~16.04.1 linux-hwe-cloud-tools-4.15.0-175 - 4.15.0-175.184~16.04.1 linux-tools-4.15.0-175-generic - 4.15.0-175.184~16.04.1 linux-tools-4.15.0-175-lowlatency - 4.15.0-175.184~16.04.1 linux-buildinfo-4.15.0-175-generic - 4.15.0-175.184~16.04.1 linux-modules-extra-4.15.0-175-generic - 4.15.0-175.184~16.04.1 linux-modules-4.15.0-175-lowlatency - 4.15.0-175.184~16.04.1 linux-headers-4.15.0-175 - 4.15.0-175.184~16.04.1 linux-hwe-tools-4.15.0-175 - 4.15.0-175.184~16.04.1 linux-image-unsigned-4.15.0-175-lowlatency - 4.15.0-175.184~16.04.1 linux-cloud-tools-4.15.0-175-lowlatency - 4.15.0-175.184~16.04.1 linux-modules-4.15.0-175-generic - 4.15.0-175.184~16.04.1 linux-image-unsigned-4.15.0-175-generic - 4.15.0-175.184~16.04.1 linux-source-4.15.0 - 4.15.0-175.184~16.04.1 linux-image-4.15.0-175-generic - 4.15.0-175.184~16.04.1 linux-buildinfo-4.15.0-175-lowlatency - 4.15.0-175.184~16.04.1 linux-headers-4.15.0-175-generic - 4.15.0-175.184~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.175.167 linux-tools-oem - 4.15.0.175.167 linux-lowlatency-hwe-16.04-edge - 4.15.0.175.167 linux-image-virtual-hwe-16.04-edge - 4.15.0.175.167 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.175.167 linux-lowlatency-hwe-16.04 - 4.15.0.175.167 linux-image-lowlatency-hwe-16.04 - 4.15.0.175.167 linux-signed-generic-hwe-16.04-edge - 4.15.0.175.167 linux-image-generic-hwe-16.04-edge - 4.15.0.175.167 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.175.167 linux-headers-oem - 4.15.0.175.167 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.175.167 linux-signed-lowlatency-hwe-16.04 - 4.15.0.175.167 linux-image-extra-virtual-hwe-16.04 - 4.15.0.175.167 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.175.167 linux-headers-virtual-hwe-16.04 - 4.15.0.175.167 linux-signed-image-generic-hwe-16.04 - 4.15.0.175.167 linux-tools-lowlatency-hwe-16.04 - 4.15.0.175.167 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.175.167 linux-image-virtual-hwe-16.04 - 4.15.0.175.167 linux-virtual-hwe-16.04-edge - 4.15.0.175.167 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.175.167 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.175.167 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.175.167 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.175.167 linux-image-oem - 4.15.0.175.167 linux-signed-oem - 4.15.0.175.167 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.175.167 linux-headers-virtual-hwe-16.04-edge - 4.15.0.175.167 linux-oem - 4.15.0.175.167 linux-headers-generic-hwe-16.04 - 4.15.0.175.167 linux-generic-hwe-16.04-edge - 4.15.0.175.167 linux-headers-lowlatency-hwe-16.04 - 4.15.0.175.167 linux-signed-generic-hwe-16.04 - 4.15.0.175.167 linux-signed-image-oem - 4.15.0.175.167 linux-generic-hwe-16.04 - 4.15.0.175.167 linux-tools-virtual-hwe-16.04-edge - 4.15.0.175.167 linux-image-generic-hwe-16.04 - 4.15.0.175.167 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.175.167 linux-headers-generic-hwe-16.04-edge - 4.15.0.175.167 linux-tools-generic-hwe-16.04-edge - 4.15.0.175.167 linux-virtual-hwe-16.04 - 4.15.0.175.167 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.175.167 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.175.167 linux-tools-generic-hwe-16.04 - 4.15.0.175.167 linux-tools-virtual-hwe-16.04 - 4.15.0.175.167 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-27666 Ubuntu 16.04 LTS It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based buffer overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5357-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1091-oracle - 4.15.0-1091.100~16.04.1 linux-tools-4.15.0-1091-oracle - 4.15.0-1091.100~16.04.1 linux-oracle-tools-4.15.0-1091 - 4.15.0-1091.100~16.04.1 linux-oracle-headers-4.15.0-1091 - 4.15.0-1091.100~16.04.1 linux-headers-4.15.0-1091-oracle - 4.15.0-1091.100~16.04.1 linux-modules-4.15.0-1091-oracle - 4.15.0-1091.100~16.04.1 linux-buildinfo-4.15.0-1091-oracle - 4.15.0-1091.100~16.04.1 linux-modules-extra-4.15.0-1091-oracle - 4.15.0-1091.100~16.04.1 linux-image-4.15.0-1091-oracle - 4.15.0-1091.100~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-4.15.0-1120-gcp - 4.15.0-1120.134~16.04.1 linux-gcp-tools-4.15.0-1120 - 4.15.0-1120.134~16.04.1 linux-image-unsigned-4.15.0-1120-gcp - 4.15.0-1120.134~16.04.1 linux-modules-4.15.0-1120-gcp - 4.15.0-1120.134~16.04.1 linux-tools-4.15.0-1120-gcp - 4.15.0-1120.134~16.04.1 linux-buildinfo-4.15.0-1120-gcp - 4.15.0-1120.134~16.04.1 linux-gcp-headers-4.15.0-1120 - 4.15.0-1120.134~16.04.1 linux-modules-extra-4.15.0-1120-gcp - 4.15.0-1120.134~16.04.1 linux-image-4.15.0-1120-gcp - 4.15.0-1120.134~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-4.15.0-1126-aws - 4.15.0-1126.135~16.04.2 linux-modules-4.15.0-1126-aws - 4.15.0-1126.135~16.04.2 linux-headers-4.15.0-1126-aws - 4.15.0-1126.135~16.04.2 linux-aws-headers-4.15.0-1126 - 4.15.0-1126.135~16.04.2 linux-buildinfo-4.15.0-1126-aws - 4.15.0-1126.135~16.04.2 linux-image-4.15.0-1126-aws-hwe - 4.15.0-1126.135~16.04.2 linux-aws-hwe-cloud-tools-4.15.0-1126 - 4.15.0-1126.135~16.04.2 linux-image-unsigned-4.15.0-1126-aws - 4.15.0-1126.135~16.04.2 linux-modules-extra-4.15.0-1126-aws - 4.15.0-1126.135~16.04.2 linux-aws-hwe-tools-4.15.0-1126 - 4.15.0-1126.135~16.04.2 linux-cloud-tools-4.15.0-1126-aws - 4.15.0-1126.135~16.04.2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-tools-4.15.0-1136 - 4.15.0-1136.149~16.04.1 linux-buildinfo-4.15.0-1136-azure - 4.15.0-1136.149~16.04.1 linux-tools-4.15.0-1136-azure - 4.15.0-1136.149~16.04.1 linux-image-unsigned-4.15.0-1136-azure - 4.15.0-1136.149~16.04.1 linux-headers-4.15.0-1136-azure - 4.15.0-1136.149~16.04.1 linux-cloud-tools-4.15.0-1136-azure - 4.15.0-1136.149~16.04.1 linux-azure-cloud-tools-4.15.0-1136 - 4.15.0-1136.149~16.04.1 linux-modules-4.15.0-1136-azure - 4.15.0-1136.149~16.04.1 linux-modules-extra-4.15.0-1136-azure - 4.15.0-1136.149~16.04.1 linux-azure-headers-4.15.0-1136 - 4.15.0-1136.149~16.04.1 linux-image-4.15.0-1136-azure - 4.15.0-1136.149~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-oracle - 4.15.0.1091.79 linux-signed-image-oracle - 4.15.0.1091.79 linux-headers-oracle - 4.15.0.1091.79 linux-image-oracle - 4.15.0.1091.79 linux-tools-oracle - 4.15.0.1091.79 linux-oracle - 4.15.0.1091.79 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-gke - 4.15.0.1120.121 linux-modules-extra-gcp - 4.15.0.1120.121 linux-tools-gke - 4.15.0.1120.121 linux-tools-gcp - 4.15.0.1120.121 linux-gke - 4.15.0.1120.121 linux-gcp - 4.15.0.1120.121 linux-image-gke - 4.15.0.1120.121 linux-headers-gke - 4.15.0.1120.121 linux-headers-gcp - 4.15.0.1120.121 linux-image-gcp - 4.15.0.1120.121 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-aws-hwe - 4.15.0.1126.116 linux-aws-hwe - 4.15.0.1126.116 linux-aws-edge - 4.15.0.1126.116 linux-tools-aws-hwe - 4.15.0.1126.116 linux-modules-extra-aws-hwe - 4.15.0.1126.116 linux-image-aws-hwe - 4.15.0.1126.116 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1136.126 linux-tools-azure-edge - 4.15.0.1136.126 linux-azure - 4.15.0.1136.126 linux-signed-image-azure-edge - 4.15.0.1136.126 linux-image-azure - 4.15.0.1136.126 linux-cloud-tools-azure - 4.15.0.1136.126 linux-cloud-tools-azure-edge - 4.15.0.1136.126 linux-tools-azure - 4.15.0.1136.126 linux-image-azure-edge - 4.15.0.1136.126 linux-modules-extra-azure - 4.15.0.1136.126 linux-azure-edge - 4.15.0.1136.126 linux-headers-azure - 4.15.0.1136.126 linux-modules-extra-azure-edge - 4.15.0.1136.126 linux-signed-azure-edge - 4.15.0.1136.126 linux-headers-azure-edge - 4.15.0.1136.126 linux-signed-image-azure - 4.15.0.1136.126 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-27666 Ubuntu 16.04 LTS USN-5359-1 fixed vulnerabilities in rsync. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: Danilo Ramos discovered that rsync incorrectly handled memory when performing certain zlib deflating operations. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5359-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rsync - 3.1.1-3ubuntu1.3+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-25032 Ubuntu 16.04 LTS It was discovered that the VFIO PCI driver in the Linux kernel did not properly handle attempts to access disabled memory spaces. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12888) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did not properly verify certain fragmented frames. A physically proximate attacker could possibly use this issue to inject or decrypt packets. (CVE-2020-26141) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation accepted plaintext fragments in certain situations. A physically proximate attacker could use this issue to inject packets. (CVE-2020-26145) It was discovered that a race condition existed in the Atheros Ath9k WiFi driver in the Linux kernel. An attacker could possibly use this to expose sensitive information (WiFi network traffic). (CVE-2020-3702) It was discovered a race condition existed in the Unix domain socket implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-0920) It was discovered that the IPv6 implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-0935) Zygo Blaxell discovered that the btrfs file system implementation in the Linux kernel contained a race condition during certain cloning operations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2021-28964) Dan Carpenter discovered that the block device manager (dm) implementation in the Linux kernel contained a buffer overflow in the ioctl for listing devices. A privileged local attacker could use this to cause a denial of service (system crash). (CVE-2021-31916) It was discovered that the Option USB High Speed Mobile device driver in the Linux kernel did not properly handle error conditions. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-37159) It was discovered that the network packet filtering implementation in the Linux kernel did not properly initialize information in certain circumstances. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-39636) Jann Horn discovered a race condition in the Unix domain socket implementation in the Linux kernel that could result in a read-after-free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-4083) Luo Likang discovered that the FireDTV Firewire driver in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-42739) Brendan Dolan-Gavitt discovered that the Marvell WiFi-Ex USB device driver in the Linux kernel did not properly handle some error conditions. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2021-43976) Amit Klein discovered that the IPv4 implementation in the Linux kernel could disclose internal state in some situations. An attacker could possibly use this to expose sensitive information. (CVE-2021-45486) Update Instructions: Run `sudo pro fix USN-5361-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-4.4.0-1104-kvm - 4.4.0-1104.113 linux-tools-4.4.0-1104-kvm - 4.4.0-1104.113 linux-buildinfo-4.4.0-1104-kvm - 4.4.0-1104.113 linux-image-4.4.0-1104-kvm - 4.4.0-1104.113 linux-kvm-tools-4.4.0-1104 - 4.4.0-1104.113 linux-kvm-cloud-tools-4.4.0-1104 - 4.4.0-1104.113 linux-cloud-tools-4.4.0-1104-kvm - 4.4.0-1104.113 linux-kvm-headers-4.4.0-1104 - 4.4.0-1104.113 linux-headers-4.4.0-1104-kvm - 4.4.0-1104.113 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-4.4.0-1139-aws - 4.4.0-1139.153 linux-cloud-tools-4.4.0-1139-aws - 4.4.0-1139.153 linux-modules-extra-4.4.0-1139-aws - 4.4.0-1139.153 linux-modules-4.4.0-1139-aws - 4.4.0-1139.153 linux-tools-4.4.0-1139-aws - 4.4.0-1139.153 linux-buildinfo-4.4.0-1139-aws - 4.4.0-1139.153 linux-aws-cloud-tools-4.4.0-1139 - 4.4.0-1139.153 linux-aws-tools-4.4.0-1139 - 4.4.0-1139.153 linux-image-4.4.0-1139-aws - 4.4.0-1139.153 linux-aws-headers-4.4.0-1139 - 4.4.0-1139.153 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-common - 4.4.0-223.256 linux-headers-4.4.0-223-lowlatency - 4.4.0-223.256 linux-buildinfo-4.4.0-223-lowlatency - 4.4.0-223.256 linux-headers-4.4.0-223-generic - 4.4.0-223.256 linux-headers-4.4.0-223 - 4.4.0-223.256 linux-image-4.4.0-223-lowlatency - 4.4.0-223.256 linux-tools-host - 4.4.0-223.256 linux-image-unsigned-4.4.0-223-lowlatency - 4.4.0-223.256 linux-doc - 4.4.0-223.256 linux-buildinfo-4.4.0-223-generic - 4.4.0-223.256 linux-image-4.4.0-223-generic - 4.4.0-223.256 linux-cloud-tools-4.4.0-223 - 4.4.0-223.256 linux-cloud-tools-4.4.0-223-generic - 4.4.0-223.256 linux-libc-dev - 4.4.0-223.256 linux-image-unsigned-4.4.0-223-generic - 4.4.0-223.256 linux-modules-4.4.0-223-lowlatency - 4.4.0-223.256 linux-modules-extra-4.4.0-223-generic - 4.4.0-223.256 linux-cloud-tools-4.4.0-223-lowlatency - 4.4.0-223.256 linux-modules-4.4.0-223-generic - 4.4.0-223.256 linux-cloud-tools-common - 4.4.0-223.256 linux-source-4.4.0 - 4.4.0-223.256 linux-tools-4.4.0-223-lowlatency - 4.4.0-223.256 linux-tools-4.4.0-223-generic - 4.4.0-223.256 linux-tools-4.4.0-223 - 4.4.0-223.256 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-kvm - 4.4.0.1104.102 linux-headers-kvm - 4.4.0.1104.102 linux-image-kvm - 4.4.0.1104.102 linux-tools-kvm - 4.4.0.1104.102 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-aws - 4.4.0.1139.144 linux-image-aws - 4.4.0.1139.144 linux-aws - 4.4.0.1139.144 linux-tools-aws - 4.4.0.1139.144 linux-modules-extra-aws - 4.4.0.1139.144 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-image-generic-lts-utopic - 4.4.0.223.230 linux-cloud-tools-generic-lts-wily - 4.4.0.223.230 linux-cloud-tools-virtual-lts-xenial - 4.4.0.223.230 linux-cloud-tools-virtual - 4.4.0.223.230 linux-cloud-tools-virtual-lts-utopic - 4.4.0.223.230 linux-tools-generic-lts-vivid - 4.4.0.223.230 linux-image-extra-virtual-lts-xenial - 4.4.0.223.230 linux-image-extra-virtual-lts-wily - 4.4.0.223.230 linux-crashdump - 4.4.0.223.230 linux-tools-virtual-lts-vivid - 4.4.0.223.230 linux-virtual-lts-xenial - 4.4.0.223.230 linux-image-virtual - 4.4.0.223.230 linux-generic-lts-vivid - 4.4.0.223.230 linux-image-lowlatency-lts-vivid - 4.4.0.223.230 linux-tools-lowlatency-lts-vivid - 4.4.0.223.230 linux-cloud-tools-generic-lts-utopic - 4.4.0.223.230 linux-headers-virtual-lts-vivid - 4.4.0.223.230 linux-image-lowlatency-lts-wily - 4.4.0.223.230 linux-image-generic - 4.4.0.223.230 linux-image-lowlatency-lts-xenial - 4.4.0.223.230 linux-tools-lowlatency-lts-utopic - 4.4.0.223.230 linux-tools-virtual-lts-xenial - 4.4.0.223.230 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.223.230 linux-image-extra-virtual-lts-vivid - 4.4.0.223.230 linux-image-generic-lts-wily - 4.4.0.223.230 linux-virtual-lts-utopic - 4.4.0.223.230 linux-signed-generic-lts-wily - 4.4.0.223.230 linux-cloud-tools-lowlatency-lts-wily - 4.4.0.223.230 linux-image-extra-virtual-lts-utopic - 4.4.0.223.230 linux-signed-generic-lts-utopic - 4.4.0.223.230 linux-tools-lowlatency-lts-xenial - 4.4.0.223.230 linux-headers-generic-lts-xenial - 4.4.0.223.230 linux-signed-generic-lts-vivid - 4.4.0.223.230 linux-headers-lowlatency-lts-wily - 4.4.0.223.230 linux-virtual-lts-vivid - 4.4.0.223.230 linux-signed-lowlatency-lts-xenial - 4.4.0.223.230 linux-headers-lowlatency-lts-vivid - 4.4.0.223.230 linux-signed-lowlatency-lts-wily - 4.4.0.223.230 linux-lowlatency-lts-xenial - 4.4.0.223.230 linux-image-virtual-lts-utopic - 4.4.0.223.230 linux-signed-generic-lts-xenial - 4.4.0.223.230 linux-source - 4.4.0.223.230 linux-signed-image-generic - 4.4.0.223.230 linux-lowlatency - 4.4.0.223.230 linux-cloud-tools-lowlatency-lts-vivid - 4.4.0.223.230 linux-generic-lts-xenial - 4.4.0.223.230 linux-headers-generic-lts-wily - 4.4.0.223.230 linux-tools-virtual - 4.4.0.223.230 linux-image-hwe-generic-trusty - 4.4.0.223.230 linux-cloud-tools-generic-lts-vivid - 4.4.0.223.230 linux-tools-generic-lts-utopic - 4.4.0.223.230 linux-cloud-tools-lowlatency-lts-utopic - 4.4.0.223.230 linux-signed-image-generic-lts-vivid - 4.4.0.223.230 linux-image-virtual-lts-xenial - 4.4.0.223.230 linux-image-virtual-lts-vivid - 4.4.0.223.230 linux-cloud-tools-virtual-lts-vivid - 4.4.0.223.230 linux-signed-image-generic-lts-wily - 4.4.0.223.230 linux-signed-image-lowlatency-lts-xenial - 4.4.0.223.230 linux-image-generic-lts-vivid - 4.4.0.223.230 linux-generic - 4.4.0.223.230 linux-tools-generic-lts-wily - 4.4.0.223.230 linux-virtual - 4.4.0.223.230 linux-tools-virtual-lts-utopic - 4.4.0.223.230 linux-headers-lowlatency - 4.4.0.223.230 linux-lowlatency-lts-vivid - 4.4.0.223.230 linux-generic-lts-wily - 4.4.0.223.230 linux-image-hwe-virtual-trusty - 4.4.0.223.230 linux-signed-image-generic-lts-xenial - 4.4.0.223.230 linux-tools-virtual-lts-wily - 4.4.0.223.230 linux-tools-lowlatency-lts-wily - 4.4.0.223.230 linux-headers-virtual-lts-xenial - 4.4.0.223.230 linux-headers-lowlatency-lts-utopic - 4.4.0.223.230 linux-hwe-generic-trusty - 4.4.0.223.230 linux-tools-generic - 4.4.0.223.230 linux-image-extra-virtual - 4.4.0.223.230 linux-cloud-tools-generic - 4.4.0.223.230 linux-image-generic-lts-xenial - 4.4.0.223.230 linux-headers-generic-lts-utopic - 4.4.0.223.230 linux-cloud-tools-virtual-lts-wily - 4.4.0.223.230 linux-cloud-tools-lowlatency - 4.4.0.223.230 linux-lowlatency-lts-utopic - 4.4.0.223.230 linux-tools-generic-lts-xenial - 4.4.0.223.230 linux-signed-image-lowlatency - 4.4.0.223.230 linux-image-generic-lts-utopic - 4.4.0.223.230 linux-image-virtual-lts-wily - 4.4.0.223.230 linux-signed-generic - 4.4.0.223.230 linux-lowlatency-lts-wily - 4.4.0.223.230 linux-headers-generic - 4.4.0.223.230 linux-tools-lts-utopic - 4.4.0.223.230 linux-headers-virtual-lts-utopic - 4.4.0.223.230 linux-tools-lowlatency - 4.4.0.223.230 linux-generic-lts-utopic - 4.4.0.223.230 linux-headers-lowlatency-lts-xenial - 4.4.0.223.230 linux-signed-image-lowlatency-lts-wily - 4.4.0.223.230 linux-headers-generic-lts-vivid - 4.4.0.223.230 linux-headers-virtual - 4.4.0.223.230 linux-cloud-tools-generic-lts-xenial - 4.4.0.223.230 linux-virtual-lts-wily - 4.4.0.223.230 linux-headers-virtual-lts-wily - 4.4.0.223.230 linux-hwe-virtual-trusty - 4.4.0.223.230 linux-signed-lowlatency - 4.4.0.223.230 linux-image-lowlatency-lts-utopic - 4.4.0.223.230 linux-image-lowlatency - 4.4.0.223.230 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-12888 CVE-2020-26141 CVE-2020-26145 CVE-2020-3702 CVE-2021-0920 CVE-2021-0935 CVE-2021-28964 CVE-2021-31916 CVE-2021-37159 CVE-2021-39636 CVE-2021-4083 CVE-2021-42739 CVE-2021-43976 CVE-2021-45486 Ubuntu 16.04 LTS It was discovered that oslo.utils incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-5369-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-oslo.utils - 3.8.0-2ubuntu0.1~esm1 python-oslo.utils-doc - 3.8.0-2ubuntu0.1~esm1 python3-oslo.utils - 3.8.0-2ubuntu0.1~esm1 python-oslo-utils - 3.8.0-2ubuntu0.1~esm1 python-oslo-utils-doc - 3.8.0-2ubuntu0.1~esm1 python3-oslo-utils - 3.8.0-2ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-0718 Ubuntu 16.04 LTS It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue was fixed for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-11724) It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to disclose sensitive information. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-36309) It was discovered that nginx mishandled the use of compatible certificates among multiple encryption protocols. If a remote attacker were able to intercept the communication, this issue could be used to redirect traffic between subdomains. (CVE-2021-3618) Update Instructions: Run `sudo pro fix USN-5371-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nginx-extras - 1.10.3-0ubuntu0.16.04.5+esm3 nginx-core - 1.10.3-0ubuntu0.16.04.5+esm3 nginx-common - 1.10.3-0ubuntu0.16.04.5+esm3 nginx-full - 1.10.3-0ubuntu0.16.04.5+esm3 nginx - 1.10.3-0ubuntu0.16.04.5+esm3 nginx-light - 1.10.3-0ubuntu0.16.04.5+esm3 nginx-doc - 1.10.3-0ubuntu0.16.04.5+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-11724 CVE-2020-36309 CVE-2021-3618 Ubuntu 16.04 LTS USN-5371-1 and USN-5371-2 fixed several vulnerabilities in nginx. This update provides the corresponding update for CVE-2020-11724 for Ubuntu 16.04 ESM. Original advisory details: It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue was fixed for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-11724) It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to disclose sensitive information. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-36309) It was discovered that nginx mishandled the use of compatible certificates among multiple encryption protocols. If a remote attacker were able to intercept the communication, this issue could be used to redirect traffic between subdomains. (CVE-2021-3618) Update Instructions: Run `sudo pro fix USN-5371-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nginx-extras - 1.10.3-0ubuntu0.16.04.5+esm4 nginx-core - 1.10.3-0ubuntu0.16.04.5+esm4 nginx-common - 1.10.3-0ubuntu0.16.04.5+esm4 nginx-full - 1.10.3-0ubuntu0.16.04.5+esm4 nginx - 1.10.3-0ubuntu0.16.04.5+esm4 nginx-light - 1.10.3-0ubuntu0.16.04.5+esm4 nginx-doc - 1.10.3-0ubuntu0.16.04.5+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-11724 Ubuntu 16.04 LTS USN-5373-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Django incorrectly handled certain certain column aliases in the QuerySet.annotate(), aggregate(), and extra() methods. A remote attacker could possibly use this issue to perform an SQL injection attack. (CVE-2022-28346) It was discovered that the Django URLValidator function incorrectly handled newlines and tabs. A remote attacker could possibly use this issue to perform a header injection attack. (CVE-2021-32052) Update Instructions: Run `sudo pro fix USN-5373-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1.8.7-1ubuntu5.15+esm5 python-django-doc - 1.8.7-1ubuntu5.15+esm5 python-django-common - 1.8.7-1ubuntu5.15+esm5 python-django - 1.8.7-1ubuntu5.15+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-32052 CVE-2022-28346 Ubuntu 16.04 LTS It was discovered that GNU cflow was incorrectly handling memory cleanup operations at the end of a compilation module. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5375-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cflow - 1:1.4+dfsg1-3ubuntu1.16.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-16165 Ubuntu 16.04 LTS USN-5378-2 fixed a vulnerability in XZ Utils. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Original advisory details: Cleemy Desu Wayo discovered that Gzip incorrectly handled certain filenames. If a user or automated system were tricked into performing zgrep operations with specially crafted filenames, a remote attacker could overwrite arbitrary files. Update Instructions: Run `sudo pro fix USN-5378-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblzma5 - 5.1.1alpha+20120614-2ubuntu2.16.04.1+esm1 liblzma-doc - 5.1.1alpha+20120614-2ubuntu2.16.04.1+esm1 liblzma-dev - 5.1.1alpha+20120614-2ubuntu2.16.04.1+esm1 xz-utils - 5.1.1alpha+20120614-2ubuntu2.16.04.1+esm1 xzdec - 5.1.1alpha+20120614-2ubuntu2.16.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-1271 Ubuntu 16.04 LTS USN-5378-1 fixed a vulnerability in Gzip. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Original advisory details: Cleemy Desu Wayo discovered that Gzip incorrectly handled certain filenames. If a user or automated system were tricked into performing zgrep operations with specially crafted filenames, a remote attacker could overwrite arbitrary files. Update Instructions: Run `sudo pro fix USN-5378-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gzip - 1.6-4ubuntu1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-1271 Ubuntu 16.04 LTS It was discovered that klibc did not properly perform some mathematical operations, leading to an integer overflow. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-31870) It was discovered that klibc did not properly handled some memory allocations on 64 bit systems. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-31871) It was discovered that klibc did not properly handled some file sizes values on 32 bit systems. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-31872) It was discovered that klibc did not properly handled some memory allocations. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-31873) Update Instructions: Run `sudo pro fix USN-5379-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: klibc-utils - 2.0.4-8ubuntu1.16.04.4+esm1 libklibc - 2.0.4-8ubuntu1.16.04.4+esm1 libklibc-dev - 2.0.4-8ubuntu1.16.04.4+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2021-31870 CVE-2021-31871 CVE-2021-31872 CVE-2021-31873 Ubuntu 16.04 LTS It was discovered that Bash did not properly drop privileges when the binary had the setuid bit enabled. An attacker could possibly use this issue to escalate privileges. Update Instructions: Run `sudo pro fix USN-5380-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bash-builtins - 4.3-14ubuntu1.4+esm1 bash-doc - 4.3-14ubuntu1.4+esm1 bash - 4.3-14ubuntu1.4+esm1 bash-static - 4.3-14ubuntu1.4+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2019-18276 Ubuntu 16.04 LTS Brendan Dolan-Gavitt discovered that the aQuantia AQtion Ethernet device driver in the Linux kernel did not properly validate meta-data coming from the device. A local attacker who can control an emulated device can use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-43975) It was discovered that the UDF file system implementation in the Linux kernel could attempt to dereference a null pointer in some situations. An attacker could use this to construct a malicious UDF image that, when mounted and operated on, could cause a denial of service (system crash). (CVE-2022-0617) Lyu Tao discovered that the NFS implementation in the Linux kernel did not properly handle requests to open a directory on a regular file. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-24448) It was discovered that the YAM AX.25 device driver in the Linux kernel did not properly deallocate memory in some error conditions. A local privileged attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2022-24959) Update Instructions: Run `sudo pro fix USN-5385-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-oracle-tools-4.15.0-1092 - 4.15.0-1092.101~16.04.1 linux-modules-extra-4.15.0-1092-oracle - 4.15.0-1092.101~16.04.1 linux-buildinfo-4.15.0-1092-oracle - 4.15.0-1092.101~16.04.1 linux-modules-4.15.0-1092-oracle - 4.15.0-1092.101~16.04.1 linux-tools-4.15.0-1092-oracle - 4.15.0-1092.101~16.04.1 linux-image-4.15.0-1092-oracle - 4.15.0-1092.101~16.04.1 linux-image-unsigned-4.15.0-1092-oracle - 4.15.0-1092.101~16.04.1 linux-oracle-headers-4.15.0-1092 - 4.15.0-1092.101~16.04.1 linux-headers-4.15.0-1092-oracle - 4.15.0-1092.101~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-4.15.0-1121-gcp - 4.15.0-1121.135~16.04.1 linux-image-unsigned-4.15.0-1121-gcp - 4.15.0-1121.135~16.04.1 linux-gcp-tools-4.15.0-1121 - 4.15.0-1121.135~16.04.1 linux-modules-4.15.0-1121-gcp - 4.15.0-1121.135~16.04.1 linux-modules-extra-4.15.0-1121-gcp - 4.15.0-1121.135~16.04.1 linux-headers-4.15.0-1121-gcp - 4.15.0-1121.135~16.04.1 linux-gcp-headers-4.15.0-1121 - 4.15.0-1121.135~16.04.1 linux-image-4.15.0-1121-gcp - 4.15.0-1121.135~16.04.1 linux-buildinfo-4.15.0-1121-gcp - 4.15.0-1121.135~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-1127-aws - 4.15.0-1127.136~16.04.1 linux-image-unsigned-4.15.0-1127-aws - 4.15.0-1127.136~16.04.1 linux-headers-4.15.0-1127-aws - 4.15.0-1127.136~16.04.1 linux-modules-extra-4.15.0-1127-aws - 4.15.0-1127.136~16.04.1 linux-cloud-tools-4.15.0-1127-aws - 4.15.0-1127.136~16.04.1 linux-tools-4.15.0-1127-aws - 4.15.0-1127.136~16.04.1 linux-modules-4.15.0-1127-aws - 4.15.0-1127.136~16.04.1 linux-image-4.15.0-1127-aws-hwe - 4.15.0-1127.136~16.04.1 linux-aws-headers-4.15.0-1127 - 4.15.0-1127.136~16.04.1 linux-aws-hwe-cloud-tools-4.15.0-1127 - 4.15.0-1127.136~16.04.1 linux-aws-hwe-tools-4.15.0-1127 - 4.15.0-1127.136~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-tools-4.15.0-1137 - 4.15.0-1137.150~16.04.1 linux-modules-extra-4.15.0-1137-azure - 4.15.0-1137.150~16.04.1 linux-azure-cloud-tools-4.15.0-1137 - 4.15.0-1137.150~16.04.1 linux-azure-headers-4.15.0-1137 - 4.15.0-1137.150~16.04.1 linux-cloud-tools-4.15.0-1137-azure - 4.15.0-1137.150~16.04.1 linux-image-unsigned-4.15.0-1137-azure - 4.15.0-1137.150~16.04.1 linux-image-4.15.0-1137-azure - 4.15.0-1137.150~16.04.1 linux-headers-4.15.0-1137-azure - 4.15.0-1137.150~16.04.1 linux-modules-4.15.0-1137-azure - 4.15.0-1137.150~16.04.1 linux-tools-4.15.0-1137-azure - 4.15.0-1137.150~16.04.1 linux-buildinfo-4.15.0-1137-azure - 4.15.0-1137.150~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-hwe-cloud-tools-4.15.0-176 - 4.15.0-176.185~16.04.1 linux-image-unsigned-4.15.0-176-generic - 4.15.0-176.185~16.04.1 linux-tools-4.15.0-176-lowlatency - 4.15.0-176.185~16.04.1 linux-cloud-tools-4.15.0-176-lowlatency - 4.15.0-176.185~16.04.1 linux-buildinfo-4.15.0-176-generic - 4.15.0-176.185~16.04.1 linux-source-4.15.0 - 4.15.0-176.185~16.04.1 linux-image-unsigned-4.15.0-176-lowlatency - 4.15.0-176.185~16.04.1 linux-modules-4.15.0-176-lowlatency - 4.15.0-176.185~16.04.1 linux-image-4.15.0-176-generic - 4.15.0-176.185~16.04.1 linux-headers-4.15.0-176-lowlatency - 4.15.0-176.185~16.04.1 linux-headers-4.15.0-176-generic - 4.15.0-176.185~16.04.1 linux-tools-4.15.0-176-generic - 4.15.0-176.185~16.04.1 linux-headers-4.15.0-176 - 4.15.0-176.185~16.04.1 linux-image-4.15.0-176-lowlatency - 4.15.0-176.185~16.04.1 linux-buildinfo-4.15.0-176-lowlatency - 4.15.0-176.185~16.04.1 linux-hwe-tools-4.15.0-176 - 4.15.0-176.185~16.04.1 linux-modules-extra-4.15.0-176-generic - 4.15.0-176.185~16.04.1 linux-cloud-tools-4.15.0-176-generic - 4.15.0-176.185~16.04.1 linux-modules-4.15.0-176-generic - 4.15.0-176.185~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-image-oracle - 4.15.0.1092.80 linux-headers-oracle - 4.15.0.1092.80 linux-signed-oracle - 4.15.0.1092.80 linux-image-oracle - 4.15.0.1092.80 linux-tools-oracle - 4.15.0.1092.80 linux-oracle - 4.15.0.1092.80 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-gke - 4.15.0.1121.122 linux-headers-gke - 4.15.0.1121.122 linux-modules-extra-gcp - 4.15.0.1121.122 linux-tools-gke - 4.15.0.1121.122 linux-tools-gcp - 4.15.0.1121.122 linux-gke - 4.15.0.1121.122 linux-gcp - 4.15.0.1121.122 linux-image-gke - 4.15.0.1121.122 linux-headers-gcp - 4.15.0.1121.122 linux-image-gcp - 4.15.0.1121.122 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-hwe - 4.15.0.1127.117 linux-modules-extra-aws-hwe - 4.15.0.1127.117 linux-aws-edge - 4.15.0.1127.117 linux-image-aws-hwe - 4.15.0.1127.117 linux-headers-aws-hwe - 4.15.0.1127.117 linux-tools-aws-hwe - 4.15.0.1127.117 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1137.127 linux-tools-azure-edge - 4.15.0.1137.127 linux-cloud-tools-azure - 4.15.0.1137.127 linux-tools-azure - 4.15.0.1137.127 linux-image-azure-edge - 4.15.0.1137.127 linux-signed-image-azure-edge - 4.15.0.1137.127 linux-cloud-tools-azure-edge - 4.15.0.1137.127 linux-modules-extra-azure - 4.15.0.1137.127 linux-signed-image-azure - 4.15.0.1137.127 linux-azure - 4.15.0.1137.127 linux-image-azure - 4.15.0.1137.127 linux-headers-azure-edge - 4.15.0.1137.127 linux-azure-edge - 4.15.0.1137.127 linux-modules-extra-azure-edge - 4.15.0.1137.127 linux-signed-azure-edge - 4.15.0.1137.127 linux-headers-azure - 4.15.0.1137.127 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-lowlatency-hwe-16.04 - 4.15.0.176.168 linux-signed-generic-hwe-16.04-edge - 4.15.0.176.168 linux-tools-oem - 4.15.0.176.168 linux-image-extra-virtual-hwe-16.04 - 4.15.0.176.168 linux-image-oem - 4.15.0.176.168 linux-headers-generic-hwe-16.04-edge - 4.15.0.176.168 linux-tools-virtual-hwe-16.04 - 4.15.0.176.168 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.176.168 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.176.168 linux-signed-lowlatency-hwe-16.04 - 4.15.0.176.168 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.176.168 linux-headers-lowlatency-hwe-16.04 - 4.15.0.176.168 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.176.168 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.176.168 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.176.168 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.176.168 linux-headers-oem - 4.15.0.176.168 linux-generic-hwe-16.04-edge - 4.15.0.176.168 linux-signed-image-generic-hwe-16.04 - 4.15.0.176.168 linux-image-virtual-hwe-16.04-edge - 4.15.0.176.168 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.176.168 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.176.168 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.176.168 linux-headers-virtual-hwe-16.04-edge - 4.15.0.176.168 linux-lowlatency-hwe-16.04 - 4.15.0.176.168 linux-headers-generic-hwe-16.04 - 4.15.0.176.168 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.176.168 linux-generic-hwe-16.04 - 4.15.0.176.168 linux-tools-virtual-hwe-16.04-edge - 4.15.0.176.168 linux-oem - 4.15.0.176.168 linux-lowlatency-hwe-16.04-edge - 4.15.0.176.168 linux-image-generic-hwe-16.04 - 4.15.0.176.168 linux-image-generic-hwe-16.04-edge - 4.15.0.176.168 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.176.168 linux-tools-lowlatency-hwe-16.04 - 4.15.0.176.168 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.176.168 linux-headers-virtual-hwe-16.04 - 4.15.0.176.168 linux-virtual-hwe-16.04 - 4.15.0.176.168 linux-virtual-hwe-16.04-edge - 4.15.0.176.168 linux-signed-oem - 4.15.0.176.168 linux-image-virtual-hwe-16.04 - 4.15.0.176.168 linux-signed-generic-hwe-16.04 - 4.15.0.176.168 linux-signed-image-oem - 4.15.0.176.168 linux-tools-generic-hwe-16.04 - 4.15.0.176.168 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.176.168 linux-tools-generic-hwe-16.04-edge - 4.15.0.176.168 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-43975 CVE-2022-0617 CVE-2022-24448 CVE-2022-24959 Ubuntu 16.04 LTS It was discovered that Libcroco was incorrectly accessing data structures when reading bytes from memory, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-7960) It was discovered that Libcroco was incorrectly handling invalid UTF-8 values when processing CSS files. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-8834, CVE-2017-8871) It was discovered that Libcroco was incorrectly implementing recursion in one of its parsing functions, which could cause an infinite recursion loop and a stack overflow due to stack consumption. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-12825) Update Instructions: Run `sudo pro fix USN-5389-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcroco-tools - 0.6.11-1ubuntu0.1~esm1 libcroco3 - 0.6.11-1ubuntu0.1~esm1 libcroco3-dev - 0.6.11-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2017-7960 CVE-2017-8834 CVE-2017-8871 CVE-2020-12825 Ubuntu 16.04 LTS Nicolas Iooss discovered that libsepol incorrectly handled memory when handling policies. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-36084) It was discovered that libsepol incorrectly handled memory when handling policies. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-36085) It was discovered that libsepol incorrectly handled memory when handling policies. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affects Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2021-36086) It was discovered that libsepol incorrectly validated certain data, leading to a heap overflow. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-36087) Update Instructions: Run `sudo pro fix USN-5391-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsepol1 - 2.4-2ubuntu0.1~esm1 libsepol1-dev - 2.4-2ubuntu0.1~esm1 sepol-utils - 2.4-2ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2021-36084 CVE-2021-36085 CVE-2021-36086 CVE-2021-36087 Ubuntu 16.04 LTS It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-32055) It was discovered that Mutt incorrectly handled certain input. An attacker could possibly use this issue to cause a crash, or expose sensitive information. (CVE-2022-1328) Update Instructions: Run `sudo pro fix USN-5392-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mutt-patched - 1.5.24-1ubuntu0.6+esm2 mutt - 1.5.24-1ubuntu0.6+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-32055 CVE-2022-1328 Ubuntu 16.04 LTS USN-5396-1 addressed a vulnerability in Ghostscript. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Update Instructions: Run `sudo pro fix USN-5396-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.16.04.14+esm3 ghostscript-x - 9.26~dfsg+0-0ubuntu0.16.04.14+esm3 libgs-dev - 9.26~dfsg+0-0ubuntu0.16.04.14+esm3 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.16.04.14+esm3 libgs9 - 9.26~dfsg+0-0ubuntu0.16.04.14+esm3 libgs9-common - 9.26~dfsg+0-0ubuntu0.16.04.14+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-25059 Ubuntu 16.04 LTS It was discovered that SDL (Simple DirectMedia Layer) incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5398-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsdl1.2debian - 1.2.15+dfsg1-3ubuntu0.1+esm1 libsdl1.2-dev - 1.2.15+dfsg1-3ubuntu0.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-33657 Ubuntu 16.04 LTS USN-5400-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated in Ubuntu 16.04 ESM to MySQL 5.7.38. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-38.html https://www.oracle.com/security-alerts/cpuapr2022.html Update Instructions: Run `sudo pro fix USN-5400-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.38-0ubuntu0.16.04.1+esm1 mysql-source-5.7 - 5.7.38-0ubuntu0.16.04.1+esm1 libmysqlclient-dev - 5.7.38-0ubuntu0.16.04.1+esm1 mysql-client-core-5.7 - 5.7.38-0ubuntu0.16.04.1+esm1 mysql-client-5.7 - 5.7.38-0ubuntu0.16.04.1+esm1 libmysqlclient20 - 5.7.38-0ubuntu0.16.04.1+esm1 mysql-server-5.7 - 5.7.38-0ubuntu0.16.04.1+esm1 mysql-common - 5.7.38-0ubuntu0.16.04.1+esm1 mysql-server - 5.7.38-0ubuntu0.16.04.1+esm1 mysql-server-core-5.7 - 5.7.38-0ubuntu0.16.04.1+esm1 mysql-testsuite - 5.7.38-0ubuntu0.16.04.1+esm1 libmysqld-dev - 5.7.38-0ubuntu0.16.04.1+esm1 mysql-testsuite-5.7 - 5.7.38-0ubuntu0.16.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-21417 CVE-2022-21427 CVE-2022-21444 CVE-2022-21451 CVE-2022-21454 CVE-2022-21460 Ubuntu 16.04 LTS USN-5402-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Elison Niven discovered that OpenSSL incorrectly handled the c_rehash script. A local attacker could possibly use this issue to execute arbitrary commands when c_rehash is run. (CVE-2022-1292) Aliaksei Levin discovered that OpenSSL incorrectly handled resources when decoding certificates and keys. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, leading to a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-1473) Update Instructions: Run `sudo pro fix USN-5402-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl-dev - 1.0.2g-1ubuntu4.20+esm3 openssl - 1.0.2g-1ubuntu4.20+esm3 libssl-doc - 1.0.2g-1ubuntu4.20+esm3 libssl1.0.0 - 1.0.2g-1ubuntu4.20+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-1292 CVE-2022-1473 Ubuntu 16.04 LTS USN-5404-1 addressed a vulnerability in Rsyslog. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Pieter Agten discovered that Rsyslog incorrectly handled certain requests. An attacker could possibly use this issue to cause a crash. Update Instructions: Run `sudo pro fix USN-5404-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rsyslog-pgsql - 8.16.0-1ubuntu3.1+esm2 rsyslog-gssapi - 8.16.0-1ubuntu3.1+esm2 rsyslog-mysql - 8.16.0-1ubuntu3.1+esm2 rsyslog-relp - 8.16.0-1ubuntu3.1+esm2 rsyslog - 8.16.0-1ubuntu3.1+esm2 rsyslog-elasticsearch - 8.16.0-1ubuntu3.1+esm2 rsyslog-gnutls - 8.16.0-1ubuntu3.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-24903 Ubuntu 16.04 LTS It was discovered that jbig2dec incorrectly handled memory when parsing invalid files. An attacker could use this issue to cause jbig2dec to crash, leading to a denial of service. (CVE-2017-9216) It was discovered that jbig2dec incorrectly handled memory when processing untrusted input. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2020-12268) Update Instructions: Run `sudo pro fix USN-5405-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjbig2dec0 - 0.12+20150918-1ubuntu0.1+esm2 jbig2dec - 0.12+20150918-1ubuntu0.1+esm2 libjbig2dec0-dev - 0.12+20150918-1ubuntu0.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2017-9216 CVE-2020-12268 Ubuntu 16.04 LTS Gustavo Grieco, Alberto Garcia, Francisco Oca, Suleman Ali, and others discovered that Cairo incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2016-9082, CVE-2017-9814, CVE-2019-6462) Stephan Bergmann discovered that Cairo incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2020-35492) Update Instructions: Run `sudo pro fix USN-5407-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcairo-script-interpreter2 - 1.14.6-1ubuntu0.1~esm1 cairo-perf-utils - 1.14.6-1ubuntu0.1~esm1 libcairo2-dev - 1.14.6-1ubuntu0.1~esm1 libcairo2 - 1.14.6-1ubuntu0.1~esm1 libcairo2-doc - 1.14.6-1ubuntu0.1~esm1 libcairo-gobject2 - 1.14.6-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2016-9082 CVE-2017-9814 CVE-2019-6462 CVE-2020-35492 Ubuntu 16.04 LTS Petr Menšík and Richard Johnson discovered that Dnsmasq incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or expose sensitive information. Update Instructions: Run `sudo pro fix USN-5408-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsmasq - 2.75-1ubuntu0.16.04.10+esm1 dnsmasq-utils - 2.75-1ubuntu0.16.04.10+esm1 dnsmasq-base - 2.75-1ubuntu0.16.04.10+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-0934 Ubuntu 16.04 LTS It was discovered that libsndfile was incorrectly performing memory management operations and incorrectly using buffers when executing its FLAC codec. If a user or automated system were tricked into processing a specially crafted sound file, an attacker could possibly use this issue to cause a denial of service or obtain sensitive information. Update Instructions: Run `sudo pro fix USN-5409-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsndfile1 - 1.0.25-10ubuntu0.16.04.3+esm2 libsndfile1-dev - 1.0.25-10ubuntu0.16.04.3+esm2 sndfile-programs - 1.0.25-10ubuntu0.16.04.3+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2021-4156 Ubuntu 16.04 LTS Jeremy Cline discovered a use-after-free in the nouveau graphics driver of the Linux kernel during device removal. A privileged or physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2020-27820) It was discovered that a race condition existed in the network scheduling subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-39713) It was discovered that the Parallel NFS (pNFS) implementation in the Linux kernel did not properly perform bounds checking in some situations. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-4157) It was discovered that the ST21NFCA NFC driver in the Linux kernel did not properly validate the size of certain data in EVT_TRANSACTION events. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-26490) It was discovered that the Xilinx USB2 device gadget driver in the Linux kernel did not properly validate endpoint indices from the host. A physically proximate attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-27223) It was discovered that the EMS CAN/USB interface implementation in the Linux kernel contained a double-free vulnerability when handling certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-28390) Update Instructions: Run `sudo pro fix USN-5413-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-tools-4.4.0-1105-kvm - 4.4.0-1105.114 linux-image-4.4.0-1105-kvm - 4.4.0-1105.114 linux-kvm-tools-4.4.0-1105 - 4.4.0-1105.114 linux-headers-4.4.0-1105-kvm - 4.4.0-1105.114 linux-buildinfo-4.4.0-1105-kvm - 4.4.0-1105.114 linux-kvm-cloud-tools-4.4.0-1105 - 4.4.0-1105.114 linux-modules-4.4.0-1105-kvm - 4.4.0-1105.114 linux-cloud-tools-4.4.0-1105-kvm - 4.4.0-1105.114 linux-kvm-headers-4.4.0-1105 - 4.4.0-1105.114 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-4.4.0-1140-aws - 4.4.0-1140.154 linux-modules-4.4.0-1140-aws - 4.4.0-1140.154 linux-aws-cloud-tools-4.4.0-1140 - 4.4.0-1140.154 linux-buildinfo-4.4.0-1140-aws - 4.4.0-1140.154 linux-aws-headers-4.4.0-1140 - 4.4.0-1140.154 linux-image-4.4.0-1140-aws - 4.4.0-1140.154 linux-aws-tools-4.4.0-1140 - 4.4.0-1140.154 linux-modules-extra-4.4.0-1140-aws - 4.4.0-1140.154 linux-cloud-tools-4.4.0-1140-aws - 4.4.0-1140.154 linux-tools-4.4.0-1140-aws - 4.4.0-1140.154 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-common - 4.4.0-224.257 linux-headers-4.4.0-224 - 4.4.0-224.257 linux-tools-host - 4.4.0-224.257 linux-source-4.4.0 - 4.4.0-224.257 linux-doc - 4.4.0-224.257 linux-tools-4.4.0-224-generic - 4.4.0-224.257 linux-headers-4.4.0-224-generic - 4.4.0-224.257 linux-cloud-tools-4.4.0-224 - 4.4.0-224.257 linux-buildinfo-4.4.0-224-lowlatency - 4.4.0-224.257 linux-libc-dev - 4.4.0-224.257 linux-buildinfo-4.4.0-224-generic - 4.4.0-224.257 linux-modules-4.4.0-224-lowlatency - 4.4.0-224.257 linux-modules-extra-4.4.0-224-generic - 4.4.0-224.257 linux-cloud-tools-4.4.0-224-lowlatency - 4.4.0-224.257 linux-cloud-tools-4.4.0-224-generic - 4.4.0-224.257 linux-image-unsigned-4.4.0-224-lowlatency - 4.4.0-224.257 linux-tools-4.4.0-224 - 4.4.0-224.257 linux-modules-4.4.0-224-generic - 4.4.0-224.257 linux-headers-4.4.0-224-lowlatency - 4.4.0-224.257 linux-cloud-tools-common - 4.4.0-224.257 linux-tools-4.4.0-224-lowlatency - 4.4.0-224.257 linux-image-4.4.0-224-lowlatency - 4.4.0-224.257 linux-image-unsigned-4.4.0-224-generic - 4.4.0-224.257 linux-image-4.4.0-224-generic - 4.4.0-224.257 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-kvm - 4.4.0.1105.103 linux-headers-kvm - 4.4.0.1105.103 linux-tools-kvm - 4.4.0.1105.103 linux-image-kvm - 4.4.0.1105.103 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-aws - 4.4.0.1140.145 linux-image-aws - 4.4.0.1140.145 linux-aws - 4.4.0.1140.145 linux-modules-extra-aws - 4.4.0.1140.145 linux-tools-aws - 4.4.0.1140.145 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-image-generic-lts-utopic - 4.4.0.224.231 linux-cloud-tools-generic-lts-wily - 4.4.0.224.231 linux-cloud-tools-virtual-lts-xenial - 4.4.0.224.231 linux-cloud-tools-virtual - 4.4.0.224.231 linux-cloud-tools-virtual-lts-utopic - 4.4.0.224.231 linux-tools-generic-lts-vivid - 4.4.0.224.231 linux-image-extra-virtual-lts-xenial - 4.4.0.224.231 linux-image-extra-virtual-lts-wily - 4.4.0.224.231 linux-headers-generic-lts-wily - 4.4.0.224.231 linux-headers-lowlatency-lts-wily - 4.4.0.224.231 linux-signed-image-generic-lts-xenial - 4.4.0.224.231 linux-tools-virtual-lts-vivid - 4.4.0.224.231 linux-image-virtual - 4.4.0.224.231 linux-tools-virtual-lts-wily - 4.4.0.224.231 linux-image-lowlatency-lts-vivid - 4.4.0.224.231 linux-tools-lowlatency-lts-vivid - 4.4.0.224.231 linux-cloud-tools-generic-lts-utopic - 4.4.0.224.231 linux-headers-virtual-lts-vivid - 4.4.0.224.231 linux-image-lowlatency-lts-wily - 4.4.0.224.231 linux-image-generic - 4.4.0.224.231 linux-tools-lowlatency - 4.4.0.224.231 linux-image-lowlatency-lts-xenial - 4.4.0.224.231 linux-tools-virtual-lts-xenial - 4.4.0.224.231 linux-signed-lowlatency-lts-wily - 4.4.0.224.231 linux-image-extra-virtual-lts-vivid - 4.4.0.224.231 linux-image-generic-lts-wily - 4.4.0.224.231 linux-virtual-lts-utopic - 4.4.0.224.231 linux-signed-generic-lts-wily - 4.4.0.224.231 linux-image-extra-virtual-lts-utopic - 4.4.0.224.231 linux-signed-generic-lts-utopic - 4.4.0.224.231 linux-tools-lowlatency-lts-xenial - 4.4.0.224.231 linux-headers-generic-lts-xenial - 4.4.0.224.231 linux-signed-generic-lts-vivid - 4.4.0.224.231 linux-crashdump - 4.4.0.224.231 linux-virtual-lts-vivid - 4.4.0.224.231 linux-signed-lowlatency-lts-xenial - 4.4.0.224.231 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.224.231 linux-lowlatency-lts-xenial - 4.4.0.224.231 linux-signed-generic-lts-xenial - 4.4.0.224.231 linux-source - 4.4.0.224.231 linux-headers-lowlatency-lts-vivid - 4.4.0.224.231 linux-lowlatency - 4.4.0.224.231 linux-cloud-tools-lowlatency-lts-vivid - 4.4.0.224.231 linux-generic-lts-xenial - 4.4.0.224.231 linux-image-generic-lts-vivid - 4.4.0.224.231 linux-virtual - 4.4.0.224.231 linux-headers-generic-lts-vivid - 4.4.0.224.231 linux-tools-virtual - 4.4.0.224.231 linux-cloud-tools-generic-lts-vivid - 4.4.0.224.231 linux-tools-generic-lts-utopic - 4.4.0.224.231 linux-cloud-tools-lowlatency-lts-utopic - 4.4.0.224.231 linux-signed-image-generic-lts-vivid - 4.4.0.224.231 linux-image-virtual-lts-vivid - 4.4.0.224.231 linux-virtual-lts-xenial - 4.4.0.224.231 linux-cloud-tools-virtual-lts-vivid - 4.4.0.224.231 linux-tools-lowlatency-lts-utopic - 4.4.0.224.231 linux-signed-image-generic-lts-wily - 4.4.0.224.231 linux-cloud-tools-generic-lts-xenial - 4.4.0.224.231 linux-signed-image-lowlatency-lts-xenial - 4.4.0.224.231 linux-generic - 4.4.0.224.231 linux-tools-generic-lts-wily - 4.4.0.224.231 linux-tools-virtual-lts-utopic - 4.4.0.224.231 linux-signed-image-generic - 4.4.0.224.231 linux-headers-lowlatency - 4.4.0.224.231 linux-lowlatency-lts-vivid - 4.4.0.224.231 linux-cloud-tools-lowlatency-lts-wily - 4.4.0.224.231 linux-generic-lts-wily - 4.4.0.224.231 linux-image-hwe-virtual-trusty - 4.4.0.224.231 linux-generic-lts-vivid - 4.4.0.224.231 linux-tools-lowlatency-lts-wily - 4.4.0.224.231 linux-headers-virtual-lts-xenial - 4.4.0.224.231 linux-headers-lowlatency-lts-utopic - 4.4.0.224.231 linux-hwe-generic-trusty - 4.4.0.224.231 linux-tools-generic - 4.4.0.224.231 linux-image-extra-virtual - 4.4.0.224.231 linux-cloud-tools-generic - 4.4.0.224.231 linux-headers-generic-lts-utopic - 4.4.0.224.231 linux-cloud-tools-virtual-lts-wily - 4.4.0.224.231 linux-cloud-tools-lowlatency - 4.4.0.224.231 linux-lowlatency-lts-utopic - 4.4.0.224.231 linux-tools-generic-lts-xenial - 4.4.0.224.231 linux-signed-image-lowlatency - 4.4.0.224.231 linux-image-generic-lts-utopic - 4.4.0.224.231 linux-image-virtual-lts-wily - 4.4.0.224.231 linux-signed-generic - 4.4.0.224.231 linux-lowlatency-lts-wily - 4.4.0.224.231 linux-image-virtual-lts-utopic - 4.4.0.224.231 linux-headers-generic - 4.4.0.224.231 linux-tools-lts-utopic - 4.4.0.224.231 linux-generic-lts-utopic - 4.4.0.224.231 linux-headers-lowlatency-lts-xenial - 4.4.0.224.231 linux-image-hwe-generic-trusty - 4.4.0.224.231 linux-signed-image-lowlatency-lts-wily - 4.4.0.224.231 linux-headers-virtual - 4.4.0.224.231 linux-image-generic-lts-xenial - 4.4.0.224.231 linux-virtual-lts-wily - 4.4.0.224.231 linux-headers-virtual-lts-utopic - 4.4.0.224.231 linux-headers-virtual-lts-wily - 4.4.0.224.231 linux-hwe-virtual-trusty - 4.4.0.224.231 linux-signed-lowlatency - 4.4.0.224.231 linux-image-virtual-lts-xenial - 4.4.0.224.231 linux-image-lowlatency-lts-utopic - 4.4.0.224.231 linux-image-lowlatency - 4.4.0.224.231 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2020-27820 CVE-2021-39713 CVE-2021-4157 CVE-2022-26490 CVE-2022-27223 CVE-2022-28390 Ubuntu 16.04 LTS Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2021-26401) Demi Marie Obenour and Simon Gaiser discovered that several Xen para- virtualization device frontends did not properly restrict the access rights of device backends. An attacker could possibly use a malicious Xen backend to gain access to memory pages of a guest VM or cause a denial of service in the guest. (CVE-2022-23036, CVE-2022-23037, CVE-2022-23038, CVE-2022-23039, CVE-2022-23040, CVE-2022-23042) It was discovered that the USB Gadget file system interface in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-24958) It was discovered that the USB gadget subsystem in the Linux kernel did not properly validate interface descriptor requests. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-25258) It was discovered that the Remote NDIS (RNDIS) USB gadget implementation in the Linux kernel did not properly validate the size of the RNDIS_MSG_SET command. An attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-25375) It was discovered that the ST21NFCA NFC driver in the Linux kernel did not properly validate the size of certain data in EVT_TRANSACTION events. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-26490) It was discovered that the USB SR9700 ethernet device driver for the Linux kernel did not properly validate the length of requests from the device. A physically proximate attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-26966) It was discovered that the Xilinx USB2 device gadget driver in the Linux kernel did not properly validate endpoint indices from the host. A physically proximate attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-27223) Update Instructions: Run `sudo pro fix USN-5418-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-oracle-tools-4.15.0-1093 - 4.15.0-1093.102~16.04.1 linux-modules-extra-4.15.0-1093-oracle - 4.15.0-1093.102~16.04.1 linux-image-4.15.0-1093-oracle - 4.15.0-1093.102~16.04.1 linux-modules-4.15.0-1093-oracle - 4.15.0-1093.102~16.04.1 linux-headers-4.15.0-1093-oracle - 4.15.0-1093.102~16.04.1 linux-image-unsigned-4.15.0-1093-oracle - 4.15.0-1093.102~16.04.1 linux-tools-4.15.0-1093-oracle - 4.15.0-1093.102~16.04.1 linux-oracle-headers-4.15.0-1093 - 4.15.0-1093.102~16.04.1 linux-buildinfo-4.15.0-1093-oracle - 4.15.0-1093.102~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-4.15.0-1122-gcp - 4.15.0-1122.136~16.04.1 linux-headers-4.15.0-1122-gcp - 4.15.0-1122.136~16.04.1 linux-gcp-tools-4.15.0-1122 - 4.15.0-1122.136~16.04.1 linux-modules-4.15.0-1122-gcp - 4.15.0-1122.136~16.04.1 linux-gcp-headers-4.15.0-1122 - 4.15.0-1122.136~16.04.1 linux-buildinfo-4.15.0-1122-gcp - 4.15.0-1122.136~16.04.1 linux-image-4.15.0-1122-gcp - 4.15.0-1122.136~16.04.1 linux-tools-4.15.0-1122-gcp - 4.15.0-1122.136~16.04.1 linux-image-unsigned-4.15.0-1122-gcp - 4.15.0-1122.136~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-4.15.0-1128-aws - 4.15.0-1128.137~16.04.1 linux-aws-hwe-tools-4.15.0-1128 - 4.15.0-1128.137~16.04.1 linux-cloud-tools-4.15.0-1128-aws - 4.15.0-1128.137~16.04.1 linux-headers-4.15.0-1128-aws - 4.15.0-1128.137~16.04.1 linux-image-unsigned-4.15.0-1128-aws - 4.15.0-1128.137~16.04.1 linux-modules-4.15.0-1128-aws - 4.15.0-1128.137~16.04.1 linux-aws-headers-4.15.0-1128 - 4.15.0-1128.137~16.04.1 linux-modules-extra-4.15.0-1128-aws - 4.15.0-1128.137~16.04.1 linux-buildinfo-4.15.0-1128-aws - 4.15.0-1128.137~16.04.1 linux-aws-hwe-cloud-tools-4.15.0-1128 - 4.15.0-1128.137~16.04.1 linux-image-4.15.0-1128-aws-hwe - 4.15.0-1128.137~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-tools-4.15.0-1138 - 4.15.0-1138.151~16.04.1 linux-image-4.15.0-1138-azure - 4.15.0-1138.151~16.04.1 linux-azure-cloud-tools-4.15.0-1138 - 4.15.0-1138.151~16.04.1 linux-azure-headers-4.15.0-1138 - 4.15.0-1138.151~16.04.1 linux-image-unsigned-4.15.0-1138-azure - 4.15.0-1138.151~16.04.1 linux-buildinfo-4.15.0-1138-azure - 4.15.0-1138.151~16.04.1 linux-modules-4.15.0-1138-azure - 4.15.0-1138.151~16.04.1 linux-cloud-tools-4.15.0-1138-azure - 4.15.0-1138.151~16.04.1 linux-tools-4.15.0-1138-azure - 4.15.0-1138.151~16.04.1 linux-modules-extra-4.15.0-1138-azure - 4.15.0-1138.151~16.04.1 linux-headers-4.15.0-1138-azure - 4.15.0-1138.151~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-4.15.0-177-lowlatency - 4.15.0-177.186~16.04.1 linux-hwe-cloud-tools-4.15.0-177 - 4.15.0-177.186~16.04.1 linux-image-unsigned-4.15.0-177-lowlatency - 4.15.0-177.186~16.04.1 linux-tools-4.15.0-177-generic - 4.15.0-177.186~16.04.1 linux-buildinfo-4.15.0-177-generic - 4.15.0-177.186~16.04.1 linux-image-unsigned-4.15.0-177-generic - 4.15.0-177.186~16.04.1 linux-cloud-tools-4.15.0-177-generic - 4.15.0-177.186~16.04.1 linux-headers-4.15.0-177-generic - 4.15.0-177.186~16.04.1 linux-modules-4.15.0-177-lowlatency - 4.15.0-177.186~16.04.1 linux-cloud-tools-4.15.0-177-lowlatency - 4.15.0-177.186~16.04.1 linux-modules-extra-4.15.0-177-generic - 4.15.0-177.186~16.04.1 linux-buildinfo-4.15.0-177-lowlatency - 4.15.0-177.186~16.04.1 linux-headers-4.15.0-177 - 4.15.0-177.186~16.04.1 linux-modules-4.15.0-177-generic - 4.15.0-177.186~16.04.1 linux-hwe-tools-4.15.0-177 - 4.15.0-177.186~16.04.1 linux-tools-4.15.0-177-lowlatency - 4.15.0-177.186~16.04.1 linux-image-4.15.0-177-generic - 4.15.0-177.186~16.04.1 linux-source-4.15.0 - 4.15.0-177.186~16.04.1 linux-image-4.15.0-177-lowlatency - 4.15.0-177.186~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-oracle - 4.15.0.1093.81 linux-headers-oracle - 4.15.0.1093.81 linux-signed-image-oracle - 4.15.0.1093.81 linux-signed-oracle - 4.15.0.1093.81 linux-image-oracle - 4.15.0.1093.81 linux-oracle - 4.15.0.1093.81 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-gke - 4.15.0.1122.123 linux-modules-extra-gcp - 4.15.0.1122.123 linux-tools-gke - 4.15.0.1122.123 linux-tools-gcp - 4.15.0.1122.123 linux-gke - 4.15.0.1122.123 linux-image-gke - 4.15.0.1122.123 linux-headers-gcp - 4.15.0.1122.123 linux-gcp - 4.15.0.1122.123 linux-image-gcp - 4.15.0.1122.123 linux-headers-gke - 4.15.0.1122.123 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-hwe - 4.15.0.1128.118 linux-modules-extra-aws-hwe - 4.15.0.1128.118 linux-aws-edge - 4.15.0.1128.118 linux-image-aws-hwe - 4.15.0.1128.118 linux-headers-aws-hwe - 4.15.0.1128.118 linux-tools-aws-hwe - 4.15.0.1128.118 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1138.128 linux-cloud-tools-azure - 4.15.0.1138.128 linux-tools-azure - 4.15.0.1138.128 linux-image-azure-edge - 4.15.0.1138.128 linux-tools-azure-edge - 4.15.0.1138.128 linux-cloud-tools-azure-edge - 4.15.0.1138.128 linux-modules-extra-azure - 4.15.0.1138.128 linux-azure - 4.15.0.1138.128 linux-signed-image-azure-edge - 4.15.0.1138.128 linux-image-azure - 4.15.0.1138.128 linux-signed-image-azure - 4.15.0.1138.128 linux-headers-azure-edge - 4.15.0.1138.128 linux-azure-edge - 4.15.0.1138.128 linux-modules-extra-azure-edge - 4.15.0.1138.128 linux-signed-azure-edge - 4.15.0.1138.128 linux-headers-azure - 4.15.0.1138.128 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-lowlatency-hwe-16.04 - 4.15.0.177.169 linux-signed-generic-hwe-16.04-edge - 4.15.0.177.169 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.177.169 linux-image-extra-virtual-hwe-16.04 - 4.15.0.177.169 linux-image-oem - 4.15.0.177.169 linux-headers-generic-hwe-16.04-edge - 4.15.0.177.169 linux-generic-hwe-16.04 - 4.15.0.177.169 linux-tools-virtual-hwe-16.04 - 4.15.0.177.169 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.177.169 linux-image-virtual-hwe-16.04-edge - 4.15.0.177.169 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.177.169 linux-signed-lowlatency-hwe-16.04 - 4.15.0.177.169 linux-headers-oem - 4.15.0.177.169 linux-generic-hwe-16.04-edge - 4.15.0.177.169 linux-headers-lowlatency-hwe-16.04 - 4.15.0.177.169 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.177.169 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.177.169 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.177.169 linux-tools-oem - 4.15.0.177.169 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.177.169 linux-signed-image-generic-hwe-16.04 - 4.15.0.177.169 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.177.169 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.177.169 linux-headers-virtual-hwe-16.04-edge - 4.15.0.177.169 linux-lowlatency-hwe-16.04 - 4.15.0.177.169 linux-headers-generic-hwe-16.04 - 4.15.0.177.169 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.177.169 linux-tools-virtual-hwe-16.04-edge - 4.15.0.177.169 linux-oem - 4.15.0.177.169 linux-virtual-hwe-16.04 - 4.15.0.177.169 linux-lowlatency-hwe-16.04-edge - 4.15.0.177.169 linux-image-generic-hwe-16.04 - 4.15.0.177.169 linux-image-generic-hwe-16.04-edge - 4.15.0.177.169 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.177.169 linux-virtual-hwe-16.04-edge - 4.15.0.177.169 linux-tools-lowlatency-hwe-16.04 - 4.15.0.177.169 linux-signed-generic-hwe-16.04 - 4.15.0.177.169 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.177.169 linux-headers-virtual-hwe-16.04 - 4.15.0.177.169 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.177.169 linux-signed-oem - 4.15.0.177.169 linux-image-virtual-hwe-16.04 - 4.15.0.177.169 linux-signed-image-oem - 4.15.0.177.169 linux-tools-generic-hwe-16.04 - 4.15.0.177.169 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.177.169 linux-tools-generic-hwe-16.04-edge - 4.15.0.177.169 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-26401 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23042 CVE-2022-24958 CVE-2022-25258 CVE-2022-25375 CVE-2022-26490 CVE-2022-26966 CVE-2022-27223 Ubuntu 16.04 LTS It was discovered that Rsyslog improperly handled certain invalid input. An attacker could use this issue to cause Rsyslog to crash. Update Instructions: Run `sudo pro fix USN-5419-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rsyslog-pgsql - 8.16.0-1ubuntu3.1+esm1 rsyslog-gssapi - 8.16.0-1ubuntu3.1+esm1 rsyslog-mysql - 8.16.0-1ubuntu3.1+esm1 rsyslog-relp - 8.16.0-1ubuntu3.1+esm1 rsyslog - 8.16.0-1ubuntu3.1+esm1 rsyslog-elasticsearch - 8.16.0-1ubuntu3.1+esm1 rsyslog-gnutls - 8.16.0-1ubuntu3.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2018-16881 CVE-2019-17041 CVE-2019-17042 Ubuntu 16.04 LTS It was discovered that Vorbis incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2017-14160, CVE-2018-10392, CVE-2018-10393) Update Instructions: Run `sudo pro fix USN-5420-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvorbis0a - 1.3.5-3ubuntu0.2+esm1 libvorbisfile3 - 1.3.5-3ubuntu0.2+esm1 libvorbisenc2 - 1.3.5-3ubuntu0.2+esm1 libvorbis-dev - 1.3.5-3ubuntu0.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2017-14160 CVE-2018-10392 CVE-2018-10393 Ubuntu 16.04 LTS It was discovered that LibTIFF incorrectly handled certain images. An attacker could possibly use this issue to cause a crash, resulting in a denial of service. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-35522) Chintan Shah discovered that LibTIFF incorrectly handled memory when handling certain images. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-0561, CVE-2022-0562, CVE-2022-0891) It was discovered that LibTIFF incorrectly handled certain images. An attacker could possibly use this issue to cause a crash, resulting in a denial of service. This issue only affects Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2022-0865) Update Instructions: Run `sudo pro fix USN-5421-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.6-1ubuntu0.8+esm1 libtiffxx5 - 4.0.6-1ubuntu0.8+esm1 libtiff5-dev - 4.0.6-1ubuntu0.8+esm1 libtiff5 - 4.0.6-1ubuntu0.8+esm1 libtiff-tools - 4.0.6-1ubuntu0.8+esm1 libtiff-doc - 4.0.6-1ubuntu0.8+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-35522 CVE-2022-0561 CVE-2022-0562 CVE-2022-0865 CVE-2022-0891 Ubuntu 16.04 LTS Shinji Sato discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, and Ubuntu 16.04 ESM. (CVE-2022-23308) It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-29824) Update Instructions: Run `sudo pro fix USN-5422-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxml2 - 2.9.3+dfsg1-1ubuntu0.7+esm2 libxml2-dev - 2.9.3+dfsg1-1ubuntu0.7+esm2 python-libxml2 - 2.9.3+dfsg1-1ubuntu0.7+esm2 libxml2-doc - 2.9.3+dfsg1-1ubuntu0.7+esm2 libxml2-utils - 2.9.3+dfsg1-1ubuntu0.7+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-23308 CVE-2022-29824 Ubuntu 16.04 LTS USN-5423-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Original advisory details: Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. (CVE-2022-20770) Michał Dardas discovered that ClamAV incorrectly handled parsing TIFF files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. (CVE-2022-20771) Michał Dardas discovered that ClamAV incorrectly handled parsing HTML files. A remote attacker could possibly use this issue to cause ClamAV to consume resources, resulting in a denial of service. (CVE-2022-20785) Michał Dardas discovered that ClamAV incorrectly handled loading the signature database. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-20792) Alexander Patrakov and Antoine Gatineau discovered that ClamAV incorrectly handled the scan verdict cache check. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code.(CVE-2022-20796) Update Instructions: Run `sudo pro fix USN-5423-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.103.6+dfsg-0ubuntu0.16.04.1+esm1 clamav-testfiles - 0.103.6+dfsg-0ubuntu0.16.04.1+esm1 clamav-base - 0.103.6+dfsg-0ubuntu0.16.04.1+esm1 clamav - 0.103.6+dfsg-0ubuntu0.16.04.1+esm1 clamav-daemon - 0.103.6+dfsg-0ubuntu0.16.04.1+esm1 clamav-docs - 0.103.6+dfsg-0ubuntu0.16.04.1+esm1 clamav-milter - 0.103.6+dfsg-0ubuntu0.16.04.1+esm1 clamav-freshclam - 0.103.6+dfsg-0ubuntu0.16.04.1+esm1 libclamav9 - 0.103.6+dfsg-0ubuntu0.16.04.1+esm1 clamdscan - 0.103.6+dfsg-0ubuntu0.16.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-20770 CVE-2022-20771 CVE-2022-20785 CVE-2022-20792 CVE-2022-20796 Ubuntu 16.04 LTS USN-5424-1 fixed a vulnerability in OpenLDAP. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that OpenLDAP incorrectly handled certain SQL statements within LDAP queries in the experimental back-sql backend. A remote attacker could possibly use this issue to perform an SQL injection attack and alter the database. Update Instructions: Run `sudo pro fix USN-5424-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ldap-utils - 2.4.42+dfsg-2ubuntu3.13+esm1 libldap2-dev - 2.4.42+dfsg-2ubuntu3.13+esm1 libldap-2.4-2 - 2.4.42+dfsg-2ubuntu3.13+esm1 slapd-smbk5pwd - 2.4.42+dfsg-2ubuntu3.13+esm1 slapd - 2.4.42+dfsg-2ubuntu3.13+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-29155 Ubuntu 16.04 LTS Yunho Kim discovered that PCRE incorrectly handled memory when handling certain regular expressions. An attacker could possibly use this issue to cause applications using PCRE to expose sensitive information. This issue only affects Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 21.10 and Ubuntu 22.04 LTS. (CVE-2019-20838) It was discovered that PCRE incorrectly handled memory when handling certain regular expressions. An attacker could possibly use this issue to cause applications using PCRE to have unexpected behavior. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-14155) Update Instructions: Run `sudo pro fix USN-5425-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: pcregrep - 2:8.38-3.1ubuntu0.1~esm1 libpcre3-dev - 2:8.38-3.1ubuntu0.1~esm1 libpcre3 - 2:8.38-3.1ubuntu0.1~esm1 libpcrecpp0v5 - 2:8.38-3.1ubuntu0.1~esm1 libpcre16-3 - 2:8.38-3.1ubuntu0.1~esm1 libpcre32-3 - 2:8.38-3.1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2019-20838 CVE-2020-14155 Ubuntu 16.04 LTS Tobias Stoeckmann discovered that libXrandr incorrectly handled certain responses. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2016-7947, CVE-2016-7948) Update Instructions: Run `sudo pro fix USN-5428-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxrandr-dev - 2:1.5.0-1ubuntu0.1~esm1 libxrandr2 - 2:1.5.0-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2016-7947 CVE-2016-7948 Ubuntu 16.04 LTS It was discovered that libpng incorrectly handled memory when parsing certain PNG files. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possible execute arbitrary code. (CVE-2017-12652) Zhengxiong Luo discovered that libpng incorrectly handled memory when parsing certain PNG files. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possible execute arbitrary code. (CVE-2018-14048) Update Instructions: Run `sudo pro fix USN-5432-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpng3 - 1.2.54-1ubuntu1.1+esm1 libpng12-dev - 1.2.54-1ubuntu1.1+esm1 libpng12-0 - 1.2.54-1ubuntu1.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2017-12652 CVE-2018-14048 Ubuntu 16.04 LTS USN-5432-1 fixed vulnerabilities in libpng. This update provides the corresponding updates for libpng1.6. Original advisory details: It was discovered that libpng incorrectly handled memory when parsing certain PNG files. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-12652) Zhengxiong Luo discovered that libpng incorrectly handled memory when parsing certain PNG files. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-14048) Update Instructions: Run `sudo pro fix USN-5432-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpng16-dev - 1.6.20-2ubuntu0.1~esm1 libpng16-16 - 1.6.20-2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Low CVE-2017-12652 CVE-2018-14048 Ubuntu 16.04 LTS It was discovered that Vim incorrectly handled parsing of filenames in its search functionality. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service. (CVE-2021-3973) It was discovered that Vim incorrectly handled memory when opening and searching the contents of certain files. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. (CVE-2021-3974) It was discovered that Vim incorrectly handled memory when opening and editing certain files. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. (CVE-2021-3984, CVE-2021-4019, CVE-2021-4069) It was discovered that Vim was using freed memory when dealing with regular expressions inside a visual selection. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. (CVE-2021-4192) It was discovered that Vim was incorrectly performing read and write operations when in visual block mode, going beyond the end of a line and causing a heap buffer overflow. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. (CVE-2022-0261, CVE-2022-0318) It was discovered that Vim was using freed memory when dealing with regular expressions through its old regular expression engine. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. (CVE-2022-1154) Update Instructions: Run `sudo pro fix USN-5433-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:7.4.1689-3ubuntu1.5+esm4 vim-nox-py2 - 2:7.4.1689-3ubuntu1.5+esm4 vim-gnome - 2:7.4.1689-3ubuntu1.5+esm4 vim-athena-py2 - 2:7.4.1689-3ubuntu1.5+esm4 vim-athena - 2:7.4.1689-3ubuntu1.5+esm4 vim-gtk - 2:7.4.1689-3ubuntu1.5+esm4 vim-gui-common - 2:7.4.1689-3ubuntu1.5+esm4 vim - 2:7.4.1689-3ubuntu1.5+esm4 vim-gtk3-py2 - 2:7.4.1689-3ubuntu1.5+esm4 vim-doc - 2:7.4.1689-3ubuntu1.5+esm4 vim-gtk-py2 - 2:7.4.1689-3ubuntu1.5+esm4 vim-tiny - 2:7.4.1689-3ubuntu1.5+esm4 vim-gnome-py2 - 2:7.4.1689-3ubuntu1.5+esm4 vim-gtk3 - 2:7.4.1689-3ubuntu1.5+esm4 vim-nox - 2:7.4.1689-3ubuntu1.5+esm4 vim-runtime - 2:7.4.1689-3ubuntu1.5+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-3973 CVE-2021-3974 CVE-2021-3984 CVE-2021-4019 CVE-2021-4069 CVE-2021-4192 CVE-2022-0261 CVE-2022-0318 CVE-2022-1154 Ubuntu 16.04 LTS Tobias Stoeckmann discovered that libXrender incorrectly handled certain responses. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2016-7949, CVE-2016-7950) Update Instructions: Run `sudo pro fix USN-5436-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxrender-dev - 1:0.9.9-0ubuntu1+esm1 libxrender1 - 1:0.9.9-0ubuntu1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2016-7949 CVE-2016-7950 Ubuntu 16.04 LTS Tobias Stoeckmann discovered that libXfixes incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5437-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxfixes-dev - 1:5.0.1-2ubuntu0.1~esm1 libxfixes3 - 1:5.0.1-2ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2016-7944 Ubuntu 16.04 LTS USN-5438-1 fixed a vulnerability in HTMLDOC. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that HTMLDOC did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted HTML file, a remote attacker could possibly use this issue to cause HTMLDOC to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5438-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: htmldoc - 1.8.27-8ubuntu1.1+esm1 htmldoc-common - 1.8.27-8ubuntu1.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-23165 Ubuntu 16.04 LTS Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-29581) Jann Horn discovered that the Linux kernel did not properly enforce seccomp restrictions in some situations. A local attacker could use this to bypass intended seccomp sandbox restrictions. (CVE-2022-30594) Update Instructions: Run `sudo pro fix USN-5443-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-oracle-tools-4.15.0-1095 - 4.15.0-1095.104~16.04.1 linux-image-unsigned-4.15.0-1095-oracle - 4.15.0-1095.104~16.04.1 linux-headers-4.15.0-1095-oracle - 4.15.0-1095.104~16.04.1 linux-tools-4.15.0-1095-oracle - 4.15.0-1095.104~16.04.1 linux-buildinfo-4.15.0-1095-oracle - 4.15.0-1095.104~16.04.1 linux-image-4.15.0-1095-oracle - 4.15.0-1095.104~16.04.1 linux-modules-4.15.0-1095-oracle - 4.15.0-1095.104~16.04.1 linux-oracle-headers-4.15.0-1095 - 4.15.0-1095.104~16.04.1 linux-modules-extra-4.15.0-1095-oracle - 4.15.0-1095.104~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.15.0-1124-gcp - 4.15.0-1124.138~16.04.1 linux-gcp-tools-4.15.0-1124 - 4.15.0-1124.138~16.04.1 linux-headers-4.15.0-1124-gcp - 4.15.0-1124.138~16.04.1 linux-buildinfo-4.15.0-1124-gcp - 4.15.0-1124.138~16.04.1 linux-gcp-headers-4.15.0-1124 - 4.15.0-1124.138~16.04.1 linux-modules-extra-4.15.0-1124-gcp - 4.15.0-1124.138~16.04.1 linux-modules-4.15.0-1124-gcp - 4.15.0-1124.138~16.04.1 linux-tools-4.15.0-1124-gcp - 4.15.0-1124.138~16.04.1 linux-image-unsigned-4.15.0-1124-gcp - 4.15.0-1124.138~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-4.15.0-1130-aws - 4.15.0-1130.139~16.04.1 linux-modules-4.15.0-1130-aws - 4.15.0-1130.139~16.04.1 linux-image-unsigned-4.15.0-1130-aws - 4.15.0-1130.139~16.04.1 linux-modules-extra-4.15.0-1130-aws - 4.15.0-1130.139~16.04.1 linux-aws-headers-4.15.0-1130 - 4.15.0-1130.139~16.04.1 linux-image-4.15.0-1130-aws-hwe - 4.15.0-1130.139~16.04.1 linux-cloud-tools-4.15.0-1130-aws - 4.15.0-1130.139~16.04.1 linux-aws-hwe-cloud-tools-4.15.0-1130 - 4.15.0-1130.139~16.04.1 linux-buildinfo-4.15.0-1130-aws - 4.15.0-1130.139~16.04.1 linux-tools-4.15.0-1130-aws - 4.15.0-1130.139~16.04.1 linux-aws-hwe-tools-4.15.0-1130 - 4.15.0-1130.139~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-tools-4.15.0-1139 - 4.15.0-1139.152~16.04.1 linux-cloud-tools-4.15.0-1139-azure - 4.15.0-1139.152~16.04.1 linux-buildinfo-4.15.0-1139-azure - 4.15.0-1139.152~16.04.1 linux-azure-cloud-tools-4.15.0-1139 - 4.15.0-1139.152~16.04.1 linux-azure-headers-4.15.0-1139 - 4.15.0-1139.152~16.04.1 linux-image-4.15.0-1139-azure - 4.15.0-1139.152~16.04.1 linux-headers-4.15.0-1139-azure - 4.15.0-1139.152~16.04.1 linux-image-unsigned-4.15.0-1139-azure - 4.15.0-1139.152~16.04.1 linux-tools-4.15.0-1139-azure - 4.15.0-1139.152~16.04.1 linux-modules-4.15.0-1139-azure - 4.15.0-1139.152~16.04.1 linux-modules-extra-4.15.0-1139-azure - 4.15.0-1139.152~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-4.15.0-180-generic - 4.15.0-180.189~16.04.1 linux-hwe-cloud-tools-4.15.0-180 - 4.15.0-180.189~16.04.1 linux-buildinfo-4.15.0-180-generic - 4.15.0-180.189~16.04.1 linux-tools-4.15.0-180-lowlatency - 4.15.0-180.189~16.04.1 linux-cloud-tools-4.15.0-180-generic - 4.15.0-180.189~16.04.1 linux-buildinfo-4.15.0-180-lowlatency - 4.15.0-180.189~16.04.1 linux-modules-extra-4.15.0-180-generic - 4.15.0-180.189~16.04.1 linux-headers-4.15.0-180-generic - 4.15.0-180.189~16.04.1 linux-modules-4.15.0-180-lowlatency - 4.15.0-180.189~16.04.1 linux-image-4.15.0-180-lowlatency - 4.15.0-180.189~16.04.1 linux-cloud-tools-4.15.0-180-lowlatency - 4.15.0-180.189~16.04.1 linux-image-4.15.0-180-generic - 4.15.0-180.189~16.04.1 linux-image-unsigned-4.15.0-180-generic - 4.15.0-180.189~16.04.1 linux-image-unsigned-4.15.0-180-lowlatency - 4.15.0-180.189~16.04.1 linux-headers-4.15.0-180 - 4.15.0-180.189~16.04.1 linux-headers-4.15.0-180-lowlatency - 4.15.0-180.189~16.04.1 linux-source-4.15.0 - 4.15.0-180.189~16.04.1 linux-tools-4.15.0-180-generic - 4.15.0-180.189~16.04.1 linux-hwe-tools-4.15.0-180 - 4.15.0-180.189~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-oracle - 4.15.0.1095.83 linux-headers-oracle - 4.15.0.1095.83 linux-signed-image-oracle - 4.15.0.1095.83 linux-signed-oracle - 4.15.0.1095.83 linux-image-oracle - 4.15.0.1095.83 linux-oracle - 4.15.0.1095.83 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-gke - 4.15.0.1124.124 linux-modules-extra-gcp - 4.15.0.1124.124 linux-tools-gke - 4.15.0.1124.124 linux-tools-gcp - 4.15.0.1124.124 linux-gke - 4.15.0.1124.124 linux-gcp - 4.15.0.1124.124 linux-image-gke - 4.15.0.1124.124 linux-headers-gcp - 4.15.0.1124.124 linux-image-gcp - 4.15.0.1124.124 linux-headers-gke - 4.15.0.1124.124 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-hwe - 4.15.0.1130.120 linux-modules-extra-aws-hwe - 4.15.0.1130.120 linux-aws-edge - 4.15.0.1130.120 linux-image-aws-hwe - 4.15.0.1130.120 linux-headers-aws-hwe - 4.15.0.1130.120 linux-tools-aws-hwe - 4.15.0.1130.120 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1139.129 linux-tools-azure-edge - 4.15.0.1139.129 linux-cloud-tools-azure - 4.15.0.1139.129 linux-tools-azure - 4.15.0.1139.129 linux-image-azure-edge - 4.15.0.1139.129 linux-cloud-tools-azure-edge - 4.15.0.1139.129 linux-modules-extra-azure - 4.15.0.1139.129 linux-azure - 4.15.0.1139.129 linux-signed-image-azure-edge - 4.15.0.1139.129 linux-image-azure - 4.15.0.1139.129 linux-signed-image-azure - 4.15.0.1139.129 linux-headers-azure-edge - 4.15.0.1139.129 linux-azure-edge - 4.15.0.1139.129 linux-modules-extra-azure-edge - 4.15.0.1139.129 linux-signed-azure-edge - 4.15.0.1139.129 linux-headers-azure - 4.15.0.1139.129 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-lowlatency-hwe-16.04 - 4.15.0.180.171 linux-signed-generic-hwe-16.04-edge - 4.15.0.180.171 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.180.171 linux-image-extra-virtual-hwe-16.04 - 4.15.0.180.171 linux-image-oem - 4.15.0.180.171 linux-headers-generic-hwe-16.04-edge - 4.15.0.180.171 linux-tools-virtual-hwe-16.04 - 4.15.0.180.171 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.180.171 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.180.171 linux-signed-lowlatency-hwe-16.04 - 4.15.0.180.171 linux-headers-oem - 4.15.0.180.171 linux-generic-hwe-16.04-edge - 4.15.0.180.171 linux-headers-lowlatency-hwe-16.04 - 4.15.0.180.171 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.180.171 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.180.171 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.180.171 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.180.171 linux-image-virtual-hwe-16.04-edge - 4.15.0.180.171 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.180.171 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.180.171 linux-headers-virtual-hwe-16.04-edge - 4.15.0.180.171 linux-lowlatency-hwe-16.04 - 4.15.0.180.171 linux-headers-generic-hwe-16.04 - 4.15.0.180.171 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.180.171 linux-generic-hwe-16.04 - 4.15.0.180.171 linux-tools-virtual-hwe-16.04-edge - 4.15.0.180.171 linux-signed-image-generic-hwe-16.04 - 4.15.0.180.171 linux-oem - 4.15.0.180.171 linux-virtual-hwe-16.04 - 4.15.0.180.171 linux-image-generic-hwe-16.04-edge - 4.15.0.180.171 linux-lowlatency-hwe-16.04-edge - 4.15.0.180.171 linux-image-generic-hwe-16.04 - 4.15.0.180.171 linux-tools-oem - 4.15.0.180.171 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.180.171 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.180.171 linux-tools-lowlatency-hwe-16.04 - 4.15.0.180.171 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.180.171 linux-headers-virtual-hwe-16.04 - 4.15.0.180.171 linux-virtual-hwe-16.04-edge - 4.15.0.180.171 linux-signed-oem - 4.15.0.180.171 linux-image-virtual-hwe-16.04 - 4.15.0.180.171 linux-signed-generic-hwe-16.04 - 4.15.0.180.171 linux-signed-image-oem - 4.15.0.180.171 linux-tools-generic-hwe-16.04 - 4.15.0.180.171 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.180.171 linux-tools-generic-hwe-16.04-edge - 4.15.0.180.171 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-29581 CVE-2022-30594 Ubuntu 16.04 LTS USN-5446-1 fixed a vulnerability in dpkg. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Max Justicz discovered that dpkg incorrectly handled unpacking certain source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system. Update Instructions: Run `sudo pro fix USN-5446-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dpkg-dev - 1.18.4ubuntu1.7+esm1 dselect - 1.18.4ubuntu1.7+esm1 dpkg - 1.18.4ubuntu1.7+esm1 libdpkg-dev - 1.18.4ubuntu1.7+esm1 libdpkg-perl - 1.18.4ubuntu1.7+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-1664 Ubuntu 16.04 LTS It was discovered that ncurses was not properly checking array bounds when executing the fmt_entry function, which could result in an out-of-bounds write. An attacker could possibly use this issue to execute arbitrary code. (CVE-2017-10684) It was discovered that ncurses was not properly checking user input, which could result in it being treated as a format argument. An attacker could possibly use this issue to expose sensitive information or to execute arbitrary code. (CVE-2017-10685) It was discovered that ncurses was incorrectly performing memory management operations and was not blocking access attempts to illegal memory locations. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-11112, CVE-2017-13729, CVE-2017-13730, CVE-2017-13731, CVE-2017-13732, CVE-2017-13733, CVE-2017-13734) It was discovered that ncurses was not properly performing checks on pointer values before attempting to access the related memory locations, which could lead to NULL pointer dereferencing. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-11113) It was discovered that ncurses was incorrectly handling loops in libtic, which could lead to the execution of an infinite loop. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-13728) Update Instructions: Run `sudo pro fix USN-5448-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libx32ncurses5 - 6.0+20160213-1ubuntu1+esm1 lib32tinfo-dev - 6.0+20160213-1ubuntu1+esm1 ncurses-examples - 6.0+20160213-1ubuntu1+esm1 lib32ncurses5-dev - 6.0+20160213-1ubuntu1+esm1 lib32ncursesw5 - 6.0+20160213-1ubuntu1+esm1 libtinfo-dev - 6.0+20160213-1ubuntu1+esm1 libncursesw5 - 6.0+20160213-1ubuntu1+esm1 libtinfo5 - 6.0+20160213-1ubuntu1+esm1 lib32ncurses5 - 6.0+20160213-1ubuntu1+esm1 lib64tinfo5 - 6.0+20160213-1ubuntu1+esm1 ncurses-bin - 6.0+20160213-1ubuntu1+esm1 lib64ncurses5 - 6.0+20160213-1ubuntu1+esm1 lib64ncurses5-dev - 6.0+20160213-1ubuntu1+esm1 libncurses5 - 6.0+20160213-1ubuntu1+esm1 libncurses5-dev - 6.0+20160213-1ubuntu1+esm1 libx32ncurses5-dev - 6.0+20160213-1ubuntu1+esm1 lib32tinfo5 - 6.0+20160213-1ubuntu1+esm1 ncurses-base - 6.0+20160213-1ubuntu1+esm1 lib32ncursesw5-dev - 6.0+20160213-1ubuntu1+esm1 ncurses-doc - 6.0+20160213-1ubuntu1+esm1 libx32ncursesw5 - 6.0+20160213-1ubuntu1+esm1 libx32ncursesw5-dev - 6.0+20160213-1ubuntu1+esm1 libx32tinfo-dev - 6.0+20160213-1ubuntu1+esm1 libx32tinfo5 - 6.0+20160213-1ubuntu1+esm1 libncursesw5-dev - 6.0+20160213-1ubuntu1+esm1 ncurses-term - 6.0+20160213-1ubuntu1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Negligible CVE-2017-10684 CVE-2017-10685 CVE-2017-11112 CVE-2017-11113 CVE-2017-13728 CVE-2017-13729 CVE-2017-13730 CVE-2017-13731 CVE-2017-13732 CVE-2017-13733 CVE-2017-13734 Ubuntu 16.04 LTS It was discovered that libXv incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5449-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxv-dev - 2:1.0.10-1ubuntu0.16.04.1~esm1 libxv1 - 2:1.0.10-1ubuntu0.16.04.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2016-5407 Ubuntu 16.04 LTS It was discovered that NTFS-3G was incorrectly validating NTFS metadata in its ntfsck tool by not performing boundary checks. A local attacker could possibly use this issue to cause a denial of service or to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5452-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ntfs-3g - 1:2015.3.14AR.1-1ubuntu0.3+esm2 ntfs-3g-dev - 1:2015.3.14AR.1-1ubuntu0.3+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2021-46790 Ubuntu 16.04 LTS It was discovered that FreeType incorrectly handled certain font files. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5453-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfreetype6-dev - 2.6.1-0.1ubuntu2.5+esm1 freetype2-demos - 2.6.1-0.1ubuntu2.5+esm1 libfreetype6 - 2.6.1-0.1ubuntu2.5+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2022-27406 Ubuntu 16.04 LTS USN-5454-1 fixed several vulnerabilities in CUPS. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Joshua Mason discovered that CUPS incorrectly handled the secret key used to access the administrative web interface. A remote attacker could possibly use this issue to open a session as an administrator and execute arbitrary code. (CVE-2022-26691) It was discovered that CUPS incorrectly handled certain memory operations when handling IPP printing. A remote attacker could possibly use this issue to cause CUPS to crash, leading to a denial of service, or obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2019-8842, CVE-2020-10001) Update Instructions: Run `sudo pro fix USN-5454-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcupscgi1 - 2.1.3-4ubuntu0.11+esm1 libcups2-dev - 2.1.3-4ubuntu0.11+esm1 cups-bsd - 2.1.3-4ubuntu0.11+esm1 cups-common - 2.1.3-4ubuntu0.11+esm1 cups-core-drivers - 2.1.3-4ubuntu0.11+esm1 cups-server-common - 2.1.3-4ubuntu0.11+esm1 libcupsimage2 - 2.1.3-4ubuntu0.11+esm1 cups-client - 2.1.3-4ubuntu0.11+esm1 libcupscgi1-dev - 2.1.3-4ubuntu0.11+esm1 libcupsimage2-dev - 2.1.3-4ubuntu0.11+esm1 cups-ipp-utils - 2.1.3-4ubuntu0.11+esm1 libcups2 - 2.1.3-4ubuntu0.11+esm1 libcupsmime1-dev - 2.1.3-4ubuntu0.11+esm1 cups-ppdc - 2.1.3-4ubuntu0.11+esm1 libcupsppdc1 - 2.1.3-4ubuntu0.11+esm1 libcupsmime1 - 2.1.3-4ubuntu0.11+esm1 libcupsppdc1-dev - 2.1.3-4ubuntu0.11+esm1 cups - 2.1.3-4ubuntu0.11+esm1 cups-daemon - 2.1.3-4ubuntu0.11+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-8842 CVE-2020-10001 CVE-2022-26691 Ubuntu 16.04 LTS Tim Boddy, Gustavo Grieco and others discovered that Expat, that is integrated in xmltok library, incorrectly handled certain files. An attacker could possibly use these issues to cause a denial of service, or possibly execute arbitrary code. These issues were only addressed in Ubuntu 16.04 ESM. (CVE-2012-1148, CVE-2015-1283, CVE-2016-0718, CVE-2016-4472, CVE-2018-20843, CVE-2019-15903, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827) It was discovered that Expat, that is integrated in xmltok library, incorrectly handled encoding validation of certain files. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2022-25235) It was discovered that Expat, that is integrated in xmltok library, incorrectly handled namespace URIs of certain files. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2022-25236) Update Instructions: Run `sudo pro fix USN-5455-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxmltok1 - 1.2-3ubuntu0.16.04.1~esm2 libxmltok1-dev - 1.2-3ubuntu0.16.04.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2012-1148 CVE-2015-1283 CVE-2016-0718 CVE-2016-4472 CVE-2018-20843 CVE-2019-15903 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-25235 CVE-2022-25236 Ubuntu 16.04 LTS It was discovered that ImageMagick incorrectly handled memory under certain circumstances. If a user were tricked into opening a specially crafted image, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact. Update Instructions: Run `sudo pro fix USN-5456-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.8.9.9-7ubuntu5.16+esm3 libmagickcore-6.q16-dev - 8:6.8.9.9-7ubuntu5.16+esm3 libmagickcore-dev - 8:6.8.9.9-7ubuntu5.16+esm3 imagemagick - 8:6.8.9.9-7ubuntu5.16+esm3 imagemagick-doc - 8:6.8.9.9-7ubuntu5.16+esm3 libmagickwand-dev - 8:6.8.9.9-7ubuntu5.16+esm3 libmagickwand-6.q16-dev - 8:6.8.9.9-7ubuntu5.16+esm3 libmagick++-6-headers - 8:6.8.9.9-7ubuntu5.16+esm3 libimage-magick-q16-perl - 8:6.8.9.9-7ubuntu5.16+esm3 libimage-magick-perl - 8:6.8.9.9-7ubuntu5.16+esm3 libmagick++-dev - 8:6.8.9.9-7ubuntu5.16+esm3 imagemagick-6.q16 - 8:6.8.9.9-7ubuntu5.16+esm3 libmagick++-6.q16-5v5 - 8:6.8.9.9-7ubuntu5.16+esm3 perlmagick - 8:6.8.9.9-7ubuntu5.16+esm3 libmagickcore-6-arch-config - 8:6.8.9.9-7ubuntu5.16+esm3 libmagick++-6.q16-dev - 8:6.8.9.9-7ubuntu5.16+esm3 libmagickcore-6.q16-2-extra - 8:6.8.9.9-7ubuntu5.16+esm3 libmagickwand-6-headers - 8:6.8.9.9-7ubuntu5.16+esm3 libmagickcore-6-headers - 8:6.8.9.9-7ubuntu5.16+esm3 libmagickwand-6.q16-2 - 8:6.8.9.9-7ubuntu5.16+esm3 libmagickcore-6.q16-2 - 8:6.8.9.9-7ubuntu5.16+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-28463 Ubuntu 16.04 LTS It was discovered that Vim was incorrectly handling virtual column position operations, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. (CVE-2021-4193) It was discovered that Vim was not properly performing bounds checks when updating windows present on a screen, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0213) It was discovered that Vim was incorrectly handling window exchanging operations when in Visual mode, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-0319) It was discovered that Vim was incorrectly handling recursion when parsing conditional expressions. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0351) It was discovered that Vim was not properly handling memory allocation when processing data in Ex mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0359) It was discovered that Vim was not properly performing bounds checks when executing line operations in Visual mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0361, CVE-2022-0368) It was discovered that Vim was not properly handling loop conditions when looking for spell suggestions, which could result in a stack buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0408) It was discovered that Vim was incorrectly handling memory access when executing buffer operations, which could result in the usage of freed memory. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-0443) Update Instructions: Run `sudo pro fix USN-5458-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:7.4.1689-3ubuntu1.5+esm5 vim-nox-py2 - 2:7.4.1689-3ubuntu1.5+esm5 vim-gnome - 2:7.4.1689-3ubuntu1.5+esm5 vim-athena-py2 - 2:7.4.1689-3ubuntu1.5+esm5 vim-athena - 2:7.4.1689-3ubuntu1.5+esm5 vim-gtk - 2:7.4.1689-3ubuntu1.5+esm5 vim-gui-common - 2:7.4.1689-3ubuntu1.5+esm5 vim - 2:7.4.1689-3ubuntu1.5+esm5 vim-gtk3-py2 - 2:7.4.1689-3ubuntu1.5+esm5 vim-doc - 2:7.4.1689-3ubuntu1.5+esm5 vim-gtk-py2 - 2:7.4.1689-3ubuntu1.5+esm5 vim-tiny - 2:7.4.1689-3ubuntu1.5+esm5 vim-gnome-py2 - 2:7.4.1689-3ubuntu1.5+esm5 vim-gtk3 - 2:7.4.1689-3ubuntu1.5+esm5 vim-nox - 2:7.4.1689-3ubuntu1.5+esm5 vim-runtime - 2:7.4.1689-3ubuntu1.5+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-4193 CVE-2022-0213 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0368 CVE-2022-0408 CVE-2022-0443 Ubuntu 16.04 LTS It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. (CVE-2022-0554) It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs with spaces or spaces with tabs, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0572) It was discovered that Vim was not properly performing validation of data that contained special multi-byte characters, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0685) It was discovered that Vim was incorrectly processing data used to define indentation in a file, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0714) It was discovered that Vim was incorrectly processing certain regular expression patterns and strings, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0729) It was discovered that Vim was not properly performing bounds checks when executing spell suggestion commands, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0943) It was discovered that Vim was incorrectly performing bounds checks when processing invalid commands with composing characters in Ex mode, which could cause a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1616) It was discovered that Vim was not properly processing latin1 data when issuing Ex commands, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1619) It was discovered that Vim was not properly performing memory management when dealing with invalid regular expression patterns in buffers, which could cause a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-1620) It was discovered that Vim was not properly processing invalid bytes when performing spell check operations, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1621) Update Instructions: Run `sudo pro fix USN-5460-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:7.4.1689-3ubuntu1.5+esm6 vim-nox-py2 - 2:7.4.1689-3ubuntu1.5+esm6 vim-gnome - 2:7.4.1689-3ubuntu1.5+esm6 vim-athena-py2 - 2:7.4.1689-3ubuntu1.5+esm6 vim-athena - 2:7.4.1689-3ubuntu1.5+esm6 vim-gtk - 2:7.4.1689-3ubuntu1.5+esm6 vim-gui-common - 2:7.4.1689-3ubuntu1.5+esm6 vim - 2:7.4.1689-3ubuntu1.5+esm6 vim-gtk3-py2 - 2:7.4.1689-3ubuntu1.5+esm6 vim-doc - 2:7.4.1689-3ubuntu1.5+esm6 vim-gtk-py2 - 2:7.4.1689-3ubuntu1.5+esm6 vim-tiny - 2:7.4.1689-3ubuntu1.5+esm6 vim-gnome-py2 - 2:7.4.1689-3ubuntu1.5+esm6 vim-gtk3 - 2:7.4.1689-3ubuntu1.5+esm6 vim-nox - 2:7.4.1689-3ubuntu1.5+esm6 vim-runtime - 2:7.4.1689-3ubuntu1.5+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-0554 CVE-2022-0572 CVE-2022-0685 CVE-2022-0714 CVE-2022-0729 CVE-2022-0943 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1621 Ubuntu 16.04 LTS USN-5462-1 fixed several vulnerabilities in Ruby. This update provides the corresponding CVE-2022-28739 update for ruby2.3 on Ubuntu 16.04 ESM. Original advisory details: It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-5462-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libruby2.3 - 2.3.1-2~ubuntu16.04.16+esm3 ruby2.3 - 2.3.1-2~ubuntu16.04.16+esm3 ruby2.3-dev - 2.3.1-2~ubuntu16.04.16+esm3 ruby2.3-doc - 2.3.1-2~ubuntu16.04.16+esm3 ruby2.3-tcltk - 2.3.1-2~ubuntu16.04.16+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2022-28739 Ubuntu 16.04 LTS USN-5463-1 fixed vulnerabilities in NTFS-3G. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Roman Fiedler discovered that NTFS-3G incorrectly handled certain return codes. A local attacker could possibly use this issue to intercept protocol traffic between FUSE and the kernel. (CVE-2022-30783) It was discovered that NTFS-3G incorrectly handled certain NTFS disk images. If a user or automated system were tricked into mounting a specially crafted disk image, a remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2022-30784, CVE-2022-30786, CVE-2022-30788, CVE-2022-30789) Roman Fiedler discovered that NTFS-3G incorrectly handled certain file handles. A local attacker could possibly use this issue to read and write arbitrary memory. (CVE-2022-30785, CVE-2022-30787) Update Instructions: Run `sudo pro fix USN-5463-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ntfs-3g - 1:2015.3.14AR.1-1ubuntu0.3+esm3 ntfs-3g-dev - 1:2015.3.14AR.1-1ubuntu0.3+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-30783 CVE-2022-30784 CVE-2022-30785 CVE-2022-30786 CVE-2022-30787 CVE-2022-30788 CVE-2022-30789 Ubuntu 16.04 LTS Nils Bars discovered that e2fsprogs incorrectly handled certain file systems. A local attacker could use this issue with a crafted file system image to possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5464-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libss2 - 1.42.13-1ubuntu1.2+esm1 e2fslibs-dev - 1.42.13-1ubuntu1.2+esm1 e2fsprogs - 1.42.13-1ubuntu1.2+esm1 e2fsck-static - 1.42.13-1ubuntu1.2+esm1 e2fslibs - 1.42.13-1ubuntu1.2+esm1 libcomerr2 - 1.42.13-1ubuntu1.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro ss-dev - 2.0-1.42.13-1ubuntu1.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro comerr-dev - 2.1-1.42.13-1ubuntu1.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-1304 Ubuntu 16.04 LTS It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. (CVE-2022-21499) Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1966) Jann Horn discovered that the Linux kernel did not properly enforce seccomp restrictions in some situations. A local attacker could use this to bypass intended seccomp sandbox restrictions. (CVE-2022-30594) Update Instructions: Run `sudo pro fix USN-5465-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-4.4.0-1108-kvm - 4.4.0-1108.118 linux-tools-4.4.0-1108-kvm - 4.4.0-1108.118 linux-kvm-headers-4.4.0-1108 - 4.4.0-1108.118 linux-image-4.4.0-1108-kvm - 4.4.0-1108.118 linux-kvm-tools-4.4.0-1108 - 4.4.0-1108.118 linux-kvm-cloud-tools-4.4.0-1108 - 4.4.0-1108.118 linux-cloud-tools-4.4.0-1108-kvm - 4.4.0-1108.118 linux-headers-4.4.0-1108-kvm - 4.4.0-1108.118 linux-buildinfo-4.4.0-1108-kvm - 4.4.0-1108.118 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.4.0-1143-aws - 4.4.0-1143.158 linux-cloud-tools-4.4.0-1143-aws - 4.4.0-1143.158 linux-modules-extra-4.4.0-1143-aws - 4.4.0-1143.158 linux-aws-headers-4.4.0-1143 - 4.4.0-1143.158 linux-modules-4.4.0-1143-aws - 4.4.0-1143.158 linux-headers-4.4.0-1143-aws - 4.4.0-1143.158 linux-aws-cloud-tools-4.4.0-1143 - 4.4.0-1143.158 linux-tools-4.4.0-1143-aws - 4.4.0-1143.158 linux-image-4.4.0-1143-aws - 4.4.0-1143.158 linux-aws-tools-4.4.0-1143 - 4.4.0-1143.158 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-common - 4.4.0-227.261 linux-headers-4.4.0-227-generic - 4.4.0-227.261 linux-headers-4.4.0-227 - 4.4.0-227.261 linux-tools-host - 4.4.0-227.261 linux-doc - 4.4.0-227.261 linux-image-4.4.0-227-lowlatency - 4.4.0-227.261 linux-cloud-tools-4.4.0-227-generic - 4.4.0-227.261 linux-image-4.4.0-227-generic - 4.4.0-227.261 linux-libc-dev - 4.4.0-227.261 linux-cloud-tools-4.4.0-227 - 4.4.0-227.261 linux-tools-4.4.0-227-generic - 4.4.0-227.261 linux-buildinfo-4.4.0-227-lowlatency - 4.4.0-227.261 linux-image-unsigned-4.4.0-227-lowlatency - 4.4.0-227.261 linux-buildinfo-4.4.0-227-generic - 4.4.0-227.261 linux-cloud-tools-4.4.0-227-lowlatency - 4.4.0-227.261 linux-image-unsigned-4.4.0-227-generic - 4.4.0-227.261 linux-modules-extra-4.4.0-227-generic - 4.4.0-227.261 linux-headers-4.4.0-227-lowlatency - 4.4.0-227.261 linux-cloud-tools-common - 4.4.0-227.261 linux-tools-4.4.0-227-lowlatency - 4.4.0-227.261 linux-source-4.4.0 - 4.4.0-227.261 linux-modules-4.4.0-227-generic - 4.4.0-227.261 linux-modules-4.4.0-227-lowlatency - 4.4.0-227.261 linux-tools-4.4.0-227 - 4.4.0-227.261 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-kvm - 4.4.0.1108.105 linux-headers-kvm - 4.4.0.1108.105 linux-image-kvm - 4.4.0.1108.105 linux-tools-kvm - 4.4.0.1108.105 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-aws - 4.4.0.1143.147 linux-image-aws - 4.4.0.1143.147 linux-aws - 4.4.0.1143.147 linux-modules-extra-aws - 4.4.0.1143.147 linux-tools-aws - 4.4.0.1143.147 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-image-generic-lts-utopic - 4.4.0.227.233 linux-cloud-tools-generic-lts-wily - 4.4.0.227.233 linux-cloud-tools-virtual-lts-xenial - 4.4.0.227.233 linux-cloud-tools-virtual - 4.4.0.227.233 linux-cloud-tools-virtual-lts-utopic - 4.4.0.227.233 linux-tools-generic-lts-vivid - 4.4.0.227.233 linux-image-extra-virtual-lts-xenial - 4.4.0.227.233 linux-image-extra-virtual-lts-wily - 4.4.0.227.233 linux-headers-generic-lts-wily - 4.4.0.227.233 linux-tools-virtual-lts-vivid - 4.4.0.227.233 linux-image-virtual - 4.4.0.227.233 linux-generic-lts-vivid - 4.4.0.227.233 linux-image-lowlatency-lts-vivid - 4.4.0.227.233 linux-tools-lowlatency-lts-vivid - 4.4.0.227.233 linux-cloud-tools-generic-lts-utopic - 4.4.0.227.233 linux-headers-virtual-lts-vivid - 4.4.0.227.233 linux-image-lowlatency-lts-wily - 4.4.0.227.233 linux-image-generic - 4.4.0.227.233 linux-tools-lowlatency - 4.4.0.227.233 linux-image-lowlatency-lts-xenial - 4.4.0.227.233 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.227.233 linux-image-extra-virtual-lts-vivid - 4.4.0.227.233 linux-image-generic-lts-wily - 4.4.0.227.233 linux-virtual-lts-utopic - 4.4.0.227.233 linux-tools-virtual-lts-xenial - 4.4.0.227.233 linux-signed-generic-lts-wily - 4.4.0.227.233 linux-cloud-tools-lowlatency-lts-wily - 4.4.0.227.233 linux-image-extra-virtual-lts-utopic - 4.4.0.227.233 linux-signed-image-lowlatency - 4.4.0.227.233 linux-tools-lowlatency-lts-xenial - 4.4.0.227.233 linux-headers-generic-lts-xenial - 4.4.0.227.233 linux-signed-generic-lts-vivid - 4.4.0.227.233 linux-headers-lowlatency-lts-wily - 4.4.0.227.233 linux-virtual-lts-vivid - 4.4.0.227.233 linux-signed-lowlatency-lts-xenial - 4.4.0.227.233 linux-headers-lowlatency-lts-vivid - 4.4.0.227.233 linux-signed-lowlatency-lts-wily - 4.4.0.227.233 linux-lowlatency-lts-xenial - 4.4.0.227.233 linux-image-virtual-lts-utopic - 4.4.0.227.233 linux-signed-generic-lts-xenial - 4.4.0.227.233 linux-source - 4.4.0.227.233 linux-signed-image-generic - 4.4.0.227.233 linux-lowlatency - 4.4.0.227.233 linux-cloud-tools-lowlatency-lts-vivid - 4.4.0.227.233 linux-generic-lts-xenial - 4.4.0.227.233 linux-tools-virtual - 4.4.0.227.233 linux-cloud-tools-generic-lts-xenial - 4.4.0.227.233 linux-virtual - 4.4.0.227.233 linux-cloud-tools-generic-lts-vivid - 4.4.0.227.233 linux-tools-generic-lts-utopic - 4.4.0.227.233 linux-cloud-tools-lowlatency-lts-utopic - 4.4.0.227.233 linux-signed-image-generic-lts-vivid - 4.4.0.227.233 linux-image-virtual-lts-xenial - 4.4.0.227.233 linux-image-virtual-lts-vivid - 4.4.0.227.233 linux-image-extra-virtual - 4.4.0.227.233 linux-virtual-lts-xenial - 4.4.0.227.233 linux-cloud-tools-virtual-lts-vivid - 4.4.0.227.233 linux-tools-lowlatency-lts-utopic - 4.4.0.227.233 linux-signed-image-generic-lts-wily - 4.4.0.227.233 linux-signed-image-lowlatency-lts-xenial - 4.4.0.227.233 linux-image-generic-lts-vivid - 4.4.0.227.233 linux-generic - 4.4.0.227.233 linux-tools-generic-lts-wily - 4.4.0.227.233 linux-tools-virtual-lts-utopic - 4.4.0.227.233 linux-headers-lowlatency - 4.4.0.227.233 linux-lowlatency-lts-vivid - 4.4.0.227.233 linux-generic-lts-wily - 4.4.0.227.233 linux-image-hwe-virtual-trusty - 4.4.0.227.233 linux-signed-image-generic-lts-xenial - 4.4.0.227.233 linux-tools-virtual-lts-wily - 4.4.0.227.233 linux-tools-lowlatency-lts-wily - 4.4.0.227.233 linux-headers-virtual-lts-xenial - 4.4.0.227.233 linux-headers-lowlatency-lts-utopic - 4.4.0.227.233 linux-hwe-generic-trusty - 4.4.0.227.233 linux-tools-generic - 4.4.0.227.233 linux-crashdump - 4.4.0.227.233 linux-cloud-tools-generic - 4.4.0.227.233 linux-headers-generic-lts-utopic - 4.4.0.227.233 linux-cloud-tools-virtual-lts-wily - 4.4.0.227.233 linux-cloud-tools-lowlatency - 4.4.0.227.233 linux-lowlatency-lts-utopic - 4.4.0.227.233 linux-tools-generic-lts-xenial - 4.4.0.227.233 linux-signed-generic-lts-utopic - 4.4.0.227.233 linux-image-generic-lts-utopic - 4.4.0.227.233 linux-image-virtual-lts-wily - 4.4.0.227.233 linux-signed-generic - 4.4.0.227.233 linux-lowlatency-lts-wily - 4.4.0.227.233 linux-headers-generic - 4.4.0.227.233 linux-tools-lts-utopic - 4.4.0.227.233 linux-headers-virtual-lts-utopic - 4.4.0.227.233 linux-generic-lts-utopic - 4.4.0.227.233 linux-headers-lowlatency-lts-xenial - 4.4.0.227.233 linux-image-hwe-generic-trusty - 4.4.0.227.233 linux-signed-image-lowlatency-lts-wily - 4.4.0.227.233 linux-headers-generic-lts-vivid - 4.4.0.227.233 linux-headers-virtual - 4.4.0.227.233 linux-image-generic-lts-xenial - 4.4.0.227.233 linux-virtual-lts-wily - 4.4.0.227.233 linux-headers-virtual-lts-wily - 4.4.0.227.233 linux-hwe-virtual-trusty - 4.4.0.227.233 linux-signed-lowlatency - 4.4.0.227.233 linux-image-lowlatency-lts-utopic - 4.4.0.227.233 linux-image-lowlatency - 4.4.0.227.233 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-21499 CVE-2022-30594 Ubuntu 16.04 LTS It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. (CVE-2022-21499) Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1966) It was discovered that the SCTP protocol implementation in the Linux kernel did not properly verify VTAGs in some situations. A remote attacker could possibly use this to cause a denial of service (connection disassociation). (CVE-2021-3772) It was discovered that the btrfs file system implementation in the Linux kernel did not properly handle locking in certain error conditions. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2021-4149) David Bouman discovered that the netfilter subsystem in the Linux kernel did not initialize memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-1016) It was discovered that the virtual graphics memory manager implementation in the Linux kernel was subject to a race condition, potentially leading to an information leak. (CVE-2022-1419) 赵子轩 discovered that the 802.2 LLC type 2 driver in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could use this to cause a denial of service. (CVE-2022-28356) It was discovered that the EMS CAN/USB interface implementation in the Linux kernel contained a double-free vulnerability when handling certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-28390) Update Instructions: Run `sudo pro fix USN-5466-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-oracle-tools-4.15.0-1098 - 4.15.0-1098.108~16.04.1 linux-headers-4.15.0-1098-oracle - 4.15.0-1098.108~16.04.1 linux-modules-extra-4.15.0-1098-oracle - 4.15.0-1098.108~16.04.1 linux-buildinfo-4.15.0-1098-oracle - 4.15.0-1098.108~16.04.1 linux-tools-4.15.0-1098-oracle - 4.15.0-1098.108~16.04.1 linux-modules-4.15.0-1098-oracle - 4.15.0-1098.108~16.04.1 linux-oracle-headers-4.15.0-1098 - 4.15.0-1098.108~16.04.1 linux-image-unsigned-4.15.0-1098-oracle - 4.15.0-1098.108~16.04.1 linux-image-4.15.0-1098-oracle - 4.15.0-1098.108~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-4.15.0-1127-gcp - 4.15.0-1127.142~16.04.1 linux-modules-4.15.0-1127-gcp - 4.15.0-1127.142~16.04.1 linux-image-unsigned-4.15.0-1127-gcp - 4.15.0-1127.142~16.04.1 linux-gcp-tools-4.15.0-1127 - 4.15.0-1127.142~16.04.1 linux-headers-4.15.0-1127-gcp - 4.15.0-1127.142~16.04.1 linux-buildinfo-4.15.0-1127-gcp - 4.15.0-1127.142~16.04.1 linux-image-4.15.0-1127-gcp - 4.15.0-1127.142~16.04.1 linux-gcp-headers-4.15.0-1127 - 4.15.0-1127.142~16.04.1 linux-tools-4.15.0-1127-gcp - 4.15.0-1127.142~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-unsigned-4.15.0-1133-aws - 4.15.0-1133.143~16.04.1 linux-buildinfo-4.15.0-1133-aws - 4.15.0-1133.143~16.04.1 linux-modules-extra-4.15.0-1133-aws - 4.15.0-1133.143~16.04.1 linux-cloud-tools-4.15.0-1133-aws - 4.15.0-1133.143~16.04.1 linux-aws-headers-4.15.0-1133 - 4.15.0-1133.143~16.04.1 linux-modules-4.15.0-1133-aws - 4.15.0-1133.143~16.04.1 linux-image-4.15.0-1133-aws-hwe - 4.15.0-1133.143~16.04.1 linux-aws-hwe-cloud-tools-4.15.0-1133 - 4.15.0-1133.143~16.04.1 linux-aws-hwe-tools-4.15.0-1133 - 4.15.0-1133.143~16.04.1 linux-tools-4.15.0-1133-aws - 4.15.0-1133.143~16.04.1 linux-headers-4.15.0-1133-aws - 4.15.0-1133.143~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-tools-4.15.0-1142 - 4.15.0-1142.156~16.04.1 linux-azure-cloud-tools-4.15.0-1142 - 4.15.0-1142.156~16.04.1 linux-buildinfo-4.15.0-1142-azure - 4.15.0-1142.156~16.04.1 linux-cloud-tools-4.15.0-1142-azure - 4.15.0-1142.156~16.04.1 linux-azure-headers-4.15.0-1142 - 4.15.0-1142.156~16.04.1 linux-tools-4.15.0-1142-azure - 4.15.0-1142.156~16.04.1 linux-image-4.15.0-1142-azure - 4.15.0-1142.156~16.04.1 linux-modules-extra-4.15.0-1142-azure - 4.15.0-1142.156~16.04.1 linux-modules-4.15.0-1142-azure - 4.15.0-1142.156~16.04.1 linux-headers-4.15.0-1142-azure - 4.15.0-1142.156~16.04.1 linux-image-unsigned-4.15.0-1142-azure - 4.15.0-1142.156~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-hwe-cloud-tools-4.15.0-184 - 4.15.0-184.194~16.04.1 linux-modules-4.15.0-184-generic - 4.15.0-184.194~16.04.1 linux-cloud-tools-4.15.0-184-generic - 4.15.0-184.194~16.04.1 linux-tools-4.15.0-184-generic - 4.15.0-184.194~16.04.1 linux-buildinfo-4.15.0-184-lowlatency - 4.15.0-184.194~16.04.1 linux-headers-4.15.0-184-generic - 4.15.0-184.194~16.04.1 linux-modules-extra-4.15.0-184-generic - 4.15.0-184.194~16.04.1 linux-buildinfo-4.15.0-184-generic - 4.15.0-184.194~16.04.1 linux-image-unsigned-4.15.0-184-lowlatency - 4.15.0-184.194~16.04.1 linux-cloud-tools-4.15.0-184-lowlatency - 4.15.0-184.194~16.04.1 linux-headers-4.15.0-184 - 4.15.0-184.194~16.04.1 linux-image-unsigned-4.15.0-184-generic - 4.15.0-184.194~16.04.1 linux-modules-4.15.0-184-lowlatency - 4.15.0-184.194~16.04.1 linux-headers-4.15.0-184-lowlatency - 4.15.0-184.194~16.04.1 linux-tools-4.15.0-184-lowlatency - 4.15.0-184.194~16.04.1 linux-hwe-tools-4.15.0-184 - 4.15.0-184.194~16.04.1 linux-source-4.15.0 - 4.15.0-184.194~16.04.1 linux-image-4.15.0-184-generic - 4.15.0-184.194~16.04.1 linux-image-4.15.0-184-lowlatency - 4.15.0-184.194~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 4.15.0.1098.85 linux-tools-oracle - 4.15.0.1098.85 linux-signed-image-oracle - 4.15.0.1098.85 linux-signed-oracle - 4.15.0.1098.85 linux-image-oracle - 4.15.0.1098.85 linux-oracle - 4.15.0.1098.85 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-gke - 4.15.0.1127.126 linux-modules-extra-gcp - 4.15.0.1127.126 linux-tools-gke - 4.15.0.1127.126 linux-tools-gcp - 4.15.0.1127.126 linux-gke - 4.15.0.1127.126 linux-gcp - 4.15.0.1127.126 linux-image-gke - 4.15.0.1127.126 linux-headers-gke - 4.15.0.1127.126 linux-headers-gcp - 4.15.0.1127.126 linux-image-gcp - 4.15.0.1127.126 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-hwe - 4.15.0.1133.122 linux-aws-edge - 4.15.0.1133.122 linux-image-aws-hwe - 4.15.0.1133.122 linux-headers-aws-hwe - 4.15.0.1133.122 linux-modules-extra-aws-hwe - 4.15.0.1133.122 linux-tools-aws-hwe - 4.15.0.1133.122 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1142.131 linux-tools-azure-edge - 4.15.0.1142.131 linux-cloud-tools-azure - 4.15.0.1142.131 linux-tools-azure - 4.15.0.1142.131 linux-image-azure-edge - 4.15.0.1142.131 linux-cloud-tools-azure-edge - 4.15.0.1142.131 linux-modules-extra-azure - 4.15.0.1142.131 linux-signed-image-azure-edge - 4.15.0.1142.131 linux-image-azure - 4.15.0.1142.131 linux-signed-image-azure - 4.15.0.1142.131 linux-headers-azure-edge - 4.15.0.1142.131 linux-azure-edge - 4.15.0.1142.131 linux-modules-extra-azure-edge - 4.15.0.1142.131 linux-signed-azure-edge - 4.15.0.1142.131 linux-azure - 4.15.0.1142.131 linux-headers-azure - 4.15.0.1142.131 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-generic-hwe-16.04-edge - 4.15.0.184.173 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.184.173 linux-image-extra-virtual-hwe-16.04 - 4.15.0.184.173 linux-headers-virtual-hwe-16.04 - 4.15.0.184.173 linux-image-oem - 4.15.0.184.173 linux-headers-generic-hwe-16.04-edge - 4.15.0.184.173 linux-image-lowlatency-hwe-16.04 - 4.15.0.184.173 linux-generic-hwe-16.04 - 4.15.0.184.173 linux-tools-virtual-hwe-16.04 - 4.15.0.184.173 linux-image-virtual-hwe-16.04-edge - 4.15.0.184.173 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.184.173 linux-signed-lowlatency-hwe-16.04 - 4.15.0.184.173 linux-headers-oem - 4.15.0.184.173 linux-generic-hwe-16.04-edge - 4.15.0.184.173 linux-headers-lowlatency-hwe-16.04 - 4.15.0.184.173 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.184.173 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.184.173 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.184.173 linux-tools-oem - 4.15.0.184.173 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.184.173 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.184.173 linux-lowlatency-hwe-16.04-edge - 4.15.0.184.173 linux-signed-image-generic-hwe-16.04 - 4.15.0.184.173 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.184.173 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.184.173 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.184.173 linux-lowlatency-hwe-16.04 - 4.15.0.184.173 linux-headers-generic-hwe-16.04 - 4.15.0.184.173 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.184.173 linux-tools-virtual-hwe-16.04-edge - 4.15.0.184.173 linux-oem - 4.15.0.184.173 linux-virtual-hwe-16.04 - 4.15.0.184.173 linux-headers-virtual-hwe-16.04-edge - 4.15.0.184.173 linux-image-generic-hwe-16.04 - 4.15.0.184.173 linux-image-generic-hwe-16.04-edge - 4.15.0.184.173 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.184.173 linux-virtual-hwe-16.04-edge - 4.15.0.184.173 linux-tools-lowlatency-hwe-16.04 - 4.15.0.184.173 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.184.173 linux-signed-oem - 4.15.0.184.173 linux-image-virtual-hwe-16.04 - 4.15.0.184.173 linux-signed-generic-hwe-16.04 - 4.15.0.184.173 linux-signed-image-oem - 4.15.0.184.173 linux-tools-generic-hwe-16.04 - 4.15.0.184.173 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.184.173 linux-tools-generic-hwe-16.04-edge - 4.15.0.184.173 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-3772 CVE-2021-4149 CVE-2022-1016 CVE-2022-1419 CVE-2022-21499 CVE-2022-28356 CVE-2022-28390 Ubuntu 16.04 LTS USN-5473-1 updated ca-certificates. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.50 version of the Mozilla certificate authority bundle. Update Instructions: Run `sudo pro fix USN-5473-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ca-certificates - 20211016~16.04.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/1976631 Ubuntu 16.04 LTS Hosein Askari discovered that ncurses was incorrectly performing memory management operations when dealing with long filenames while writing structures into the file system. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2017-16879) Chung-Yi Lin discovered that ncurses was incorrectly handling access to invalid memory areas when parsing terminfo or termcap entries where the use-name had invalid syntax. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-19211) It was discovered that ncurses was incorrectly performing bounds checks when processing invalid hashcodes. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. (CVE-2019-17594) It was discovered that ncurses was incorrectly handling end-of-string characters when processing terminfo and termcap files. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. (CVE-2019-17595) It was discovered that ncurses was incorrectly handling end-of-string characters when converting between termcap and terminfo formats. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2021-39537) It was discovered that ncurses was incorrectly performing bounds checks when dealing with corrupt terminfo data while reading a terminfo file. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. (CVE-2022-29458) Update Instructions: Run `sudo pro fix USN-5477-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libx32ncurses5 - 6.0+20160213-1ubuntu1+esm2 lib32tinfo-dev - 6.0+20160213-1ubuntu1+esm2 ncurses-examples - 6.0+20160213-1ubuntu1+esm2 lib32ncurses5-dev - 6.0+20160213-1ubuntu1+esm2 lib32ncursesw5 - 6.0+20160213-1ubuntu1+esm2 libtinfo-dev - 6.0+20160213-1ubuntu1+esm2 libncursesw5 - 6.0+20160213-1ubuntu1+esm2 libtinfo5 - 6.0+20160213-1ubuntu1+esm2 lib32ncurses5 - 6.0+20160213-1ubuntu1+esm2 lib64tinfo5 - 6.0+20160213-1ubuntu1+esm2 ncurses-bin - 6.0+20160213-1ubuntu1+esm2 lib64ncurses5 - 6.0+20160213-1ubuntu1+esm2 lib64ncurses5-dev - 6.0+20160213-1ubuntu1+esm2 libncurses5 - 6.0+20160213-1ubuntu1+esm2 libncurses5-dev - 6.0+20160213-1ubuntu1+esm2 libx32ncurses5-dev - 6.0+20160213-1ubuntu1+esm2 lib32tinfo5 - 6.0+20160213-1ubuntu1+esm2 ncurses-base - 6.0+20160213-1ubuntu1+esm2 lib32ncursesw5-dev - 6.0+20160213-1ubuntu1+esm2 ncurses-doc - 6.0+20160213-1ubuntu1+esm2 libx32ncursesw5 - 6.0+20160213-1ubuntu1+esm2 libx32ncursesw5-dev - 6.0+20160213-1ubuntu1+esm2 libx32tinfo-dev - 6.0+20160213-1ubuntu1+esm2 libx32tinfo5 - 6.0+20160213-1ubuntu1+esm2 libncursesw5-dev - 6.0+20160213-1ubuntu1+esm2 ncurses-term - 6.0+20160213-1ubuntu1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2017-16879 CVE-2018-19211 CVE-2019-17594 CVE-2019-17595 CVE-2021-39537 CVE-2022-29458 Ubuntu 16.04 LTS Christian Moch and Michael Gruhn discovered that the libblkid library of util-linux did not properly manage memory under certain circumstances. A local attacker could possibly use this issue to cause denial of service by consuming all memory through a specially crafted MSDOS partition table. Update Instructions: Run `sudo pro fix USN-5478-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bsdutils - 1:2.27.1-6ubuntu3.10+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro libmount1 - 2.27.1-6ubuntu3.10+esm2 util-linux - 2.27.1-6ubuntu3.10+esm2 mount - 2.27.1-6ubuntu3.10+esm2 libsmartcols1 - 2.27.1-6ubuntu3.10+esm2 util-linux-locales - 2.27.1-6ubuntu3.10+esm2 libfdisk1 - 2.27.1-6ubuntu3.10+esm2 libfdisk-dev - 2.27.1-6ubuntu3.10+esm2 libsmartcols-dev - 2.27.1-6ubuntu3.10+esm2 uuid-dev - 2.27.1-6ubuntu3.10+esm2 libmount-dev - 2.27.1-6ubuntu3.10+esm2 libblkid-dev - 2.27.1-6ubuntu3.10+esm2 uuid-runtime - 2.27.1-6ubuntu3.10+esm2 libblkid1 - 2.27.1-6ubuntu3.10+esm2 libuuid1 - 2.27.1-6ubuntu3.10+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2016-5011 Ubuntu 16.04 LTS USN-5479-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: Charles Fol discovered that PHP incorrectly handled initializing certain arrays when handling the pg_query_params function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-31625) Charles Fol discovered that PHP incorrectly handled passwords in mysqlnd. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-31626) Update Instructions: Run `sudo pro fix USN-5479-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.0-cgi - 7.0.33-0ubuntu0.16.04.16+esm4 php7.0-mcrypt - 7.0.33-0ubuntu0.16.04.16+esm4 php7.0-xsl - 7.0.33-0ubuntu0.16.04.16+esm4 php7.0-fpm - 7.0.33-0ubuntu0.16.04.16+esm4 libphp7.0-embed - 7.0.33-0ubuntu0.16.04.16+esm4 php7.0-cli - 7.0.33-0ubuntu0.16.04.16+esm4 php7.0-curl - 7.0.33-0ubuntu0.16.04.16+esm4 php7.0-ldap - 7.0.33-0ubuntu0.16.04.16+esm4 php7.0-mbstring - 7.0.33-0ubuntu0.16.04.16+esm4 php7.0-gmp - 7.0.33-0ubuntu0.16.04.16+esm4 php7.0-sqlite3 - 7.0.33-0ubuntu0.16.04.16+esm4 php7.0-gd - 7.0.33-0ubuntu0.16.04.16+esm4 php7.0-common - 7.0.33-0ubuntu0.16.04.16+esm4 php7.0-enchant - 7.0.33-0ubuntu0.16.04.16+esm4 php7.0-odbc - 7.0.33-0ubuntu0.16.04.16+esm4 php7.0-phpdbg - 7.0.33-0ubuntu0.16.04.16+esm4 php7.0-json - 7.0.33-0ubuntu0.16.04.16+esm4 php7.0-pgsql - 7.0.33-0ubuntu0.16.04.16+esm4 libapache2-mod-php7.0 - 7.0.33-0ubuntu0.16.04.16+esm4 php7.0-zip - 7.0.33-0ubuntu0.16.04.16+esm4 php7.0-imap - 7.0.33-0ubuntu0.16.04.16+esm4 php7.0-dba - 7.0.33-0ubuntu0.16.04.16+esm4 php7.0-sybase - 7.0.33-0ubuntu0.16.04.16+esm4 php7.0-pspell - 7.0.33-0ubuntu0.16.04.16+esm4 php7.0-xml - 7.0.33-0ubuntu0.16.04.16+esm4 php7.0-bz2 - 7.0.33-0ubuntu0.16.04.16+esm4 php7.0-recode - 7.0.33-0ubuntu0.16.04.16+esm4 php7.0-soap - 7.0.33-0ubuntu0.16.04.16+esm4 php7.0 - 7.0.33-0ubuntu0.16.04.16+esm4 php7.0-tidy - 7.0.33-0ubuntu0.16.04.16+esm4 php7.0-interbase - 7.0.33-0ubuntu0.16.04.16+esm4 php7.0-opcache - 7.0.33-0ubuntu0.16.04.16+esm4 php7.0-readline - 7.0.33-0ubuntu0.16.04.16+esm4 php7.0-intl - 7.0.33-0ubuntu0.16.04.16+esm4 php7.0-mysql - 7.0.33-0ubuntu0.16.04.16+esm4 php7.0-xmlrpc - 7.0.33-0ubuntu0.16.04.16+esm4 php7.0-bcmath - 7.0.33-0ubuntu0.16.04.16+esm4 php7.0-dev - 7.0.33-0ubuntu0.16.04.16+esm4 php7.0-snmp - 7.0.33-0ubuntu0.16.04.16+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-31625 CVE-2022-31626 Ubuntu 16.04 LTS It was discovered that some Intel processors did not completely perform cleanup actions on multi-core shared buffers. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21123) It was discovered that some Intel processors did not completely perform cleanup actions on microarchitectural fill buffers. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21125) It was discovered that some Intel processors did not properly perform cleanup during specific special register write operations. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21166) Update Instructions: Run `sudo pro fix USN-5485-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-4.15.0-1101-oracle - 4.15.0-1101.112~16.04.1 linux-buildinfo-4.15.0-1101-oracle - 4.15.0-1101.112~16.04.1 linux-oracle-headers-4.15.0-1101 - 4.15.0-1101.112~16.04.1 linux-image-unsigned-4.15.0-1101-oracle - 4.15.0-1101.112~16.04.1 linux-headers-4.15.0-1101-oracle - 4.15.0-1101.112~16.04.1 linux-modules-extra-4.15.0-1101-oracle - 4.15.0-1101.112~16.04.1 linux-image-4.15.0-1101-oracle - 4.15.0-1101.112~16.04.1 linux-oracle-tools-4.15.0-1101 - 4.15.0-1101.112~16.04.1 linux-tools-4.15.0-1101-oracle - 4.15.0-1101.112~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.15.0-1130-gcp - 4.15.0-1130.146~16.04.1 linux-modules-4.15.0-1130-gcp - 4.15.0-1130.146~16.04.1 linux-gcp-tools-4.15.0-1130 - 4.15.0-1130.146~16.04.1 linux-headers-4.15.0-1130-gcp - 4.15.0-1130.146~16.04.1 linux-modules-extra-4.15.0-1130-gcp - 4.15.0-1130.146~16.04.1 linux-buildinfo-4.15.0-1130-gcp - 4.15.0-1130.146~16.04.1 linux-tools-4.15.0-1130-gcp - 4.15.0-1130.146~16.04.1 linux-gcp-headers-4.15.0-1130 - 4.15.0-1130.146~16.04.1 linux-image-unsigned-4.15.0-1130-gcp - 4.15.0-1130.146~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-hwe-tools-4.15.0-1136 - 4.15.0-1136.147~16.04.1 linux-modules-4.15.0-1136-aws - 4.15.0-1136.147~16.04.1 linux-headers-4.15.0-1136-aws - 4.15.0-1136.147~16.04.1 linux-cloud-tools-4.15.0-1136-aws - 4.15.0-1136.147~16.04.1 linux-image-unsigned-4.15.0-1136-aws - 4.15.0-1136.147~16.04.1 linux-aws-headers-4.15.0-1136 - 4.15.0-1136.147~16.04.1 linux-image-4.15.0-1136-aws-hwe - 4.15.0-1136.147~16.04.1 linux-modules-extra-4.15.0-1136-aws - 4.15.0-1136.147~16.04.1 linux-buildinfo-4.15.0-1136-aws - 4.15.0-1136.147~16.04.1 linux-aws-hwe-cloud-tools-4.15.0-1136 - 4.15.0-1136.147~16.04.1 linux-tools-4.15.0-1136-aws - 4.15.0-1136.147~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-4.15.0-1145-azure - 4.15.0-1145.160~16.04.1 linux-tools-4.15.0-1145-azure - 4.15.0-1145.160~16.04.1 linux-image-4.15.0-1145-azure - 4.15.0-1145.160~16.04.1 linux-azure-tools-4.15.0-1145 - 4.15.0-1145.160~16.04.1 linux-image-unsigned-4.15.0-1145-azure - 4.15.0-1145.160~16.04.1 linux-azure-cloud-tools-4.15.0-1145 - 4.15.0-1145.160~16.04.1 linux-modules-4.15.0-1145-azure - 4.15.0-1145.160~16.04.1 linux-headers-4.15.0-1145-azure - 4.15.0-1145.160~16.04.1 linux-azure-headers-4.15.0-1145 - 4.15.0-1145.160~16.04.1 linux-modules-extra-4.15.0-1145-azure - 4.15.0-1145.160~16.04.1 linux-buildinfo-4.15.0-1145-azure - 4.15.0-1145.160~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-4.15.0-187-lowlatency - 4.15.0-187.198~16.04.1 linux-modules-extra-4.15.0-187-generic - 4.15.0-187.198~16.04.1 linux-modules-4.15.0-187-generic - 4.15.0-187.198~16.04.1 linux-image-unsigned-4.15.0-187-lowlatency - 4.15.0-187.198~16.04.1 linux-buildinfo-4.15.0-187-lowlatency - 4.15.0-187.198~16.04.1 linux-modules-4.15.0-187-lowlatency - 4.15.0-187.198~16.04.1 linux-headers-4.15.0-187 - 4.15.0-187.198~16.04.1 linux-cloud-tools-4.15.0-187-lowlatency - 4.15.0-187.198~16.04.1 linux-cloud-tools-4.15.0-187-generic - 4.15.0-187.198~16.04.1 linux-hwe-cloud-tools-4.15.0-187 - 4.15.0-187.198~16.04.1 linux-image-unsigned-4.15.0-187-generic - 4.15.0-187.198~16.04.1 linux-image-4.15.0-187-generic - 4.15.0-187.198~16.04.1 linux-buildinfo-4.15.0-187-generic - 4.15.0-187.198~16.04.1 linux-headers-4.15.0-187-lowlatency - 4.15.0-187.198~16.04.1 linux-hwe-tools-4.15.0-187 - 4.15.0-187.198~16.04.1 linux-image-4.15.0-187-lowlatency - 4.15.0-187.198~16.04.1 linux-source-4.15.0 - 4.15.0-187.198~16.04.1 linux-headers-4.15.0-187-generic - 4.15.0-187.198~16.04.1 linux-tools-4.15.0-187-generic - 4.15.0-187.198~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-oracle - 4.15.0.1101.86 linux-headers-oracle - 4.15.0.1101.86 linux-signed-image-oracle - 4.15.0.1101.86 linux-signed-oracle - 4.15.0.1101.86 linux-image-oracle - 4.15.0.1101.86 linux-oracle - 4.15.0.1101.86 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-gke - 4.15.0.1130.127 linux-modules-extra-gcp - 4.15.0.1130.127 linux-tools-gke - 4.15.0.1130.127 linux-tools-gcp - 4.15.0.1130.127 linux-gke - 4.15.0.1130.127 linux-gcp - 4.15.0.1130.127 linux-image-gke - 4.15.0.1130.127 linux-headers-gcp - 4.15.0.1130.127 linux-headers-gke - 4.15.0.1130.127 linux-image-gcp - 4.15.0.1130.127 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-hwe - 4.15.0.1136.123 linux-modules-extra-aws-hwe - 4.15.0.1136.123 linux-aws-edge - 4.15.0.1136.123 linux-image-aws-hwe - 4.15.0.1136.123 linux-headers-aws-hwe - 4.15.0.1136.123 linux-tools-aws-hwe - 4.15.0.1136.123 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1145.132 linux-tools-azure-edge - 4.15.0.1145.132 linux-cloud-tools-azure - 4.15.0.1145.132 linux-tools-azure - 4.15.0.1145.132 linux-image-azure-edge - 4.15.0.1145.132 linux-cloud-tools-azure-edge - 4.15.0.1145.132 linux-modules-extra-azure - 4.15.0.1145.132 linux-azure - 4.15.0.1145.132 linux-signed-image-azure-edge - 4.15.0.1145.132 linux-image-azure - 4.15.0.1145.132 linux-signed-image-azure - 4.15.0.1145.132 linux-headers-azure-edge - 4.15.0.1145.132 linux-azure-edge - 4.15.0.1145.132 linux-modules-extra-azure-edge - 4.15.0.1145.132 linux-signed-azure-edge - 4.15.0.1145.132 linux-headers-azure - 4.15.0.1145.132 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-lowlatency-hwe-16.04 - 4.15.0.187.174 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.187.174 linux-image-extra-virtual-hwe-16.04 - 4.15.0.187.174 linux-headers-virtual-hwe-16.04 - 4.15.0.187.174 linux-image-oem - 4.15.0.187.174 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.187.174 linux-headers-generic-hwe-16.04-edge - 4.15.0.187.174 linux-signed-generic-hwe-16.04-edge - 4.15.0.187.174 linux-tools-virtual-hwe-16.04 - 4.15.0.187.174 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.187.174 linux-image-virtual-hwe-16.04-edge - 4.15.0.187.174 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.187.174 linux-signed-lowlatency-hwe-16.04 - 4.15.0.187.174 linux-headers-oem - 4.15.0.187.174 linux-generic-hwe-16.04-edge - 4.15.0.187.174 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.187.174 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.187.174 linux-tools-generic-hwe-16.04 - 4.15.0.187.174 linux-tools-oem - 4.15.0.187.174 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.187.174 linux-signed-image-generic-hwe-16.04 - 4.15.0.187.174 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.187.174 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.187.174 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.187.174 linux-headers-lowlatency-hwe-16.04 - 4.15.0.187.174 linux-lowlatency-hwe-16.04 - 4.15.0.187.174 linux-headers-generic-hwe-16.04 - 4.15.0.187.174 linux-generic-hwe-16.04 - 4.15.0.187.174 linux-tools-virtual-hwe-16.04-edge - 4.15.0.187.174 linux-oem - 4.15.0.187.174 linux-image-generic-hwe-16.04-edge - 4.15.0.187.174 linux-headers-virtual-hwe-16.04-edge - 4.15.0.187.174 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.187.174 linux-lowlatency-hwe-16.04-edge - 4.15.0.187.174 linux-image-generic-hwe-16.04 - 4.15.0.187.174 linux-virtual-hwe-16.04-edge - 4.15.0.187.174 linux-tools-lowlatency-hwe-16.04 - 4.15.0.187.174 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.187.174 linux-virtual-hwe-16.04 - 4.15.0.187.174 linux-signed-oem - 4.15.0.187.174 linux-image-virtual-hwe-16.04 - 4.15.0.187.174 linux-signed-generic-hwe-16.04 - 4.15.0.187.174 linux-signed-image-oem - 4.15.0.187.174 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.187.174 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.187.174 linux-tools-generic-hwe-16.04-edge - 4.15.0.187.174 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 Ubuntu 16.04 LTS It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. (CVE-2022-26377) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-28614) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information. (CVE-2022-28615) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-29404) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash. (CVE-2022-30522) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to execute arbitrary code or cause a crash. (CVE-2022-30556) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to bypass IP based authentication. (CVE-2022-31813) Update Instructions: Run `sudo pro fix USN-5487-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2-data - 2.4.18-2ubuntu3.17+esm6 apache2-utils - 2.4.18-2ubuntu3.17+esm6 apache2-dev - 2.4.18-2ubuntu3.17+esm6 apache2-suexec-pristine - 2.4.18-2ubuntu3.17+esm6 apache2-suexec-custom - 2.4.18-2ubuntu3.17+esm6 apache2 - 2.4.18-2ubuntu3.17+esm6 apache2-doc - 2.4.18-2ubuntu3.17+esm6 apache2-bin - 2.4.18-2ubuntu3.17+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 CVE-2022-31813 Ubuntu 16.04 LTS USN-5487-1 fixed several vulnerabilities in Apache HTTP Server. Unfortunately it caused regressions. USN-5487-2 reverted the patches that caused the regression in Ubuntu 14.04 ESM for further investigation. This update re-adds the security fixes for Ubuntu 14.04 ESM and fixes two different regressions: one affecting mod_proxy only in Ubuntu 14.04 ESM and another in mod_sed affecting also Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. We apologize for the inconvenience. Original advisory details: It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. (CVE-2022-26377) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-28614) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information. (CVE-2022-28615) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-29404) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash. (CVE-2022-30522) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to execute arbitrary code or cause a crash. (CVE-2022-30556) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to bypass IP based authentication. (CVE-2022-31813) Update Instructions: Run `sudo pro fix USN-5487-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2-data - 2.4.18-2ubuntu3.17+esm7 apache2-utils - 2.4.18-2ubuntu3.17+esm7 apache2-dev - 2.4.18-2ubuntu3.17+esm7 apache2-suexec-pristine - 2.4.18-2ubuntu3.17+esm7 apache2-suexec-custom - 2.4.18-2ubuntu3.17+esm7 apache2 - 2.4.18-2ubuntu3.17+esm7 apache2-doc - 2.4.18-2ubuntu3.17+esm7 apache2-bin - 2.4.18-2ubuntu3.17+esm7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 CVE-2022-31813 https://launchpad.net/bugs/1979577 https://launchpad.net/bugs/1979641 Ubuntu 16.04 LTS USN-5488-1 fixed vulnerabilities in OpenSSL. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: Chancen and Daniel Fiala discovered that OpenSSL incorrectly handled the c_rehash script. A local attacker could possibly use this issue to execute arbitrary commands when c_rehash is run. Update Instructions: Run `sudo pro fix USN-5488-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl-dev - 1.0.2g-1ubuntu4.20+esm5 openssl - 1.0.2g-1ubuntu4.20+esm5 libssl-doc - 1.0.2g-1ubuntu4.20+esm5 libssl1.0.0 - 1.0.2g-1ubuntu4.20+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-2068 Ubuntu 16.04 LTS It was discovered that Protocol Buffers did not properly parse certain symbols. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. Update Instructions: Run `sudo pro fix USN-5490-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libprotoc9v5 - 2.6.1-1.3ubuntu0.1~esm1 libprotoc-dev - 2.6.1-1.3ubuntu0.1~esm1 libprotobuf-lite9v5 - 2.6.1-1.3ubuntu0.1~esm1 python-protobuf - 2.6.1-1.3ubuntu0.1~esm1 libprotobuf-dev - 2.6.1-1.3ubuntu0.1~esm1 libprotobuf9v5 - 2.6.1-1.3ubuntu0.1~esm1 libprotobuf-java - 2.6.1-1.3ubuntu0.1~esm1 protobuf-compiler - 2.6.1-1.3ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2021-22570 Ubuntu 16.04 LTS It was discovered that Vim incorrectly handled memory when opening and searching the contents of certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash. Update Instructions: Run `sudo pro fix USN-5492-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:7.4.1689-3ubuntu1.5+esm7 vim-nox-py2 - 2:7.4.1689-3ubuntu1.5+esm7 vim-gnome - 2:7.4.1689-3ubuntu1.5+esm7 vim-athena-py2 - 2:7.4.1689-3ubuntu1.5+esm7 vim-athena - 2:7.4.1689-3ubuntu1.5+esm7 vim-gtk - 2:7.4.1689-3ubuntu1.5+esm7 vim-gui-common - 2:7.4.1689-3ubuntu1.5+esm7 vim - 2:7.4.1689-3ubuntu1.5+esm7 vim-gtk3-py2 - 2:7.4.1689-3ubuntu1.5+esm7 vim-doc - 2:7.4.1689-3ubuntu1.5+esm7 vim-gtk-py2 - 2:7.4.1689-3ubuntu1.5+esm7 vim-tiny - 2:7.4.1689-3ubuntu1.5+esm7 vim-gnome-py2 - 2:7.4.1689-3ubuntu1.5+esm7 vim-gtk3 - 2:7.4.1689-3ubuntu1.5+esm7 vim-nox - 2:7.4.1689-3ubuntu1.5+esm7 vim-runtime - 2:7.4.1689-3ubuntu1.5+esm7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-2042 Ubuntu 16.04 LTS It was discovered that the 8 Devices USB2CAN interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). Update Instructions: Run `sudo pro fix USN-5493-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-188-lowlatency - 4.15.0-188.199~16.04.1 linux-modules-4.15.0-188-lowlatency - 4.15.0-188.199~16.04.1 linux-cloud-tools-4.15.0-188-lowlatency - 4.15.0-188.199~16.04.1 linux-image-4.15.0-188-generic - 4.15.0-188.199~16.04.1 linux-hwe-cloud-tools-4.15.0-188 - 4.15.0-188.199~16.04.1 linux-tools-4.15.0-188-generic - 4.15.0-188.199~16.04.1 linux-headers-4.15.0-188-generic - 4.15.0-188.199~16.04.1 linux-image-unsigned-4.15.0-188-generic - 4.15.0-188.199~16.04.1 linux-buildinfo-4.15.0-188-generic - 4.15.0-188.199~16.04.1 linux-cloud-tools-4.15.0-188-generic - 4.15.0-188.199~16.04.1 linux-image-unsigned-4.15.0-188-lowlatency - 4.15.0-188.199~16.04.1 linux-headers-4.15.0-188-lowlatency - 4.15.0-188.199~16.04.1 linux-source-4.15.0 - 4.15.0-188.199~16.04.1 linux-modules-4.15.0-188-generic - 4.15.0-188.199~16.04.1 linux-modules-extra-4.15.0-188-generic - 4.15.0-188.199~16.04.1 linux-buildinfo-4.15.0-188-lowlatency - 4.15.0-188.199~16.04.1 linux-headers-4.15.0-188 - 4.15.0-188.199~16.04.1 linux-hwe-tools-4.15.0-188 - 4.15.0-188.199~16.04.1 linux-tools-4.15.0-188-lowlatency - 4.15.0-188.199~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.188.175 linux-tools-oem - 4.15.0.188.175 linux-lowlatency-hwe-16.04-edge - 4.15.0.188.175 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.188.175 linux-image-lowlatency-hwe-16.04 - 4.15.0.188.175 linux-signed-generic-hwe-16.04-edge - 4.15.0.188.175 linux-image-generic-hwe-16.04-edge - 4.15.0.188.175 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.188.175 linux-headers-oem - 4.15.0.188.175 linux-virtual-hwe-16.04-edge - 4.15.0.188.175 linux-tools-lowlatency-hwe-16.04 - 4.15.0.188.175 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.188.175 linux-signed-lowlatency-hwe-16.04 - 4.15.0.188.175 linux-image-extra-virtual-hwe-16.04 - 4.15.0.188.175 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.188.175 linux-headers-virtual-hwe-16.04 - 4.15.0.188.175 linux-signed-image-generic-hwe-16.04 - 4.15.0.188.175 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.188.175 linux-image-virtual-hwe-16.04-edge - 4.15.0.188.175 linux-image-virtual-hwe-16.04 - 4.15.0.188.175 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.188.175 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.188.175 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.188.175 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.188.175 linux-image-oem - 4.15.0.188.175 linux-signed-oem - 4.15.0.188.175 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.188.175 linux-headers-virtual-hwe-16.04-edge - 4.15.0.188.175 linux-oem - 4.15.0.188.175 linux-lowlatency-hwe-16.04 - 4.15.0.188.175 linux-headers-generic-hwe-16.04 - 4.15.0.188.175 linux-generic-hwe-16.04-edge - 4.15.0.188.175 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.188.175 linux-headers-lowlatency-hwe-16.04 - 4.15.0.188.175 linux-signed-generic-hwe-16.04 - 4.15.0.188.175 linux-signed-image-oem - 4.15.0.188.175 linux-generic-hwe-16.04 - 4.15.0.188.175 linux-tools-virtual-hwe-16.04-edge - 4.15.0.188.175 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.188.175 linux-headers-generic-hwe-16.04-edge - 4.15.0.188.175 linux-tools-generic-hwe-16.04-edge - 4.15.0.188.175 linux-virtual-hwe-16.04 - 4.15.0.188.175 linux-image-generic-hwe-16.04 - 4.15.0.188.175 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.188.175 linux-tools-generic-hwe-16.04 - 4.15.0.188.175 linux-tools-virtual-hwe-16.04 - 4.15.0.188.175 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-28388 Ubuntu 16.04 LTS USN-5497-1 fixed vulnerabilities in Libjpeg6b. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: It was discovered that Libjpeg6b was not properly performing bounds checks when compressing PPM and Targa image files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-11212) Chijin Zhou discovered that Libjpeg6b was incorrectly handling the EOF character in input data when generating JPEG files. An attacker could possibly use this issue to force the execution of a large loop, force excessive memory consumption, and cause a denial of service. (CVE-2018-11813) Sheng Shu and Dongdong She discovered that Libjpeg6b was not properly limiting the amount of memory being used when it was performing decompression or multi-pass compression operations. An attacker could possibly use this issue to force excessive memory consumption and cause a denial of service. (CVE-2020-14152) Update Instructions: Run `sudo pro fix USN-5497-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjpeg62 - 1:6b2-2ubuntu0.1~esm1 libjpeg62-dev - 1:6b2-2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-11212 CVE-2018-11213 CVE-2018-11214 CVE-2018-11813 CVE-2020-14152 Ubuntu 16.04 LTS It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5498-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:7.4.1689-3ubuntu1.5+esm8 vim-nox-py2 - 2:7.4.1689-3ubuntu1.5+esm8 vim-gnome - 2:7.4.1689-3ubuntu1.5+esm8 vim-athena-py2 - 2:7.4.1689-3ubuntu1.5+esm8 vim-athena - 2:7.4.1689-3ubuntu1.5+esm8 vim-gtk - 2:7.4.1689-3ubuntu1.5+esm8 vim-gui-common - 2:7.4.1689-3ubuntu1.5+esm8 vim - 2:7.4.1689-3ubuntu1.5+esm8 vim-gtk3-py2 - 2:7.4.1689-3ubuntu1.5+esm8 vim-doc - 2:7.4.1689-3ubuntu1.5+esm8 vim-gtk-py2 - 2:7.4.1689-3ubuntu1.5+esm8 vim-tiny - 2:7.4.1689-3ubuntu1.5+esm8 vim-gnome-py2 - 2:7.4.1689-3ubuntu1.5+esm8 vim-gtk3 - 2:7.4.1689-3ubuntu1.5+esm8 vim-nox - 2:7.4.1689-3ubuntu1.5+esm8 vim-runtime - 2:7.4.1689-3ubuntu1.5+esm8 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-0413 CVE-2022-1629 CVE-2022-1733 CVE-2022-1735 CVE-2022-1785 CVE-2022-1796 CVE-2022-1851 CVE-2022-1898 Ubuntu 16.04 LTS Florian Kohnhuser discovered that curl incorrectly handled returning a TLS server’s certificate chain details. A remote attacker could possibly use this issue to cause curl to stop responding, resulting in a denial of service. (CVE-2022-27781) Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages. An attacker could possibly use this to perform a machine-in-the-middle attack. (CVE-2022-32208) Update Instructions: Run `sudo pro fix USN-5499-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.47.0-1ubuntu2.19+esm4 libcurl4-openssl-dev - 7.47.0-1ubuntu2.19+esm4 libcurl3-gnutls - 7.47.0-1ubuntu2.19+esm4 libcurl4-doc - 7.47.0-1ubuntu2.19+esm4 libcurl3-nss - 7.47.0-1ubuntu2.19+esm4 libcurl4-nss-dev - 7.47.0-1ubuntu2.19+esm4 libcurl3 - 7.47.0-1ubuntu2.19+esm4 curl - 7.47.0-1ubuntu2.19+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-27781 CVE-2022-32208 Ubuntu 16.04 LTS Eric Biederman discovered that the cgroup process migration implementation in the Linux kernel did not perform permission checks correctly in some situations. A local attacker could possibly use this to gain administrative privileges. (CVE-2021-4197) Lin Ma discovered that the NFC Controller Interface (NCI) implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-4202) It was discovered that the PF_KEYv2 implementation in the Linux kernel did not properly initialize kernel memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-1353) It was discovered that the virtual graphics memory manager implementation in the Linux kernel was subject to a race condition, potentially leading to an information leak. (CVE-2022-1419) Minh Yuan discovered that the floppy disk driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1652) It was discovered that the Atheros ath9k wireless device driver in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1679) It was discovered that the Marvell NFC device driver implementation in the Linux kernel did not properly perform memory cleanup operations in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1734) 赵子轩 discovered that the 802.2 LLC type 2 driver in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could use this to cause a denial of service. (CVE-2022-28356) Update Instructions: Run `sudo pro fix USN-5500-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-headers-4.4.0-1145-aws - 4.4.0-1145.160 linux-buildinfo-4.4.0-1145-aws - 4.4.0-1145.160 linux-aws-cloud-tools-4.4.0-1145 - 4.4.0-1145.160 linux-tools-4.4.0-1145-aws - 4.4.0-1145.160 linux-aws-headers-4.4.0-1145 - 4.4.0-1145.160 linux-modules-4.4.0-1145-aws - 4.4.0-1145.160 linux-modules-extra-4.4.0-1145-aws - 4.4.0-1145.160 linux-cloud-tools-4.4.0-1145-aws - 4.4.0-1145.160 linux-aws-tools-4.4.0-1145 - 4.4.0-1145.160 linux-image-4.4.0-1145-aws - 4.4.0-1145.160 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-common - 4.4.0-229.263 linux-tools-4.4.0-229-generic - 4.4.0-229.263 linux-image-unsigned-4.4.0-229-lowlatency - 4.4.0-229.263 linux-headers-4.4.0-229-generic - 4.4.0-229.263 linux-headers-4.4.0-229 - 4.4.0-229.263 linux-tools-host - 4.4.0-229.263 linux-source-4.4.0 - 4.4.0-229.263 linux-cloud-tools-4.4.0-229-generic - 4.4.0-229.263 linux-modules-extra-4.4.0-229-generic - 4.4.0-229.263 linux-cloud-tools-4.4.0-229 - 4.4.0-229.263 linux-modules-4.4.0-229-generic - 4.4.0-229.263 linux-cloud-tools-4.4.0-229-lowlatency - 4.4.0-229.263 linux-libc-dev - 4.4.0-229.263 linux-buildinfo-4.4.0-229-generic - 4.4.0-229.263 linux-headers-4.4.0-229-lowlatency - 4.4.0-229.263 linux-image-4.4.0-229-lowlatency - 4.4.0-229.263 linux-modules-4.4.0-229-lowlatency - 4.4.0-229.263 linux-buildinfo-4.4.0-229-lowlatency - 4.4.0-229.263 linux-image-4.4.0-229-generic - 4.4.0-229.263 linux-tools-4.4.0-229-lowlatency - 4.4.0-229.263 linux-doc - 4.4.0-229.263 linux-cloud-tools-common - 4.4.0-229.263 linux-image-unsigned-4.4.0-229-generic - 4.4.0-229.263 linux-tools-4.4.0-229 - 4.4.0-229.263 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-aws - 4.4.0.1145.149 linux-image-aws - 4.4.0.1145.149 linux-aws - 4.4.0.1145.149 linux-modules-extra-aws - 4.4.0.1145.149 linux-tools-aws - 4.4.0.1145.149 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-image-generic-lts-utopic - 4.4.0.229.235 linux-cloud-tools-generic-lts-wily - 4.4.0.229.235 linux-cloud-tools-virtual-lts-xenial - 4.4.0.229.235 linux-cloud-tools-virtual - 4.4.0.229.235 linux-cloud-tools-virtual-lts-utopic - 4.4.0.229.235 linux-tools-generic-lts-vivid - 4.4.0.229.235 linux-image-extra-virtual-lts-xenial - 4.4.0.229.235 linux-image-extra-virtual-lts-wily - 4.4.0.229.235 linux-headers-generic-lts-wily - 4.4.0.229.235 linux-tools-virtual-lts-vivid - 4.4.0.229.235 linux-image-virtual - 4.4.0.229.235 linux-tools-virtual-lts-wily - 4.4.0.229.235 linux-image-lowlatency-lts-vivid - 4.4.0.229.235 linux-tools-lowlatency-lts-vivid - 4.4.0.229.235 linux-cloud-tools-generic-lts-utopic - 4.4.0.229.235 linux-headers-virtual-lts-vivid - 4.4.0.229.235 linux-image-lowlatency-lts-wily - 4.4.0.229.235 linux-image-generic - 4.4.0.229.235 linux-tools-lowlatency - 4.4.0.229.235 linux-image-lowlatency-lts-xenial - 4.4.0.229.235 linux-tools-virtual-lts-xenial - 4.4.0.229.235 linux-signed-lowlatency-lts-wily - 4.4.0.229.235 linux-image-extra-virtual-lts-vivid - 4.4.0.229.235 linux-image-generic-lts-wily - 4.4.0.229.235 linux-virtual-lts-utopic - 4.4.0.229.235 linux-signed-generic-lts-wily - 4.4.0.229.235 linux-cloud-tools-lowlatency-lts-wily - 4.4.0.229.235 linux-image-extra-virtual-lts-utopic - 4.4.0.229.235 linux-signed-generic-lts-utopic - 4.4.0.229.235 linux-tools-lowlatency-lts-xenial - 4.4.0.229.235 linux-headers-generic-lts-xenial - 4.4.0.229.235 linux-signed-generic-lts-vivid - 4.4.0.229.235 linux-crashdump - 4.4.0.229.235 linux-virtual-lts-vivid - 4.4.0.229.235 linux-signed-lowlatency-lts-xenial - 4.4.0.229.235 linux-headers-lowlatency-lts-vivid - 4.4.0.229.235 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.229.235 linux-lowlatency-lts-xenial - 4.4.0.229.235 linux-signed-generic-lts-xenial - 4.4.0.229.235 linux-signed-image-generic - 4.4.0.229.235 linux-lowlatency - 4.4.0.229.235 linux-cloud-tools-lowlatency-lts-vivid - 4.4.0.229.235 linux-generic-lts-xenial - 4.4.0.229.235 linux-tools-virtual - 4.4.0.229.235 linux-virtual - 4.4.0.229.235 linux-cloud-tools-generic-lts-vivid - 4.4.0.229.235 linux-tools-generic-lts-utopic - 4.4.0.229.235 linux-cloud-tools-lowlatency-lts-utopic - 4.4.0.229.235 linux-image-virtual-lts-xenial - 4.4.0.229.235 linux-image-virtual-lts-vivid - 4.4.0.229.235 linux-virtual-lts-xenial - 4.4.0.229.235 linux-cloud-tools-virtual-lts-vivid - 4.4.0.229.235 linux-tools-lowlatency-lts-utopic - 4.4.0.229.235 linux-signed-image-generic-lts-wily - 4.4.0.229.235 linux-signed-image-lowlatency-lts-xenial - 4.4.0.229.235 linux-image-generic-lts-vivid - 4.4.0.229.235 linux-generic - 4.4.0.229.235 linux-tools-generic-lts-wily - 4.4.0.229.235 linux-tools-virtual-lts-utopic - 4.4.0.229.235 linux-headers-lowlatency - 4.4.0.229.235 linux-lowlatency-lts-vivid - 4.4.0.229.235 linux-generic-lts-wily - 4.4.0.229.235 linux-image-hwe-virtual-trusty - 4.4.0.229.235 linux-signed-image-generic-lts-xenial - 4.4.0.229.235 linux-generic-lts-vivid - 4.4.0.229.235 linux-tools-lowlatency-lts-wily - 4.4.0.229.235 linux-headers-virtual-lts-xenial - 4.4.0.229.235 linux-headers-lowlatency-lts-wily - 4.4.0.229.235 linux-headers-lowlatency-lts-utopic - 4.4.0.229.235 linux-hwe-generic-trusty - 4.4.0.229.235 linux-tools-generic - 4.4.0.229.235 linux-source - 4.4.0.229.235 linux-image-extra-virtual - 4.4.0.229.235 linux-cloud-tools-generic - 4.4.0.229.235 linux-headers-generic-lts-utopic - 4.4.0.229.235 linux-cloud-tools-virtual-lts-wily - 4.4.0.229.235 linux-cloud-tools-lowlatency - 4.4.0.229.235 linux-lowlatency-lts-utopic - 4.4.0.229.235 linux-tools-generic-lts-xenial - 4.4.0.229.235 linux-signed-image-lowlatency - 4.4.0.229.235 linux-image-generic-lts-utopic - 4.4.0.229.235 linux-image-virtual-lts-wily - 4.4.0.229.235 linux-signed-generic - 4.4.0.229.235 linux-lowlatency-lts-wily - 4.4.0.229.235 linux-image-virtual-lts-utopic - 4.4.0.229.235 linux-headers-generic - 4.4.0.229.235 linux-tools-lts-utopic - 4.4.0.229.235 linux-signed-image-generic-lts-vivid - 4.4.0.229.235 linux-headers-virtual-lts-utopic - 4.4.0.229.235 linux-generic-lts-utopic - 4.4.0.229.235 linux-headers-lowlatency-lts-xenial - 4.4.0.229.235 linux-image-hwe-generic-trusty - 4.4.0.229.235 linux-signed-image-lowlatency-lts-wily - 4.4.0.229.235 linux-headers-generic-lts-vivid - 4.4.0.229.235 linux-headers-virtual - 4.4.0.229.235 linux-image-generic-lts-xenial - 4.4.0.229.235 linux-virtual-lts-wily - 4.4.0.229.235 linux-cloud-tools-generic-lts-xenial - 4.4.0.229.235 linux-headers-virtual-lts-wily - 4.4.0.229.235 linux-hwe-virtual-trusty - 4.4.0.229.235 linux-signed-lowlatency - 4.4.0.229.235 linux-image-lowlatency-lts-utopic - 4.4.0.229.235 linux-image-lowlatency - 4.4.0.229.235 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-4197 CVE-2021-4202 CVE-2022-1353 CVE-2022-1419 CVE-2022-1652 CVE-2022-1679 CVE-2022-1734 CVE-2022-28356 Ubuntu 16.04 LTS USN-5503-1 fixed a vulnerability in GnuPG. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Demi Marie Obenour discovered that GnuPG incorrectly handled injection in the status message. A remote attacker could possibly use this issue to forge signatures. Update Instructions: Run `sudo pro fix USN-5503-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gpgv - 1.4.20-1ubuntu3.3+esm2 gnupg - 1.4.20-1ubuntu3.3+esm2 gnupg-curl - 1.4.20-1ubuntu3.3+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro dirmngr - 2.1.11-6ubuntu2.1+esm1 scdaemon - 2.1.11-6ubuntu2.1+esm1 gpgsm - 2.1.11-6ubuntu2.1+esm1 gnupg-agent - 2.1.11-6ubuntu2.1+esm1 gnupg2 - 2.1.11-6ubuntu2.1+esm1 gpgv2 - 2.1.11-6ubuntu2.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-34903 Ubuntu 16.04 LTS Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. (CVE-2021-3609) Likang Luo discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3752) It was discovered that the NFC subsystem in the Linux kernel contained a use-after-free vulnerability in its NFC Controller Interface (NCI) implementation. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-3760) Szymon Heidrich discovered that the USB Gadget subsystem in the Linux kernel did not properly restrict the size of control requests for certain gadget types, leading to possible out of bounds reads or writes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-39685) It was discovered that the Ion Memory Manager subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-39714) Eric Biederman discovered that the cgroup process migration implementation in the Linux kernel did not perform permission checks correctly in some situations. A local attacker could possibly use this to gain administrative privileges. (CVE-2021-4197) Lin Ma discovered that the NFC Controller Interface (NCI) implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-4202) Sushma Venkatesh Reddy discovered that the Intel i915 graphics driver in the Linux kernel did not perform a GPU TLB flush in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-0330) It was discovered that the PF_KEYv2 implementation in the Linux kernel did not properly initialize kernel memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-1353) It was discovered that the virtual graphics memory manager implementation in the Linux kernel was subject to a race condition, potentially leading to an information leak. (CVE-2022-1419) Minh Yuan discovered that the floppy disk driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1652) It was discovered that the Atheros ath9k wireless device driver in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1679) It was discovered that the Marvell NFC device driver implementation in the Linux kernel did not properly perform memory cleanup operations in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1734) It was discovered that some Intel processors did not completely perform cleanup actions on multi-core shared buffers. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21123) It was discovered that some Intel processors did not completely perform cleanup actions on microarchitectural fill buffers. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21125) It was discovered that some Intel processors did not properly perform cleanup during specific special register write operations. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21166) It was discovered that the USB Gadget file system interface in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-24958) 赵子轩 discovered that the 802.2 LLC type 2 driver in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could use this to cause a denial of service. (CVE-2022-28356) It was discovered that the 8 Devices USB2CAN interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-28388) Update Instructions: Run `sudo pro fix USN-5505-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-cloud-tools-4.4.0-1110-kvm - 4.4.0-1110.120 linux-kvm-headers-4.4.0-1110 - 4.4.0-1110.120 linux-buildinfo-4.4.0-1110-kvm - 4.4.0-1110.120 linux-kvm-cloud-tools-4.4.0-1110 - 4.4.0-1110.120 linux-headers-4.4.0-1110-kvm - 4.4.0-1110.120 linux-modules-4.4.0-1110-kvm - 4.4.0-1110.120 linux-kvm-tools-4.4.0-1110 - 4.4.0-1110.120 linux-tools-4.4.0-1110-kvm - 4.4.0-1110.120 linux-image-4.4.0-1110-kvm - 4.4.0-1110.120 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-kvm - 4.4.0.1110.107 linux-kvm - 4.4.0.1110.107 linux-headers-kvm - 4.4.0.1110.107 linux-image-kvm - 4.4.0.1110.107 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-3609 CVE-2021-3752 CVE-2021-3760 CVE-2021-39685 CVE-2021-39714 CVE-2021-4197 CVE-2021-4202 CVE-2022-0330 CVE-2022-1353 CVE-2022-1419 CVE-2022-1652 CVE-2022-1679 CVE-2022-1734 CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-24958 CVE-2022-28356 CVE-2022-28388 Ubuntu 16.04 LTS It was discovered that Vim incorrectly handled memory access. An attacker could potentially use this issue to cause the program to crash, use unexpected values, or execute arbitrary code. (CVE-2022-1968) It was discovered that Vim incorrectly handled memory access. An attacker could potentially use this issue to cause the corruption of sensitive information, a crash, or arbitrary code execution. (CVE-2022-1897, CVE-2022-1942) Update Instructions: Run `sudo pro fix USN-5507-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:7.4.1689-3ubuntu1.5+esm10 vim-nox-py2 - 2:7.4.1689-3ubuntu1.5+esm10 vim-gnome - 2:7.4.1689-3ubuntu1.5+esm10 vim-athena-py2 - 2:7.4.1689-3ubuntu1.5+esm10 vim-athena - 2:7.4.1689-3ubuntu1.5+esm10 vim-gtk - 2:7.4.1689-3ubuntu1.5+esm10 vim-gui-common - 2:7.4.1689-3ubuntu1.5+esm10 vim - 2:7.4.1689-3ubuntu1.5+esm10 vim-gtk3-py2 - 2:7.4.1689-3ubuntu1.5+esm10 vim-doc - 2:7.4.1689-3ubuntu1.5+esm10 vim-gtk-py2 - 2:7.4.1689-3ubuntu1.5+esm10 vim-tiny - 2:7.4.1689-3ubuntu1.5+esm10 vim-gnome-py2 - 2:7.4.1689-3ubuntu1.5+esm10 vim-gtk3 - 2:7.4.1689-3ubuntu1.5+esm10 vim-nox - 2:7.4.1689-3ubuntu1.5+esm10 vim-runtime - 2:7.4.1689-3ubuntu1.5+esm10 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-1897 CVE-2022-1942 CVE-2022-1968 Ubuntu 16.04 LTS USN-5510-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges. Update Instructions: Run `sudo pro fix USN-5510-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xmir - 2:1.18.4-0ubuntu0.12+esm2 xwayland - 2:1.18.4-0ubuntu0.12+esm2 xorg-server-source - 2:1.18.4-0ubuntu0.12+esm2 xserver-xorg-core - 2:1.18.4-0ubuntu0.12+esm2 xdmx - 2:1.18.4-0ubuntu0.12+esm2 xserver-xorg-xmir - 2:1.18.4-0ubuntu0.12+esm2 xserver-xorg-dev - 2:1.18.4-0ubuntu0.12+esm2 xdmx-tools - 2:1.18.4-0ubuntu0.12+esm2 xvfb - 2:1.18.4-0ubuntu0.12+esm2 xnest - 2:1.18.4-0ubuntu0.12+esm2 xserver-common - 2:1.18.4-0ubuntu0.12+esm2 xserver-xephyr - 2:1.18.4-0ubuntu0.12+esm2 xserver-xorg-legacy - 2:1.18.4-0ubuntu0.12+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro xserver-xorg-dev-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.6+esm1 xorg-server-source-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.6+esm1 xserver-xorg-core-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.6+esm1 xmir-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.6+esm1 xserver-xorg-legacy-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.6+esm1 xwayland-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.6+esm1 xserver-xephyr-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.6+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-2319 CVE-2022-2320 Ubuntu 16.04 LTS Eric Biederman discovered that the cgroup process migration implementation in the Linux kernel did not perform permission checks correctly in some situations. A local attacker could possibly use this to gain administrative privileges. (CVE-2021-4197) Jann Horn discovered that the FUSE file system in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1011) Duoming Zhou discovered that the 6pack protocol implementation in the Linux kernel did not handle detach events properly in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-1198) Duoming Zhou discovered that the AX.25 amateur radio protocol implementation in the Linux kernel did not handle detach events properly in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1199) Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol implementation in the Linux kernel during device detach operations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1204) Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol implementation in the Linux kernel, leading to use-after-free vulnerabilities. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1205) It was discovered that the PF_KEYv2 implementation in the Linux kernel did not properly initialize kernel memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-1353) It was discovered that the implementation of X.25 network protocols in the Linux kernel did not terminate link layer sessions properly. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1516) Zheyu Ma discovered that the Silicon Motion SM712 framebuffer driver in the Linux kernel did not properly handle very small reads. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-2380) It was discovered that the Microchip CAN BUS Analyzer interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-28389) Update Instructions: Run `sudo pro fix USN-5515-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-4.15.0-1102-oracle - 4.15.0-1102.113~16.04.1 linux-image-4.15.0-1102-oracle - 4.15.0-1102.113~16.04.1 linux-oracle-headers-4.15.0-1102 - 4.15.0-1102.113~16.04.1 linux-headers-4.15.0-1102-oracle - 4.15.0-1102.113~16.04.1 linux-modules-extra-4.15.0-1102-oracle - 4.15.0-1102.113~16.04.1 linux-buildinfo-4.15.0-1102-oracle - 4.15.0-1102.113~16.04.1 linux-oracle-tools-4.15.0-1102 - 4.15.0-1102.113~16.04.1 linux-image-unsigned-4.15.0-1102-oracle - 4.15.0-1102.113~16.04.1 linux-tools-4.15.0-1102-oracle - 4.15.0-1102.113~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp-tools-4.15.0-1131 - 4.15.0-1131.147~16.04.1 linux-image-unsigned-4.15.0-1131-gcp - 4.15.0-1131.147~16.04.1 linux-image-4.15.0-1131-gcp - 4.15.0-1131.147~16.04.1 linux-modules-extra-4.15.0-1131-gcp - 4.15.0-1131.147~16.04.1 linux-buildinfo-4.15.0-1131-gcp - 4.15.0-1131.147~16.04.1 linux-modules-4.15.0-1131-gcp - 4.15.0-1131.147~16.04.1 linux-headers-4.15.0-1131-gcp - 4.15.0-1131.147~16.04.1 linux-tools-4.15.0-1131-gcp - 4.15.0-1131.147~16.04.1 linux-gcp-headers-4.15.0-1131 - 4.15.0-1131.147~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-4.15.0-1137-aws - 4.15.0-1137.148~16.04.1 linux-image-4.15.0-1137-aws-hwe - 4.15.0-1137.148~16.04.1 linux-modules-extra-4.15.0-1137-aws - 4.15.0-1137.148~16.04.1 linux-buildinfo-4.15.0-1137-aws - 4.15.0-1137.148~16.04.1 linux-aws-headers-4.15.0-1137 - 4.15.0-1137.148~16.04.1 linux-tools-4.15.0-1137-aws - 4.15.0-1137.148~16.04.1 linux-aws-hwe-cloud-tools-4.15.0-1137 - 4.15.0-1137.148~16.04.1 linux-aws-hwe-tools-4.15.0-1137 - 4.15.0-1137.148~16.04.1 linux-modules-4.15.0-1137-aws - 4.15.0-1137.148~16.04.1 linux-image-unsigned-4.15.0-1137-aws - 4.15.0-1137.148~16.04.1 linux-cloud-tools-4.15.0-1137-aws - 4.15.0-1137.148~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-hwe-cloud-tools-4.15.0-189 - 4.15.0-189.200~16.04.1 linux-modules-4.15.0-189-lowlatency - 4.15.0-189.200~16.04.1 linux-cloud-tools-4.15.0-189-lowlatency - 4.15.0-189.200~16.04.1 linux-cloud-tools-4.15.0-189-generic - 4.15.0-189.200~16.04.1 linux-tools-4.15.0-189-generic - 4.15.0-189.200~16.04.1 linux-headers-4.15.0-189-lowlatency - 4.15.0-189.200~16.04.1 linux-buildinfo-4.15.0-189-generic - 4.15.0-189.200~16.04.1 linux-headers-4.15.0-189-generic - 4.15.0-189.200~16.04.1 linux-buildinfo-4.15.0-189-lowlatency - 4.15.0-189.200~16.04.1 linux-image-4.15.0-189-generic - 4.15.0-189.200~16.04.1 linux-image-unsigned-4.15.0-189-generic - 4.15.0-189.200~16.04.1 linux-modules-4.15.0-189-generic - 4.15.0-189.200~16.04.1 linux-tools-4.15.0-189-lowlatency - 4.15.0-189.200~16.04.1 linux-headers-4.15.0-189 - 4.15.0-189.200~16.04.1 linux-modules-extra-4.15.0-189-generic - 4.15.0-189.200~16.04.1 linux-image-4.15.0-189-lowlatency - 4.15.0-189.200~16.04.1 linux-image-unsigned-4.15.0-189-lowlatency - 4.15.0-189.200~16.04.1 linux-source-4.15.0 - 4.15.0-189.200~16.04.1 linux-hwe-tools-4.15.0-189 - 4.15.0-189.200~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 4.15.0.1102.86 linux-tools-oracle - 4.15.0.1102.86 linux-signed-image-oracle - 4.15.0.1102.86 linux-signed-oracle - 4.15.0.1102.86 linux-image-oracle - 4.15.0.1102.86 linux-oracle - 4.15.0.1102.86 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-gke - 4.15.0.1131.127 linux-headers-gke - 4.15.0.1131.127 linux-modules-extra-gcp - 4.15.0.1131.127 linux-tools-gke - 4.15.0.1131.127 linux-tools-gcp - 4.15.0.1131.127 linux-gke - 4.15.0.1131.127 linux-gcp - 4.15.0.1131.127 linux-image-gke - 4.15.0.1131.127 linux-headers-gcp - 4.15.0.1131.127 linux-image-gcp - 4.15.0.1131.127 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-hwe - 4.15.0.1137.124 linux-modules-extra-aws-hwe - 4.15.0.1137.124 linux-aws-edge - 4.15.0.1137.124 linux-image-aws-hwe - 4.15.0.1137.124 linux-headers-aws-hwe - 4.15.0.1137.124 linux-tools-aws-hwe - 4.15.0.1137.124 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-generic-hwe-16.04-edge - 4.15.0.189.176 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.189.176 linux-image-extra-virtual-hwe-16.04 - 4.15.0.189.176 linux-image-oem - 4.15.0.189.176 linux-headers-generic-hwe-16.04-edge - 4.15.0.189.176 linux-image-lowlatency-hwe-16.04 - 4.15.0.189.176 linux-tools-virtual-hwe-16.04 - 4.15.0.189.176 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.189.176 linux-image-virtual-hwe-16.04-edge - 4.15.0.189.176 linux-signed-lowlatency-hwe-16.04 - 4.15.0.189.176 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.189.176 linux-oem - 4.15.0.189.176 linux-generic-hwe-16.04-edge - 4.15.0.189.176 linux-headers-lowlatency-hwe-16.04 - 4.15.0.189.176 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.189.176 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.189.176 linux-tools-generic-hwe-16.04 - 4.15.0.189.176 linux-tools-oem - 4.15.0.189.176 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.189.176 linux-headers-oem - 4.15.0.189.176 linux-lowlatency-hwe-16.04-edge - 4.15.0.189.176 linux-signed-image-generic-hwe-16.04 - 4.15.0.189.176 linux-virtual-hwe-16.04-edge - 4.15.0.189.176 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.189.176 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.189.176 linux-headers-virtual-hwe-16.04-edge - 4.15.0.189.176 linux-lowlatency-hwe-16.04 - 4.15.0.189.176 linux-headers-generic-hwe-16.04 - 4.15.0.189.176 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.189.176 linux-generic-hwe-16.04 - 4.15.0.189.176 linux-tools-virtual-hwe-16.04-edge - 4.15.0.189.176 linux-virtual-hwe-16.04 - 4.15.0.189.176 linux-image-generic-hwe-16.04 - 4.15.0.189.176 linux-image-generic-hwe-16.04-edge - 4.15.0.189.176 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.189.176 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.189.176 linux-tools-lowlatency-hwe-16.04 - 4.15.0.189.176 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.189.176 linux-headers-virtual-hwe-16.04 - 4.15.0.189.176 linux-signed-oem - 4.15.0.189.176 linux-image-virtual-hwe-16.04 - 4.15.0.189.176 linux-signed-generic-hwe-16.04 - 4.15.0.189.176 linux-signed-image-oem - 4.15.0.189.176 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.189.176 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.189.176 linux-tools-generic-hwe-16.04-edge - 4.15.0.189.176 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-4197 CVE-2022-1011 CVE-2022-1198 CVE-2022-1199 CVE-2022-1204 CVE-2022-1205 CVE-2022-1353 CVE-2022-1516 CVE-2022-2380 CVE-2022-28389 Ubuntu 16.04 LTS It was discovered that Vim incorrectly handled memory access. An attacker could potentially use this issue to cause the corruption of sensitive information, a crash, or arbitrary code execution. Update Instructions: Run `sudo pro fix USN-5516-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:7.4.1689-3ubuntu1.5+esm11 vim-nox-py2 - 2:7.4.1689-3ubuntu1.5+esm11 vim-gnome - 2:7.4.1689-3ubuntu1.5+esm11 vim-athena-py2 - 2:7.4.1689-3ubuntu1.5+esm11 vim-athena - 2:7.4.1689-3ubuntu1.5+esm11 vim-gtk - 2:7.4.1689-3ubuntu1.5+esm11 vim-gui-common - 2:7.4.1689-3ubuntu1.5+esm11 vim - 2:7.4.1689-3ubuntu1.5+esm11 vim-gtk3-py2 - 2:7.4.1689-3ubuntu1.5+esm11 vim-doc - 2:7.4.1689-3ubuntu1.5+esm11 vim-gtk-py2 - 2:7.4.1689-3ubuntu1.5+esm11 vim-tiny - 2:7.4.1689-3ubuntu1.5+esm11 vim-gnome-py2 - 2:7.4.1689-3ubuntu1.5+esm11 vim-gtk3 - 2:7.4.1689-3ubuntu1.5+esm11 vim-nox - 2:7.4.1689-3ubuntu1.5+esm11 vim-runtime - 2:7.4.1689-3ubuntu1.5+esm11 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-2000 CVE-2022-2207 CVE-2022-2210 Ubuntu 16.04 LTS It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5519-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python2.7-dev - 2.7.12-1ubuntu0~16.04.18+esm2 python2.7-doc - 2.7.12-1ubuntu0~16.04.18+esm2 libpython2.7-stdlib - 2.7.12-1ubuntu0~16.04.18+esm2 libpython2.7-minimal - 2.7.12-1ubuntu0~16.04.18+esm2 libpython2.7 - 2.7.12-1ubuntu0~16.04.18+esm2 libpython2.7-testsuite - 2.7.12-1ubuntu0~16.04.18+esm2 python2.7 - 2.7.12-1ubuntu0~16.04.18+esm2 idle-python2.7 - 2.7.12-1ubuntu0~16.04.18+esm2 python2.7-examples - 2.7.12-1ubuntu0~16.04.18+esm2 libpython2.7-dev - 2.7.12-1ubuntu0~16.04.18+esm2 python2.7-minimal - 2.7.12-1ubuntu0~16.04.18+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro libpython3.5-stdlib - 3.5.2-2ubuntu0~16.04.13+esm3 python3.5-venv - 3.5.2-2ubuntu0~16.04.13+esm3 python3.5-doc - 3.5.2-2ubuntu0~16.04.13+esm3 python3.5-dev - 3.5.2-2ubuntu0~16.04.13+esm3 libpython3.5-dev - 3.5.2-2ubuntu0~16.04.13+esm3 libpython3.5-minimal - 3.5.2-2ubuntu0~16.04.13+esm3 python3.5 - 3.5.2-2ubuntu0~16.04.13+esm3 idle-python3.5 - 3.5.2-2ubuntu0~16.04.13+esm3 libpython3.5-testsuite - 3.5.2-2ubuntu0~16.04.13+esm3 python3.5-examples - 3.5.2-2ubuntu0~16.04.13+esm3 python3.5-minimal - 3.5.2-2ubuntu0~16.04.13+esm3 libpython3.5 - 3.5.2-2ubuntu0~16.04.13+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2015-20107 Ubuntu 16.04 LTS USN-5520-1 fixed a vulnerability in HTTP-Daemon. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that HTTP-Daemon incorrectly handled certain crafted requests. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. Update Instructions: Run `sudo pro fix USN-5520-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libhttp-daemon-perl - 6.01-1ubuntu0.16.04~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-31081 Ubuntu 16.04 LTS It was discovered that containerd insufficiently restricted permissions on container root and plugin directories. If a user or automated system were tricked into launching a specially crafted container image, a remote attacker could traverse directory contents and modify files and execute programs on the host file system, possibly leading to privilege escalation. (CVE-2021-41103) It was discovered that containerd incorrectly handled file permission changes. If a user or automated system were tricked into launching a specially crafted container image, a remote attacker could change permissions on files on the host file system and possibly escalate privileges. (CVE-2021-32760) It was discovered that containerd allows attackers to gain access to read- only copies of arbitrary files and directories on the host via a specially- crafted image configuration. An attacker could possibly use this issue to obtain sensitive information. (CVE-2022-23648) It was discovered that containerd incorrectly handled certain memory operations. A remote attacker could use this to cause a denial of service. (CVE-2022-31030) Update Instructions: Run `sudo pro fix USN-5521-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: containerd - 1.2.6-0ubuntu1~16.04.6+esm2 golang-github-docker-containerd-dev - 1.2.6-0ubuntu1~16.04.6+esm2 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2021-32760 CVE-2021-41103 CVE-2022-23648 CVE-2022-31030 Ubuntu 16.04 LTS It was discovered that LibTIFF was not properly performing checks to guarantee that allocated memory space existed, which could lead to a NULL pointer dereference via a specially crafted file. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0907, CVE-2022-0908) It was discovered that LibTIFF was not properly performing checks to avoid division calculations where the denominator value was zero, which could lead to an undefined behavior situation via a specially crafted file. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0909) It was discovered that LibTIFF was not properly performing bounds checks, which could lead to an out-of-bounds read via a specially crafted file. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. (CVE-2022-0924) It was discovered that LibTIFF was not properly performing the calculation of data that would eventually be used as a reference for bounds checking operations, which could lead to an out-of-bounds read via a specially crafted file. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. (CVE-2020-19131) It was discovered that LibTIFF was not properly terminating a function execution when processing incorrect data, which could lead to an out-of-bounds read via a specially crafted file. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. (CVE-2020-19144) It was discovered that LibTIFF was not properly performing checks when setting the value for data later used as reference during memory access, which could lead to an out-of-bounds read via a specially crafted file. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. (CVE-2022-22844) Update Instructions: Run `sudo pro fix USN-5523-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.6-1ubuntu0.8+esm2 libtiff-tools - 4.0.6-1ubuntu0.8+esm2 libtiff5-dev - 4.0.6-1ubuntu0.8+esm2 libtiff5 - 4.0.6-1ubuntu0.8+esm2 libtiffxx5 - 4.0.6-1ubuntu0.8+esm2 libtiff-doc - 4.0.6-1ubuntu0.8+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-19131 CVE-2020-19144 CVE-2022-0907 CVE-2022-0908 CVE-2022-0909 CVE-2022-0924 CVE-2022-22844 Ubuntu 16.04 LTS USN-5527-1 fixed vulnerabilities in Checkmk. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that Checkmk incorrectly handled authentication. An attacker could possibly use this issue to cause a race condition leading to information disclosure. (CVE-2017-14955) It was discovered that Checkmk incorrectly handled certain inputs. An attacker could use these cross-site scripting issues to inject arbitrary html or javascript code to obtain sensitive information including user information, session cookies and valid credentials. (CVE-2017-9781, CVE-2021-36563, CVE-2021-40906, CVE-2022-24565) Update Instructions: Run `sudo pro fix USN-5527-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: check-mk-config-icinga - 1.2.6p12-1ubuntu0.16.04.1+esm1 check-mk-config-nagios3 - 1.2.6p12-1ubuntu0.16.04.1+esm1 check-mk-multisite - 1.2.6p12-1ubuntu0.16.04.1+esm1 check-mk-server - 1.2.6p12-1ubuntu0.16.04.1+esm1 check-mk-doc - 1.2.6p12-1ubuntu0.16.04.1+esm1 check-mk-livestatus - 1.2.6p12-1ubuntu0.16.04.1+esm1 check-mk-agent-logwatch - 1.2.6p12-1ubuntu0.16.04.1+esm1 check-mk-agent - 1.2.6p12-1ubuntu0.16.04.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-14955 CVE-2017-9781 CVE-2021-36563 CVE-2022-24565 Ubuntu 16.04 LTS USN-5532-1 fixed a vulnerability in Bottle. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM Original advisory details: It was discovered that Bottle incorrectly handled errors during early request binding. An attacker could possibly use this issue to disclose sensitive information. (CVE-2022-31799) Update Instructions: Run `sudo pro fix USN-5532-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-bottle - 0.12.7-1+deb8u1ubuntu0.1~esm1 python-bottle - 0.12.7-1+deb8u1ubuntu0.1~esm1 python-bottle-doc - 0.12.7-1+deb8u1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-31799 Ubuntu 16.04 LTS It was discovered that Vim incorrectly handled memory access. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause the corruption of sensitive information, a crash, or arbitrary code execution. Update Instructions: Run `sudo pro fix USN-5533-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:7.4.1689-3ubuntu1.5+esm12 vim-nox-py2 - 2:7.4.1689-3ubuntu1.5+esm12 vim-gnome - 2:7.4.1689-3ubuntu1.5+esm12 vim-athena-py2 - 2:7.4.1689-3ubuntu1.5+esm12 vim-athena - 2:7.4.1689-3ubuntu1.5+esm12 vim-gtk - 2:7.4.1689-3ubuntu1.5+esm12 vim-gui-common - 2:7.4.1689-3ubuntu1.5+esm12 vim - 2:7.4.1689-3ubuntu1.5+esm12 vim-gtk3-py2 - 2:7.4.1689-3ubuntu1.5+esm12 vim-doc - 2:7.4.1689-3ubuntu1.5+esm12 vim-gtk-py2 - 2:7.4.1689-3ubuntu1.5+esm12 vim-tiny - 2:7.4.1689-3ubuntu1.5+esm12 vim-gnome-py2 - 2:7.4.1689-3ubuntu1.5+esm12 vim-gtk3 - 2:7.4.1689-3ubuntu1.5+esm12 vim-nox - 2:7.4.1689-3ubuntu1.5+esm12 vim-runtime - 2:7.4.1689-3ubuntu1.5+esm12 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2022-2129 Ubuntu 16.04 LTS It was discovered that ImageMagick incorrectly handled certain values. If a user were tricked into processing a specially crafted image file, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact. (CVE-2022-32545, CVE-2022-32546) It was discovered that ImageMagick incorrectly handled memory under certain circumstances. If a user were tricked into processing a specially crafted image file, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact. (CVE-2022-32547) Update Instructions: Run `sudo pro fix USN-5534-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.8.9.9-7ubuntu5.16+esm4 libmagickcore-6.q16-dev - 8:6.8.9.9-7ubuntu5.16+esm4 imagemagick - 8:6.8.9.9-7ubuntu5.16+esm4 imagemagick-doc - 8:6.8.9.9-7ubuntu5.16+esm4 libmagickwand-6.q16-dev - 8:6.8.9.9-7ubuntu5.16+esm4 libmagick++-6-headers - 8:6.8.9.9-7ubuntu5.16+esm4 libimage-magick-q16-perl - 8:6.8.9.9-7ubuntu5.16+esm4 libmagickwand-dev - 8:6.8.9.9-7ubuntu5.16+esm4 libimage-magick-perl - 8:6.8.9.9-7ubuntu5.16+esm4 libmagick++-dev - 8:6.8.9.9-7ubuntu5.16+esm4 imagemagick-6.q16 - 8:6.8.9.9-7ubuntu5.16+esm4 libmagick++-6.q16-5v5 - 8:6.8.9.9-7ubuntu5.16+esm4 perlmagick - 8:6.8.9.9-7ubuntu5.16+esm4 libmagickwand-6.q16-2 - 8:6.8.9.9-7ubuntu5.16+esm4 libmagickcore-6-headers - 8:6.8.9.9-7ubuntu5.16+esm4 libmagickcore-6-arch-config - 8:6.8.9.9-7ubuntu5.16+esm4 libmagick++-6.q16-dev - 8:6.8.9.9-7ubuntu5.16+esm4 libmagickcore-6.q16-2-extra - 8:6.8.9.9-7ubuntu5.16+esm4 libmagickcore-dev - 8:6.8.9.9-7ubuntu5.16+esm4 libmagickwand-6-headers - 8:6.8.9.9-7ubuntu5.16+esm4 libmagickcore-6.q16-2 - 8:6.8.9.9-7ubuntu5.16+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-32545 CVE-2022-32546 CVE-2022-32547 Ubuntu 16.04 LTS Joseph Nuzman discovered that some Intel processors did not properly initialise shared resources. A local attacker could use this to obtain sensitive information. (CVE-2021-0145) Mark Ermolov, Dmitry Sklyarov and Maxim Goryachy discovered that some Intel processors did not prevent test and debug logic from being activated at runtime. A local attacker could use this to escalate privileges. (CVE-2021-0146) It was discovered that some Intel processors did not implement sufficient control flow management. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-0127) It was discovered that some Intel processors did not completely perform cleanup actions on multi-core shared buffers. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21123, CVE-2022-21127) It was discovered that some Intel processors did not completely perform cleanup actions on microarchitectural fill buffers. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21125) Alysa Milburn, Jason Brandt, Avishai Redelman and Nir Lavi discovered that some Intel processors improperly optimised security-critical code. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21151) It was discovered that some Intel processors did not properly perform cleanup during specific special register write operations. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21166) It was discovered that some Intel processors did not properly restrict access in some situations. A local attacker could use this to obtain sensitive information. (CVE-2021-33117) Brandon Miller discovered that some Intel processors did not properly restrict access in some situations. A local attacker could use this to obtain sensitive information or a remote attacker could use this to cause a denial of service (system crash). (CVE-2021-33120) Update Instructions: Run `sudo pro fix USN-5535-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20220510.0ubuntu0.16.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-0127 CVE-2021-0145 CVE-2021-0146 CVE-2021-33117 CVE-2021-33120 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21151 CVE-2022-21166 Ubuntu 16.04 LTS USN-5537-1 fixed a vulnerability in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.7.39 in Ubuntu 16.04 ESM. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-39.html https://www.oracle.com/security-alerts/cpujul2022.html Update Instructions: Run `sudo pro fix USN-5537-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.39-0ubuntu0.16.04.1+esm2 mysql-source-5.7 - 5.7.39-0ubuntu0.16.04.1+esm2 libmysqlclient-dev - 5.7.39-0ubuntu0.16.04.1+esm2 mysql-client-core-5.7 - 5.7.39-0ubuntu0.16.04.1+esm2 mysql-client-5.7 - 5.7.39-0ubuntu0.16.04.1+esm2 libmysqlclient20 - 5.7.39-0ubuntu0.16.04.1+esm2 mysql-server-5.7 - 5.7.39-0ubuntu0.16.04.1+esm2 mysql-common - 5.7.39-0ubuntu0.16.04.1+esm2 mysql-server - 5.7.39-0ubuntu0.16.04.1+esm2 mysql-server-core-5.7 - 5.7.39-0ubuntu0.16.04.1+esm2 mysql-testsuite - 5.7.39-0ubuntu0.16.04.1+esm2 libmysqld-dev - 5.7.39-0ubuntu0.16.04.1+esm2 mysql-testsuite-5.7 - 5.7.39-0ubuntu0.16.04.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2022-21515 Ubuntu 16.04 LTS Liu Jian discovered that the IGMP protocol implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20141) It was discovered that the USB gadget subsystem in the Linux kernel did not properly validate interface descriptor requests. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-25258) It was discovered that the Remote NDIS (RNDIS) USB gadget implementation in the Linux kernel did not properly validate the size of the RNDIS_MSG_SET command. An attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-25375) Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel did not properly perform data validation. A local attacker could use this to escalate privileges in certain situations. (CVE-2022-34918) Update Instructions: Run `sudo pro fix USN-5540-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-tools-4.4.0-1111-kvm - 4.4.0-1111.121 linux-buildinfo-4.4.0-1111-kvm - 4.4.0-1111.121 linux-headers-4.4.0-1111-kvm - 4.4.0-1111.121 linux-kvm-tools-4.4.0-1111 - 4.4.0-1111.121 linux-kvm-cloud-tools-4.4.0-1111 - 4.4.0-1111.121 linux-modules-4.4.0-1111-kvm - 4.4.0-1111.121 linux-image-4.4.0-1111-kvm - 4.4.0-1111.121 linux-cloud-tools-4.4.0-1111-kvm - 4.4.0-1111.121 linux-kvm-headers-4.4.0-1111 - 4.4.0-1111.121 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-headers-4.4.0-1146 - 4.4.0-1146.161 linux-cloud-tools-4.4.0-1146-aws - 4.4.0-1146.161 linux-buildinfo-4.4.0-1146-aws - 4.4.0-1146.161 linux-aws-cloud-tools-4.4.0-1146 - 4.4.0-1146.161 linux-modules-extra-4.4.0-1146-aws - 4.4.0-1146.161 linux-image-4.4.0-1146-aws - 4.4.0-1146.161 linux-aws-tools-4.4.0-1146 - 4.4.0-1146.161 linux-tools-4.4.0-1146-aws - 4.4.0-1146.161 linux-headers-4.4.0-1146-aws - 4.4.0-1146.161 linux-modules-4.4.0-1146-aws - 4.4.0-1146.161 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-230-lowlatency - 4.4.0-230.264 linux-tools-common - 4.4.0-230.264 linux-image-unsigned-4.4.0-230-generic - 4.4.0-230.264 linux-tools-4.4.0-230 - 4.4.0-230.264 linux-buildinfo-4.4.0-230-lowlatency - 4.4.0-230.264 linux-tools-host - 4.4.0-230.264 linux-doc - 4.4.0-230.264 linux-modules-4.4.0-230-generic - 4.4.0-230.264 linux-headers-4.4.0-230-generic - 4.4.0-230.264 linux-image-4.4.0-230-generic - 4.4.0-230.264 linux-libc-dev - 4.4.0-230.264 linux-cloud-tools-4.4.0-230 - 4.4.0-230.264 linux-cloud-tools-4.4.0-230-generic - 4.4.0-230.264 linux-cloud-tools-4.4.0-230-lowlatency - 4.4.0-230.264 linux-tools-4.4.0-230-lowlatency - 4.4.0-230.264 linux-headers-4.4.0-230-lowlatency - 4.4.0-230.264 linux-modules-extra-4.4.0-230-generic - 4.4.0-230.264 linux-cloud-tools-common - 4.4.0-230.264 linux-tools-4.4.0-230-generic - 4.4.0-230.264 linux-source-4.4.0 - 4.4.0-230.264 linux-buildinfo-4.4.0-230-generic - 4.4.0-230.264 linux-image-unsigned-4.4.0-230-lowlatency - 4.4.0-230.264 linux-modules-4.4.0-230-lowlatency - 4.4.0-230.264 linux-headers-4.4.0-230 - 4.4.0-230.264 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-kvm - 4.4.0.1111.108 linux-headers-kvm - 4.4.0.1111.108 linux-tools-kvm - 4.4.0.1111.108 linux-image-kvm - 4.4.0.1111.108 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-aws - 4.4.0.1146.150 linux-image-aws - 4.4.0.1146.150 linux-aws - 4.4.0.1146.150 linux-modules-extra-aws - 4.4.0.1146.150 linux-tools-aws - 4.4.0.1146.150 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-image-generic-lts-utopic - 4.4.0.230.236 linux-cloud-tools-generic-lts-wily - 4.4.0.230.236 linux-cloud-tools-virtual-lts-xenial - 4.4.0.230.236 linux-cloud-tools-virtual - 4.4.0.230.236 linux-cloud-tools-virtual-lts-utopic - 4.4.0.230.236 linux-tools-generic-lts-vivid - 4.4.0.230.236 linux-image-extra-virtual-lts-xenial - 4.4.0.230.236 linux-image-extra-virtual-lts-wily - 4.4.0.230.236 linux-tools-virtual-lts-vivid - 4.4.0.230.236 linux-image-virtual - 4.4.0.230.236 linux-tools-virtual-lts-wily - 4.4.0.230.236 linux-image-lowlatency-lts-vivid - 4.4.0.230.236 linux-tools-lowlatency-lts-vivid - 4.4.0.230.236 linux-cloud-tools-generic-lts-utopic - 4.4.0.230.236 linux-headers-virtual-lts-vivid - 4.4.0.230.236 linux-image-lowlatency-lts-wily - 4.4.0.230.236 linux-image-generic - 4.4.0.230.236 linux-tools-lowlatency - 4.4.0.230.236 linux-image-lowlatency-lts-xenial - 4.4.0.230.236 linux-tools-virtual-lts-xenial - 4.4.0.230.236 linux-signed-lowlatency-lts-wily - 4.4.0.230.236 linux-image-extra-virtual-lts-vivid - 4.4.0.230.236 linux-image-generic-lts-wily - 4.4.0.230.236 linux-virtual-lts-utopic - 4.4.0.230.236 linux-signed-generic-lts-wily - 4.4.0.230.236 linux-cloud-tools-lowlatency-lts-wily - 4.4.0.230.236 linux-image-extra-virtual-lts-utopic - 4.4.0.230.236 linux-signed-generic-lts-utopic - 4.4.0.230.236 linux-tools-lowlatency-lts-xenial - 4.4.0.230.236 linux-headers-generic-lts-xenial - 4.4.0.230.236 linux-signed-generic-lts-vivid - 4.4.0.230.236 linux-crashdump - 4.4.0.230.236 linux-virtual-lts-vivid - 4.4.0.230.236 linux-signed-lowlatency-lts-xenial - 4.4.0.230.236 linux-headers-lowlatency-lts-vivid - 4.4.0.230.236 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.230.236 linux-lowlatency-lts-xenial - 4.4.0.230.236 linux-headers-lowlatency-lts-xenial - 4.4.0.230.236 linux-signed-generic-lts-xenial - 4.4.0.230.236 linux-source - 4.4.0.230.236 linux-signed-image-generic - 4.4.0.230.236 linux-lowlatency - 4.4.0.230.236 linux-cloud-tools-lowlatency-lts-vivid - 4.4.0.230.236 linux-generic-lts-xenial - 4.4.0.230.236 linux-headers-generic-lts-wily - 4.4.0.230.236 linux-tools-virtual - 4.4.0.230.236 linux-cloud-tools-generic-lts-xenial - 4.4.0.230.236 linux-virtual - 4.4.0.230.236 linux-cloud-tools-generic-lts-vivid - 4.4.0.230.236 linux-tools-generic-lts-utopic - 4.4.0.230.236 linux-cloud-tools-lowlatency-lts-utopic - 4.4.0.230.236 linux-signed-image-generic-lts-vivid - 4.4.0.230.236 linux-image-virtual-lts-xenial - 4.4.0.230.236 linux-image-virtual-lts-vivid - 4.4.0.230.236 linux-virtual-lts-xenial - 4.4.0.230.236 linux-cloud-tools-virtual-lts-vivid - 4.4.0.230.236 linux-tools-lowlatency-lts-utopic - 4.4.0.230.236 linux-signed-image-generic-lts-wily - 4.4.0.230.236 linux-signed-image-lowlatency-lts-xenial - 4.4.0.230.236 linux-image-generic-lts-vivid - 4.4.0.230.236 linux-generic - 4.4.0.230.236 linux-tools-generic-lts-wily - 4.4.0.230.236 linux-tools-virtual-lts-utopic - 4.4.0.230.236 linux-headers-lowlatency - 4.4.0.230.236 linux-lowlatency-lts-vivid - 4.4.0.230.236 linux-generic-lts-wily - 4.4.0.230.236 linux-image-hwe-virtual-trusty - 4.4.0.230.236 linux-signed-image-generic-lts-xenial - 4.4.0.230.236 linux-generic-lts-vivid - 4.4.0.230.236 linux-tools-lowlatency-lts-wily - 4.4.0.230.236 linux-headers-virtual-lts-xenial - 4.4.0.230.236 linux-headers-lowlatency-lts-wily - 4.4.0.230.236 linux-headers-lowlatency-lts-utopic - 4.4.0.230.236 linux-hwe-generic-trusty - 4.4.0.230.236 linux-tools-generic - 4.4.0.230.236 linux-image-extra-virtual - 4.4.0.230.236 linux-cloud-tools-generic - 4.4.0.230.236 linux-headers-generic-lts-utopic - 4.4.0.230.236 linux-cloud-tools-virtual-lts-wily - 4.4.0.230.236 linux-cloud-tools-lowlatency - 4.4.0.230.236 linux-lowlatency-lts-utopic - 4.4.0.230.236 linux-tools-generic-lts-xenial - 4.4.0.230.236 linux-signed-image-lowlatency - 4.4.0.230.236 linux-image-generic-lts-utopic - 4.4.0.230.236 linux-image-virtual-lts-wily - 4.4.0.230.236 linux-signed-generic - 4.4.0.230.236 linux-lowlatency-lts-wily - 4.4.0.230.236 linux-image-virtual-lts-utopic - 4.4.0.230.236 linux-headers-generic - 4.4.0.230.236 linux-tools-lts-utopic - 4.4.0.230.236 linux-generic-lts-utopic - 4.4.0.230.236 linux-image-hwe-generic-trusty - 4.4.0.230.236 linux-signed-image-lowlatency-lts-wily - 4.4.0.230.236 linux-headers-generic-lts-vivid - 4.4.0.230.236 linux-headers-virtual - 4.4.0.230.236 linux-image-generic-lts-xenial - 4.4.0.230.236 linux-virtual-lts-wily - 4.4.0.230.236 linux-headers-virtual-lts-utopic - 4.4.0.230.236 linux-headers-virtual-lts-wily - 4.4.0.230.236 linux-hwe-virtual-trusty - 4.4.0.230.236 linux-signed-lowlatency - 4.4.0.230.236 linux-image-lowlatency-lts-utopic - 4.4.0.230.236 linux-image-lowlatency - 4.4.0.230.236 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-20141 CVE-2022-25258 CVE-2022-25375 CVE-2022-34918 Ubuntu 16.04 LTS Eric Biederman discovered that the cgroup process migration implementation in the Linux kernel did not perform permission checks correctly in some situations. A local attacker could possibly use this to gain administrative privileges. (CVE-2021-4197) Jann Horn discovered that the FUSE file system in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1011) Duoming Zhou discovered that the 6pack protocol implementation in the Linux kernel did not handle detach events properly in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-1198) Duoming Zhou discovered that the AX.25 amateur radio protocol implementation in the Linux kernel did not handle detach events properly in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1199) Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol implementation in the Linux kernel during device detach operations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1204) Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol implementation in the Linux kernel, leading to use-after-free vulnerabilities. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1205) It was discovered that the PF_KEYv2 implementation in the Linux kernel did not properly initialize kernel memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-1353) It was discovered that the implementation of X.25 network protocols in the Linux kernel did not terminate link layer sessions properly. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1516) Zheyu Ma discovered that the Silicon Motion SM712 framebuffer driver in the Linux kernel did not properly handle very small reads. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-2380) It was discovered that the 8 Devices USB2CAN interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-28388) It was discovered that the Microchip CAN BUS Analyzer interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-28389) Update Instructions: Run `sudo pro fix USN-5541-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-azure-headers-4.15.0-1146 - 4.15.0-1146.161~16.04.1 linux-modules-4.15.0-1146-azure - 4.15.0-1146.161~16.04.1 linux-cloud-tools-4.15.0-1146-azure - 4.15.0-1146.161~16.04.1 linux-image-unsigned-4.15.0-1146-azure - 4.15.0-1146.161~16.04.1 linux-azure-tools-4.15.0-1146 - 4.15.0-1146.161~16.04.1 linux-headers-4.15.0-1146-azure - 4.15.0-1146.161~16.04.1 linux-tools-4.15.0-1146-azure - 4.15.0-1146.161~16.04.1 linux-modules-extra-4.15.0-1146-azure - 4.15.0-1146.161~16.04.1 linux-buildinfo-4.15.0-1146-azure - 4.15.0-1146.161~16.04.1 linux-azure-cloud-tools-4.15.0-1146 - 4.15.0-1146.161~16.04.1 linux-image-4.15.0-1146-azure - 4.15.0-1146.161~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1146.133 linux-azure - 4.15.0.1146.133 linux-tools-azure-edge - 4.15.0.1146.133 linux-signed-image-azure-edge - 4.15.0.1146.133 linux-image-azure - 4.15.0.1146.133 linux-cloud-tools-azure - 4.15.0.1146.133 linux-cloud-tools-azure-edge - 4.15.0.1146.133 linux-tools-azure - 4.15.0.1146.133 linux-headers-azure-edge - 4.15.0.1146.133 linux-image-azure-edge - 4.15.0.1146.133 linux-headers-azure - 4.15.0.1146.133 linux-modules-extra-azure - 4.15.0.1146.133 linux-azure-edge - 4.15.0.1146.133 linux-modules-extra-azure-edge - 4.15.0.1146.133 linux-signed-azure-edge - 4.15.0.1146.133 linux-signed-image-azure - 4.15.0.1146.133 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-4197 CVE-2022-1011 CVE-2022-1198 CVE-2022-1199 CVE-2022-1204 CVE-2022-1205 CVE-2022-1353 CVE-2022-1516 CVE-2022-2380 CVE-2022-28388 CVE-2022-28389 Ubuntu 16.04 LTS USN-5546-1 fixed vulnerabilities in OpenJDK. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: Neil Madden discovered that OpenJDK did not properly verify ECDSA signatures. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 17 and OpenJDK 18. (CVE-2022-21449) It was discovered that OpenJDK incorrectly limited memory when compiling a specially crafted XPath expression. An attacker could possibly use this issue to cause a denial of service. This issue was fixed in OpenJDK 8 and OpenJDK 18. USN-5388-1 and USN-5388-2 addressed this issue in OpenJDK 11 and OpenJDK 17. (CVE-2022-21426) It was discovered that OpenJDK incorrectly handled converting certain object arguments into their textual representations. An attacker could possibly use this issue to cause a denial of service. This issue was fixed in OpenJDK 8 and OpenJDK 18. USN-5388-1 and USN-5388-2 addressed this issue in OpenJDK 11 and OpenJDK 17. (CVE-2022-21434) It was discovered that OpenJDK incorrectly validated the encoded length of certain object identifiers. An attacker could possibly use this issue to cause a denial of service. This issue was fixed in OpenJDK 8 and OpenJDK 18. USN-5388-1 and USN-5388-2 addressed this issue in OpenJDK 11 and OpenJDK 17. (CVE-2022-21443) It was discovered that OpenJDK incorrectly validated certain paths. An attacker could possibly use this issue to bypass the secure validation feature and expose sensitive information in XML files. This issue was fixed in OpenJDK 8 and OpenJDK 18. USN-5388-1 and USN-5388-2 addressed this issue in OpenJDK 11 and OpenJDK 17. (CVE-2022-21476) It was discovered that OpenJDK incorrectly parsed certain URI strings. An attacker could possibly use this issue to make applications accept invalid of malformed URI strings. This issue was fixed in OpenJDK 8 and OpenJDK 18. USN-5388-1 and USN-5388-2 addressed this issue in OpenJDK 11 and OpenJDK 17. (CVE-2022-21496) It was discovered that OpenJDK incorrectly generated class code in the Hotspot component. An attacker could possibly use this issue to obtain sensitive information. (CVE-2022-21540) It was dicovered that OpenJDK incorrectly restricted access to the invokeBasic() method in the Hotspot component. An attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2022-21541) It was discovered that OpenJDK incorrectly computed exponentials. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 17. (CVE-2022-21549) It was discovered that OpenJDK includes a copy of Xalan that incorrectly handled integer truncation. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-34169) Update Instructions: Run `sudo pro fix USN-5546-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-8-doc - 8u342-b07-0ubuntu1~16.04 openjdk-8-jdk - 8u342-b07-0ubuntu1~16.04 openjdk-8-jre-headless - 8u342-b07-0ubuntu1~16.04 openjdk-8-jre - 8u342-b07-0ubuntu1~16.04 openjdk-8-jdk-headless - 8u342-b07-0ubuntu1~16.04 openjdk-8-source - 8u342-b07-0ubuntu1~16.04 openjdk-8-jre-zero - 8u342-b07-0ubuntu1~16.04 openjdk-8-demo - 8u342-b07-0ubuntu1~16.04 openjdk-8-jre-jamvm - 8u342-b07-0ubuntu1~16.04 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21476 CVE-2022-21496 CVE-2022-21540 CVE-2022-21541 CVE-2022-34169 Ubuntu 16.04 LTS It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5548-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxml2 - 2.9.3+dfsg1-1ubuntu0.7+esm3 libxml2-utils - 2.9.3+dfsg1-1ubuntu0.7+esm3 python-libxml2 - 2.9.3+dfsg1-1ubuntu0.7+esm3 libxml2-doc - 2.9.3+dfsg1-1ubuntu0.7+esm3 libxml2-dev - 2.9.3+dfsg1-1ubuntu0.7+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2016-3709 Ubuntu 16.04 LTS It was discovered that libjpeg-turbo was not properly handling EOF characters, which could lead to excessive memory consumption through the execution of a large loop. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-11813) It was discovered that libjpeg-turbo was not properly performing bounds check operations, which could lead to a heap-based buffer overread. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM. (CVE-2018-14498) It was discovered that libjpeg-turbo was not properly limiting the amount of main memory being consumed by the system during decompression or multi-pass compression operations, which could lead to excessive memory consumption. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-14152) It was discovered that libjpeg-turbo was not properly setting variable sizes when performing certain kinds of encoding operations, which could lead to a stack-based buffer overflow. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. (CVE-2020-17541) Update Instructions: Run `sudo pro fix USN-5553-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjpeg-turbo8 - 1.4.2-0ubuntu3.4+esm1 libjpeg-turbo-test - 1.4.2-0ubuntu3.4+esm1 libjpeg-turbo8-dev - 1.4.2-0ubuntu3.4+esm1 libturbojpeg - 1.4.2-0ubuntu3.4+esm1 libjpeg-turbo-progs - 1.4.2-0ubuntu3.4+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2018-11813 CVE-2018-14498 CVE-2020-14152 CVE-2020-17541 Ubuntu 16.04 LTS It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-1920, CVE-2022-1921) It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1922, CVE-2022-1923, CVE-2022-1924, CVE-2022-1925, CVE-2022-2122) Update Instructions: Run `sudo pro fix USN-5555-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gstreamer1.0-plugins-good - 1.8.3-1ubuntu0.5+esm1 gstreamer1.0-pulseaudio - 1.8.3-1ubuntu0.5+esm1 gstreamer1.0-plugins-good-doc - 1.8.3-1ubuntu0.5+esm1 libgstreamer-plugins-good1.0-0 - 1.8.3-1ubuntu0.5+esm1 libgstreamer-plugins-good1.0-dev - 1.8.3-1ubuntu0.5+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-1920 CVE-2022-1921 CVE-2022-1922 CVE-2022-1923 CVE-2022-1924 CVE-2022-1925 CVE-2022-2122 Ubuntu 16.04 LTS Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-2588) It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-2586) Update Instructions: Run `sudo pro fix USN-5557-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-4.4.0-1112-kvm - 4.4.0-1112.122 linux-headers-4.4.0-1112-kvm - 4.4.0-1112.122 linux-cloud-tools-4.4.0-1112-kvm - 4.4.0-1112.122 linux-image-4.4.0-1112-kvm - 4.4.0-1112.122 linux-kvm-tools-4.4.0-1112 - 4.4.0-1112.122 linux-kvm-cloud-tools-4.4.0-1112 - 4.4.0-1112.122 linux-buildinfo-4.4.0-1112-kvm - 4.4.0-1112.122 linux-kvm-headers-4.4.0-1112 - 4.4.0-1112.122 linux-tools-4.4.0-1112-kvm - 4.4.0-1112.122 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.4.0-1147-aws - 4.4.0-1147.162 linux-aws-cloud-tools-4.4.0-1147 - 4.4.0-1147.162 linux-headers-4.4.0-1147-aws - 4.4.0-1147.162 linux-aws-headers-4.4.0-1147 - 4.4.0-1147.162 linux-tools-4.4.0-1147-aws - 4.4.0-1147.162 linux-aws-tools-4.4.0-1147 - 4.4.0-1147.162 linux-cloud-tools-4.4.0-1147-aws - 4.4.0-1147.162 linux-modules-4.4.0-1147-aws - 4.4.0-1147.162 linux-modules-extra-4.4.0-1147-aws - 4.4.0-1147.162 linux-image-4.4.0-1147-aws - 4.4.0-1147.162 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-common - 4.4.0-231.265 linux-tools-4.4.0-231-generic - 4.4.0-231.265 linux-tools-host - 4.4.0-231.265 linux-headers-4.4.0-231-lowlatency - 4.4.0-231.265 linux-doc - 4.4.0-231.265 linux-image-unsigned-4.4.0-231-lowlatency - 4.4.0-231.265 linux-buildinfo-4.4.0-231-generic - 4.4.0-231.265 linux-tools-4.4.0-231-lowlatency - 4.4.0-231.265 linux-headers-4.4.0-231-generic - 4.4.0-231.265 linux-image-4.4.0-231-lowlatency - 4.4.0-231.265 linux-libc-dev - 4.4.0-231.265 linux-cloud-tools-4.4.0-231 - 4.4.0-231.265 linux-modules-4.4.0-231-generic - 4.4.0-231.265 linux-modules-4.4.0-231-lowlatency - 4.4.0-231.265 linux-tools-4.4.0-231 - 4.4.0-231.265 linux-modules-extra-4.4.0-231-generic - 4.4.0-231.265 linux-cloud-tools-4.4.0-231-lowlatency - 4.4.0-231.265 linux-buildinfo-4.4.0-231-lowlatency - 4.4.0-231.265 linux-headers-4.4.0-231 - 4.4.0-231.265 linux-cloud-tools-common - 4.4.0-231.265 linux-image-unsigned-4.4.0-231-generic - 4.4.0-231.265 linux-source-4.4.0 - 4.4.0-231.265 linux-image-4.4.0-231-generic - 4.4.0-231.265 linux-cloud-tools-4.4.0-231-generic - 4.4.0-231.265 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-kvm - 4.4.0.1112.109 linux-headers-kvm - 4.4.0.1112.109 linux-image-kvm - 4.4.0.1112.109 linux-tools-kvm - 4.4.0.1112.109 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-aws - 4.4.0.1147.151 linux-image-aws - 4.4.0.1147.151 linux-aws - 4.4.0.1147.151 linux-modules-extra-aws - 4.4.0.1147.151 linux-tools-aws - 4.4.0.1147.151 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-image-generic-lts-utopic - 4.4.0.231.237 linux-cloud-tools-generic-lts-wily - 4.4.0.231.237 linux-cloud-tools-virtual-lts-xenial - 4.4.0.231.237 linux-cloud-tools-virtual - 4.4.0.231.237 linux-cloud-tools-virtual-lts-utopic - 4.4.0.231.237 linux-tools-generic-lts-vivid - 4.4.0.231.237 linux-image-extra-virtual-lts-xenial - 4.4.0.231.237 linux-image-extra-virtual-lts-wily - 4.4.0.231.237 linux-headers-generic-lts-wily - 4.4.0.231.237 linux-crashdump - 4.4.0.231.237 linux-image-virtual - 4.4.0.231.237 linux-generic-lts-vivid - 4.4.0.231.237 linux-image-lowlatency-lts-vivid - 4.4.0.231.237 linux-cloud-tools-virtual-lts-vivid - 4.4.0.231.237 linux-tools-lowlatency-lts-vivid - 4.4.0.231.237 linux-cloud-tools-generic-lts-utopic - 4.4.0.231.237 linux-headers-virtual-lts-vivid - 4.4.0.231.237 linux-image-lowlatency-lts-wily - 4.4.0.231.237 linux-image-generic - 4.4.0.231.237 linux-tools-lowlatency - 4.4.0.231.237 linux-tools-virtual-lts-xenial - 4.4.0.231.237 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.231.237 linux-image-extra-virtual-lts-vivid - 4.4.0.231.237 linux-image-generic-lts-wily - 4.4.0.231.237 linux-virtual-lts-utopic - 4.4.0.231.237 linux-signed-generic-lts-wily - 4.4.0.231.237 linux-cloud-tools-lowlatency-lts-wily - 4.4.0.231.237 linux-image-extra-virtual-lts-utopic - 4.4.0.231.237 linux-signed-generic-lts-utopic - 4.4.0.231.237 linux-tools-lowlatency-lts-xenial - 4.4.0.231.237 linux-headers-generic-lts-xenial - 4.4.0.231.237 linux-signed-generic-lts-vivid - 4.4.0.231.237 linux-headers-lowlatency-lts-wily - 4.4.0.231.237 linux-virtual-lts-vivid - 4.4.0.231.237 linux-signed-lowlatency-lts-xenial - 4.4.0.231.237 linux-headers-lowlatency-lts-vivid - 4.4.0.231.237 linux-signed-lowlatency-lts-wily - 4.4.0.231.237 linux-lowlatency-lts-xenial - 4.4.0.231.237 linux-image-virtual-lts-utopic - 4.4.0.231.237 linux-signed-generic-lts-xenial - 4.4.0.231.237 linux-source - 4.4.0.231.237 linux-signed-image-generic - 4.4.0.231.237 linux-lowlatency - 4.4.0.231.237 linux-cloud-tools-lowlatency-lts-vivid - 4.4.0.231.237 linux-generic-lts-xenial - 4.4.0.231.237 linux-tools-virtual - 4.4.0.231.237 linux-cloud-tools-generic-lts-vivid - 4.4.0.231.237 linux-tools-generic-lts-utopic - 4.4.0.231.237 linux-cloud-tools-lowlatency-lts-utopic - 4.4.0.231.237 linux-image-virtual-lts-xenial - 4.4.0.231.237 linux-image-virtual-lts-vivid - 4.4.0.231.237 linux-image-extra-virtual - 4.4.0.231.237 linux-virtual-lts-xenial - 4.4.0.231.237 linux-tools-lowlatency-lts-utopic - 4.4.0.231.237 linux-signed-image-generic-lts-wily - 4.4.0.231.237 linux-signed-image-lowlatency-lts-xenial - 4.4.0.231.237 linux-tools-virtual-lts-vivid - 4.4.0.231.237 linux-image-generic-lts-vivid - 4.4.0.231.237 linux-generic - 4.4.0.231.237 linux-tools-generic-lts-wily - 4.4.0.231.237 linux-virtual - 4.4.0.231.237 linux-tools-virtual-lts-utopic - 4.4.0.231.237 linux-headers-lowlatency - 4.4.0.231.237 linux-lowlatency-lts-vivid - 4.4.0.231.237 linux-generic-lts-wily - 4.4.0.231.237 linux-image-hwe-virtual-trusty - 4.4.0.231.237 linux-signed-image-generic-lts-xenial - 4.4.0.231.237 linux-tools-virtual-lts-wily - 4.4.0.231.237 linux-tools-lowlatency-lts-wily - 4.4.0.231.237 linux-headers-virtual-lts-xenial - 4.4.0.231.237 linux-headers-lowlatency-lts-utopic - 4.4.0.231.237 linux-hwe-generic-trusty - 4.4.0.231.237 linux-tools-generic - 4.4.0.231.237 linux-cloud-tools-generic - 4.4.0.231.237 linux-image-generic-lts-xenial - 4.4.0.231.237 linux-headers-generic-lts-utopic - 4.4.0.231.237 linux-cloud-tools-virtual-lts-wily - 4.4.0.231.237 linux-cloud-tools-lowlatency - 4.4.0.231.237 linux-lowlatency-lts-utopic - 4.4.0.231.237 linux-tools-generic-lts-xenial - 4.4.0.231.237 linux-signed-image-lowlatency - 4.4.0.231.237 linux-image-generic-lts-utopic - 4.4.0.231.237 linux-image-virtual-lts-wily - 4.4.0.231.237 linux-signed-generic - 4.4.0.231.237 linux-lowlatency-lts-wily - 4.4.0.231.237 linux-headers-generic - 4.4.0.231.237 linux-tools-lts-utopic - 4.4.0.231.237 linux-signed-image-generic-lts-vivid - 4.4.0.231.237 linux-headers-virtual-lts-utopic - 4.4.0.231.237 linux-generic-lts-utopic - 4.4.0.231.237 linux-headers-lowlatency-lts-xenial - 4.4.0.231.237 linux-image-hwe-generic-trusty - 4.4.0.231.237 linux-signed-image-lowlatency-lts-wily - 4.4.0.231.237 linux-headers-generic-lts-vivid - 4.4.0.231.237 linux-headers-virtual - 4.4.0.231.237 linux-cloud-tools-generic-lts-xenial - 4.4.0.231.237 linux-virtual-lts-wily - 4.4.0.231.237 linux-image-lowlatency-lts-xenial - 4.4.0.231.237 linux-headers-virtual-lts-wily - 4.4.0.231.237 linux-hwe-virtual-trusty - 4.4.0.231.237 linux-signed-lowlatency - 4.4.0.231.237 linux-image-lowlatency-lts-utopic - 4.4.0.231.237 linux-image-lowlatency - 4.4.0.231.237 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-2586 CVE-2022-2588 Ubuntu 16.04 LTS Zhao Liang discovered that libcdio was not properly performing memory management operations when processing ISO files, which could result in a heap buffer overflow or in a NULL pointer dereference. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. (CVE-2017-18198, CVE-2017-18199) Update Instructions: Run `sudo pro fix USN-5558-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcdio-paranoia1 - 0.83-4.2ubuntu1+esm1 libcdio-cdda-dev - 0.83-4.2ubuntu1+esm1 libcdio-paranoia-dev - 0.83-4.2ubuntu1+esm1 libcdio-cdda1 - 0.83-4.2ubuntu1+esm1 libcdio-utils - 0.83-4.2ubuntu1+esm1 libcdio13 - 0.83-4.2ubuntu1+esm1 libudf-dev - 0.83-4.2ubuntu1+esm1 libiso9660-dev - 0.83-4.2ubuntu1+esm1 libiso9660-8 - 0.83-4.2ubuntu1+esm1 libcdio-dev - 0.83-4.2ubuntu1+esm1 libudf0 - 0.83-4.2ubuntu1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2017-18198 CVE-2017-18199 Ubuntu 16.04 LTS Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-2588) It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-2586) It was discovered that the block layer subsystem in the Linux kernel did not properly initialize memory in some situations. A privileged local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-0494) Hu Jiahui discovered that multiple race conditions existed in the Advanced Linux Sound Architecture (ALSA) framework, leading to use-after-free vulnerabilities. A local attacker could use these to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1048) It was discovered that the implementation of the 6pack and mkiss protocols in the Linux kernel did not handle detach events properly in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1195) Minh Yuan discovered that the floppy disk driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1652) It was discovered that the Atheros ath9k wireless device driver in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1679) Norbert Slusarek discovered that a race condition existed in the perf subsystem in the Linux kernel, resulting in a use-after-free vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1729) It was discovered that the Marvell NFC device driver implementation in the Linux kernel did not properly perform memory cleanup operations in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1734) Duoming Zhou discovered a race condition in the NFC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1974) Duoming Zhou discovered that the NFC subsystem in the Linux kernel did not properly prevent context switches from occurring during certain atomic context operations. A privileged local attacker could use this to cause a denial of service (system crash). (CVE-2022-1975) Minh Yuan discovered that the floppy driver in the Linux kernel contained a race condition in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-33981) Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel did not properly perform data validation. A local attacker could use this to escalate privileges in certain situations. (CVE-2022-34918) Update Instructions: Run `sudo pro fix USN-5560-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-headers-4.15.0-1104-oracle - 4.15.0-1104.115~16.04.1 linux-oracle-headers-4.15.0-1104 - 4.15.0-1104.115~16.04.1 linux-tools-4.15.0-1104-oracle - 4.15.0-1104.115~16.04.1 linux-modules-4.15.0-1104-oracle - 4.15.0-1104.115~16.04.1 linux-image-unsigned-4.15.0-1104-oracle - 4.15.0-1104.115~16.04.1 linux-modules-extra-4.15.0-1104-oracle - 4.15.0-1104.115~16.04.1 linux-oracle-tools-4.15.0-1104 - 4.15.0-1104.115~16.04.1 linux-buildinfo-4.15.0-1104-oracle - 4.15.0-1104.115~16.04.1 linux-image-4.15.0-1104-oracle - 4.15.0-1104.115~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.15.0-1134-gcp - 4.15.0-1134.150~16.04.2 linux-tools-4.15.0-1134-gcp - 4.15.0-1134.150~16.04.2 linux-modules-4.15.0-1134-gcp - 4.15.0-1134.150~16.04.2 linux-headers-4.15.0-1134-gcp - 4.15.0-1134.150~16.04.2 linux-buildinfo-4.15.0-1134-gcp - 4.15.0-1134.150~16.04.2 linux-gcp-tools-4.15.0-1134 - 4.15.0-1134.150~16.04.2 linux-modules-extra-4.15.0-1134-gcp - 4.15.0-1134.150~16.04.2 linux-image-unsigned-4.15.0-1134-gcp - 4.15.0-1134.150~16.04.2 linux-gcp-headers-4.15.0-1134 - 4.15.0-1134.150~16.04.2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-4.15.0-1139-aws - 4.15.0-1139.150~16.04.1 linux-modules-4.15.0-1139-aws - 4.15.0-1139.150~16.04.1 linux-aws-headers-4.15.0-1139 - 4.15.0-1139.150~16.04.1 linux-image-4.15.0-1139-aws-hwe - 4.15.0-1139.150~16.04.1 linux-buildinfo-4.15.0-1139-aws - 4.15.0-1139.150~16.04.1 linux-cloud-tools-4.15.0-1139-aws - 4.15.0-1139.150~16.04.1 linux-aws-hwe-cloud-tools-4.15.0-1139 - 4.15.0-1139.150~16.04.1 linux-modules-extra-4.15.0-1139-aws - 4.15.0-1139.150~16.04.1 linux-aws-hwe-tools-4.15.0-1139 - 4.15.0-1139.150~16.04.1 linux-image-unsigned-4.15.0-1139-aws - 4.15.0-1139.150~16.04.1 linux-headers-4.15.0-1139-aws - 4.15.0-1139.150~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-4.15.0-1149-azure - 4.15.0-1149.164~16.04.1 linux-headers-4.15.0-1149-azure - 4.15.0-1149.164~16.04.1 linux-image-4.15.0-1149-azure - 4.15.0-1149.164~16.04.1 linux-azure-tools-4.15.0-1149 - 4.15.0-1149.164~16.04.1 linux-buildinfo-4.15.0-1149-azure - 4.15.0-1149.164~16.04.1 linux-azure-cloud-tools-4.15.0-1149 - 4.15.0-1149.164~16.04.1 linux-image-unsigned-4.15.0-1149-azure - 4.15.0-1149.164~16.04.1 linux-azure-headers-4.15.0-1149 - 4.15.0-1149.164~16.04.1 linux-modules-4.15.0-1149-azure - 4.15.0-1149.164~16.04.1 linux-modules-extra-4.15.0-1149-azure - 4.15.0-1149.164~16.04.1 linux-cloud-tools-4.15.0-1149-azure - 4.15.0-1149.164~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-4.15.0-191-lowlatency - 4.15.0-191.202~16.04.1 linux-buildinfo-4.15.0-191-generic - 4.15.0-191.202~16.04.1 linux-modules-4.15.0-191-generic - 4.15.0-191.202~16.04.1 linux-image-unsigned-4.15.0-191-generic - 4.15.0-191.202~16.04.1 linux-tools-4.15.0-191-lowlatency - 4.15.0-191.202~16.04.1 linux-headers-4.15.0-191-generic - 4.15.0-191.202~16.04.1 linux-image-4.15.0-191-generic - 4.15.0-191.202~16.04.1 linux-modules-extra-4.15.0-191-generic - 4.15.0-191.202~16.04.1 linux-image-4.15.0-191-lowlatency - 4.15.0-191.202~16.04.1 linux-cloud-tools-4.15.0-191-generic - 4.15.0-191.202~16.04.1 linux-tools-4.15.0-191-generic - 4.15.0-191.202~16.04.1 linux-hwe-cloud-tools-4.15.0-191 - 4.15.0-191.202~16.04.1 linux-modules-4.15.0-191-lowlatency - 4.15.0-191.202~16.04.1 linux-hwe-tools-4.15.0-191 - 4.15.0-191.202~16.04.1 linux-buildinfo-4.15.0-191-lowlatency - 4.15.0-191.202~16.04.1 linux-image-unsigned-4.15.0-191-lowlatency - 4.15.0-191.202~16.04.1 linux-headers-4.15.0-191 - 4.15.0-191.202~16.04.1 linux-cloud-tools-4.15.0-191-lowlatency - 4.15.0-191.202~16.04.1 linux-source-4.15.0 - 4.15.0-191.202~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-image-oracle - 4.15.0.1104.88 linux-headers-oracle - 4.15.0.1104.88 linux-signed-oracle - 4.15.0.1104.88 linux-image-oracle - 4.15.0.1104.88 linux-tools-oracle - 4.15.0.1104.88 linux-oracle - 4.15.0.1104.88 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-gke - 4.15.0.1134.129 linux-headers-gke - 4.15.0.1134.129 linux-tools-gke - 4.15.0.1134.129 linux-modules-extra-gcp - 4.15.0.1134.129 linux-tools-gcp - 4.15.0.1134.129 linux-gke - 4.15.0.1134.129 linux-gcp - 4.15.0.1134.129 linux-image-gke - 4.15.0.1134.129 linux-headers-gcp - 4.15.0.1134.129 linux-image-gcp - 4.15.0.1134.129 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-hwe - 4.15.0.1139.126 linux-modules-extra-aws-hwe - 4.15.0.1139.126 linux-aws-edge - 4.15.0.1139.126 linux-image-aws-hwe - 4.15.0.1139.126 linux-headers-aws-hwe - 4.15.0.1139.126 linux-tools-aws-hwe - 4.15.0.1139.126 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1149.136 linux-tools-azure-edge - 4.15.0.1149.136 linux-cloud-tools-azure - 4.15.0.1149.136 linux-tools-azure - 4.15.0.1149.136 linux-image-azure-edge - 4.15.0.1149.136 linux-signed-image-azure-edge - 4.15.0.1149.136 linux-cloud-tools-azure-edge - 4.15.0.1149.136 linux-modules-extra-azure - 4.15.0.1149.136 linux-azure - 4.15.0.1149.136 linux-image-azure - 4.15.0.1149.136 linux-signed-image-azure - 4.15.0.1149.136 linux-headers-azure-edge - 4.15.0.1149.136 linux-azure-edge - 4.15.0.1149.136 linux-modules-extra-azure-edge - 4.15.0.1149.136 linux-signed-azure-edge - 4.15.0.1149.136 linux-headers-azure - 4.15.0.1149.136 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-lowlatency-hwe-16.04 - 4.15.0.191.178 linux-signed-generic-hwe-16.04-edge - 4.15.0.191.178 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.191.178 linux-image-extra-virtual-hwe-16.04 - 4.15.0.191.178 linux-image-oem - 4.15.0.191.178 linux-headers-generic-hwe-16.04-edge - 4.15.0.191.178 linux-tools-virtual-hwe-16.04 - 4.15.0.191.178 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.191.178 linux-image-virtual-hwe-16.04-edge - 4.15.0.191.178 linux-signed-lowlatency-hwe-16.04 - 4.15.0.191.178 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.191.178 linux-generic-hwe-16.04-edge - 4.15.0.191.178 linux-headers-lowlatency-hwe-16.04 - 4.15.0.191.178 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.191.178 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.191.178 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.191.178 linux-tools-oem - 4.15.0.191.178 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.191.178 linux-headers-oem - 4.15.0.191.178 linux-signed-image-generic-hwe-16.04 - 4.15.0.191.178 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.191.178 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.191.178 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.191.178 linux-headers-virtual-hwe-16.04-edge - 4.15.0.191.178 linux-headers-generic-hwe-16.04 - 4.15.0.191.178 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.191.178 linux-generic-hwe-16.04 - 4.15.0.191.178 linux-tools-virtual-hwe-16.04-edge - 4.15.0.191.178 linux-lowlatency-hwe-16.04 - 4.15.0.191.178 linux-oem - 4.15.0.191.178 linux-lowlatency-hwe-16.04-edge - 4.15.0.191.178 linux-image-generic-hwe-16.04 - 4.15.0.191.178 linux-image-generic-hwe-16.04-edge - 4.15.0.191.178 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.191.178 linux-tools-lowlatency-hwe-16.04 - 4.15.0.191.178 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.191.178 linux-headers-virtual-hwe-16.04 - 4.15.0.191.178 linux-virtual-hwe-16.04 - 4.15.0.191.178 linux-virtual-hwe-16.04-edge - 4.15.0.191.178 linux-signed-oem - 4.15.0.191.178 linux-image-virtual-hwe-16.04 - 4.15.0.191.178 linux-signed-generic-hwe-16.04 - 4.15.0.191.178 linux-signed-image-oem - 4.15.0.191.178 linux-tools-generic-hwe-16.04 - 4.15.0.191.178 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.191.178 linux-tools-generic-hwe-16.04-edge - 4.15.0.191.178 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-0494 CVE-2022-1048 CVE-2022-1195 CVE-2022-1652 CVE-2022-1679 CVE-2022-1729 CVE-2022-1734 CVE-2022-1974 CVE-2022-1975 CVE-2022-2586 CVE-2022-2588 CVE-2022-33981 CVE-2022-34918 Ubuntu 16.04 LTS Evgeny Legerov discovered that zlib incorrectly handled memory when performing certain inflate operations. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5570-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libx32z1-dev - 1:1.2.8.dfsg-2ubuntu4.3+esm2 lib64z1 - 1:1.2.8.dfsg-2ubuntu4.3+esm2 libx32z1 - 1:1.2.8.dfsg-2ubuntu4.3+esm2 lib64z1-dev - 1:1.2.8.dfsg-2ubuntu4.3+esm2 lib32z1 - 1:1.2.8.dfsg-2ubuntu4.3+esm2 zlib1g - 1:1.2.8.dfsg-2ubuntu4.3+esm2 lib32z1-dev - 1:1.2.8.dfsg-2ubuntu4.3+esm2 zlib1g-dev - 1:1.2.8.dfsg-2ubuntu4.3+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-37434 Ubuntu 16.04 LTS Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-26365) Roger Pau Monné discovered that the Xen paravirtualization frontend in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-33740) It was discovered that the Xen paravirtualization frontend in the Linux kernel incorrectly shared unrelated data when communicating with certain backends. A local attacker could use this to cause a denial of service (guest crash) or expose sensitive information (guest kernel memory). (CVE-2022-33741) Update Instructions: Run `sudo pro fix USN-5572-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-tools-4.4.0-1148-aws - 4.4.0-1148.163 linux-headers-4.4.0-1148-aws - 4.4.0-1148.163 linux-modules-4.4.0-1148-aws - 4.4.0-1148.163 linux-cloud-tools-4.4.0-1148-aws - 4.4.0-1148.163 linux-aws-cloud-tools-4.4.0-1148 - 4.4.0-1148.163 linux-aws-tools-4.4.0-1148 - 4.4.0-1148.163 linux-buildinfo-4.4.0-1148-aws - 4.4.0-1148.163 linux-modules-extra-4.4.0-1148-aws - 4.4.0-1148.163 linux-image-4.4.0-1148-aws - 4.4.0-1148.163 linux-aws-headers-4.4.0-1148 - 4.4.0-1148.163 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-aws - 4.4.0.1148.152 linux-aws - 4.4.0.1148.152 linux-tools-aws - 4.4.0.1148.152 linux-headers-aws - 4.4.0.1148.152 linux-image-aws - 4.4.0.1148.152 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-26365 CVE-2022-33740 CVE-2022-33741 Ubuntu 16.04 LTS Evgeny Legerov discovered that zlib incorrectly handled memory when performing certain inflate operations. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5573-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rsync - 3.1.1-3ubuntu1.3+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-37434 Ubuntu 16.04 LTS It was discovered that Exim incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5574-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exim4-dev - 4.86.2-2ubuntu2.6+esm2 eximon4 - 4.86.2-2ubuntu2.6+esm2 exim4 - 4.86.2-2ubuntu2.6+esm2 exim4-daemon-light - 4.86.2-2ubuntu2.6+esm2 exim4-config - 4.86.2-2ubuntu2.6+esm2 exim4-daemon-heavy - 4.86.2-2ubuntu2.6+esm2 exim4-base - 4.86.2-2ubuntu2.6+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-37452 Ubuntu 16.04 LTS USN-5575-1 fixed vulnerabilities in Libxslt. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Nicolas Grégoire discovered that Libxslt incorrectly handled certain XML. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-5815) Alexey Neyman incorrectly handled certain HTML pages. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. (CVE-2021-30560) Update Instructions: Run `sudo pro fix USN-5575-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxslt1 - 1.1.28-2.1ubuntu0.3+esm1 libxslt1-dev - 1.1.28-2.1ubuntu0.3+esm1 libxslt1.1 - 1.1.28-2.1ubuntu0.3+esm1 xsltproc - 1.1.28-2.1ubuntu0.3+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-5815 CVE-2021-30560 Ubuntu 16.04 LTS USN-5578-1 fixed a vulnerability in Open VM Tools. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that Open VM Tools incorrectly handled certain requests. An attacker inside the guest could possibly use this issue to gain root privileges inside the virtual machine. Update Instructions: Run `sudo pro fix USN-5578-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: open-vm-tools - 2:10.2.0-3~ubuntu0.16.04.1+esm1 open-vm-tools-desktop - 2:10.2.0-3~ubuntu0.16.04.1+esm1 open-vm-tools-dev - 2:10.2.0-3~ubuntu0.16.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-31676 Ubuntu 16.04 LTS Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-26365) Roger Pau Monné discovered that the Xen paravirtualization frontend in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-33740) It was discovered that the Xen paravirtualization frontend in the Linux kernel incorrectly shared unrelated data when communicating with certain backends. A local attacker could use this to cause a denial of service (guest crash) or expose sensitive information (guest kernel memory). (CVE-2022-33741) Update Instructions: Run `sudo pro fix USN-5579-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.4.0-1113-kvm - 4.4.0-1113.123 linux-modules-4.4.0-1113-kvm - 4.4.0-1113.123 linux-image-4.4.0-1113-kvm - 4.4.0-1113.123 linux-kvm-tools-4.4.0-1113 - 4.4.0-1113.123 linux-kvm-cloud-tools-4.4.0-1113 - 4.4.0-1113.123 linux-tools-4.4.0-1113-kvm - 4.4.0-1113.123 linux-cloud-tools-4.4.0-1113-kvm - 4.4.0-1113.123 linux-headers-4.4.0-1113-kvm - 4.4.0-1113.123 linux-kvm-headers-4.4.0-1113 - 4.4.0-1113.123 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-common - 4.4.0-233.267 linux-tools-4.4.0-233-lowlatency - 4.4.0-233.267 linux-image-4.4.0-233-lowlatency - 4.4.0-233.267 linux-tools-4.4.0-233-generic - 4.4.0-233.267 linux-tools-host - 4.4.0-233.267 linux-source-4.4.0 - 4.4.0-233.267 linux-doc - 4.4.0-233.267 linux-headers-4.4.0-233-generic - 4.4.0-233.267 linux-image-4.4.0-233-generic - 4.4.0-233.267 linux-libc-dev - 4.4.0-233.267 linux-image-unsigned-4.4.0-233-generic - 4.4.0-233.267 linux-cloud-tools-4.4.0-233 - 4.4.0-233.267 linux-tools-4.4.0-233 - 4.4.0-233.267 linux-modules-extra-4.4.0-233-generic - 4.4.0-233.267 linux-cloud-tools-4.4.0-233-lowlatency - 4.4.0-233.267 linux-modules-4.4.0-233-lowlatency - 4.4.0-233.267 linux-cloud-tools-common - 4.4.0-233.267 linux-cloud-tools-4.4.0-233-generic - 4.4.0-233.267 linux-buildinfo-4.4.0-233-generic - 4.4.0-233.267 linux-buildinfo-4.4.0-233-lowlatency - 4.4.0-233.267 linux-image-unsigned-4.4.0-233-lowlatency - 4.4.0-233.267 linux-headers-4.4.0-233-lowlatency - 4.4.0-233.267 linux-modules-4.4.0-233-generic - 4.4.0-233.267 linux-headers-4.4.0-233 - 4.4.0-233.267 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-kvm - 4.4.0.1113.110 linux-kvm - 4.4.0.1113.110 linux-headers-kvm - 4.4.0.1113.110 linux-image-kvm - 4.4.0.1113.110 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-image-generic-lts-utopic - 4.4.0.233.239 linux-cloud-tools-generic-lts-wily - 4.4.0.233.239 linux-cloud-tools-virtual-lts-xenial - 4.4.0.233.239 linux-cloud-tools-virtual - 4.4.0.233.239 linux-cloud-tools-virtual-lts-utopic - 4.4.0.233.239 linux-tools-generic-lts-vivid - 4.4.0.233.239 linux-image-extra-virtual-lts-xenial - 4.4.0.233.239 linux-image-extra-virtual-lts-wily - 4.4.0.233.239 linux-headers-generic-lts-wily - 4.4.0.233.239 linux-crashdump - 4.4.0.233.239 linux-tools-virtual-lts-vivid - 4.4.0.233.239 linux-tools-virtual-lts-utopic - 4.4.0.233.239 linux-tools-virtual-lts-wily - 4.4.0.233.239 linux-image-lowlatency-lts-vivid - 4.4.0.233.239 linux-tools-lowlatency-lts-vivid - 4.4.0.233.239 linux-cloud-tools-generic-lts-utopic - 4.4.0.233.239 linux-headers-virtual-lts-vivid - 4.4.0.233.239 linux-image-lowlatency-lts-wily - 4.4.0.233.239 linux-image-generic - 4.4.0.233.239 linux-tools-lowlatency - 4.4.0.233.239 linux-image-lowlatency-lts-xenial - 4.4.0.233.239 linux-tools-virtual-lts-xenial - 4.4.0.233.239 linux-signed-lowlatency-lts-wily - 4.4.0.233.239 linux-image-extra-virtual-lts-vivid - 4.4.0.233.239 linux-image-generic-lts-wily - 4.4.0.233.239 linux-signed-generic-lts-wily - 4.4.0.233.239 linux-cloud-tools-lowlatency-lts-wily - 4.4.0.233.239 linux-image-extra-virtual-lts-utopic - 4.4.0.233.239 linux-signed-generic-lts-utopic - 4.4.0.233.239 linux-tools-lowlatency-lts-xenial - 4.4.0.233.239 linux-headers-generic-lts-xenial - 4.4.0.233.239 linux-signed-generic-lts-vivid - 4.4.0.233.239 linux-headers-lowlatency-lts-wily - 4.4.0.233.239 linux-virtual-lts-vivid - 4.4.0.233.239 linux-signed-lowlatency-lts-xenial - 4.4.0.233.239 linux-headers-lowlatency-lts-vivid - 4.4.0.233.239 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.233.239 linux-lowlatency-lts-xenial - 4.4.0.233.239 linux-signed-generic-lts-xenial - 4.4.0.233.239 linux-source - 4.4.0.233.239 linux-signed-image-generic - 4.4.0.233.239 linux-lowlatency - 4.4.0.233.239 linux-cloud-tools-lowlatency-lts-vivid - 4.4.0.233.239 linux-generic-lts-xenial - 4.4.0.233.239 linux-tools-virtual - 4.4.0.233.239 linux-virtual - 4.4.0.233.239 linux-cloud-tools-generic-lts-vivid - 4.4.0.233.239 linux-tools-generic-lts-utopic - 4.4.0.233.239 linux-cloud-tools-lowlatency-lts-utopic - 4.4.0.233.239 linux-signed-image-generic-lts-vivid - 4.4.0.233.239 linux-image-virtual-lts-xenial - 4.4.0.233.239 linux-image-virtual-lts-vivid - 4.4.0.233.239 linux-virtual-lts-xenial - 4.4.0.233.239 linux-cloud-tools-virtual-lts-vivid - 4.4.0.233.239 linux-tools-lowlatency-lts-utopic - 4.4.0.233.239 linux-signed-image-generic-lts-wily - 4.4.0.233.239 linux-signed-image-lowlatency-lts-xenial - 4.4.0.233.239 linux-image-generic-lts-vivid - 4.4.0.233.239 linux-generic - 4.4.0.233.239 linux-virtual-lts-utopic - 4.4.0.233.239 linux-tools-generic-lts-wily - 4.4.0.233.239 linux-image-virtual - 4.4.0.233.239 linux-headers-lowlatency - 4.4.0.233.239 linux-lowlatency-lts-vivid - 4.4.0.233.239 linux-generic-lts-wily - 4.4.0.233.239 linux-image-hwe-virtual-trusty - 4.4.0.233.239 linux-signed-image-generic-lts-xenial - 4.4.0.233.239 linux-generic-lts-vivid - 4.4.0.233.239 linux-tools-lowlatency-lts-wily - 4.4.0.233.239 linux-headers-virtual-lts-xenial - 4.4.0.233.239 linux-headers-lowlatency-lts-utopic - 4.4.0.233.239 linux-hwe-generic-trusty - 4.4.0.233.239 linux-tools-generic - 4.4.0.233.239 linux-image-extra-virtual - 4.4.0.233.239 linux-cloud-tools-generic - 4.4.0.233.239 linux-image-generic-lts-xenial - 4.4.0.233.239 linux-headers-generic-lts-utopic - 4.4.0.233.239 linux-cloud-tools-virtual-lts-wily - 4.4.0.233.239 linux-cloud-tools-lowlatency - 4.4.0.233.239 linux-lowlatency-lts-utopic - 4.4.0.233.239 linux-tools-generic-lts-xenial - 4.4.0.233.239 linux-signed-image-lowlatency - 4.4.0.233.239 linux-image-generic-lts-utopic - 4.4.0.233.239 linux-image-virtual-lts-wily - 4.4.0.233.239 linux-signed-generic - 4.4.0.233.239 linux-lowlatency-lts-wily - 4.4.0.233.239 linux-image-virtual-lts-utopic - 4.4.0.233.239 linux-headers-generic - 4.4.0.233.239 linux-tools-lts-utopic - 4.4.0.233.239 linux-generic-lts-utopic - 4.4.0.233.239 linux-headers-lowlatency-lts-xenial - 4.4.0.233.239 linux-image-hwe-generic-trusty - 4.4.0.233.239 linux-signed-image-lowlatency-lts-wily - 4.4.0.233.239 linux-headers-generic-lts-vivid - 4.4.0.233.239 linux-headers-virtual - 4.4.0.233.239 linux-cloud-tools-generic-lts-xenial - 4.4.0.233.239 linux-virtual-lts-wily - 4.4.0.233.239 linux-headers-virtual-lts-utopic - 4.4.0.233.239 linux-headers-virtual-lts-wily - 4.4.0.233.239 linux-hwe-virtual-trusty - 4.4.0.233.239 linux-signed-lowlatency - 4.4.0.233.239 linux-image-lowlatency-lts-utopic - 4.4.0.233.239 linux-image-lowlatency - 4.4.0.233.239 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-26365 CVE-2022-33740 CVE-2022-33741 Ubuntu 16.04 LTS It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33655) It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33656) It was discovered that the Packet network protocol implementation in the Linux kernel contained an out-of-bounds access. A remote attacker could use this to expose sensitive information (kernel memory). (CVE-2022-20368) Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter subsystem in the Linux kernel did not properly handle rules that truncated packets below the packet header size. When such rules are in place, a remote attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-36946) Update Instructions: Run `sudo pro fix USN-5580-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-extra-4.4.0-1150-aws - 4.4.0-1150.165 linux-aws-tools-4.4.0-1150 - 4.4.0-1150.165 linux-modules-4.4.0-1150-aws - 4.4.0-1150.165 linux-headers-4.4.0-1150-aws - 4.4.0-1150.165 linux-buildinfo-4.4.0-1150-aws - 4.4.0-1150.165 linux-aws-cloud-tools-4.4.0-1150 - 4.4.0-1150.165 linux-aws-headers-4.4.0-1150 - 4.4.0-1150.165 linux-image-4.4.0-1150-aws - 4.4.0-1150.165 linux-tools-4.4.0-1150-aws - 4.4.0-1150.165 linux-cloud-tools-4.4.0-1150-aws - 4.4.0-1150.165 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-aws - 4.4.0.1150.154 linux-tools-aws - 4.4.0.1150.154 linux-aws - 4.4.0.1150.154 linux-headers-aws - 4.4.0.1150.154 linux-image-aws - 4.4.0.1150.154 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-33655 CVE-2021-33656 CVE-2022-20368 CVE-2022-36946 Ubuntu 16.04 LTS It was discovered that Schroot incorrectly handled certain Schroot names. An attacker could possibly use this issue to break schroot's internal state causing a denial of service. Update Instructions: Run `sudo pro fix USN-5584-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dchroot-dsa - 1.6.10-1ubuntu3+esm1 libsbuild-dev - 1.6.10-1ubuntu3+esm1 dchroot - 1.6.10-1ubuntu3+esm1 libsbuild-doc - 1.6.10-1ubuntu3+esm1 schroot - 1.6.10-1ubuntu3+esm1 schroot-common - 1.6.10-1ubuntu3+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-2787 Ubuntu 16.04 LTS It was discovered that SDL (Simple DirectMedia Layer) incorrectly handled memory. An attacker could potentially use this issue to cause a denial of service or other unexpected behavior. Update Instructions: Run `sudo pro fix USN-5586-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsdl1.2debian - 1.2.15+dfsg1-3ubuntu0.1+esm2 libsdl1.2-dev - 1.2.15+dfsg1-3ubuntu0.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2022-34568 Ubuntu 16.04 LTS Axel Chong discovered that when curl accepted and sent back cookies containing control bytes that a HTTP(S) server might return a 400 (Bad Request Error) response. A malicious cookie host could possibly use this to cause denial-of-service. Update Instructions: Run `sudo pro fix USN-5587-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.47.0-1ubuntu2.19+esm5 libcurl4-openssl-dev - 7.47.0-1ubuntu2.19+esm5 libcurl3-gnutls - 7.47.0-1ubuntu2.19+esm5 libcurl4-doc - 7.47.0-1ubuntu2.19+esm5 libcurl3-nss - 7.47.0-1ubuntu2.19+esm5 libcurl4-nss-dev - 7.47.0-1ubuntu2.19+esm5 libcurl3 - 7.47.0-1ubuntu2.19+esm5 curl - 7.47.0-1ubuntu2.19+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2022-35252 Ubuntu 16.04 LTS It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5591-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1135-gcp - 4.15.0-1135.151~16.04.2 linux-buildinfo-4.15.0-1135-gcp - 4.15.0-1135.151~16.04.2 linux-gcp-tools-4.15.0-1135 - 4.15.0-1135.151~16.04.2 linux-modules-extra-4.15.0-1135-gcp - 4.15.0-1135.151~16.04.2 linux-tools-4.15.0-1135-gcp - 4.15.0-1135.151~16.04.2 linux-headers-4.15.0-1135-gcp - 4.15.0-1135.151~16.04.2 linux-modules-4.15.0-1135-gcp - 4.15.0-1135.151~16.04.2 linux-gcp-headers-4.15.0-1135 - 4.15.0-1135.151~16.04.2 linux-image-unsigned-4.15.0-1135-gcp - 4.15.0-1135.151~16.04.2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-1150-azure - 4.15.0-1150.165~16.04.1 linux-headers-4.15.0-1150-azure - 4.15.0-1150.165~16.04.1 linux-tools-4.15.0-1150-azure - 4.15.0-1150.165~16.04.1 linux-azure-cloud-tools-4.15.0-1150 - 4.15.0-1150.165~16.04.1 linux-image-unsigned-4.15.0-1150-azure - 4.15.0-1150.165~16.04.1 linux-modules-4.15.0-1150-azure - 4.15.0-1150.165~16.04.1 linux-azure-headers-4.15.0-1150 - 4.15.0-1150.165~16.04.1 linux-cloud-tools-4.15.0-1150-azure - 4.15.0-1150.165~16.04.1 linux-azure-tools-4.15.0-1150 - 4.15.0-1150.165~16.04.1 linux-image-4.15.0-1150-azure - 4.15.0-1150.165~16.04.1 linux-modules-extra-4.15.0-1150-azure - 4.15.0-1150.165~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-4.15.0-192-generic - 4.15.0-192.203~16.04.1 linux-cloud-tools-4.15.0-192-generic - 4.15.0-192.203~16.04.1 linux-hwe-tools-4.15.0-192 - 4.15.0-192.203~16.04.1 linux-cloud-tools-4.15.0-192-lowlatency - 4.15.0-192.203~16.04.1 linux-buildinfo-4.15.0-192-generic - 4.15.0-192.203~16.04.1 linux-hwe-cloud-tools-4.15.0-192 - 4.15.0-192.203~16.04.1 linux-modules-extra-4.15.0-192-generic - 4.15.0-192.203~16.04.1 linux-image-unsigned-4.15.0-192-lowlatency - 4.15.0-192.203~16.04.1 linux-tools-4.15.0-192-lowlatency - 4.15.0-192.203~16.04.1 linux-image-unsigned-4.15.0-192-generic - 4.15.0-192.203~16.04.1 linux-image-4.15.0-192-lowlatency - 4.15.0-192.203~16.04.1 linux-modules-4.15.0-192-lowlatency - 4.15.0-192.203~16.04.1 linux-buildinfo-4.15.0-192-lowlatency - 4.15.0-192.203~16.04.1 linux-headers-4.15.0-192-lowlatency - 4.15.0-192.203~16.04.1 linux-tools-4.15.0-192-generic - 4.15.0-192.203~16.04.1 linux-headers-4.15.0-192 - 4.15.0-192.203~16.04.1 linux-image-4.15.0-192-generic - 4.15.0-192.203~16.04.1 linux-modules-4.15.0-192-generic - 4.15.0-192.203~16.04.1 linux-source-4.15.0 - 4.15.0-192.203~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-gke - 4.15.0.1135.129 linux-headers-gke - 4.15.0.1135.129 linux-tools-gcp - 4.15.0.1135.129 linux-modules-extra-gcp - 4.15.0.1135.129 linux-tools-gke - 4.15.0.1135.129 linux-gke - 4.15.0.1135.129 linux-gcp - 4.15.0.1135.129 linux-image-gke - 4.15.0.1135.129 linux-headers-gcp - 4.15.0.1135.129 linux-image-gcp - 4.15.0.1135.129 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1150.137 linux-tools-azure-edge - 4.15.0.1150.137 linux-cloud-tools-azure - 4.15.0.1150.137 linux-tools-azure - 4.15.0.1150.137 linux-image-azure-edge - 4.15.0.1150.137 linux-signed-image-azure-edge - 4.15.0.1150.137 linux-cloud-tools-azure-edge - 4.15.0.1150.137 linux-modules-extra-azure - 4.15.0.1150.137 linux-azure - 4.15.0.1150.137 linux-image-azure - 4.15.0.1150.137 linux-signed-image-azure - 4.15.0.1150.137 linux-headers-azure-edge - 4.15.0.1150.137 linux-azure-edge - 4.15.0.1150.137 linux-modules-extra-azure-edge - 4.15.0.1150.137 linux-signed-azure-edge - 4.15.0.1150.137 linux-headers-azure - 4.15.0.1150.137 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-lowlatency-hwe-16.04 - 4.15.0.192.179 linux-signed-generic-hwe-16.04-edge - 4.15.0.192.179 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.192.179 linux-image-extra-virtual-hwe-16.04 - 4.15.0.192.179 linux-image-oem - 4.15.0.192.179 linux-headers-generic-hwe-16.04-edge - 4.15.0.192.179 linux-tools-virtual-hwe-16.04-edge - 4.15.0.192.179 linux-tools-virtual-hwe-16.04 - 4.15.0.192.179 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.192.179 linux-image-virtual-hwe-16.04-edge - 4.15.0.192.179 linux-signed-lowlatency-hwe-16.04 - 4.15.0.192.179 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.192.179 linux-generic-hwe-16.04-edge - 4.15.0.192.179 linux-headers-lowlatency-hwe-16.04 - 4.15.0.192.179 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.192.179 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.192.179 linux-tools-generic-hwe-16.04 - 4.15.0.192.179 linux-tools-oem - 4.15.0.192.179 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.192.179 linux-headers-oem - 4.15.0.192.179 linux-signed-image-generic-hwe-16.04 - 4.15.0.192.179 linux-virtual-hwe-16.04-edge - 4.15.0.192.179 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.192.179 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.192.179 linux-headers-virtual-hwe-16.04-edge - 4.15.0.192.179 linux-lowlatency-hwe-16.04 - 4.15.0.192.179 linux-headers-generic-hwe-16.04 - 4.15.0.192.179 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.192.179 linux-generic-hwe-16.04 - 4.15.0.192.179 linux-oem - 4.15.0.192.179 linux-virtual-hwe-16.04 - 4.15.0.192.179 linux-lowlatency-hwe-16.04-edge - 4.15.0.192.179 linux-image-generic-hwe-16.04 - 4.15.0.192.179 linux-image-generic-hwe-16.04-edge - 4.15.0.192.179 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.192.179 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.192.179 linux-tools-lowlatency-hwe-16.04 - 4.15.0.192.179 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.192.179 linux-headers-virtual-hwe-16.04 - 4.15.0.192.179 linux-signed-oem - 4.15.0.192.179 linux-image-virtual-hwe-16.04 - 4.15.0.192.179 linux-signed-generic-hwe-16.04 - 4.15.0.192.179 linux-signed-image-oem - 4.15.0.192.179 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.192.179 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.192.179 linux-tools-generic-hwe-16.04-edge - 4.15.0.192.179 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-33656 Ubuntu 16.04 LTS It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5591-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-4.15.0-1140-aws - 4.15.0-1140.151~16.04.1 linux-image-4.15.0-1140-aws-hwe - 4.15.0-1140.151~16.04.1 linux-aws-hwe-cloud-tools-4.15.0-1140 - 4.15.0-1140.151~16.04.1 linux-buildinfo-4.15.0-1140-aws - 4.15.0-1140.151~16.04.1 linux-aws-headers-4.15.0-1140 - 4.15.0-1140.151~16.04.1 linux-aws-hwe-tools-4.15.0-1140 - 4.15.0-1140.151~16.04.1 linux-tools-4.15.0-1140-aws - 4.15.0-1140.151~16.04.1 linux-image-unsigned-4.15.0-1140-aws - 4.15.0-1140.151~16.04.1 linux-modules-extra-4.15.0-1140-aws - 4.15.0-1140.151~16.04.1 linux-headers-4.15.0-1140-aws - 4.15.0-1140.151~16.04.1 linux-cloud-tools-4.15.0-1140-aws - 4.15.0-1140.151~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-edge - 4.15.0.1140.127 linux-modules-extra-aws-hwe - 4.15.0.1140.127 linux-aws-hwe - 4.15.0.1140.127 linux-headers-aws-hwe - 4.15.0.1140.127 linux-tools-aws-hwe - 4.15.0.1140.127 linux-image-aws-hwe - 4.15.0.1140.127 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-33656 Ubuntu 16.04 LTS It was discovered that Zstandard incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5593-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: zstd - 1.3.1+dfsg-1~ubuntu0.16.04.1+esm2 libzstd1-dev - 1.3.1+dfsg-1~ubuntu0.16.04.1+esm2 libzstd1 - 1.3.1+dfsg-1~ubuntu0.16.04.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-11922 Ubuntu 16.04 LTS It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5597-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1105-oracle - 4.15.0-1105.116~16.04.1 linux-tools-4.15.0-1105-oracle - 4.15.0-1105.116~16.04.1 linux-oracle-tools-4.15.0-1105 - 4.15.0-1105.116~16.04.1 linux-modules-extra-4.15.0-1105-oracle - 4.15.0-1105.116~16.04.1 linux-oracle-headers-4.15.0-1105 - 4.15.0-1105.116~16.04.1 linux-modules-4.15.0-1105-oracle - 4.15.0-1105.116~16.04.1 linux-image-4.15.0-1105-oracle - 4.15.0-1105.116~16.04.1 linux-headers-4.15.0-1105-oracle - 4.15.0-1105.116~16.04.1 linux-buildinfo-4.15.0-1105-oracle - 4.15.0-1105.116~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-oracle - 4.15.0.1105.89 linux-tools-oracle - 4.15.0.1105.89 linux-signed-image-oracle - 4.15.0.1105.89 linux-headers-oracle - 4.15.0.1105.89 linux-oracle - 4.15.0.1105.89 linux-image-oracle - 4.15.0.1105.89 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-33656 Ubuntu 16.04 LTS It was discovered that LibTIFF incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2022-2867, CVE-2022-2869) It was discovered that LibTIFF incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-2868) Update Instructions: Run `sudo pro fix USN-5604-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.6-1ubuntu0.8+esm3 libtiff-tools - 4.0.6-1ubuntu0.8+esm3 libtiff5-dev - 4.0.6-1ubuntu0.8+esm3 libtiff5 - 4.0.6-1ubuntu0.8+esm3 libtiffxx5 - 4.0.6-1ubuntu0.8+esm3 libtiff-doc - 4.0.6-1ubuntu0.8+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2022-2867 CVE-2022-2868 CVE-2022-2869 Ubuntu 16.04 LTS It was discovered that poppler incorrectly handled certain PDF. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5606-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpoppler58 - 0.41.0-0ubuntu1.16+esm1 poppler-utils - 0.41.0-0ubuntu1.16+esm1 libpoppler-cpp-dev - 0.41.0-0ubuntu1.16+esm1 libpoppler-qt5-1 - 0.41.0-0ubuntu1.16+esm1 gir1.2-poppler-0.18 - 0.41.0-0ubuntu1.16+esm1 libpoppler-dev - 0.41.0-0ubuntu1.16+esm1 libpoppler-glib8 - 0.41.0-0ubuntu1.16+esm1 libpoppler-private-dev - 0.41.0-0ubuntu1.16+esm1 libpoppler-qt4-dev - 0.41.0-0ubuntu1.16+esm1 libpoppler-glib-dev - 0.41.0-0ubuntu1.16+esm1 libpoppler-qt4-4 - 0.41.0-0ubuntu1.16+esm1 libpoppler-cpp0 - 0.41.0-0ubuntu1.16+esm1 libpoppler-qt5-dev - 0.41.0-0ubuntu1.16+esm1 libpoppler-glib-doc - 0.41.0-0ubuntu1.16+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-38784 Ubuntu 16.04 LTS USN-5606-1 fixed a vulnerability in poppler. Unfortunately it was missing a commit to fix it properly. This update provides the corresponding fix for Ubuntu 18.04 LTS and Ubuntu 16.04 ESM. We apologize for the inconvenience. Original advisory details: It was discovered that poppler incorrectly handled certain PDF. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5606-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpoppler58 - 0.41.0-0ubuntu1.16+esm2 poppler-utils - 0.41.0-0ubuntu1.16+esm2 libpoppler-cpp-dev - 0.41.0-0ubuntu1.16+esm2 libpoppler-qt5-1 - 0.41.0-0ubuntu1.16+esm2 gir1.2-poppler-0.18 - 0.41.0-0ubuntu1.16+esm2 libpoppler-dev - 0.41.0-0ubuntu1.16+esm2 libpoppler-glib8 - 0.41.0-0ubuntu1.16+esm2 libpoppler-private-dev - 0.41.0-0ubuntu1.16+esm2 libpoppler-qt4-dev - 0.41.0-0ubuntu1.16+esm2 libpoppler-glib-dev - 0.41.0-0ubuntu1.16+esm2 libpoppler-qt4-4 - 0.41.0-0ubuntu1.16+esm2 libpoppler-cpp0 - 0.41.0-0ubuntu1.16+esm2 libpoppler-qt5-dev - 0.41.0-0ubuntu1.16+esm2 libpoppler-glib-doc - 0.41.0-0ubuntu1.16+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/1989515 Ubuntu 16.04 LTS USN-5614-1 fixed a vulnerability in Wayland. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that Wayland incorrectly handled reference counting certain objects. An attacker could use this issue to cause Wayland to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5614-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libwayland-bin - 1.12.0-1~ubuntu16.04.3+esm1 libwayland-dev - 1.12.0-1~ubuntu16.04.3+esm1 libwayland-cursor0 - 1.12.0-1~ubuntu16.04.3+esm1 libwayland-server0 - 1.12.0-1~ubuntu16.04.3+esm1 libwayland-doc - 1.12.0-1~ubuntu16.04.3+esm1 libwayland-client0 - 1.12.0-1~ubuntu16.04.3+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-3782 Ubuntu 16.04 LTS USN-5615-1 fixed several vulnerabilities in SQLite. This update provides the corresponding fix for CVE-2020-35525 for Ubuntu 16.04 ESM. Original advisory details: It was discovered that SQLite incorrectly handled INTERSEC query processing. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5615-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lemon - 3.11.0-1ubuntu1.5+esm1 sqlite3-doc - 3.11.0-1ubuntu1.5+esm1 libsqlite3-0 - 3.11.0-1ubuntu1.5+esm1 libsqlite3-tcl - 3.11.0-1ubuntu1.5+esm1 sqlite3 - 3.11.0-1ubuntu1.5+esm1 libsqlite3-dev - 3.11.0-1ubuntu1.5+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-35525 Ubuntu 16.04 LTS It was discovered the Ghostscript incorrectly handled memory when processing certain inputs. By tricking a user into opening a specially crafted PDF file, an attacker could cause the program to crash. Update Instructions: Run `sudo pro fix USN-5618-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.16.04.14+esm4 ghostscript-x - 9.26~dfsg+0-0ubuntu0.16.04.14+esm4 libgs-dev - 9.26~dfsg+0-0ubuntu0.16.04.14+esm4 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.16.04.14+esm4 libgs9 - 9.26~dfsg+0-0ubuntu0.16.04.14+esm4 libgs9-common - 9.26~dfsg+0-0ubuntu0.16.04.14+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-27792 Ubuntu 16.04 LTS It was discovered that LibTIFF was not properly performing the calculation of data that would eventually be used as a reference for bound-checking operations. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-19131) It was discovered that LibTIFF was not properly terminating a function execution when processing incorrect data. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-19144) It was discovered that LibTIFF did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted TIFF file using tiffinfo tool, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-1354) It was discovered that LibTIFF did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted TIFF file using tiffcp tool, an attacker could possibly use this issue to cause a denial of service. (CVE-2022-1355) It was discovered that LibTIFF was not properly performing checks to avoid division calculations where the denominator value was zero, which could lead to an undefined behaviour situation via a specially crafted file. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-2056, CVE-2022-2057, CVE-2022-2058) Update Instructions: Run `sudo pro fix USN-5619-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.6-1ubuntu0.8+esm4 libtiffxx5 - 4.0.6-1ubuntu0.8+esm4 libtiff5-dev - 4.0.6-1ubuntu0.8+esm4 libtiff5 - 4.0.6-1ubuntu0.8+esm4 libtiff-tools - 4.0.6-1ubuntu0.8+esm4 libtiff-doc - 4.0.6-1ubuntu0.8+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-19131 CVE-2020-19144 CVE-2022-1354 CVE-2022-1355 CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 Ubuntu 16.04 LTS It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33655) Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter subsystem in the Linux kernel did not properly handle rules that truncated packets below the packet header size. When such rules are in place, a remote attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-36946) Update Instructions: Run `sudo pro fix USN-5621-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-4.15.0-1106-oracle - 4.15.0-1106.117~16.04.1 linux-headers-4.15.0-1106-oracle - 4.15.0-1106.117~16.04.1 linux-oracle-headers-4.15.0-1106 - 4.15.0-1106.117~16.04.1 linux-buildinfo-4.15.0-1106-oracle - 4.15.0-1106.117~16.04.1 linux-image-unsigned-4.15.0-1106-oracle - 4.15.0-1106.117~16.04.1 linux-modules-extra-4.15.0-1106-oracle - 4.15.0-1106.117~16.04.1 linux-tools-4.15.0-1106-oracle - 4.15.0-1106.117~16.04.1 linux-image-4.15.0-1106-oracle - 4.15.0-1106.117~16.04.1 linux-oracle-tools-4.15.0-1106 - 4.15.0-1106.117~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.15.0-1136-gcp - 4.15.0-1136.152~16.04.1 linux-gcp-tools-4.15.0-1136 - 4.15.0-1136.152~16.04.1 linux-modules-4.15.0-1136-gcp - 4.15.0-1136.152~16.04.1 linux-tools-4.15.0-1136-gcp - 4.15.0-1136.152~16.04.1 linux-headers-4.15.0-1136-gcp - 4.15.0-1136.152~16.04.1 linux-modules-extra-4.15.0-1136-gcp - 4.15.0-1136.152~16.04.1 linux-gcp-headers-4.15.0-1136 - 4.15.0-1136.152~16.04.1 linux-image-unsigned-4.15.0-1136-gcp - 4.15.0-1136.152~16.04.1 linux-buildinfo-4.15.0-1136-gcp - 4.15.0-1136.152~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-1141-aws - 4.15.0-1141.152~16.04.1 linux-aws-headers-4.15.0-1141 - 4.15.0-1141.152~16.04.1 linux-headers-4.15.0-1141-aws - 4.15.0-1141.152~16.04.1 linux-image-4.15.0-1141-aws-hwe - 4.15.0-1141.152~16.04.1 linux-modules-extra-4.15.0-1141-aws - 4.15.0-1141.152~16.04.1 linux-aws-hwe-tools-4.15.0-1141 - 4.15.0-1141.152~16.04.1 linux-aws-hwe-cloud-tools-4.15.0-1141 - 4.15.0-1141.152~16.04.1 linux-image-unsigned-4.15.0-1141-aws - 4.15.0-1141.152~16.04.1 linux-modules-4.15.0-1141-aws - 4.15.0-1141.152~16.04.1 linux-tools-4.15.0-1141-aws - 4.15.0-1141.152~16.04.1 linux-cloud-tools-4.15.0-1141-aws - 4.15.0-1141.152~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.15.0-193-generic - 4.15.0-193.204~16.04.1 linux-headers-4.15.0-193-generic - 4.15.0-193.204~16.04.1 linux-hwe-tools-4.15.0-193 - 4.15.0-193.204~16.04.1 linux-image-4.15.0-193-lowlatency - 4.15.0-193.204~16.04.1 linux-headers-4.15.0-193-lowlatency - 4.15.0-193.204~16.04.1 linux-buildinfo-4.15.0-193-generic - 4.15.0-193.204~16.04.1 linux-hwe-cloud-tools-4.15.0-193 - 4.15.0-193.204~16.04.1 linux-tools-4.15.0-193-lowlatency - 4.15.0-193.204~16.04.1 linux-modules-4.15.0-193-lowlatency - 4.15.0-193.204~16.04.1 linux-buildinfo-4.15.0-193-lowlatency - 4.15.0-193.204~16.04.1 linux-modules-4.15.0-193-generic - 4.15.0-193.204~16.04.1 linux-modules-extra-4.15.0-193-generic - 4.15.0-193.204~16.04.1 linux-image-unsigned-4.15.0-193-generic - 4.15.0-193.204~16.04.1 linux-image-unsigned-4.15.0-193-lowlatency - 4.15.0-193.204~16.04.1 linux-cloud-tools-4.15.0-193-generic - 4.15.0-193.204~16.04.1 linux-headers-4.15.0-193 - 4.15.0-193.204~16.04.1 linux-cloud-tools-4.15.0-193-lowlatency - 4.15.0-193.204~16.04.1 linux-tools-4.15.0-193-generic - 4.15.0-193.204~16.04.1 linux-source-4.15.0 - 4.15.0-193.204~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-oracle - 4.15.0.1106.90 linux-signed-image-oracle - 4.15.0.1106.90 linux-headers-oracle - 4.15.0.1106.90 linux-signed-oracle - 4.15.0.1106.90 linux-image-oracle - 4.15.0.1106.90 linux-oracle - 4.15.0.1106.90 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-gke - 4.15.0.1136.130 linux-headers-gke - 4.15.0.1136.130 linux-modules-extra-gcp - 4.15.0.1136.130 linux-tools-gke - 4.15.0.1136.130 linux-tools-gcp - 4.15.0.1136.130 linux-gke - 4.15.0.1136.130 linux-gcp - 4.15.0.1136.130 linux-image-gke - 4.15.0.1136.130 linux-headers-gcp - 4.15.0.1136.130 linux-image-gcp - 4.15.0.1136.130 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-hwe - 4.15.0.1141.128 linux-modules-extra-aws-hwe - 4.15.0.1141.128 linux-aws-edge - 4.15.0.1141.128 linux-image-aws-hwe - 4.15.0.1141.128 linux-headers-aws-hwe - 4.15.0.1141.128 linux-tools-aws-hwe - 4.15.0.1141.128 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-lowlatency-hwe-16.04 - 4.15.0.193.180 linux-signed-generic-hwe-16.04-edge - 4.15.0.193.180 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.193.180 linux-image-extra-virtual-hwe-16.04 - 4.15.0.193.180 linux-image-oem - 4.15.0.193.180 linux-headers-generic-hwe-16.04-edge - 4.15.0.193.180 linux-tools-virtual-hwe-16.04 - 4.15.0.193.180 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.193.180 linux-image-virtual-hwe-16.04-edge - 4.15.0.193.180 linux-signed-lowlatency-hwe-16.04 - 4.15.0.193.180 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.193.180 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.193.180 linux-oem - 4.15.0.193.180 linux-generic-hwe-16.04-edge - 4.15.0.193.180 linux-headers-lowlatency-hwe-16.04 - 4.15.0.193.180 linux-virtual-hwe-16.04 - 4.15.0.193.180 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.193.180 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.193.180 linux-tools-generic-hwe-16.04 - 4.15.0.193.180 linux-tools-oem - 4.15.0.193.180 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.193.180 linux-headers-oem - 4.15.0.193.180 linux-signed-image-generic-hwe-16.04 - 4.15.0.193.180 linux-virtual-hwe-16.04-edge - 4.15.0.193.180 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.193.180 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.193.180 linux-headers-virtual-hwe-16.04-edge - 4.15.0.193.180 linux-lowlatency-hwe-16.04 - 4.15.0.193.180 linux-headers-generic-hwe-16.04 - 4.15.0.193.180 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.193.180 linux-generic-hwe-16.04 - 4.15.0.193.180 linux-tools-virtual-hwe-16.04-edge - 4.15.0.193.180 linux-image-generic-hwe-16.04-edge - 4.15.0.193.180 linux-lowlatency-hwe-16.04-edge - 4.15.0.193.180 linux-image-generic-hwe-16.04 - 4.15.0.193.180 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.193.180 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.193.180 linux-tools-lowlatency-hwe-16.04 - 4.15.0.193.180 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.193.180 linux-headers-virtual-hwe-16.04 - 4.15.0.193.180 linux-signed-oem - 4.15.0.193.180 linux-image-virtual-hwe-16.04 - 4.15.0.193.180 linux-signed-generic-hwe-16.04 - 4.15.0.193.180 linux-signed-image-oem - 4.15.0.193.180 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.193.180 linux-tools-generic-hwe-16.04-edge - 4.15.0.193.180 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-33655 CVE-2022-36946 Ubuntu 16.04 LTS It was discovered that Mako incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5625-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-mako - 1.0.3+ds1-1ubuntu1+esm1 python-mako-doc - 1.0.3+ds1-1ubuntu1+esm1 python3-mako - 1.0.3+ds1-1ubuntu1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-40023 Ubuntu 16.04 LTS USN-5626-1 fixed several vulnerabilities in Bind. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Yehuda Afek, Anat Bremler-Barr, and Shani Stajnrod discovered that Bind incorrectly handled large delegations. A remote attacker could possibly use this issue to reduce performance, leading to a denial of service. (CVE-2022-2795) It was discovered that Bind incorrectly handled memory when processing ECDSA DNSSEC verification. A remote attacker could use this issue to consume resources, leading to a denial of service. (CVE-2022-38177) Update Instructions: Run `sudo pro fix USN-5626-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libisc160 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm3 libisccc-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm3 libdns162 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm3 libbind-dev - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm3 liblwres141 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm3 libisccc-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm3 libisccfg-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm3 bind9 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm3 libisc-export160 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm3 bind9-doc - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm3 libbind-export-dev - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm3 libisccc140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm3 host - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm3 libisccfg140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm3 bind9-host - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm3 dnsutils - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm3 libdns-export162 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm3 bind9utils - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm3 libbind9-140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm3 libirs141 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm3 libirs-export141 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm3 lwresd - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-2795 CVE-2022-38177 Ubuntu 16.04 LTS It was discovered that the Python http.server module incorrectly handled certain URIs. An attacker could potentially use this to redirect web traffic. Update Instructions: Run `sudo pro fix USN-5629-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpython3.5-stdlib - 3.5.2-2ubuntu0~16.04.13+esm5 libpython3.5-minimal - 3.5.2-2ubuntu0~16.04.13+esm5 python3.5-venv - 3.5.2-2ubuntu0~16.04.13+esm5 python3.5 - 3.5.2-2ubuntu0~16.04.13+esm5 python3.5-minimal - 3.5.2-2ubuntu0~16.04.13+esm5 python3.5-doc - 3.5.2-2ubuntu0~16.04.13+esm5 libpython3.5-testsuite - 3.5.2-2ubuntu0~16.04.13+esm5 libpython3.5 - 3.5.2-2ubuntu0~16.04.13+esm5 python3.5-examples - 3.5.2-2ubuntu0~16.04.13+esm5 python3.5-dev - 3.5.2-2ubuntu0~16.04.13+esm5 idle-python3.5 - 3.5.2-2ubuntu0~16.04.13+esm5 libpython3.5-dev - 3.5.2-2ubuntu0~16.04.13+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2021-28861 Ubuntu 16.04 LTS It was discovered that SoS incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-5636-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sosreport - 3.9.1-1ubuntu0.16.04.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-2806 Ubuntu 16.04 LTS It was discovered that libvpx incorrectly handled certain WebM media files. A remote attacker could use this issue to crash an application using libvpx under certain conditions, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-5637-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvpx-dev - 1.5.0-2ubuntu1.1+esm1 vpx-tools - 1.5.0-2ubuntu1.1+esm1 libvpx-doc - 1.5.0-2ubuntu1.1+esm1 libvpx3 - 1.5.0-2ubuntu1.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2020-0034 Ubuntu 16.04 LTS Rhodri James discovered that Expat incorrectly handled memory when processing certain malformed XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5638-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lib64expat1-dev - 2.1.0-7ubuntu0.16.04.5+esm6 expat - 2.1.0-7ubuntu0.16.04.5+esm6 libexpat1-dev - 2.1.0-7ubuntu0.16.04.5+esm6 libexpat1 - 2.1.0-7ubuntu0.16.04.5+esm6 lib64expat1 - 2.1.0-7ubuntu0.16.04.5+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-40674 Ubuntu 16.04 LTS USN-5638-1 fixed a vulnerability in Expat. This update provides the corresponding updates for Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-43680) This update also fixes a minor regression introduced in Ubuntu 18.04 LTS. We apologize for the inconvenience. Original advisory details: Rhodri James discovered that Expat incorrectly handled memory when processing certain malformed XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5638-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lib64expat1-dev - 2.1.0-7ubuntu0.16.04.5+esm7 expat - 2.1.0-7ubuntu0.16.04.5+esm7 libexpat1-dev - 2.1.0-7ubuntu0.16.04.5+esm7 libexpat1 - 2.1.0-7ubuntu0.16.04.5+esm7 lib64expat1 - 2.1.0-7ubuntu0.16.04.5+esm7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-43680 Ubuntu 16.04 LTS Jacob Champion discovered that PostgreSQL incorrectly handled SSL certificate verification and encryption. A remote attacker could possibly use this issue to inject arbitrary SQL queries when a connection is first established. (CVE-2021-23214) Tom Lane discovered that PostgreSQL incorrect handled certain array subscripting calculations. An authenticated attacker could possibly use this issue to overwrite server memory and escalate privileges. (CVE-2021-32027) Update Instructions: Run `sudo pro fix USN-5645-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-doc-9.5 - 9.5.25-0ubuntu0.16.04.1+esm1 postgresql-plperl-9.5 - 9.5.25-0ubuntu0.16.04.1+esm1 postgresql-server-dev-9.5 - 9.5.25-0ubuntu0.16.04.1+esm1 postgresql-9.5 - 9.5.25-0ubuntu0.16.04.1+esm1 postgresql-plpython-9.5 - 9.5.25-0ubuntu0.16.04.1+esm1 libecpg6 - 9.5.25-0ubuntu0.16.04.1+esm1 postgresql-client-9.5 - 9.5.25-0ubuntu0.16.04.1+esm1 libpq5 - 9.5.25-0ubuntu0.16.04.1+esm1 postgresql-contrib-9.5 - 9.5.25-0ubuntu0.16.04.1+esm1 libpgtypes3 - 9.5.25-0ubuntu0.16.04.1+esm1 libecpg-dev - 9.5.25-0ubuntu0.16.04.1+esm1 postgresql-pltcl-9.5 - 9.5.25-0ubuntu0.16.04.1+esm1 libpq-dev - 9.5.25-0ubuntu0.16.04.1+esm1 postgresql-plpython3-9.5 - 9.5.25-0ubuntu0.16.04.1+esm1 libecpg-compat3 - 9.5.25-0ubuntu0.16.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-23214 CVE-2021-32027 Ubuntu 16.04 LTS Tobias Stoeckmann discovered that libXi did not properly manage memory when handling X server responses. A remote attacker could use this issue to cause libXi to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-5646-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxi6 - 2:1.7.6-1ubuntu0.1~esm1 libxi-dev - 2:1.7.6-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2016-7945 CVE-2016-7946 Ubuntu 16.04 LTS It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33655) It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33656) Christian Brauner discovered that the XFS file system implementation in the Linux kernel did not properly handle setgid file creation. A local attacker could use this to gain elevated privileges. (CVE-2021-4037) It was discovered that the ext4 file system implementation in the Linux kernel did not properly initialize memory in some situations. A privileged local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-0850) Duoming Zhou discovered that the AX.25 amateur radio protocol implementation in the Linux kernel did not handle detach events properly in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1199) Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol implementation in the Linux kernel during device detach operations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1204) Norbert Slusarek discovered that a race condition existed in the perf subsystem in the Linux kernel, resulting in a use-after-free vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1729) It was discovered that the Packet network protocol implementation in the Linux kernel contained an out-of-bounds access. A remote attacker could use this to expose sensitive information (kernel memory). (CVE-2022-20368) It was discovered that the Open vSwitch implementation in the Linux kernel contained an out of bounds write vulnerability in certain situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2639) Jann Horn discovered that the ASIX AX88179/178A USB Ethernet driver in the Linux kernel contained multiple out-of-bounds vulnerabilities. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2964) Hao Sun and Jiacheng Xu discovered that the NILFS file system implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2978) Abhishek Shah discovered a race condition in the PF_KEYv2 implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2022-3028) It was discovered that the Journaled File System (JFS) in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3202) Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter subsystem in the Linux kernel did not properly handle rules that truncated packets below the packet header size. When such rules are in place, a remote attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-36946) Update Instructions: Run `sudo pro fix USN-5650-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-headers-4.4.0-1114-kvm - 4.4.0-1114.124 linux-buildinfo-4.4.0-1114-kvm - 4.4.0-1114.124 linux-modules-4.4.0-1114-kvm - 4.4.0-1114.124 linux-kvm-tools-4.4.0-1114 - 4.4.0-1114.124 linux-kvm-cloud-tools-4.4.0-1114 - 4.4.0-1114.124 linux-image-4.4.0-1114-kvm - 4.4.0-1114.124 linux-cloud-tools-4.4.0-1114-kvm - 4.4.0-1114.124 linux-tools-4.4.0-1114-kvm - 4.4.0-1114.124 linux-kvm-headers-4.4.0-1114 - 4.4.0-1114.124 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-headers-4.4.0-1151 - 4.4.0-1151.166 linux-buildinfo-4.4.0-1151-aws - 4.4.0-1151.166 linux-cloud-tools-4.4.0-1151-aws - 4.4.0-1151.166 linux-aws-cloud-tools-4.4.0-1151 - 4.4.0-1151.166 linux-aws-tools-4.4.0-1151 - 4.4.0-1151.166 linux-headers-4.4.0-1151-aws - 4.4.0-1151.166 linux-modules-4.4.0-1151-aws - 4.4.0-1151.166 linux-image-4.4.0-1151-aws - 4.4.0-1151.166 linux-tools-4.4.0-1151-aws - 4.4.0-1151.166 linux-modules-extra-4.4.0-1151-aws - 4.4.0-1151.166 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-common - 4.4.0-234.268 linux-cloud-tools-4.4.0-234-generic - 4.4.0-234.268 linux-tools-4.4.0-234 - 4.4.0-234.268 linux-tools-host - 4.4.0-234.268 linux-source-4.4.0 - 4.4.0-234.268 linux-doc - 4.4.0-234.268 linux-cloud-tools-4.4.0-234-lowlatency - 4.4.0-234.268 linux-headers-4.4.0-234-generic - 4.4.0-234.268 linux-image-4.4.0-234-lowlatency - 4.4.0-234.268 linux-tools-4.4.0-234-generic - 4.4.0-234.268 linux-libc-dev - 4.4.0-234.268 linux-cloud-tools-4.4.0-234 - 4.4.0-234.268 linux-modules-4.4.0-234-generic - 4.4.0-234.268 linux-image-4.4.0-234-generic - 4.4.0-234.268 linux-buildinfo-4.4.0-234-lowlatency - 4.4.0-234.268 linux-buildinfo-4.4.0-234-generic - 4.4.0-234.268 linux-modules-4.4.0-234-lowlatency - 4.4.0-234.268 linux-tools-4.4.0-234-lowlatency - 4.4.0-234.268 linux-cloud-tools-common - 4.4.0-234.268 linux-modules-extra-4.4.0-234-generic - 4.4.0-234.268 linux-image-unsigned-4.4.0-234-generic - 4.4.0-234.268 linux-headers-4.4.0-234-lowlatency - 4.4.0-234.268 linux-headers-4.4.0-234 - 4.4.0-234.268 linux-image-unsigned-4.4.0-234-lowlatency - 4.4.0-234.268 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-kvm - 4.4.0.1114.111 linux-headers-kvm - 4.4.0.1114.111 linux-tools-kvm - 4.4.0.1114.111 linux-image-kvm - 4.4.0.1114.111 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-aws - 4.4.0.1151.155 linux-image-aws - 4.4.0.1151.155 linux-aws - 4.4.0.1151.155 linux-modules-extra-aws - 4.4.0.1151.155 linux-tools-aws - 4.4.0.1151.155 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-image-generic-lts-utopic - 4.4.0.234.240 linux-cloud-tools-generic-lts-wily - 4.4.0.234.240 linux-cloud-tools-virtual-lts-xenial - 4.4.0.234.240 linux-cloud-tools-virtual - 4.4.0.234.240 linux-cloud-tools-virtual-lts-utopic - 4.4.0.234.240 linux-tools-generic-lts-vivid - 4.4.0.234.240 linux-image-extra-virtual-lts-xenial - 4.4.0.234.240 linux-image-extra-virtual-lts-wily - 4.4.0.234.240 linux-headers-lowlatency-lts-wily - 4.4.0.234.240 linux-tools-virtual-lts-vivid - 4.4.0.234.240 linux-image-virtual - 4.4.0.234.240 linux-tools-virtual-lts-wily - 4.4.0.234.240 linux-image-lowlatency-lts-vivid - 4.4.0.234.240 linux-tools-lowlatency-lts-vivid - 4.4.0.234.240 linux-cloud-tools-generic-lts-utopic - 4.4.0.234.240 linux-headers-virtual-lts-vivid - 4.4.0.234.240 linux-image-lowlatency-lts-wily - 4.4.0.234.240 linux-image-generic - 4.4.0.234.240 linux-tools-lowlatency - 4.4.0.234.240 linux-image-lowlatency-lts-xenial - 4.4.0.234.240 linux-tools-virtual-lts-xenial - 4.4.0.234.240 linux-signed-lowlatency-lts-wily - 4.4.0.234.240 linux-image-extra-virtual-lts-vivid - 4.4.0.234.240 linux-image-generic-lts-wily - 4.4.0.234.240 linux-virtual-lts-utopic - 4.4.0.234.240 linux-signed-generic-lts-wily - 4.4.0.234.240 linux-cloud-tools-lowlatency-lts-wily - 4.4.0.234.240 linux-image-extra-virtual-lts-utopic - 4.4.0.234.240 linux-signed-generic-lts-utopic - 4.4.0.234.240 linux-tools-lowlatency-lts-xenial - 4.4.0.234.240 linux-headers-generic-lts-xenial - 4.4.0.234.240 linux-signed-generic-lts-vivid - 4.4.0.234.240 linux-crashdump - 4.4.0.234.240 linux-virtual-lts-vivid - 4.4.0.234.240 linux-signed-lowlatency-lts-xenial - 4.4.0.234.240 linux-headers-lowlatency-lts-vivid - 4.4.0.234.240 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.234.240 linux-lowlatency-lts-xenial - 4.4.0.234.240 linux-signed-generic-lts-xenial - 4.4.0.234.240 linux-signed-image-generic - 4.4.0.234.240 linux-lowlatency - 4.4.0.234.240 linux-cloud-tools-lowlatency-lts-vivid - 4.4.0.234.240 linux-generic-lts-xenial - 4.4.0.234.240 linux-headers-generic-lts-wily - 4.4.0.234.240 linux-tools-virtual - 4.4.0.234.240 linux-hwe-generic-trusty - 4.4.0.234.240 linux-virtual - 4.4.0.234.240 linux-cloud-tools-generic-lts-vivid - 4.4.0.234.240 linux-tools-generic-lts-utopic - 4.4.0.234.240 linux-cloud-tools-lowlatency-lts-utopic - 4.4.0.234.240 linux-signed-image-generic-lts-vivid - 4.4.0.234.240 linux-image-virtual-lts-xenial - 4.4.0.234.240 linux-image-virtual-lts-vivid - 4.4.0.234.240 linux-virtual-lts-xenial - 4.4.0.234.240 linux-cloud-tools-virtual-lts-vivid - 4.4.0.234.240 linux-tools-lowlatency-lts-utopic - 4.4.0.234.240 linux-signed-image-generic-lts-wily - 4.4.0.234.240 linux-cloud-tools-generic-lts-xenial - 4.4.0.234.240 linux-signed-image-lowlatency-lts-xenial - 4.4.0.234.240 linux-image-generic-lts-vivid - 4.4.0.234.240 linux-generic - 4.4.0.234.240 linux-tools-generic-lts-wily - 4.4.0.234.240 linux-tools-virtual-lts-utopic - 4.4.0.234.240 linux-headers-lowlatency - 4.4.0.234.240 linux-lowlatency-lts-vivid - 4.4.0.234.240 linux-generic-lts-wily - 4.4.0.234.240 linux-image-hwe-virtual-trusty - 4.4.0.234.240 linux-signed-image-generic-lts-xenial - 4.4.0.234.240 linux-generic-lts-vivid - 4.4.0.234.240 linux-tools-lowlatency-lts-wily - 4.4.0.234.240 linux-headers-virtual-lts-xenial - 4.4.0.234.240 linux-headers-lowlatency-lts-utopic - 4.4.0.234.240 linux-tools-generic - 4.4.0.234.240 linux-source - 4.4.0.234.240 linux-image-extra-virtual - 4.4.0.234.240 linux-cloud-tools-generic - 4.4.0.234.240 linux-tools-generic-lts-xenial - 4.4.0.234.240 linux-headers-generic-lts-utopic - 4.4.0.234.240 linux-cloud-tools-virtual-lts-wily - 4.4.0.234.240 linux-cloud-tools-lowlatency - 4.4.0.234.240 linux-lowlatency-lts-utopic - 4.4.0.234.240 linux-signed-image-lowlatency - 4.4.0.234.240 linux-hwe-virtual-trusty - 4.4.0.234.240 linux-image-generic-lts-utopic - 4.4.0.234.240 linux-image-virtual-lts-wily - 4.4.0.234.240 linux-signed-generic - 4.4.0.234.240 linux-lowlatency-lts-wily - 4.4.0.234.240 linux-image-virtual-lts-utopic - 4.4.0.234.240 linux-headers-generic - 4.4.0.234.240 linux-generic-lts-utopic - 4.4.0.234.240 linux-headers-lowlatency-lts-xenial - 4.4.0.234.240 linux-image-hwe-generic-trusty - 4.4.0.234.240 linux-signed-image-lowlatency-lts-wily - 4.4.0.234.240 linux-headers-generic-lts-vivid - 4.4.0.234.240 linux-headers-virtual - 4.4.0.234.240 linux-image-generic-lts-xenial - 4.4.0.234.240 linux-virtual-lts-wily - 4.4.0.234.240 linux-headers-virtual-lts-utopic - 4.4.0.234.240 linux-headers-virtual-lts-wily - 4.4.0.234.240 linux-tools-lts-utopic - 4.4.0.234.240 linux-signed-lowlatency - 4.4.0.234.240 linux-image-lowlatency-lts-utopic - 4.4.0.234.240 linux-image-lowlatency - 4.4.0.234.240 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-33655 CVE-2021-33656 CVE-2021-4037 CVE-2022-0850 CVE-2022-1199 CVE-2022-1204 CVE-2022-1729 CVE-2022-20368 CVE-2022-2639 CVE-2022-2964 CVE-2022-2978 CVE-2022-3028 CVE-2022-3202 CVE-2022-36946 Ubuntu 16.04 LTS USN-5651-1 fixed a vulnerability in strongSwan. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Lahav Schlesinger discovered that strongSwan incorrectly handled certain OCSP URIs and and CRL distribution points (CDP) in certificates. A remote attacker could possibly use this issue to initiate IKE_SAs and send crafted certificates that contain URIs pointing to servers under their control, which can lead to a denial-of-service attack. Update Instructions: Run `sudo pro fix USN-5651-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: strongswan-plugin-xauth-pam - 5.3.5-1ubuntu3.8+esm3 libcharon-extra-plugins - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-eap-simaka-pseudonym - 5.3.5-1ubuntu3.8+esm3 libstrongswan-extra-plugins - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-xauth-noauth - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-farp - 5.3.5-1ubuntu3.8+esm3 strongswan-charon - 5.3.5-1ubuntu3.8+esm3 strongswan-ikev1 - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-gcrypt - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-sshkey - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-error-notify - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-ipseckey - 5.3.5-1ubuntu3.8+esm3 strongswan-tnc-ifmap - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-coupling - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-xauth-generic - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-lookip - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-eap-ttls - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-af-alg - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-eap-aka-3gpp2 - 5.3.5-1ubuntu3.8+esm3 strongswan-ike - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-dnskey - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-eap-aka - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-eap-sim-file - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-unbound - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-eap-simaka-sql - 5.3.5-1ubuntu3.8+esm3 libstrongswan-standard-plugins - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-sqlite - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-duplicheck - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-ntru - 5.3.5-1ubuntu3.8+esm3 strongswan-tnc-server - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-attr-sql - 5.3.5-1ubuntu3.8+esm3 strongswan-tnc-base - 5.3.5-1ubuntu3.8+esm3 strongswan - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-eap-peap - 5.3.5-1ubuntu3.8+esm3 strongswan-starter - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-curl - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-radattr - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-eap-mschapv2 - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-eap-dynamic - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-eap-gtc - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-eap-tls - 5.3.5-1ubuntu3.8+esm3 strongswan-nm - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-eap-tnc - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-eap-radius - 5.3.5-1ubuntu3.8+esm3 strongswan-ikev2 - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-mysql - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-eap-simaka-reauth - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-openssl - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-dnscert - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-pubkey - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-eap-md5 - 5.3.5-1ubuntu3.8+esm3 charon-cmd - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-whitelist - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-fips-prf - 5.3.5-1ubuntu3.8+esm3 strongswan-libcharon - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-soup - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-sql - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-ldap - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-certexpire - 5.3.5-1ubuntu3.8+esm3 strongswan-tnc-pdp - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-unity - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-eap-sim - 5.3.5-1ubuntu3.8+esm3 strongswan-tnc-client - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-xauth-eap - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-dhcp - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-eap-sim-pcsc - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-gmp - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-agent - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-kernel-libipsec - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-load-tester - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-pgp - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-led - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-pkcs11 - 5.3.5-1ubuntu3.8+esm3 strongswan-plugin-systime-fix - 5.3.5-1ubuntu3.8+esm3 libstrongswan - 5.3.5-1ubuntu3.8+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-40617 Ubuntu 16.04 LTS It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33655) Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter subsystem in the Linux kernel did not properly handle rules that truncated packets below the packet header size. When such rules are in place, a remote attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-36946) Update Instructions: Run `sudo pro fix USN-5652-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-azure-tools-4.15.0-1151 - 4.15.0-1151.166~16.04.1 linux-headers-4.15.0-1151-azure - 4.15.0-1151.166~16.04.1 linux-modules-4.15.0-1151-azure - 4.15.0-1151.166~16.04.1 linux-modules-extra-4.15.0-1151-azure - 4.15.0-1151.166~16.04.1 linux-azure-headers-4.15.0-1151 - 4.15.0-1151.166~16.04.1 linux-image-unsigned-4.15.0-1151-azure - 4.15.0-1151.166~16.04.1 linux-azure-cloud-tools-4.15.0-1151 - 4.15.0-1151.166~16.04.1 linux-buildinfo-4.15.0-1151-azure - 4.15.0-1151.166~16.04.1 linux-cloud-tools-4.15.0-1151-azure - 4.15.0-1151.166~16.04.1 linux-tools-4.15.0-1151-azure - 4.15.0-1151.166~16.04.1 linux-image-4.15.0-1151-azure - 4.15.0-1151.166~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1151.138 linux-tools-azure-edge - 4.15.0.1151.138 linux-azure - 4.15.0.1151.138 linux-signed-image-azure-edge - 4.15.0.1151.138 linux-image-azure - 4.15.0.1151.138 linux-signed-image-azure - 4.15.0.1151.138 linux-cloud-tools-azure-edge - 4.15.0.1151.138 linux-tools-azure - 4.15.0.1151.138 linux-headers-azure-edge - 4.15.0.1151.138 linux-image-azure-edge - 4.15.0.1151.138 linux-headers-azure - 4.15.0.1151.138 linux-modules-extra-azure - 4.15.0.1151.138 linux-azure-edge - 4.15.0.1151.138 linux-modules-extra-azure-edge - 4.15.0.1151.138 linux-signed-azure-edge - 4.15.0.1151.138 linux-cloud-tools-azure - 4.15.0.1151.138 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-33655 CVE-2022-36946 Ubuntu 16.04 LTS Joseph Yasi discovered that JACK incorrectly handled the closing of a socket in certain conditions. An attacker could potentially use this issue to cause a crash. Update Instructions: Run `sudo pro fix USN-5656-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: jackd2 - 1.9.10+20150825git1ed50c92~dfsg-1ubuntu1+esm1 jackd2-firewire - 1.9.10+20150825git1ed50c92~dfsg-1ubuntu1+esm1 libjack-jackd2-0 - 1.9.10+20150825git1ed50c92~dfsg-1ubuntu1+esm1 libjack-jackd2-dev - 1.9.10+20150825git1ed50c92~dfsg-1ubuntu1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2019-13351 Ubuntu 16.04 LTS It was discovered that Graphite2 mishandled specially crafted files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. Update Instructions: Run `sudo pro fix USN-5657-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgraphite2-doc - 1.3.10-0ubuntu0.16.04.1+esm1 libgraphite2-3 - 1.3.10-0ubuntu0.16.04.1+esm1 libgraphite2-dev - 1.3.10-0ubuntu0.16.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2018-7999 Ubuntu 16.04 LTS USN-5658-1 fixed vulnerabilities in DHCP. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: It was discovered that DHCP incorrectly handled option reference counting. A remote attacker could possibly use this issue to cause DHCP servers to crash, resulting in a denial of service. (CVE-2022-2928) It was discovered that DHCP incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause DHCP clients and servers to consume resources, leading to a denial of service. (CVE-2022-2929) Update Instructions: Run `sudo pro fix USN-5658-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: isc-dhcp-dev - 4.3.3-5ubuntu12.10+esm2 isc-dhcp-client-ddns - 4.3.3-5ubuntu12.10+esm2 isc-dhcp-relay - 4.3.3-5ubuntu12.10+esm2 isc-dhcp-client - 4.3.3-5ubuntu12.10+esm2 isc-dhcp-common - 4.3.3-5ubuntu12.10+esm2 isc-dhcp-server - 4.3.3-5ubuntu12.10+esm2 isc-dhcp-server-ldap - 4.3.3-5ubuntu12.10+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-2928 CVE-2022-2929 Ubuntu 16.04 LTS It was discovered that Oniguruma incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information or other unspecified impact. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2019-16163, CVE-2019-19012, CVE-2019-19204, CVE-2019-19246) It was discovered that Oniguruma incorrectly handled memory when using certain UChar pointers. An attacker could possibly use this issue to cause a denial of service or sensitive information disclosure. (CVE-2019-19203) Update Instructions: Run `sudo pro fix USN-5662-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libonig2 - 5.9.6-1ubuntu0.1+esm3 libonig-dev - 5.9.6-1ubuntu0.1+esm3 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-16163 CVE-2019-19012 CVE-2019-19203 CVE-2019-19204 CVE-2019-19246 Ubuntu 16.04 LTS It was discovered that OpenJPEG did not properly handle PNM headers, resulting in a null pointer dereference. A remote attacker could possibly use this issue to cause a denial of service (DoS). (CVE-2016-7445) It was discovered that OpenJPEG incorrectly handled certain image files resulting in division by zero. A remote attacker could possibly use this issue to cause a denial of service (DoS). (CVE-2016-9112 and CVE-2016-10506) It was discovered that OpenJPEG incorrectly handled converting certain image files resulting in a stack buffer overflow. A remote attacker could possibly use this issue to cause a denial of service (DoS). (CVE-2017-17479) It was discovered that OpenJPEG incorrectly handled converting PNM image files resulting in a null pointer dereference. A remote attacker could possibly use this issue to cause a denial of service (DoS). (CVE-2018-18088) It was discovered that OpenJPEG incorrectly handled converting DWT images files resulting in a buffer overflow. A remote attacker could possibly use this issue to cause a denial of service (DoS). (CVE-2020-27824) Update Instructions: Run `sudo pro fix USN-5664-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libopenjpeg-java - 1:1.5.2-3.1ubuntu0.1~esm2 openjpip-dec-server - 1:1.5.2-3.1ubuntu0.1~esm2 libopenjpeg-dev - 1:1.5.2-3.1ubuntu0.1~esm2 libopenjpeg5 - 1:1.5.2-3.1ubuntu0.1~esm2 openjpip-server - 1:1.5.2-3.1ubuntu0.1~esm2 openjpip-viewer-xerces - 1:1.5.2-3.1ubuntu0.1~esm2 openjpeg-tools - 1:1.5.2-3.1ubuntu0.1~esm2 openjpip-viewer - 1:1.5.2-3.1ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2016-10506 CVE-2016-7445 CVE-2016-9112 CVE-2017-17479 CVE-2018-18088 CVE-2020-27824 Ubuntu 16.04 LTS It was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service. (CVE-2017-6004) It was discovered that PCRE incorrectly handled certain Unicode encoding. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service. (CVE-2017-7186) Update Instructions: Run `sudo pro fix USN-5665-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: pcregrep - 2:8.38-3.1ubuntu0.1~esm2 libpcre3-dev - 2:8.38-3.1ubuntu0.1~esm2 libpcre3 - 2:8.38-3.1ubuntu0.1~esm2 libpcrecpp0v5 - 2:8.38-3.1ubuntu0.1~esm2 libpcre16-3 - 2:8.38-3.1ubuntu0.1~esm2 libpcre32-3 - 2:8.38-3.1ubuntu0.1~esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2017-6004 CVE-2017-7186 Ubuntu 16.04 LTS It was discovered that OpenSSH incorrectly handled certain helper programs. An attacker could possibly use this issue to arbitrary code execution. Update Instructions: Run `sudo pro fix USN-5666-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssh-client - 1:7.2p2-4ubuntu2.10+esm2 ssh-askpass-gnome - 1:7.2p2-4ubuntu2.10+esm2 openssh-server - 1:7.2p2-4ubuntu2.10+esm2 openssh-client-ssh1 - 1:7.2p2-4ubuntu2.10+esm2 ssh - 1:7.2p2-4ubuntu2.10+esm2 ssh-krb5 - 1:7.2p2-4ubuntu2.10+esm2 openssh-sftp-server - 1:7.2p2-4ubuntu2.10+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2021-41617 Ubuntu 16.04 LTS It was discovered that the SUNRPC RDMA protocol implementation in the Linux kernel did not properly calculate the header size of a RPC message payload. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-0812) Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information. (CVE-2022-1012, CVE-2022-32296) Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-2318) Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-26365) Roger Pau Monné discovered that the Xen paravirtualization frontend in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-33740) It was discovered that the Xen paravirtualization frontend in the Linux kernel incorrectly shared unrelated data when communicating with certain backends. A local attacker could use this to cause a denial of service (guest crash) or expose sensitive information (guest kernel memory). (CVE-2022-33741, CVE-2022-33742) Oleksandr Tyshchenko discovered that the Xen paravirtualization platform in the Linux kernel on ARM platforms contained a race condition in certain situations. An attacker in a guest VM could use this to cause a denial of service in the host OS. (CVE-2022-33744) Update Instructions: Run `sudo pro fix USN-5669-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-extra-4.15.0-1107-oracle - 4.15.0-1107.118~16.04.1 linux-oracle-headers-4.15.0-1107 - 4.15.0-1107.118~16.04.1 linux-oracle-tools-4.15.0-1107 - 4.15.0-1107.118~16.04.1 linux-headers-4.15.0-1107-oracle - 4.15.0-1107.118~16.04.1 linux-modules-4.15.0-1107-oracle - 4.15.0-1107.118~16.04.1 linux-buildinfo-4.15.0-1107-oracle - 4.15.0-1107.118~16.04.1 linux-image-unsigned-4.15.0-1107-oracle - 4.15.0-1107.118~16.04.1 linux-tools-4.15.0-1107-oracle - 4.15.0-1107.118~16.04.1 linux-image-4.15.0-1107-oracle - 4.15.0-1107.118~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.15.0-194-generic - 4.15.0-194.205~16.04.1 linux-modules-extra-4.15.0-194-generic - 4.15.0-194.205~16.04.1 linux-modules-4.15.0-194-generic - 4.15.0-194.205~16.04.1 linux-headers-4.15.0-194-generic - 4.15.0-194.205~16.04.1 linux-headers-4.15.0-194-lowlatency - 4.15.0-194.205~16.04.1 linux-hwe-tools-4.15.0-194 - 4.15.0-194.205~16.04.1 linux-cloud-tools-4.15.0-194-generic - 4.15.0-194.205~16.04.1 linux-headers-4.15.0-194 - 4.15.0-194.205~16.04.1 linux-tools-4.15.0-194-generic - 4.15.0-194.205~16.04.1 linux-cloud-tools-4.15.0-194-lowlatency - 4.15.0-194.205~16.04.1 linux-image-unsigned-4.15.0-194-generic - 4.15.0-194.205~16.04.1 linux-image-4.15.0-194-lowlatency - 4.15.0-194.205~16.04.1 linux-tools-4.15.0-194-lowlatency - 4.15.0-194.205~16.04.1 linux-image-unsigned-4.15.0-194-lowlatency - 4.15.0-194.205~16.04.1 linux-source-4.15.0 - 4.15.0-194.205~16.04.1 linux-buildinfo-4.15.0-194-generic - 4.15.0-194.205~16.04.1 linux-modules-4.15.0-194-lowlatency - 4.15.0-194.205~16.04.1 linux-buildinfo-4.15.0-194-lowlatency - 4.15.0-194.205~16.04.1 linux-hwe-cloud-tools-4.15.0-194 - 4.15.0-194.205~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 4.15.0.1107.91 linux-image-oracle - 4.15.0.1107.91 linux-signed-oracle - 4.15.0.1107.91 linux-tools-oracle - 4.15.0.1107.91 linux-signed-image-oracle - 4.15.0.1107.91 linux-oracle - 4.15.0.1107.91 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.194.181 linux-tools-oem - 4.15.0.194.181 linux-lowlatency-hwe-16.04-edge - 4.15.0.194.181 linux-image-virtual-hwe-16.04-edge - 4.15.0.194.181 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.194.181 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.194.181 linux-signed-generic-hwe-16.04-edge - 4.15.0.194.181 linux-image-generic-hwe-16.04-edge - 4.15.0.194.181 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.194.181 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.194.181 linux-headers-oem - 4.15.0.194.181 linux-virtual-hwe-16.04-edge - 4.15.0.194.181 linux-tools-lowlatency-hwe-16.04 - 4.15.0.194.181 linux-tools-generic-hwe-16.04 - 4.15.0.194.181 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.194.181 linux-signed-lowlatency-hwe-16.04 - 4.15.0.194.181 linux-image-extra-virtual-hwe-16.04 - 4.15.0.194.181 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.194.181 linux-signed-oem - 4.15.0.194.181 linux-headers-virtual-hwe-16.04 - 4.15.0.194.181 linux-signed-generic-hwe-16.04 - 4.15.0.194.181 linux-signed-image-generic-hwe-16.04 - 4.15.0.194.181 linux-image-virtual-hwe-16.04 - 4.15.0.194.181 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.194.181 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.194.181 linux-image-oem - 4.15.0.194.181 linux-headers-lowlatency-hwe-16.04 - 4.15.0.194.181 linux-headers-virtual-hwe-16.04-edge - 4.15.0.194.181 linux-lowlatency-hwe-16.04 - 4.15.0.194.181 linux-headers-generic-hwe-16.04 - 4.15.0.194.181 linux-generic-hwe-16.04-edge - 4.15.0.194.181 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.194.181 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.194.181 linux-signed-image-oem - 4.15.0.194.181 linux-generic-hwe-16.04 - 4.15.0.194.181 linux-tools-virtual-hwe-16.04-edge - 4.15.0.194.181 linux-image-lowlatency-hwe-16.04 - 4.15.0.194.181 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.194.181 linux-headers-generic-hwe-16.04-edge - 4.15.0.194.181 linux-tools-generic-hwe-16.04-edge - 4.15.0.194.181 linux-oem - 4.15.0.194.181 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.194.181 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.194.181 linux-tools-virtual-hwe-16.04 - 4.15.0.194.181 linux-virtual-hwe-16.04 - 4.15.0.194.181 linux-image-generic-hwe-16.04 - 4.15.0.194.181 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-0812 CVE-2022-1012 CVE-2022-2318 CVE-2022-26365 CVE-2022-32296 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33744 Ubuntu 16.04 LTS It was discovered that AdvanceCOMP did not properly manage memory of function be_uint32_read() under certain circumstances. If a user were tricked into opening a specially crafted binary file, a remote attacker could possibly use this issue to cause AdvanceCOMP to crash, resulting in a denial of service. (CVE-2019-8379) It was discovered that AdvanceCOMP did not properly manage memory of function adv_png_unfilter_8() under certain circumstances. If a user were tricked into opening a specially crafted PNG file, a remote attacker could possibly use this issue to cause AdvanceCOMP to crash, resulting in a denial of service. (CVE-2019-8383) Update Instructions: Run `sudo pro fix USN-5671-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: advancecomp - 1.20-1ubuntu0.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2019-8379 CVE-2019-8383 Ubuntu 16.04 LTS It was discovered that GMP did not properly manage memory on 32-bit platforms when processing a specially crafted input. An attacker could possibly use this issue to cause applications using GMP to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-5672-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgmp10-doc - 2:6.1.0+dfsg-2ubuntu0.1~esm1 libgmpxx4ldbl - 2:6.1.0+dfsg-2ubuntu0.1~esm1 libgmp3-dev - 2:6.1.0+dfsg-2ubuntu0.1~esm1 libgmp10 - 2:6.1.0+dfsg-2ubuntu0.1~esm1 libgmp-dev - 2:6.1.0+dfsg-2ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2021-43618 Ubuntu 16.04 LTS It was discovered that unzip did not properly handle unicode strings under certain circumstances. If a user were tricked into opening a specially crafted zip file, an attacker could possibly use this issue to cause unzip to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-4217) It was discovered that unzip did not properly perform bounds checking while converting wide strings to local strings. If a user were tricked into opening a specially crafted zip file, an attacker could possibly use this issue to cause unzip to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-0529, CVE-2022-0530) Update Instructions: Run `sudo pro fix USN-5673-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: unzip - 6.0-20ubuntu1.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-4217 CVE-2022-0529 CVE-2022-0530 https://launchpad.net/bugs/1957077 Ubuntu 16.04 LTS It was discovered that XML Security Library incorrectly handled certain input documents. An attacker could possibly use this issue to obtain sensitive information or cause a denial of service. Update Instructions: Run `sudo pro fix USN-5674-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxmlsec1-nss - 1.2.20-2ubuntu4+esm1 libxmlsec1-gnutls - 1.2.20-2ubuntu4+esm1 libxmlsec1 - 1.2.20-2ubuntu4+esm1 libxmlsec1-openssl - 1.2.20-2ubuntu4+esm1 xmlsec1 - 1.2.20-2ubuntu4+esm1 libxmlsec1-dev - 1.2.20-2ubuntu4+esm1 libxmlsec1-gcrypt - 1.2.20-2ubuntu4+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2017-1000061 Ubuntu 16.04 LTS Isaac Boukris and Andrew Bartlett discovered that Heimdal's KDC was not properly performing checksum algorithm verifications in the S4U2Self extension module. An attacker could possibly use this issue to perform a machine-in-the-middle attack and request S4U2Self tickets for any user known by the application. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2018-16860) It was discovered that Heimdal was not properly handling the verification of key exchanges when an anonymous PKINIT was being used. An attacker could possibly use this issue to perform a machine-in-the-middle attack and expose sensitive information. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2019-12098) Joseph Sutton discovered that Heimdal was not properly handling memory management operations when dealing with TGS-REQ tickets that were missing information. An attacker could possibly use this issue to cause a denial of service. (CVE-2021-3671) Michał Kępień discovered that Heimdal was not properly handling logical conditions that related to memory management operations. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-3116) Update Instructions: Run `sudo pro fix USN-5675-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libhcrypto4-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1 libwind0-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1 libroken18-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1 libgssapi3-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1 heimdal-kcm - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1 libhdb9-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1 libasn1-8-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1 libsl0-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1 libkadm5clnt7-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1 heimdal-kdc - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1 libkdc2-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1 heimdal-servers - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1 libheimntlm0-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1 heimdal-docs - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1 libheimbase1-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1 libkrb5-26-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1 libotp0-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1 heimdal-dev - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1 libkafs0-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1 libhx509-5-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1 heimdal-multidev - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1 libkadm5srv8-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1 heimdal-clients - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-16860 CVE-2019-12098 CVE-2021-3671 CVE-2022-3116 Ubuntu 16.04 LTS Alexander Lakhin discovered that PostgreSQL incorrectly handled the security restricted operation sandbox when a privileged user is maintaining another user’s objects. An attacker having permission to create non-temp objects can use this issue to execute arbitrary commands as the superuser. Update Instructions: Run `sudo pro fix USN-5676-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-doc-9.5 - 9.5.25-0ubuntu0.16.04.1+esm2 postgresql-plperl-9.5 - 9.5.25-0ubuntu0.16.04.1+esm2 postgresql-server-dev-9.5 - 9.5.25-0ubuntu0.16.04.1+esm2 postgresql-9.5 - 9.5.25-0ubuntu0.16.04.1+esm2 postgresql-plpython-9.5 - 9.5.25-0ubuntu0.16.04.1+esm2 libecpg6 - 9.5.25-0ubuntu0.16.04.1+esm2 postgresql-client-9.5 - 9.5.25-0ubuntu0.16.04.1+esm2 libpq5 - 9.5.25-0ubuntu0.16.04.1+esm2 postgresql-contrib-9.5 - 9.5.25-0ubuntu0.16.04.1+esm2 libpgtypes3 - 9.5.25-0ubuntu0.16.04.1+esm2 libecpg-dev - 9.5.25-0ubuntu0.16.04.1+esm2 postgresql-pltcl-9.5 - 9.5.25-0ubuntu0.16.04.1+esm2 libpq-dev - 9.5.25-0ubuntu0.16.04.1+esm2 postgresql-plpython3-9.5 - 9.5.25-0ubuntu0.16.04.1+esm2 libecpg-compat3 - 9.5.25-0ubuntu0.16.04.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-1552 Ubuntu 16.04 LTS It was discovered that the SUNRPC RDMA protocol implementation in the Linux kernel did not properly calculate the header size of a RPC message payload. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-0812) Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information. (CVE-2022-1012, CVE-2022-32296) Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-2318) Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-26365) Roger Pau Monné discovered that the Xen paravirtualization frontend in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-33740) It was discovered that the Xen paravirtualization frontend in the Linux kernel incorrectly shared unrelated data when communicating with certain backends. A local attacker could use this to cause a denial of service (guest crash) or expose sensitive information (guest kernel memory). (CVE-2022-33741, CVE-2022-33742) Oleksandr Tyshchenko discovered that the Xen paravirtualization platform in the Linux kernel on ARM platforms contained a race condition in certain situations. An attacker in a guest VM could use this to cause a denial of service in the host OS. (CVE-2022-33744) Update Instructions: Run `sudo pro fix USN-5679-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-4.15.0-1142-aws - 4.15.0-1142.154~16.04.1 linux-cloud-tools-4.15.0-1142-aws - 4.15.0-1142.154~16.04.1 linux-image-4.15.0-1142-aws-hwe - 4.15.0-1142.154~16.04.1 linux-tools-4.15.0-1142-aws - 4.15.0-1142.154~16.04.1 linux-aws-hwe-tools-4.15.0-1142 - 4.15.0-1142.154~16.04.1 linux-aws-hwe-cloud-tools-4.15.0-1142 - 4.15.0-1142.154~16.04.1 linux-image-unsigned-4.15.0-1142-aws - 4.15.0-1142.154~16.04.1 linux-modules-extra-4.15.0-1142-aws - 4.15.0-1142.154~16.04.1 linux-headers-4.15.0-1142-aws - 4.15.0-1142.154~16.04.1 linux-buildinfo-4.15.0-1142-aws - 4.15.0-1142.154~16.04.1 linux-aws-headers-4.15.0-1142 - 4.15.0-1142.154~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-edge - 4.15.0.1142.129 linux-aws-hwe - 4.15.0.1142.129 linux-headers-aws-hwe - 4.15.0.1142.129 linux-modules-extra-aws-hwe - 4.15.0.1142.129 linux-tools-aws-hwe - 4.15.0.1142.129 linux-image-aws-hwe - 4.15.0.1142.129 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-0812 CVE-2022-1012 CVE-2022-2318 CVE-2022-26365 CVE-2022-32296 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33744 Ubuntu 16.04 LTS It was discovered that gThumb did not properly managed memory under certain circumstances. An attacker could possibly use this issue to cause gThumb to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-18718) It was discovered that gThumb did not properly managed memory when processing certain image files. If a user were tricked into opening a specially crafted JPEG file, an attacker could possibly use this issue to cause gThumb to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-20326) It was discovered that gThumb did not properly handled certain malformed image files. If a user were tricked into opening a specially crafted JPEG file, an attacker could possibly use this issue to cause gThumb to crash, resulting in a denial of service. (CVE-2020-36427) Update Instructions: Run `sudo pro fix USN-5681-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gthumb-dev - 3:3.4.3-1ubuntu0.1~esm1 gthumb-data - 3:3.4.3-1ubuntu0.1~esm1 gthumb - 3:3.4.3-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-18718 CVE-2019-20326 CVE-2020-36427 Ubuntu 16.04 LTS It was discovered that the SUNRPC RDMA protocol implementation in the Linux kernel did not properly calculate the header size of a RPC message payload. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-0812) Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information. (CVE-2022-1012, CVE-2022-32296) Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-2318) Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-26365) Roger Pau Monné discovered that the Xen paravirtualization frontend in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-33740) It was discovered that the Xen paravirtualization frontend in the Linux kernel incorrectly shared unrelated data when communicating with certain backends. A local attacker could use this to cause a denial of service (guest crash) or expose sensitive information (guest kernel memory). (CVE-2022-33741, CVE-2022-33742) Oleksandr Tyshchenko discovered that the Xen paravirtualization platform in the Linux kernel on ARM platforms contained a race condition in certain situations. An attacker in a guest VM could use this to cause a denial of service in the host OS. (CVE-2022-33744) Update Instructions: Run `sudo pro fix USN-5684-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-azure-tools-4.15.0-1153 - 4.15.0-1153.168~16.04.1 linux-cloud-tools-4.15.0-1153-azure - 4.15.0-1153.168~16.04.1 linux-azure-cloud-tools-4.15.0-1153 - 4.15.0-1153.168~16.04.1 linux-image-4.15.0-1153-azure - 4.15.0-1153.168~16.04.1 linux-tools-4.15.0-1153-azure - 4.15.0-1153.168~16.04.1 linux-image-unsigned-4.15.0-1153-azure - 4.15.0-1153.168~16.04.1 linux-azure-headers-4.15.0-1153 - 4.15.0-1153.168~16.04.1 linux-headers-4.15.0-1153-azure - 4.15.0-1153.168~16.04.1 linux-modules-extra-4.15.0-1153-azure - 4.15.0-1153.168~16.04.1 linux-modules-4.15.0-1153-azure - 4.15.0-1153.168~16.04.1 linux-buildinfo-4.15.0-1153-azure - 4.15.0-1153.168~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1153.140 linux-tools-azure-edge - 4.15.0.1153.140 linux-azure - 4.15.0.1153.140 linux-signed-image-azure-edge - 4.15.0.1153.140 linux-image-azure - 4.15.0.1153.140 linux-cloud-tools-azure - 4.15.0.1153.140 linux-cloud-tools-azure-edge - 4.15.0.1153.140 linux-tools-azure - 4.15.0.1153.140 linux-headers-azure-edge - 4.15.0.1153.140 linux-image-azure-edge - 4.15.0.1153.140 linux-headers-azure - 4.15.0.1153.140 linux-modules-extra-azure - 4.15.0.1153.140 linux-azure-edge - 4.15.0.1153.140 linux-modules-extra-azure-edge - 4.15.0.1153.140 linux-signed-azure-edge - 4.15.0.1153.140 linux-signed-image-azure - 4.15.0.1153.140 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-0812 CVE-2022-1012 CVE-2022-2318 CVE-2022-26365 CVE-2022-32296 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33744 Ubuntu 16.04 LTS USN-5686-1 fixed several vulnerabilities in Git. This update provides the corresponding fix for CVE-2022-39260 on Ubuntu 16.04 ESM. Original advisory details: Kevin Backhouse discovered that Git incorrectly handled certain command strings. An attacker could possibly use this issue to cause a crash or arbitrary code execution. Update Instructions: Run `sudo pro fix USN-5686-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:2.7.4-0ubuntu1.10+esm3 gitweb - 1:2.7.4-0ubuntu1.10+esm3 git-all - 1:2.7.4-0ubuntu1.10+esm3 git-daemon-sysvinit - 1:2.7.4-0ubuntu1.10+esm3 git-arch - 1:2.7.4-0ubuntu1.10+esm3 git-el - 1:2.7.4-0ubuntu1.10+esm3 gitk - 1:2.7.4-0ubuntu1.10+esm3 git-gui - 1:2.7.4-0ubuntu1.10+esm3 git-mediawiki - 1:2.7.4-0ubuntu1.10+esm3 git-daemon-run - 1:2.7.4-0ubuntu1.10+esm3 git-man - 1:2.7.4-0ubuntu1.10+esm3 git-doc - 1:2.7.4-0ubuntu1.10+esm3 git-svn - 1:2.7.4-0ubuntu1.10+esm3 git-cvs - 1:2.7.4-0ubuntu1.10+esm3 git-core - 1:2.7.4-0ubuntu1.10+esm3 git-email - 1:2.7.4-0ubuntu1.10+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-39260 Ubuntu 16.04 LTS USN-5686-1 fixed several vulnerabilities in Git. This update provides the corresponding fix for CVE-2022-39253 on Ubuntu 16.04 ESM. Original advisory details: Cory Snider discovered that Git incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause an unexpected behaviour. Update Instructions: Run `sudo pro fix USN-5686-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:2.7.4-0ubuntu1.10+esm6 gitweb - 1:2.7.4-0ubuntu1.10+esm6 git-gui - 1:2.7.4-0ubuntu1.10+esm6 git-daemon-sysvinit - 1:2.7.4-0ubuntu1.10+esm6 git-arch - 1:2.7.4-0ubuntu1.10+esm6 git-el - 1:2.7.4-0ubuntu1.10+esm6 gitk - 1:2.7.4-0ubuntu1.10+esm6 git-all - 1:2.7.4-0ubuntu1.10+esm6 git-mediawiki - 1:2.7.4-0ubuntu1.10+esm6 git-daemon-run - 1:2.7.4-0ubuntu1.10+esm6 git-man - 1:2.7.4-0ubuntu1.10+esm6 git-doc - 1:2.7.4-0ubuntu1.10+esm6 git-svn - 1:2.7.4-0ubuntu1.10+esm6 git-cvs - 1:2.7.4-0ubuntu1.10+esm6 git-core - 1:2.7.4-0ubuntu1.10+esm6 git-email - 1:2.7.4-0ubuntu1.10+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-39253 Ubuntu 16.04 LTS It was discovered that an integer overflow could be triggered in Libksba when decoding certain data. An attacker could use this issue to cause a denial of service (application crash) or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5688-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libksba8 - 1.3.3-1ubuntu0.16.04.1+esm1 libksba-dev - 1.3.3-1ubuntu0.16.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-3515 Ubuntu 16.04 LTS It was discovered that Perl incorrectly handled certain signature verification. An remote attacker could possibly use this issue to bypass signature verification. Update Instructions: Run `sudo pro fix USN-5689-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: perl-modules-5.22 - 5.22.1-9ubuntu0.9+esm1 libperl-dev - 5.22.1-9ubuntu0.9+esm1 perl-doc - 5.22.1-9ubuntu0.9+esm1 perl - 5.22.1-9ubuntu0.9+esm1 perl-base - 5.22.1-9ubuntu0.9+esm1 perl-debug - 5.22.1-9ubuntu0.9+esm1 libperl5.22 - 5.22.1-9ubuntu0.9+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-16156 Ubuntu 16.04 LTS It was discovered that libXdmcp was generating weak session keys. A local attacker could possibly use this issue to perform a brute force attack and obtain another user's key. Update Instructions: Run `sudo pro fix USN-5690-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxdmcp-dev - 1:1.1.2-1.1ubuntu0.1~esm1 libxdmcp6 - 1:1.1.2-1.1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2017-2625 Ubuntu 16.04 LTS It was discovered that the SUNRPC RDMA protocol implementation in the Linux kernel did not properly calculate the header size of a RPC message payload. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-0812) Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information. (CVE-2022-1012, CVE-2022-32296) Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-2318) Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-26365) Roger Pau Monné discovered that the Xen paravirtualization frontend in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-33740) It was discovered that the Xen paravirtualization frontend in the Linux kernel incorrectly shared unrelated data when communicating with certain backends. A local attacker could use this to cause a denial of service (guest crash) or expose sensitive information (guest kernel memory). (CVE-2022-33741, CVE-2022-33742) Oleksandr Tyshchenko discovered that the Xen paravirtualization platform in the Linux kernel on ARM platforms contained a race condition in certain situations. An attacker in a guest VM could use this to cause a denial of service in the host OS. (CVE-2022-33744) Update Instructions: Run `sudo pro fix USN-5695-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1137-gcp - 4.15.0-1137.153~16.04.1 linux-image-unsigned-4.15.0-1137-gcp - 4.15.0-1137.153~16.04.1 linux-headers-4.15.0-1137-gcp - 4.15.0-1137.153~16.04.1 linux-buildinfo-4.15.0-1137-gcp - 4.15.0-1137.153~16.04.1 linux-modules-extra-4.15.0-1137-gcp - 4.15.0-1137.153~16.04.1 linux-modules-4.15.0-1137-gcp - 4.15.0-1137.153~16.04.1 linux-gcp-headers-4.15.0-1137 - 4.15.0-1137.153~16.04.1 linux-gcp-tools-4.15.0-1137 - 4.15.0-1137.153~16.04.1 linux-tools-4.15.0-1137-gcp - 4.15.0-1137.153~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-gke - 4.15.0.1137.131 linux-headers-gke - 4.15.0.1137.131 linux-tools-gcp - 4.15.0.1137.131 linux-image-gcp - 4.15.0.1137.131 linux-modules-extra-gcp - 4.15.0.1137.131 linux-modules-extra-gke - 4.15.0.1137.131 linux-gke - 4.15.0.1137.131 linux-tools-gke - 4.15.0.1137.131 linux-headers-gcp - 4.15.0.1137.131 linux-gcp - 4.15.0.1137.131 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-0812 CVE-2022-1012 CVE-2022-2318 CVE-2022-26365 CVE-2022-32296 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33744 Ubuntu 16.04 LTS USN-5696-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.7.40 in Ubuntu 16.04 ESM. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-40.html https://www.oracle.com/security-alerts/cpuoct2022.html Update Instructions: Run `sudo pro fix USN-5696-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.40-0ubuntu0.16.04.1+esm1 mysql-source-5.7 - 5.7.40-0ubuntu0.16.04.1+esm1 libmysqlclient-dev - 5.7.40-0ubuntu0.16.04.1+esm1 mysql-client-core-5.7 - 5.7.40-0ubuntu0.16.04.1+esm1 mysql-client-5.7 - 5.7.40-0ubuntu0.16.04.1+esm1 libmysqlclient20 - 5.7.40-0ubuntu0.16.04.1+esm1 mysql-server-5.7 - 5.7.40-0ubuntu0.16.04.1+esm1 mysql-common - 5.7.40-0ubuntu0.16.04.1+esm1 mysql-server - 5.7.40-0ubuntu0.16.04.1+esm1 mysql-server-core-5.7 - 5.7.40-0ubuntu0.16.04.1+esm1 mysql-testsuite - 5.7.40-0ubuntu0.16.04.1+esm1 libmysqld-dev - 5.7.40-0ubuntu0.16.04.1+esm1 mysql-testsuite-5.7 - 5.7.40-0ubuntu0.16.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-21589 CVE-2022-21592 CVE-2022-21608 CVE-2022-21617 Ubuntu 16.04 LTS USN-5698-1 fixed a vulnerability in Open. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that Open vSwitch incorrectly handled comparison of certain minimasks. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5698-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openvswitch-switch - 2.5.9-0ubuntu0.16.04.3+esm1 openvswitch-pki - 2.5.9-0ubuntu0.16.04.3+esm1 openvswitch-common - 2.5.9-0ubuntu0.16.04.3+esm1 ovn-docker - 2.5.9-0ubuntu0.16.04.3+esm1 openvswitch-testcontroller - 2.5.9-0ubuntu0.16.04.3+esm1 openvswitch-vtep - 2.5.9-0ubuntu0.16.04.3+esm1 python-openvswitch - 2.5.9-0ubuntu0.16.04.3+esm1 openvswitch-ipsec - 2.5.9-0ubuntu0.16.04.3+esm1 ovn-host - 2.5.9-0ubuntu0.16.04.3+esm1 ovn-common - 2.5.9-0ubuntu0.16.04.3+esm1 ovn-central - 2.5.9-0ubuntu0.16.04.3+esm1 openvswitch-switch-dpdk - 2.5.9-0ubuntu0.16.04.3+esm1 openvswitch-test - 2.5.9-0ubuntu0.16.04.3+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-32166 Ubuntu 16.04 LTS Jan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could possibly use this issue to cause the GNU C Library to hang or crash, resulting in a denial of service. (CVE-2021-3326) It was discovered that the GNU C Library nscd daemon incorrectly handled certain netgroup lookups. An attacker could possibly use this issue to cause the GNU C Library to crash, resulting in a denial of service. (CVE-2021-35942) Update Instructions: Run `sudo pro fix USN-5699-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc-bin - 2.23-0ubuntu11.3+esm2 glibc-doc - 2.23-0ubuntu11.3+esm2 libc6-i386 - 2.23-0ubuntu11.3+esm2 libc6-s390 - 2.23-0ubuntu11.3+esm2 libc6-dev-i386 - 2.23-0ubuntu11.3+esm2 libc6-armel - 2.23-0ubuntu11.3+esm2 libc6-dev-armel - 2.23-0ubuntu11.3+esm2 multiarch-support - 2.23-0ubuntu11.3+esm2 libc6-dev - 2.23-0ubuntu11.3+esm2 libc6-amd64 - 2.23-0ubuntu11.3+esm2 libc6-x32 - 2.23-0ubuntu11.3+esm2 libc6-dev-amd64 - 2.23-0ubuntu11.3+esm2 nscd - 2.23-0ubuntu11.3+esm2 libc-dev-bin - 2.23-0ubuntu11.3+esm2 libc6 - 2.23-0ubuntu11.3+esm2 locales-all - 2.23-0ubuntu11.3+esm2 libc6-pic - 2.23-0ubuntu11.3+esm2 libc6-dev-s390 - 2.23-0ubuntu11.3+esm2 glibc-source - 2.23-0ubuntu11.3+esm2 libc6-dev-x32 - 2.23-0ubuntu11.3+esm2 locales - 2.23-0ubuntu11.3+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2021-3326 CVE-2021-35942 Ubuntu 16.04 LTS Yeting Li discovered that Jinja2 incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5701-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-jinja2 - 2.8-1ubuntu0.1+esm1 python-jinja2-doc - 2.8-1ubuntu0.1+esm1 python3-jinja2 - 2.8-1ubuntu0.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2020-28493 Ubuntu 16.04 LTS USN-5702-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash. (CVE-2022-32221) Update Instructions: Run `sudo pro fix USN-5702-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.47.0-1ubuntu2.19+esm6 libcurl4-openssl-dev - 7.47.0-1ubuntu2.19+esm6 libcurl3-gnutls - 7.47.0-1ubuntu2.19+esm6 libcurl4-doc - 7.47.0-1ubuntu2.19+esm6 libcurl3-nss - 7.47.0-1ubuntu2.19+esm6 libcurl4-nss-dev - 7.47.0-1ubuntu2.19+esm6 libcurl3 - 7.47.0-1ubuntu2.19+esm6 curl - 7.47.0-1ubuntu2.19+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-32221 Ubuntu 16.04 LTS It was discovered that DBus incorrectly handled messages with invalid type signatures. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. (CVE-2022-42010) It was discovered that DBus was incorrectly validating the length of arrays of fixed-length items. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. (CVE-2022-42011) It was discovered that DBus incorrectly handled the body DBus message with attached file descriptors. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. (CVE-2022-42012) Update Instructions: Run `sudo pro fix USN-5704-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dbus-1-doc - 1.10.6-1ubuntu3.6+esm2 dbus - 1.10.6-1ubuntu3.6+esm2 libdbus-1-dev - 1.10.6-1ubuntu3.6+esm2 dbus-user-session - 1.10.6-1ubuntu3.6+esm2 dbus-x11 - 1.10.6-1ubuntu3.6+esm2 dbus-tests - 1.10.6-1ubuntu3.6+esm2 libdbus-1-3 - 1.10.6-1ubuntu3.6+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 Ubuntu 16.04 LTS Chintan Shah discovered that LibTIFF incorrectly handled memory in certain conditions. An attacker could trick a user into processing a specially crafted image file and potentially use this issue to allow for information disclosure or to cause the application to crash. (CVE-2022-3570) It was discovered that LibTIFF incorrectly handled memory in certain conditions. An attacker could trick a user into processing a specially crafted tiff file and potentially use this issue to cause a denial of service. (CVE-2022-3598) Update Instructions: Run `sudo pro fix USN-5705-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.6-1ubuntu0.8+esm6 libtiffxx5 - 4.0.6-1ubuntu0.8+esm6 libtiff5-dev - 4.0.6-1ubuntu0.8+esm6 libtiff5 - 4.0.6-1ubuntu0.8+esm6 libtiff-tools - 4.0.6-1ubuntu0.8+esm6 libtiff-doc - 4.0.6-1ubuntu0.8+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-3570 CVE-2022-3598 Ubuntu 16.04 LTS It was discovered that Libtasn1 did not properly perform bounds checking. An attacker could possibly use this issue to cause a crash. Update Instructions: Run `sudo pro fix USN-5707-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtasn1-6-dev - 4.7-3ubuntu0.16.04.3+esm3 libtasn1-3-bin - 4.7-3ubuntu0.16.04.3+esm3 libtasn1-doc - 4.7-3ubuntu0.16.04.3+esm3 libtasn1-bin - 4.7-3ubuntu0.16.04.3+esm3 libtasn1-6 - 4.7-3ubuntu0.16.04.3+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2021-46848 Ubuntu 16.04 LTS USN-5711-1 fixed a vulnerability in NTFS-3G. This update provides the corresponding update for Ubuntu 14.04 ESM Ubuntu 16.04 ESM. Original advisory details: Yuchen Zeng and Eduardo Vela discovered that NTFS-3G incorrectly validated certain NTFS metadata. A local attacker could possibly use this issue to gain privileges. Update Instructions: Run `sudo pro fix USN-5711-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ntfs-3g - 1:2015.3.14AR.1-1ubuntu0.3+esm4 ntfs-3g-dev - 1:2015.3.14AR.1-1ubuntu0.3+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-40284 Ubuntu 16.04 LTS It was discovered that SQLite did not properly handle large string inputs in certain circumstances. An attacker could possibly use this issue to cause a denial of service or arbitrary code execution. Update Instructions: Run `sudo pro fix USN-5712-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lemon - 3.11.0-1ubuntu1.5+esm2 sqlite3-doc - 3.11.0-1ubuntu1.5+esm2 libsqlite3-0 - 3.11.0-1ubuntu1.5+esm2 libsqlite3-tcl - 3.11.0-1ubuntu1.5+esm2 sqlite3 - 3.11.0-1ubuntu1.5+esm2 libsqlite3-dev - 3.11.0-1ubuntu1.5+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-35737 Ubuntu 16.04 LTS It was discovered that LibTIFF incorrectly handled certain memory operations when using tiffcrop. An attacker could trick a user into processing a specially crafted tiff image file and potentially use this issue to cause a denial of service. This issue only affected Ubuntu 22.10. (CVE-2022-2519, CVE-2022-2520, CVE-2022-2521, CVE-2022-2953) It was discovered that LibTIFF did not properly perform bounds checking in certain operations when using tiffcrop. An attacker could trick a user into processing a specially crafted tiff image file and potentially use this issue to allow for information disclosure or to cause the application to crash. This issue only affected to Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-2867, CVE-2022-2868, CVE-2022-2869) It was discovered that LibTIFF did not properly perform bounds checking in certain operations when using tiffsplit. An attacker could trick a user into processing a specially crafted tiff image file and potentially use this issue to allow for information disclosure or to cause the application to crash. This issue only affected to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-34526) Chintan Shah discovered that LibTIFF incorrectly handled memory in certain conditions when using tiffcrop. An attacker could trick a user into processing a specially crafted image file and potentially use this issue to allow for information disclosure or to cause the application to crash. This issue only affected to Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-3570) It was discovered that LibTIFF incorrectly handled memory in certain conditions when using tiffcrop. An attacker could trick a user into processing a specially crafted tiff file and potentially use this issue to cause a denial of service. This issue only affected to Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-3598) It was discovered that LibTIFF did not properly perform bounds checking in certain operations when using tiffcrop. An attacker could trick a user into processing a specially crafted tiff image file and potentially use this issue to allow for information disclosure or to cause the application to crash. (CVE-2022-3599) It was discovered that LibTIFF did not properly perform bounds checking in certain operations when using tiffcrop. An attacker could trick a user into processing a specially crafted tiff image file and potentially use this issue to allow for information disclosure or to cause the application to crash. This issue only affected to Ubuntu 22.10. (CVE-2022-3597, CVE-2022-3626, CVE-2022-3627) Update Instructions: Run `sudo pro fix USN-5714-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.6-1ubuntu0.8+esm7 libtiffxx5 - 4.0.6-1ubuntu0.8+esm7 libtiff5-dev - 4.0.6-1ubuntu0.8+esm7 libtiff5 - 4.0.6-1ubuntu0.8+esm7 libtiff-tools - 4.0.6-1ubuntu0.8+esm7 libtiff-doc - 4.0.6-1ubuntu0.8+esm7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-2519 CVE-2022-2520 CVE-2022-2521 CVE-2022-2867 CVE-2022-2868 CVE-2022-2869 CVE-2022-2953 CVE-2022-34526 CVE-2022-3570 CVE-2022-3597 CVE-2022-3598 CVE-2022-3599 CVE-2022-3626 CVE-2022-3627 Ubuntu 16.04 LTS USN-5718-1 fixed a vulnerability in pixman. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Maddie Stone discovered that pixman incorrectly handled certain memory operations. A remote attacker could use this issue to cause pixman to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5718-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpixman-1-0 - 0.33.6-1ubuntu0.1~esm1 libpixman-1-dev - 0.33.6-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-44638 Ubuntu 16.04 LTS It was discovered that OpenJDK incorrectly handled long client hostnames. An attacker could possibly use this issue to cause the corruption of sensitive information. (CVE-2022-21619) It was discovered that OpenJDK incorrectly randomized DNS port numbers. A remote attacker could possibly use this issue to perform spoofing attacks. (CVE-2022-21624) It was discovered that OpenJDK did not limit the number of connections accepted from HTTP clients. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-21628) It was discovered that OpenJDK incorrectly handled X.509 certificates. An attacker could possibly use this issue to cause a denial of service. This issue only affected OpenJDK 8 and OpenJDK 11. (CVE-2022-21626) It was discovered that OpenJDK incorrectly handled cached server connections. An attacker could possibly use this issue to perform spoofing attacks. This issue only affected OpenJDK 11, OpenJDK 17 and OpenJDK 19. (CVE-2022-39399) It was discovered that OpenJDK incorrectly handled byte conversions. An attacker could possibly use this issue to obtain sensitive information. This issue only affected OpenJDK 11, OpenJDK 17 and OpenJDK 19. (CVE-2022-21618) Update Instructions: Run `sudo pro fix USN-5719-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-8-doc - 8u352-ga-1~16.04 openjdk-8-jdk - 8u352-ga-1~16.04 openjdk-8-jre-headless - 8u352-ga-1~16.04 openjdk-8-jre - 8u352-ga-1~16.04 openjdk-8-jdk-headless - 8u352-ga-1~16.04 openjdk-8-source - 8u352-ga-1~16.04 openjdk-8-jre-zero - 8u352-ga-1~16.04 openjdk-8-demo - 8u352-ga-1~16.04 openjdk-8-jre-jamvm - 8u352-ga-1~16.04 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-39399 CVE-2022-21618 Ubuntu 16.04 LTS It was discovered that Zstandard was not properly managing file permissions when generating output files. A local attacker could possibly use this issue to cause a race condition and gain unauthorized access to sensitive data. Update Instructions: Run `sudo pro fix USN-5720-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: zstd - 1.3.1+dfsg-1~ubuntu0.16.04.1+esm3 libzstd1-dev - 1.3.1+dfsg-1~ubuntu0.16.04.1+esm3 libzstd1 - 1.3.1+dfsg-1~ubuntu0.16.04.1+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-24031 CVE-2021-24032 Ubuntu 16.04 LTS It was discovered that WavPack was not properly performing checks when dealing with memory. If a user were tricked into decompressing a specially crafted WavPack Audio File, an attacker could possibly use this issue to cause the WavPack decompressor to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-5721-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libwavpack1 - 4.75.2-2ubuntu0.2+esm1 libwavpack-dev - 4.75.2-2ubuntu0.2+esm1 wavpack - 4.75.2-2ubuntu0.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2022-2476 Ubuntu 16.04 LTS It was discovered that nginx incorrectly handled certain memory operations in the ngx_http_mp4_module module. A local attacker could possibly use this issue with a specially crafted mp4 file to cause nginx to crash, stop responding, or access arbitrary memory. (CVE-2022-41741, CVE-2022-41742) Update Instructions: Run `sudo pro fix USN-5722-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nginx-extras - 1.10.3-0ubuntu0.16.04.5+esm5 nginx-core - 1.10.3-0ubuntu0.16.04.5+esm5 nginx-common - 1.10.3-0ubuntu0.16.04.5+esm5 nginx-full - 1.10.3-0ubuntu0.16.04.5+esm5 nginx - 1.10.3-0ubuntu0.16.04.5+esm5 nginx-light - 1.10.3-0ubuntu0.16.04.5+esm5 nginx-doc - 1.10.3-0ubuntu0.16.04.5+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-41741 CVE-2022-41742 Ubuntu 16.04 LTS It was discovered that Vim could be made to crash when searching specially crafted patterns. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-1674) It was discovered that there existed a NULL pointer dereference in Vim. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-1725) It was discovered that there existed a buffer over-read in Vim when searching specially crafted patterns. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-2124) It was discovered that there existed a heap buffer overflow in Vim when auto-indenting lisp. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-2125) It was discovered that there existed an out of bounds read in Vim when performing spelling suggestions. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-2126) It was discovered that Vim accessed invalid memory when executing specially crafted command line expressions. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. (CVE-2022-2175) It was discovered that there existed an out-of-bounds read in Vim when auto-indenting lisp. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. (CVE-2022-2183) It was discovered that Vim accessed invalid memory when terminal size changed. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. (CVE-2022-2206) It was discovered that there existed a stack buffer overflow in Vim's spelldump. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-2304) Update Instructions: Run `sudo pro fix USN-5723-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:7.4.1689-3ubuntu1.5+esm13 vim-nox-py2 - 2:7.4.1689-3ubuntu1.5+esm13 vim-gnome - 2:7.4.1689-3ubuntu1.5+esm13 vim-athena-py2 - 2:7.4.1689-3ubuntu1.5+esm13 vim-athena - 2:7.4.1689-3ubuntu1.5+esm13 vim-gtk - 2:7.4.1689-3ubuntu1.5+esm13 vim-gui-common - 2:7.4.1689-3ubuntu1.5+esm13 vim - 2:7.4.1689-3ubuntu1.5+esm13 vim-gtk3-py2 - 2:7.4.1689-3ubuntu1.5+esm13 vim-doc - 2:7.4.1689-3ubuntu1.5+esm13 vim-gtk-py2 - 2:7.4.1689-3ubuntu1.5+esm13 vim-tiny - 2:7.4.1689-3ubuntu1.5+esm13 vim-gnome-py2 - 2:7.4.1689-3ubuntu1.5+esm13 vim-gtk3 - 2:7.4.1689-3ubuntu1.5+esm13 vim-nox - 2:7.4.1689-3ubuntu1.5+esm13 vim-runtime - 2:7.4.1689-3ubuntu1.5+esm13 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-1674 CVE-2022-1725 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2175 CVE-2022-2183 CVE-2022-2206 CVE-2022-2304 Ubuntu 16.04 LTS USN-5725-1 fixed a vulnerability in Go. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: Diederik Loerakker, Jonny Rhea, Raúl Kripalani, and Preston Van Loon discovered that Go incorrectly handled certain inputs. An attacker could possibly use this issue to cause Go applications to hang or crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-5725-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: golang-1.13-doc - 1.13.8-1ubuntu1~16.04.3+esm2 golang-1.13-src - 1.13.8-1ubuntu1~16.04.3+esm2 golang-1.13 - 1.13.8-1ubuntu1~16.04.3+esm2 golang-1.13-go - 1.13.8-1ubuntu1~16.04.3+esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Low CVE-2020-16845 Ubuntu 16.04 LTS It was discovered that a race condition existed in the instruction emulator of the Linux kernel on Arm 64-bit systems. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-20422) It was discovered that the KVM implementation in the Linux kernel did not properly handle virtual CPUs without APICs in certain situations. A local attacker could possibly use this to cause a denial of service (host system crash). (CVE-2022-2153) Hao Sun and Jiacheng Xu discovered that the NILFS file system implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2978) Abhishek Shah discovered a race condition in the PF_KEYv2 implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2022-3028) It was discovered that the IDT 77252 ATM PCI device driver in the Linux kernel did not properly remove any pending timers during device exit, resulting in a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-3635) It was discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36879) Xingyuan Mo and Gengjia Chen discovered that the Promise SuperTrak EX storage controller driver in the Linux kernel did not properly handle certain structures. A local attacker could potentially use this to expose sensitive information (kernel memory). (CVE-2022-40768) Update Instructions: Run `sudo pro fix USN-5727-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1108-oracle - 4.15.0-1108.119~16.04.1 linux-oracle-headers-4.15.0-1108 - 4.15.0-1108.119~16.04.1 linux-modules-4.15.0-1108-oracle - 4.15.0-1108.119~16.04.1 linux-buildinfo-4.15.0-1108-oracle - 4.15.0-1108.119~16.04.1 linux-headers-4.15.0-1108-oracle - 4.15.0-1108.119~16.04.1 linux-modules-extra-4.15.0-1108-oracle - 4.15.0-1108.119~16.04.1 linux-tools-4.15.0-1108-oracle - 4.15.0-1108.119~16.04.1 linux-oracle-tools-4.15.0-1108 - 4.15.0-1108.119~16.04.1 linux-image-4.15.0-1108-oracle - 4.15.0-1108.119~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-1143-aws - 4.15.0-1143.155~16.04.1 linux-image-4.15.0-1143-aws-hwe - 4.15.0-1143.155~16.04.1 linux-modules-extra-4.15.0-1143-aws - 4.15.0-1143.155~16.04.1 linux-aws-headers-4.15.0-1143 - 4.15.0-1143.155~16.04.1 linux-modules-4.15.0-1143-aws - 4.15.0-1143.155~16.04.1 linux-headers-4.15.0-1143-aws - 4.15.0-1143.155~16.04.1 linux-tools-4.15.0-1143-aws - 4.15.0-1143.155~16.04.1 linux-aws-hwe-tools-4.15.0-1143 - 4.15.0-1143.155~16.04.1 linux-aws-hwe-cloud-tools-4.15.0-1143 - 4.15.0-1143.155~16.04.1 linux-image-unsigned-4.15.0-1143-aws - 4.15.0-1143.155~16.04.1 linux-cloud-tools-4.15.0-1143-aws - 4.15.0-1143.155~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-4.15.0-197-generic - 4.15.0-197.208~16.04.1 linux-image-4.15.0-197-generic - 4.15.0-197.208~16.04.1 linux-image-4.15.0-197-lowlatency - 4.15.0-197.208~16.04.1 linux-buildinfo-4.15.0-197-generic - 4.15.0-197.208~16.04.1 linux-hwe-tools-4.15.0-197 - 4.15.0-197.208~16.04.1 linux-buildinfo-4.15.0-197-lowlatency - 4.15.0-197.208~16.04.1 linux-hwe-cloud-tools-4.15.0-197 - 4.15.0-197.208~16.04.1 linux-tools-4.15.0-197-lowlatency - 4.15.0-197.208~16.04.1 linux-image-unsigned-4.15.0-197-lowlatency - 4.15.0-197.208~16.04.1 linux-image-unsigned-4.15.0-197-generic - 4.15.0-197.208~16.04.1 linux-cloud-tools-4.15.0-197-lowlatency - 4.15.0-197.208~16.04.1 linux-headers-4.15.0-197-lowlatency - 4.15.0-197.208~16.04.1 linux-modules-4.15.0-197-generic - 4.15.0-197.208~16.04.1 linux-headers-4.15.0-197-generic - 4.15.0-197.208~16.04.1 linux-headers-4.15.0-197 - 4.15.0-197.208~16.04.1 linux-modules-4.15.0-197-lowlatency - 4.15.0-197.208~16.04.1 linux-cloud-tools-4.15.0-197-generic - 4.15.0-197.208~16.04.1 linux-modules-extra-4.15.0-197-generic - 4.15.0-197.208~16.04.1 linux-source-4.15.0 - 4.15.0-197.208~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 4.15.0.1108.92 linux-tools-oracle - 4.15.0.1108.92 linux-signed-image-oracle - 4.15.0.1108.92 linux-signed-oracle - 4.15.0.1108.92 linux-image-oracle - 4.15.0.1108.92 linux-oracle - 4.15.0.1108.92 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-hwe - 4.15.0.1143.130 linux-modules-extra-aws-hwe - 4.15.0.1143.130 linux-image-aws-hwe - 4.15.0.1143.130 linux-aws-edge - 4.15.0.1143.130 linux-headers-aws-hwe - 4.15.0.1143.130 linux-tools-aws-hwe - 4.15.0.1143.130 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-generic-hwe-16.04-edge - 4.15.0.197.184 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.197.184 linux-image-extra-virtual-hwe-16.04 - 4.15.0.197.184 linux-image-oem - 4.15.0.197.184 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.197.184 linux-headers-generic-hwe-16.04-edge - 4.15.0.197.184 linux-image-lowlatency-hwe-16.04 - 4.15.0.197.184 linux-tools-virtual-hwe-16.04 - 4.15.0.197.184 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.197.184 linux-image-virtual-hwe-16.04-edge - 4.15.0.197.184 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.197.184 linux-signed-lowlatency-hwe-16.04 - 4.15.0.197.184 linux-generic-hwe-16.04-edge - 4.15.0.197.184 linux-headers-lowlatency-hwe-16.04 - 4.15.0.197.184 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.197.184 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.197.184 linux-tools-generic-hwe-16.04 - 4.15.0.197.184 linux-tools-oem - 4.15.0.197.184 linux-headers-oem - 4.15.0.197.184 linux-signed-image-generic-hwe-16.04 - 4.15.0.197.184 linux-virtual-hwe-16.04-edge - 4.15.0.197.184 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.197.184 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.197.184 linux-headers-virtual-hwe-16.04-edge - 4.15.0.197.184 linux-lowlatency-hwe-16.04 - 4.15.0.197.184 linux-headers-generic-hwe-16.04 - 4.15.0.197.184 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.197.184 linux-generic-hwe-16.04 - 4.15.0.197.184 linux-tools-virtual-hwe-16.04-edge - 4.15.0.197.184 linux-oem - 4.15.0.197.184 linux-virtual-hwe-16.04 - 4.15.0.197.184 linux-image-generic-hwe-16.04-edge - 4.15.0.197.184 linux-lowlatency-hwe-16.04-edge - 4.15.0.197.184 linux-image-generic-hwe-16.04 - 4.15.0.197.184 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.197.184 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.197.184 linux-tools-lowlatency-hwe-16.04 - 4.15.0.197.184 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.197.184 linux-headers-virtual-hwe-16.04 - 4.15.0.197.184 linux-signed-oem - 4.15.0.197.184 linux-image-virtual-hwe-16.04 - 4.15.0.197.184 linux-signed-generic-hwe-16.04 - 4.15.0.197.184 linux-signed-image-oem - 4.15.0.197.184 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.197.184 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.197.184 linux-tools-generic-hwe-16.04-edge - 4.15.0.197.184 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-20422 CVE-2022-2153 CVE-2022-2978 CVE-2022-3028 CVE-2022-3635 CVE-2022-36879 CVE-2022-40768 Ubuntu 16.04 LTS It was discovered that a race condition existed in the instruction emulator of the Linux kernel on Arm 64-bit systems. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-20422) It was discovered that the KVM implementation in the Linux kernel did not properly handle virtual CPUs without APICs in certain situations. A local attacker could possibly use this to cause a denial of service (host system crash). (CVE-2022-2153) Hao Sun and Jiacheng Xu discovered that the NILFS file system implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2978) Abhishek Shah discovered a race condition in the PF_KEYv2 implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2022-3028) It was discovered that the IDT 77252 ATM PCI device driver in the Linux kernel did not properly remove any pending timers during device exit, resulting in a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-3635) It was discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36879) Xingyuan Mo and Gengjia Chen discovered that the Promise SuperTrak EX storage controller driver in the Linux kernel did not properly handle certain structures. A local attacker could potentially use this to expose sensitive information (kernel memory). (CVE-2022-40768) Update Instructions: Run `sudo pro fix USN-5727-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1138-gcp - 4.15.0-1138.154~16.04.1 linux-modules-extra-4.15.0-1138-gcp - 4.15.0-1138.154~16.04.1 linux-gcp-headers-4.15.0-1138 - 4.15.0-1138.154~16.04.1 linux-modules-4.15.0-1138-gcp - 4.15.0-1138.154~16.04.1 linux-headers-4.15.0-1138-gcp - 4.15.0-1138.154~16.04.1 linux-image-4.15.0-1138-gcp - 4.15.0-1138.154~16.04.1 linux-tools-4.15.0-1138-gcp - 4.15.0-1138.154~16.04.1 linux-buildinfo-4.15.0-1138-gcp - 4.15.0-1138.154~16.04.1 linux-gcp-tools-4.15.0-1138 - 4.15.0-1138.154~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-gke - 4.15.0.1138.132 linux-headers-gke - 4.15.0.1138.132 linux-tools-gcp - 4.15.0.1138.132 linux-image-gcp - 4.15.0.1138.132 linux-modules-extra-gcp - 4.15.0.1138.132 linux-modules-extra-gke - 4.15.0.1138.132 linux-gke - 4.15.0.1138.132 linux-gcp - 4.15.0.1138.132 linux-headers-gcp - 4.15.0.1138.132 linux-tools-gke - 4.15.0.1138.132 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-20422 CVE-2022-2153 CVE-2022-2978 CVE-2022-3028 CVE-2022-3635 CVE-2022-36879 CVE-2022-40768 Ubuntu 16.04 LTS It was discovered that FLAC was not properly performing memory management operations, which could result in a memory leak. An attacker could possibly use this issue to cause FLAC to consume resources, leading to a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2017-6888) It was discovered that FLAC was not properly performing bounds checking operations when decoding data. If a user or automated system were tricked into processing a specially crafted file, an attacker could possibly use this issue to expose sensitive information or to cause FLAC to crash, leading to a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-0499) It was discovered that FLAC was not properly performing bounds checking operations when encoding data. If a user or automated system were tricked into processing a specially crafted file, an attacker could possibly use this issue to expose sensitive information or to cause FLAC to crash, leading to a denial of service. (CVE-2021-0561) Update Instructions: Run `sudo pro fix USN-5733-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libflac-doc - 1.3.1-4ubuntu0.1~esm1 libflac-dev - 1.3.1-4ubuntu0.1~esm1 libflac++-dev - 1.3.1-4ubuntu0.1~esm1 flac - 1.3.1-4ubuntu0.1~esm1 libflac++6v5 - 1.3.1-4ubuntu0.1~esm1 libflac8 - 1.3.1-4ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2017-6888 CVE-2020-0499 CVE-2021-0561 Ubuntu 16.04 LTS It was discovered that Sysstat did not properly check bounds when perfoming certain arithmetic operations on 32 bit systems. An attacker could possibly use this issue to cause a crash or arbitrary code execution. Update Instructions: Run `sudo pro fix USN-5735-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: isag - 11.2.0-1ubuntu0.3+esm1 sysstat - 11.2.0-1ubuntu0.3+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-39377 Ubuntu 16.04 LTS It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2021-20224) Zhang Xiaohui discovered that ImageMagick incorrectly handled certain values when processing image data. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 22.10. (CVE-2021-20241) Zhang Xiaohui discovered that ImageMagick incorrectly handled certain values when processing image data. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 22.10. (CVE-2021-20243) It was discovered that ImageMagick incorrectly handled certain values when processing visual effects based image files. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20244) It was discovered that ImageMagick could be made to divide by zero when processing crafted files. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20245) It was discovered that ImageMagick incorrectly handled certain values when performing resampling operations. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20246) It was discovered that ImageMagick incorrectly handled certain values when processing visual effects based image files. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20309) It was discovered that ImageMagick incorrectly handled certain values when processing thumbnail image data. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20312) It was discovered that ImageMagick incorrectly handled memory cleanup when performing certain cryptographic operations. Under certain conditions sensitive cryptographic information could be disclosed. This issue only affected Ubuntu 22.10. (CVE-2021-20313) It was discovered that ImageMagick did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted file using the convert command, an attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-3574) It was discovered that ImageMagick did not use the correct rights when specifically excluded by a module policy. An attacker could use this issue to read and write certain restricted files. This issue only affected Ubuntu 22.10. (CVE-2021-39212) It was discovered that ImageMagick incorrectly handled certain values when processing specially crafted SVG files. By tricking a user into opening a specially crafted SVG file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-4219) It was discovered that ImageMagick did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted DICOM file, an attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of servicei, or expose sensitive information. This issue only affected Ubuntu 22.10. (CVE-2022-1114) It was discovered that ImageMagick incorrectly handled memory under certain circumstances. If a user were tricked into opening a specially crafted image file, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 22.10. (CVE-2022-28463) It was discovered that ImageMagick incorrectly handled certain values. If a user were tricked into processing a specially crafted image file, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 22.10. (CVE-2022-32545, CVE-2022-32546) It was discovered that ImageMagick incorrectly handled memory under certain circumstances. If a user were tricked into processing a specially crafted image file, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 22.10. (CVE-2022-32547) Update Instructions: Run `sudo pro fix USN-5736-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.8.9.9-7ubuntu5.16+esm5 libmagickcore-6.q16-dev - 8:6.8.9.9-7ubuntu5.16+esm5 imagemagick - 8:6.8.9.9-7ubuntu5.16+esm5 imagemagick-doc - 8:6.8.9.9-7ubuntu5.16+esm5 libmagickwand-6.q16-dev - 8:6.8.9.9-7ubuntu5.16+esm5 libmagick++-6-headers - 8:6.8.9.9-7ubuntu5.16+esm5 libimage-magick-q16-perl - 8:6.8.9.9-7ubuntu5.16+esm5 libmagickwand-dev - 8:6.8.9.9-7ubuntu5.16+esm5 libimage-magick-perl - 8:6.8.9.9-7ubuntu5.16+esm5 libmagick++-dev - 8:6.8.9.9-7ubuntu5.16+esm5 imagemagick-6.q16 - 8:6.8.9.9-7ubuntu5.16+esm5 libmagick++-6.q16-5v5 - 8:6.8.9.9-7ubuntu5.16+esm5 perlmagick - 8:6.8.9.9-7ubuntu5.16+esm5 libmagickwand-6.q16-2 - 8:6.8.9.9-7ubuntu5.16+esm5 libmagickcore-6-headers - 8:6.8.9.9-7ubuntu5.16+esm5 libmagickcore-6-arch-config - 8:6.8.9.9-7ubuntu5.16+esm5 libmagick++-6.q16-dev - 8:6.8.9.9-7ubuntu5.16+esm5 libmagickcore-6.q16-2-extra - 8:6.8.9.9-7ubuntu5.16+esm5 libmagickcore-dev - 8:6.8.9.9-7ubuntu5.16+esm5 libmagickwand-6-headers - 8:6.8.9.9-7ubuntu5.16+esm5 libmagickcore-6.q16-2 - 8:6.8.9.9-7ubuntu5.16+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-20224 CVE-2021-20241 CVE-2021-20243 CVE-2021-20244 CVE-2021-20245 CVE-2021-20246 CVE-2021-20309 CVE-2021-20312 CVE-2021-20313 CVE-2021-3574 CVE-2021-39212 CVE-2021-4219 CVE-2022-1114 CVE-2022-28463 CVE-2022-32545 CVE-2022-32546 CVE-2022-32547 Ubuntu 16.04 LTS It was discovered that APR-util did not properly handle memory when using SDBM database files. A local attacker with write access to the database can make a program or process using these functions crash, and cause a denial of service. Update Instructions: Run `sudo pro fix USN-5737-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libaprutil1-dbd-odbc - 1.5.4-1ubuntu0.1~esm1 libaprutil1 - 1.5.4-1ubuntu0.1~esm1 libaprutil1-dbd-mysql - 1.5.4-1ubuntu0.1~esm1 libaprutil1-ldap - 1.5.4-1ubuntu0.1~esm1 libaprutil1-dbd-sqlite3 - 1.5.4-1ubuntu0.1~esm1 libaprutil1-dbd-pgsql - 1.5.4-1ubuntu0.1~esm1 libaprutil1-dev - 1.5.4-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2017-12618 Ubuntu 16.04 LTS It was discovered that X.Org X Server incorrectly handled certain inputs. An attacker could use these issues to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5740-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xmir - 2:1.18.4-0ubuntu0.12+esm4 xwayland - 2:1.18.4-0ubuntu0.12+esm4 xorg-server-source - 2:1.18.4-0ubuntu0.12+esm4 xserver-xorg-core - 2:1.18.4-0ubuntu0.12+esm4 xdmx - 2:1.18.4-0ubuntu0.12+esm4 xserver-xorg-xmir - 2:1.18.4-0ubuntu0.12+esm4 xserver-xorg-dev - 2:1.18.4-0ubuntu0.12+esm4 xdmx-tools - 2:1.18.4-0ubuntu0.12+esm4 xvfb - 2:1.18.4-0ubuntu0.12+esm4 xnest - 2:1.18.4-0ubuntu0.12+esm4 xserver-common - 2:1.18.4-0ubuntu0.12+esm4 xserver-xephyr - 2:1.18.4-0ubuntu0.12+esm4 xserver-xorg-legacy - 2:1.18.4-0ubuntu0.12+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro xserver-xorg-dev-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.6+esm3 xorg-server-source-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.6+esm3 xserver-xorg-core-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.6+esm3 xmir-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.6+esm3 xserver-xorg-legacy-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.6+esm3 xwayland-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.6+esm3 xserver-xephyr-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.6+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-3550 CVE-2022-3551 Ubuntu 16.04 LTS It was discovered that JBIG-KIT incorrectly handled decoding certain large image files. If a user or automated system using JBIG-KIT were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5742-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: jbigkit-bin - 2.1-3.1ubuntu0.1~esm1 libjbig-dev - 2.1-3.1ubuntu0.1~esm1 libjbig0 - 2.1-3.1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Negligible CVE-2017-9937 Ubuntu 16.04 LTS It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Update Instructions: Run `sudo pro fix USN-5743-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.6-1ubuntu0.8+esm8 libtiff-tools - 4.0.6-1ubuntu0.8+esm8 libtiff5-dev - 4.0.6-1ubuntu0.8+esm8 libtiff5 - 4.0.6-1ubuntu0.8+esm8 libtiffxx5 - 4.0.6-1ubuntu0.8+esm8 libtiff-doc - 4.0.6-1ubuntu0.8+esm8 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-3970 Ubuntu 16.04 LTS It was discovered that libICE was using a weak mechanism to generate the session cookies. A local attacker could possibly use this issue to perform a privilege escalation attack. Update Instructions: Run `sudo pro fix USN-5744-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libice6 - 2:1.0.9-1ubuntu0.16.04.1+esm1 libice-doc - 2:1.0.9-1ubuntu0.16.04.1+esm1 libice-dev - 2:1.0.9-1ubuntu0.16.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2017-2626 Ubuntu 16.04 LTS Florian Weimer discovered that shadow was not properly copying and removing user directory trees, which could lead to a race condition. A local attacker could possibly use this issue to setup a symlink attack and alter or remove directories without authorization. Update Instructions: Run `sudo pro fix USN-5745-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: passwd - 1:4.2-3.1ubuntu5.5+esm2 login - 1:4.2-3.1ubuntu5.5+esm2 uidmap - 1:4.2-3.1ubuntu5.5+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2013-4235 Ubuntu 16.04 LTS USN-5745-1 fixed vulnerabilities in shadow. Unfortunately that update introduced a regression that caused useradd to behave incorrectly in Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update reverts the security fix pending further investigation. We apologize for the inconvenience. Original advisory details: Florian Weimer discovered that shadow was not properly copying and removing user directory trees, which could lead to a race condition. A local attacker could possibly use this issue to setup a symlink attack and alter or remove directories without authorization. Update Instructions: Run `sudo pro fix USN-5745-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: passwd - 1:4.2-3.1ubuntu5.5+esm3 login - 1:4.2-3.1ubuntu5.5+esm3 uidmap - 1:4.2-3.1ubuntu5.5+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/1998169 Ubuntu 16.04 LTS Behzad Najjarpour Jabbari discovered that HarfBuzz incorrectly handled certain inputs. A remote attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5746-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-harfbuzz-0.0 - 1.0.1-1ubuntu0.1+esm1 libharfbuzz-gobject0 - 1.0.1-1ubuntu0.1+esm1 libharfbuzz-dev - 1.0.1-1ubuntu0.1+esm1 libharfbuzz-icu0 - 1.0.1-1ubuntu0.1+esm1 libharfbuzz0b - 1.0.1-1ubuntu0.1+esm1 libharfbuzz-bin - 1.0.1-1ubuntu0.1+esm1 libharfbuzz-doc - 1.0.1-1ubuntu0.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2015-9274 Ubuntu 16.04 LTS It was discovered that Bind incorrectly handled large query name when using lightweight resolver protocol. A remote attacker could use this issue to consume resources, leading to a denial of service. (CVE-2016-2775) It was discovered that Bind incorrectly handled large zone data size received via AXFR response. A remote authenticated attacker could use this issue to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-6170) Update Instructions: Run `sudo pro fix USN-5747-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libisc160 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm5 libisccc-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm5 libdns162 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm5 libbind-dev - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm5 liblwres141 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm5 libisccc-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm5 libisccfg-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm5 bind9 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm5 libisc-export160 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm5 bind9-doc - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm5 libbind-export-dev - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm5 libisccc140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm5 host - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm5 libisccfg140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm5 bind9-host - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm5 dnsutils - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm5 libdns-export162 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm5 bind9utils - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm5 libbind9-140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm5 libirs141 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm5 libirs-export141 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm5 lwresd - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2016-2775 CVE-2016-6170 Ubuntu 16.04 LTS Erik de Castro Lopo and Agostino Sarubbo discovered that libsamplerate did not properly perform bounds checking. If a user were tricked into processing a specially crafted audio file, an attacker could possibly use this issue to cause a crash. Update Instructions: Run `sudo pro fix USN-5749-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsamplerate0 - 0.1.8-8ubuntu0.1~esm1 samplerate-programs - 0.1.8-8ubuntu0.1~esm1 libsamplerate0-dev - 0.1.8-8ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2017-7697 Ubuntu 16.04 LTS It was discovered that GnuTLS incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-5750-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gnutls-doc - 3.4.10-4ubuntu1.9+esm1 libgnutls28-dev - 3.4.10-4ubuntu1.9+esm1 libgnutls-openssl27 - 3.4.10-4ubuntu1.9+esm1 libgnutls30 - 3.4.10-4ubuntu1.9+esm1 libgnutls-dev - 3.4.10-4ubuntu1.9+esm1 gnutls-bin - 3.4.10-4ubuntu1.9+esm1 guile-gnutls - 3.4.10-4ubuntu1.9+esm1 libgnutlsxx28 - 3.4.10-4ubuntu1.9+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2021-4209 Ubuntu 16.04 LTS It was discovered that libmaxminddb incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause applications using libmaxminddb to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-5751-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mmdb-bin - 1.0.4-2.1ubuntu0.1~esm1 libmaxminddb-dev - 1.0.4-2.1ubuntu0.1~esm1 libmaxminddb0 - 1.0.4-2.1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-28241 Ubuntu 16.04 LTS The Qualys Research Team discovered that a race condition existed in the snapd snap-confine binary when preparing the private /tmp mount for a snap. A local attacker could possibly use this issue to escalate privileges and execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5753-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ubuntu-core-snapd-units - 2.54.3+16.04.0ubuntu0.1~esm5 ubuntu-core-launcher - 2.54.3+16.04.0ubuntu0.1~esm5 snap-confine - 2.54.3+16.04.0ubuntu0.1~esm5 ubuntu-snappy-cli - 2.54.3+16.04.0ubuntu0.1~esm5 golang-github-snapcore-snapd-dev - 2.54.3+16.04.0ubuntu0.1~esm5 snapd-xdg-open - 2.54.3+16.04.0ubuntu0.1~esm5 snapd - 2.54.3+16.04.0ubuntu0.1~esm5 golang-github-ubuntu-core-snappy-dev - 2.54.3+16.04.0ubuntu0.1~esm5 ubuntu-snappy - 2.54.3+16.04.0ubuntu0.1~esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-3328 Ubuntu 16.04 LTS Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42703) It was discovered that the video4linux driver for Empia based TV cards in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3239) It was discovered that a memory leak existed in the IPv6 implementation of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3524) It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3564) It was discovered that the ISDN implementation of the Linux kernel contained a use-after-free vulnerability. A privileged user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3565) It was discovered that the TCP implementation in the Linux kernel contained a data race condition. An attacker could possibly use this to cause undesired behaviors. (CVE-2022-3566) It was discovered that the IPv6 implementation in the Linux kernel contained a data race condition. An attacker could possibly use this to cause undesired behaviors. (CVE-2022-3567) It was discovered that the Realtek RTL8152 USB Ethernet adapter driver in the Linux kernel did not properly handle certain error conditions. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (memory exhaustion). (CVE-2022-3594) It was discovered that a null pointer dereference existed in the NILFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3621) Update Instructions: Run `sudo pro fix USN-5757-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-4.15.0-1111-oracle - 4.15.0-1111.122~16.04.2 linux-image-4.15.0-1111-oracle - 4.15.0-1111.122~16.04.2 linux-headers-4.15.0-1111-oracle - 4.15.0-1111.122~16.04.2 linux-tools-4.15.0-1111-oracle - 4.15.0-1111.122~16.04.2 linux-buildinfo-4.15.0-1111-oracle - 4.15.0-1111.122~16.04.2 linux-oracle-headers-4.15.0-1111 - 4.15.0-1111.122~16.04.2 linux-oracle-tools-4.15.0-1111 - 4.15.0-1111.122~16.04.2 linux-image-unsigned-4.15.0-1111-oracle - 4.15.0-1111.122~16.04.2 linux-modules-extra-4.15.0-1111-oracle - 4.15.0-1111.122~16.04.2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-unsigned-4.15.0-1141-gcp - 4.15.0-1141.157~16.04.2 linux-image-4.15.0-1141-gcp - 4.15.0-1141.157~16.04.2 linux-tools-4.15.0-1141-gcp - 4.15.0-1141.157~16.04.2 linux-headers-4.15.0-1141-gcp - 4.15.0-1141.157~16.04.2 linux-gcp-tools-4.15.0-1141 - 4.15.0-1141.157~16.04.2 linux-modules-4.15.0-1141-gcp - 4.15.0-1141.157~16.04.2 linux-buildinfo-4.15.0-1141-gcp - 4.15.0-1141.157~16.04.2 linux-gcp-headers-4.15.0-1141 - 4.15.0-1141.157~16.04.2 linux-modules-extra-4.15.0-1141-gcp - 4.15.0-1141.157~16.04.2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-4.15.0-1146-aws - 4.15.0-1146.158~16.04.2 linux-modules-4.15.0-1146-aws - 4.15.0-1146.158~16.04.2 linux-cloud-tools-4.15.0-1146-aws - 4.15.0-1146.158~16.04.2 linux-aws-headers-4.15.0-1146 - 4.15.0-1146.158~16.04.2 linux-buildinfo-4.15.0-1146-aws - 4.15.0-1146.158~16.04.2 linux-modules-extra-4.15.0-1146-aws - 4.15.0-1146.158~16.04.2 linux-aws-hwe-tools-4.15.0-1146 - 4.15.0-1146.158~16.04.2 linux-tools-4.15.0-1146-aws - 4.15.0-1146.158~16.04.2 linux-image-unsigned-4.15.0-1146-aws - 4.15.0-1146.158~16.04.2 linux-aws-hwe-cloud-tools-4.15.0-1146 - 4.15.0-1146.158~16.04.2 linux-image-4.15.0-1146-aws-hwe - 4.15.0-1146.158~16.04.2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-unsigned-4.15.0-200-generic - 4.15.0-200.211~16.04.2 linux-headers-4.15.0-200-generic - 4.15.0-200.211~16.04.2 linux-image-unsigned-4.15.0-200-lowlatency - 4.15.0-200.211~16.04.2 linux-buildinfo-4.15.0-200-generic - 4.15.0-200.211~16.04.2 linux-modules-4.15.0-200-generic - 4.15.0-200.211~16.04.2 linux-hwe-cloud-tools-4.15.0-200 - 4.15.0-200.211~16.04.2 linux-hwe-tools-4.15.0-200 - 4.15.0-200.211~16.04.2 linux-buildinfo-4.15.0-200-lowlatency - 4.15.0-200.211~16.04.2 linux-cloud-tools-4.15.0-200-lowlatency - 4.15.0-200.211~16.04.2 linux-image-4.15.0-200-generic - 4.15.0-200.211~16.04.2 linux-modules-extra-4.15.0-200-generic - 4.15.0-200.211~16.04.2 linux-headers-4.15.0-200-lowlatency - 4.15.0-200.211~16.04.2 linux-tools-4.15.0-200-generic - 4.15.0-200.211~16.04.2 linux-tools-4.15.0-200-lowlatency - 4.15.0-200.211~16.04.2 linux-cloud-tools-4.15.0-200-generic - 4.15.0-200.211~16.04.2 linux-image-4.15.0-200-lowlatency - 4.15.0-200.211~16.04.2 linux-modules-4.15.0-200-lowlatency - 4.15.0-200.211~16.04.2 linux-source-4.15.0 - 4.15.0-200.211~16.04.2 linux-headers-4.15.0-200 - 4.15.0-200.211~16.04.2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-oracle - 4.15.0.1111.93 linux-headers-oracle - 4.15.0.1111.93 linux-signed-image-oracle - 4.15.0.1111.93 linux-signed-oracle - 4.15.0.1111.93 linux-image-oracle - 4.15.0.1111.93 linux-oracle - 4.15.0.1111.93 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-gke - 4.15.0.1141.133 linux-headers-gke - 4.15.0.1141.133 linux-modules-extra-gcp - 4.15.0.1141.133 linux-tools-gke - 4.15.0.1141.133 linux-tools-gcp - 4.15.0.1141.133 linux-gke - 4.15.0.1141.133 linux-gcp - 4.15.0.1141.133 linux-headers-gcp - 4.15.0.1141.133 linux-image-gcp - 4.15.0.1141.133 linux-image-gke - 4.15.0.1141.133 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-hwe - 4.15.0.1146.131 linux-modules-extra-aws-hwe - 4.15.0.1146.131 linux-aws-edge - 4.15.0.1146.131 linux-image-aws-hwe - 4.15.0.1146.131 linux-headers-aws-hwe - 4.15.0.1146.131 linux-tools-aws-hwe - 4.15.0.1146.131 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-lowlatency-hwe-16.04 - 4.15.0.200.185 linux-signed-generic-hwe-16.04-edge - 4.15.0.200.185 linux-image-extra-virtual-hwe-16.04 - 4.15.0.200.185 linux-image-oem - 4.15.0.200.185 linux-headers-generic-hwe-16.04-edge - 4.15.0.200.185 linux-generic-hwe-16.04 - 4.15.0.200.185 linux-tools-virtual-hwe-16.04 - 4.15.0.200.185 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.200.185 linux-image-virtual-hwe-16.04-edge - 4.15.0.200.185 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.200.185 linux-signed-lowlatency-hwe-16.04 - 4.15.0.200.185 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.200.185 linux-generic-hwe-16.04-edge - 4.15.0.200.185 linux-headers-lowlatency-hwe-16.04 - 4.15.0.200.185 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.200.185 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.200.185 linux-tools-generic-hwe-16.04 - 4.15.0.200.185 linux-tools-oem - 4.15.0.200.185 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.200.185 linux-headers-oem - 4.15.0.200.185 linux-signed-image-generic-hwe-16.04 - 4.15.0.200.185 linux-virtual-hwe-16.04-edge - 4.15.0.200.185 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.200.185 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.200.185 linux-headers-virtual-hwe-16.04-edge - 4.15.0.200.185 linux-lowlatency-hwe-16.04 - 4.15.0.200.185 linux-headers-generic-hwe-16.04 - 4.15.0.200.185 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.200.185 linux-tools-virtual-hwe-16.04-edge - 4.15.0.200.185 linux-oem - 4.15.0.200.185 linux-virtual-hwe-16.04 - 4.15.0.200.185 linux-image-generic-hwe-16.04-edge - 4.15.0.200.185 linux-lowlatency-hwe-16.04-edge - 4.15.0.200.185 linux-image-generic-hwe-16.04 - 4.15.0.200.185 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.200.185 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.200.185 linux-tools-lowlatency-hwe-16.04 - 4.15.0.200.185 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.200.185 linux-headers-virtual-hwe-16.04 - 4.15.0.200.185 linux-signed-oem - 4.15.0.200.185 linux-image-virtual-hwe-16.04 - 4.15.0.200.185 linux-signed-generic-hwe-16.04 - 4.15.0.200.185 linux-signed-image-oem - 4.15.0.200.185 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.200.185 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.200.185 linux-tools-generic-hwe-16.04-edge - 4.15.0.200.185 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-3239 CVE-2022-3524 CVE-2022-3564 CVE-2022-3565 CVE-2022-3566 CVE-2022-3567 CVE-2022-3594 CVE-2022-3621 CVE-2022-42703 Ubuntu 16.04 LTS Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42703) It was discovered that the video4linux driver for Empia based TV cards in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3239) It was discovered that a memory leak existed in the IPv6 implementation of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3524) It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3564) It was discovered that the ISDN implementation of the Linux kernel contained a use-after-free vulnerability. A privileged user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3565) It was discovered that the TCP implementation in the Linux kernel contained a data race condition. An attacker could possibly use this to cause undesired behaviors. (CVE-2022-3566) It was discovered that the IPv6 implementation in the Linux kernel contained a data race condition. An attacker could possibly use this to cause undesired behaviors. (CVE-2022-3567) It was discovered that the Realtek RTL8152 USB Ethernet adapter driver in the Linux kernel did not properly handle certain error conditions. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (memory exhaustion). (CVE-2022-3594) It was discovered that a null pointer dereference existed in the NILFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3621) It was discovered that the IDT 77252 ATM PCI device driver in the Linux kernel did not properly remove any pending timers during device exit, resulting in a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-3635) Khalid Masum discovered that the NILFS2 file system implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-3649) Xingyuan Mo and Gengjia Chen discovered that the Promise SuperTrak EX storage controller driver in the Linux kernel did not properly handle certain structures. A local attacker could potentially use this to expose sensitive information (kernel memory). (CVE-2022-40768) It was discovered that the USB monitoring (usbmon) component in the Linux kernel did not properly set permissions on memory mapped in to user space processes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43750) Update Instructions: Run `sudo pro fix USN-5758-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1115-kvm - 4.4.0-1115.125 linux-headers-4.4.0-1115-kvm - 4.4.0-1115.125 linux-buildinfo-4.4.0-1115-kvm - 4.4.0-1115.125 linux-cloud-tools-4.4.0-1115-kvm - 4.4.0-1115.125 linux-modules-4.4.0-1115-kvm - 4.4.0-1115.125 linux-kvm-tools-4.4.0-1115 - 4.4.0-1115.125 linux-kvm-cloud-tools-4.4.0-1115 - 4.4.0-1115.125 linux-tools-4.4.0-1115-kvm - 4.4.0-1115.125 linux-kvm-headers-4.4.0-1115 - 4.4.0-1115.125 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-headers-4.4.0-1152 - 4.4.0-1152.167 linux-modules-4.4.0-1152-aws - 4.4.0-1152.167 linux-image-4.4.0-1152-aws - 4.4.0-1152.167 linux-headers-4.4.0-1152-aws - 4.4.0-1152.167 linux-aws-cloud-tools-4.4.0-1152 - 4.4.0-1152.167 linux-modules-extra-4.4.0-1152-aws - 4.4.0-1152.167 linux-aws-tools-4.4.0-1152 - 4.4.0-1152.167 linux-tools-4.4.0-1152-aws - 4.4.0-1152.167 linux-buildinfo-4.4.0-1152-aws - 4.4.0-1152.167 linux-cloud-tools-4.4.0-1152-aws - 4.4.0-1152.167 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-common - 4.4.0-235.269 linux-headers-4.4.0-235-lowlatency - 4.4.0-235.269 linux-tools-4.4.0-235 - 4.4.0-235.269 linux-tools-host - 4.4.0-235.269 linux-source-4.4.0 - 4.4.0-235.269 linux-doc - 4.4.0-235.269 linux-image-unsigned-4.4.0-235-lowlatency - 4.4.0-235.269 linux-modules-extra-4.4.0-235-generic - 4.4.0-235.269 linux-cloud-tools-4.4.0-235 - 4.4.0-235.269 linux-cloud-tools-4.4.0-235-generic - 4.4.0-235.269 linux-buildinfo-4.4.0-235-generic - 4.4.0-235.269 linux-buildinfo-4.4.0-235-lowlatency - 4.4.0-235.269 linux-modules-4.4.0-235-generic - 4.4.0-235.269 linux-modules-4.4.0-235-lowlatency - 4.4.0-235.269 linux-tools-4.4.0-235-generic - 4.4.0-235.269 linux-tools-4.4.0-235-lowlatency - 4.4.0-235.269 linux-cloud-tools-common - 4.4.0-235.269 linux-image-4.4.0-235-generic - 4.4.0-235.269 linux-libc-dev - 4.4.0-235.269 linux-headers-4.4.0-235-generic - 4.4.0-235.269 linux-image-unsigned-4.4.0-235-generic - 4.4.0-235.269 linux-cloud-tools-4.4.0-235-lowlatency - 4.4.0-235.269 linux-headers-4.4.0-235 - 4.4.0-235.269 linux-image-4.4.0-235-lowlatency - 4.4.0-235.269 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-kvm - 4.4.0.1115.112 linux-headers-kvm - 4.4.0.1115.112 linux-tools-kvm - 4.4.0.1115.112 linux-image-kvm - 4.4.0.1115.112 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-aws - 4.4.0.1152.156 linux-image-aws - 4.4.0.1152.156 linux-aws - 4.4.0.1152.156 linux-modules-extra-aws - 4.4.0.1152.156 linux-tools-aws - 4.4.0.1152.156 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-image-generic-lts-utopic - 4.4.0.235.241 linux-image-generic - 4.4.0.235.241 linux-cloud-tools-generic-lts-wily - 4.4.0.235.241 linux-headers-generic-lts-xenial - 4.4.0.235.241 linux-cloud-tools-virtual-lts-xenial - 4.4.0.235.241 linux-cloud-tools-virtual - 4.4.0.235.241 linux-cloud-tools-virtual-lts-utopic - 4.4.0.235.241 linux-tools-generic-lts-vivid - 4.4.0.235.241 linux-image-extra-virtual-lts-xenial - 4.4.0.235.241 linux-image-extra-virtual-lts-wily - 4.4.0.235.241 linux-headers-generic-lts-wily - 4.4.0.235.241 linux-tools-virtual-lts-vivid - 4.4.0.235.241 linux-image-virtual - 4.4.0.235.241 linux-tools-virtual-lts-wily - 4.4.0.235.241 linux-image-lowlatency-lts-vivid - 4.4.0.235.241 linux-tools-lowlatency-lts-vivid - 4.4.0.235.241 linux-cloud-tools-generic-lts-utopic - 4.4.0.235.241 linux-tools-virtual-lts-utopic - 4.4.0.235.241 linux-headers-virtual-lts-vivid - 4.4.0.235.241 linux-image-lowlatency-lts-wily - 4.4.0.235.241 linux-tools-lts-utopic - 4.4.0.235.241 linux-tools-lowlatency - 4.4.0.235.241 linux-image-lowlatency-lts-xenial - 4.4.0.235.241 linux-tools-virtual-lts-xenial - 4.4.0.235.241 linux-image-extra-virtual-lts-vivid - 4.4.0.235.241 linux-image-generic-lts-wily - 4.4.0.235.241 linux-virtual-lts-utopic - 4.4.0.235.241 linux-signed-generic-lts-wily - 4.4.0.235.241 linux-cloud-tools-lowlatency-lts-wily - 4.4.0.235.241 linux-image-extra-virtual-lts-utopic - 4.4.0.235.241 linux-signed-generic-lts-utopic - 4.4.0.235.241 linux-tools-lowlatency-lts-xenial - 4.4.0.235.241 linux-signed-generic-lts-vivid - 4.4.0.235.241 linux-headers-lowlatency-lts-wily - 4.4.0.235.241 linux-virtual-lts-vivid - 4.4.0.235.241 linux-signed-lowlatency-lts-xenial - 4.4.0.235.241 linux-headers-lowlatency-lts-vivid - 4.4.0.235.241 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.235.241 linux-lowlatency-lts-xenial - 4.4.0.235.241 linux-signed-generic-lts-xenial - 4.4.0.235.241 linux-source - 4.4.0.235.241 linux-signed-image-generic - 4.4.0.235.241 linux-lowlatency - 4.4.0.235.241 linux-cloud-tools-lowlatency-lts-vivid - 4.4.0.235.241 linux-generic-lts-xenial - 4.4.0.235.241 linux-tools-virtual - 4.4.0.235.241 linux-virtual - 4.4.0.235.241 linux-cloud-tools-generic-lts-vivid - 4.4.0.235.241 linux-tools-generic-lts-utopic - 4.4.0.235.241 linux-signed-image-generic-lts-vivid - 4.4.0.235.241 linux-image-virtual-lts-xenial - 4.4.0.235.241 linux-image-virtual-lts-vivid - 4.4.0.235.241 linux-virtual-lts-xenial - 4.4.0.235.241 linux-cloud-tools-virtual-lts-vivid - 4.4.0.235.241 linux-tools-lowlatency-lts-utopic - 4.4.0.235.241 linux-signed-image-generic-lts-wily - 4.4.0.235.241 linux-signed-image-lowlatency-lts-xenial - 4.4.0.235.241 linux-image-generic-lts-vivid - 4.4.0.235.241 linux-generic - 4.4.0.235.241 linux-tools-generic-lts-wily - 4.4.0.235.241 linux-virtual-lts-wily - 4.4.0.235.241 linux-headers-lowlatency - 4.4.0.235.241 linux-lowlatency-lts-vivid - 4.4.0.235.241 linux-generic-lts-wily - 4.4.0.235.241 linux-image-hwe-virtual-trusty - 4.4.0.235.241 linux-signed-image-generic-lts-xenial - 4.4.0.235.241 linux-generic-lts-vivid - 4.4.0.235.241 linux-tools-lowlatency-lts-wily - 4.4.0.235.241 linux-headers-virtual-lts-xenial - 4.4.0.235.241 linux-headers-lowlatency-lts-utopic - 4.4.0.235.241 linux-hwe-generic-trusty - 4.4.0.235.241 linux-tools-generic - 4.4.0.235.241 linux-crashdump - 4.4.0.235.241 linux-image-extra-virtual - 4.4.0.235.241 linux-signed-lowlatency-lts-wily - 4.4.0.235.241 linux-cloud-tools-generic - 4.4.0.235.241 linux-image-generic-lts-xenial - 4.4.0.235.241 linux-headers-generic-lts-utopic - 4.4.0.235.241 linux-cloud-tools-virtual-lts-wily - 4.4.0.235.241 linux-cloud-tools-lowlatency - 4.4.0.235.241 linux-lowlatency-lts-utopic - 4.4.0.235.241 linux-tools-generic-lts-xenial - 4.4.0.235.241 linux-signed-image-lowlatency - 4.4.0.235.241 linux-image-generic-lts-utopic - 4.4.0.235.241 linux-image-virtual-lts-wily - 4.4.0.235.241 linux-signed-generic - 4.4.0.235.241 linux-lowlatency-lts-wily - 4.4.0.235.241 linux-image-virtual-lts-utopic - 4.4.0.235.241 linux-headers-generic - 4.4.0.235.241 linux-cloud-tools-lowlatency-lts-utopic - 4.4.0.235.241 linux-generic-lts-utopic - 4.4.0.235.241 linux-headers-lowlatency-lts-xenial - 4.4.0.235.241 linux-image-hwe-generic-trusty - 4.4.0.235.241 linux-signed-image-lowlatency-lts-wily - 4.4.0.235.241 linux-headers-generic-lts-vivid - 4.4.0.235.241 linux-headers-virtual - 4.4.0.235.241 linux-cloud-tools-generic-lts-xenial - 4.4.0.235.241 linux-headers-virtual-lts-utopic - 4.4.0.235.241 linux-headers-virtual-lts-wily - 4.4.0.235.241 linux-hwe-virtual-trusty - 4.4.0.235.241 linux-signed-lowlatency - 4.4.0.235.241 linux-image-lowlatency-lts-utopic - 4.4.0.235.241 linux-image-lowlatency - 4.4.0.235.241 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-3239 CVE-2022-3524 CVE-2022-3564 CVE-2022-3565 CVE-2022-3566 CVE-2022-3567 CVE-2022-3594 CVE-2022-3621 CVE-2022-3635 CVE-2022-3649 CVE-2022-40768 CVE-2022-42703 CVE-2022-43750 Ubuntu 16.04 LTS USN-5760-1 fixed vulnerabilities in libxml2. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information or cause a crash. (CVE-2022-40303) It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-40304) Update Instructions: Run `sudo pro fix USN-5760-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxml2 - 2.9.3+dfsg1-1ubuntu0.7+esm4 libxml2-utils - 2.9.3+dfsg1-1ubuntu0.7+esm4 python-libxml2 - 2.9.3+dfsg1-1ubuntu0.7+esm4 libxml2-doc - 2.9.3+dfsg1-1ubuntu0.7+esm4 libxml2-dev - 2.9.3+dfsg1-1ubuntu0.7+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-40303 CVE-2022-40304 Ubuntu 16.04 LTS USN-5761-1 updated ca-certificates. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Due to security concerns, the TrustCor certificate authority has been marked as distrusted in Mozilla's root store. This update removes the TrustCor CA certificates from the ca-certificates package. Update Instructions: Run `sudo pro fix USN-5761-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ca-certificates - 20211016~16.04.1~esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/XXXXXX Ubuntu 16.04 LTS It was discovered that GNU binutils incorrectly handled certain COFF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5762-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: binutils-dev - 2.26.1-1ubuntu1~16.04.8+esm5 binutils-arm-linux-gnueabihf - 2.26.1-1ubuntu1~16.04.8+esm5 binutils-hppa64-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm5 binutils-multiarch - 2.26.1-1ubuntu1~16.04.8+esm5 binutils-powerpc64le-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm5 binutils-mipsel-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm5 binutils-m68k-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm5 binutils-s390x-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm5 binutils-multiarch-dev - 2.26.1-1ubuntu1~16.04.8+esm5 binutils-doc - 2.26.1-1ubuntu1~16.04.8+esm5 binutils-sh4-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm5 binutils-mips64-linux-gnuabi64 - 2.26.1-1ubuntu1~16.04.8+esm5 binutils-aarch64-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm5 binutils-source - 2.26.1-1ubuntu1~16.04.8+esm5 binutils-mips64el-linux-gnuabi64 - 2.26.1-1ubuntu1~16.04.8+esm5 binutils-mips-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm5 binutils-powerpc-linux-gnuspe - 2.26.1-1ubuntu1~16.04.8+esm5 binutils-powerpc64-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm5 binutils-hppa-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm5 binutils-sparc64-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm5 binutils-arm-linux-gnueabi - 2.26.1-1ubuntu1~16.04.8+esm5 binutils-alpha-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm5 binutils-powerpc-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm5 binutils - 2.26.1-1ubuntu1~16.04.8+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-38533 Ubuntu 16.04 LTS Jacob Champion discovered that PostgreSQL incorrectly handled SSL certificate verification and encryption. A remote attacker could possibly use this issue to inject arbitrary SQL queries when a connection is first established. Update Instructions: Run `sudo pro fix USN-5765-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-doc-9.5 - 9.5.25-0ubuntu0.16.04.1+esm3 postgresql-plperl-9.5 - 9.5.25-0ubuntu0.16.04.1+esm3 postgresql-server-dev-9.5 - 9.5.25-0ubuntu0.16.04.1+esm3 postgresql-9.5 - 9.5.25-0ubuntu0.16.04.1+esm3 postgresql-plpython-9.5 - 9.5.25-0ubuntu0.16.04.1+esm3 libecpg6 - 9.5.25-0ubuntu0.16.04.1+esm3 postgresql-client-9.5 - 9.5.25-0ubuntu0.16.04.1+esm3 libpq-dev - 9.5.25-0ubuntu0.16.04.1+esm3 postgresql-contrib-9.5 - 9.5.25-0ubuntu0.16.04.1+esm3 libpgtypes3 - 9.5.25-0ubuntu0.16.04.1+esm3 libecpg-dev - 9.5.25-0ubuntu0.16.04.1+esm3 postgresql-pltcl-9.5 - 9.5.25-0ubuntu0.16.04.1+esm3 libpq5 - 9.5.25-0ubuntu0.16.04.1+esm3 postgresql-plpython3-9.5 - 9.5.25-0ubuntu0.16.04.1+esm3 libecpg-compat3 - 9.5.25-0ubuntu0.16.04.1+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-23222 Ubuntu 16.04 LTS It was discovered that Heimdal did not properly manage memory when normalizing Unicode. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5766-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libhcrypto4-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm2 libwind0-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm2 libroken18-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm2 libgssapi3-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm2 heimdal-kcm - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm2 libhdb9-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm2 libasn1-8-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm2 libsl0-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm2 libkadm5clnt7-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm2 heimdal-kdc - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm2 libkdc2-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm2 heimdal-servers - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm2 libheimntlm0-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm2 heimdal-docs - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm2 libheimbase1-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm2 libkrb5-26-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm2 libotp0-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm2 heimdal-dev - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm2 libkafs0-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm2 libhx509-5-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm2 heimdal-multidev - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm2 libkadm5srv8-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm2 heimdal-clients - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-41916 Ubuntu 16.04 LTS USN-5767-1 fixed a vulnerability in Python. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Python incorrectly handled certain IDNA inputs. An attacker could possibly use this issue to expose sensitive information denial of service, or cause a crash. (CVE-2022-45061) Update Instructions: Run `sudo pro fix USN-5767-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python2.7-dev - 2.7.12-1ubuntu0~16.04.18+esm3 python2.7-doc - 2.7.12-1ubuntu0~16.04.18+esm3 libpython2.7-stdlib - 2.7.12-1ubuntu0~16.04.18+esm3 libpython2.7-minimal - 2.7.12-1ubuntu0~16.04.18+esm3 libpython2.7 - 2.7.12-1ubuntu0~16.04.18+esm3 libpython2.7-testsuite - 2.7.12-1ubuntu0~16.04.18+esm3 python2.7 - 2.7.12-1ubuntu0~16.04.18+esm3 idle-python2.7 - 2.7.12-1ubuntu0~16.04.18+esm3 python2.7-examples - 2.7.12-1ubuntu0~16.04.18+esm3 libpython2.7-dev - 2.7.12-1ubuntu0~16.04.18+esm3 python2.7-minimal - 2.7.12-1ubuntu0~16.04.18+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro libpython3.5-stdlib - 3.5.2-2ubuntu0~16.04.13+esm6 python3.5-venv - 3.5.2-2ubuntu0~16.04.13+esm6 python3.5-doc - 3.5.2-2ubuntu0~16.04.13+esm6 python3.5-dev - 3.5.2-2ubuntu0~16.04.13+esm6 libpython3.5-dev - 3.5.2-2ubuntu0~16.04.13+esm6 libpython3.5-minimal - 3.5.2-2ubuntu0~16.04.13+esm6 python3.5 - 3.5.2-2ubuntu0~16.04.13+esm6 idle-python3.5 - 3.5.2-2ubuntu0~16.04.13+esm6 libpython3.5-testsuite - 3.5.2-2ubuntu0~16.04.13+esm6 python3.5-examples - 3.5.2-2ubuntu0~16.04.13+esm6 python3.5-minimal - 3.5.2-2ubuntu0~16.04.13+esm6 libpython3.5 - 3.5.2-2ubuntu0~16.04.13+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-45061 Ubuntu 16.04 LTS Jan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could possibly use this issue to cause the GNU C Library to hang or crash, resulting in a denial of service. (CVE-2016-10228, CVE-2019-25013, CVE-2020-27618) It was discovered that the GNU C Library did not properly handled DNS responses when ENDS0 is enabled. An attacker could possibly use this issue to cause fragmentation-based attacks. (CVE-2017-12132) Update Instructions: Run `sudo pro fix USN-5768-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc-bin - 2.23-0ubuntu11.3+esm3 glibc-doc - 2.23-0ubuntu11.3+esm3 locales-all - 2.23-0ubuntu11.3+esm3 libc6-i386 - 2.23-0ubuntu11.3+esm3 libc6-s390 - 2.23-0ubuntu11.3+esm3 libc6-dev-i386 - 2.23-0ubuntu11.3+esm3 libc6-armel - 2.23-0ubuntu11.3+esm3 libc6-dev-armel - 2.23-0ubuntu11.3+esm3 multiarch-support - 2.23-0ubuntu11.3+esm3 libc6-dev - 2.23-0ubuntu11.3+esm3 libc6-amd64 - 2.23-0ubuntu11.3+esm3 libc6-x32 - 2.23-0ubuntu11.3+esm3 libc6-dev-amd64 - 2.23-0ubuntu11.3+esm3 libc-dev-bin - 2.23-0ubuntu11.3+esm3 libc6 - 2.23-0ubuntu11.3+esm3 nscd - 2.23-0ubuntu11.3+esm3 libc6-pic - 2.23-0ubuntu11.3+esm3 libc6-dev-s390 - 2.23-0ubuntu11.3+esm3 glibc-source - 2.23-0ubuntu11.3+esm3 libc6-dev-x32 - 2.23-0ubuntu11.3+esm3 locales - 2.23-0ubuntu11.3+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2016-10228 CVE-2017-12132 CVE-2019-25013 CVE-2020-27618 Ubuntu 16.04 LTS It was discovered that protobuf did not properly manage memory when serializing large messages. An attacker could possibly use this issue to cause applications using protobuf to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-5237) It was discovered that protobuf did not properly manage memory when parsing specifically crafted messages. An attacker could possibly use this issue to cause applications using protobuf to crash, resulting in a denial of service. (CVE-2022-1941) Update Instructions: Run `sudo pro fix USN-5769-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libprotoc9v5 - 2.6.1-1.3ubuntu0.1~esm2 libprotoc-dev - 2.6.1-1.3ubuntu0.1~esm2 libprotobuf-lite9v5 - 2.6.1-1.3ubuntu0.1~esm2 python-protobuf - 2.6.1-1.3ubuntu0.1~esm2 libprotobuf-dev - 2.6.1-1.3ubuntu0.1~esm2 libprotobuf9v5 - 2.6.1-1.3ubuntu0.1~esm2 libprotobuf-java - 2.6.1-1.3ubuntu0.1~esm2 protobuf-compiler - 2.6.1-1.3ubuntu0.1~esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2015-5237 CVE-2022-1941 Ubuntu 16.04 LTS Todd Eisenberger discovered that certain versions of GNU Compiler Collection (GCC) could be made to clobber the status flag of RDRAND and RDSEED with specially crafted input. This could potentially lead to less randomness in random number generation. Update Instructions: Run `sudo pro fix USN-5770-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: fixincludes - 1:5.4.0-6ubuntu1~16.04.12+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro libgcc1 - 1:6.0.1-0ubuntu1+esm1 libx32gcc1 - 1:6.0.1-0ubuntu1+esm1 libsfgcc1 - 1:6.0.1-0ubuntu1+esm1 lib64gcc1 - 1:6.0.1-0ubuntu1+esm1 lib32gcc1 - 1:6.0.1-0ubuntu1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro libx32go7 - 5.4.0-6ubuntu1~16.04.12+esm2 libitm1 - 5.4.0-6ubuntu1~16.04.12+esm2 libstdc++-5-pic - 5.4.0-6ubuntu1~16.04.12+esm2 lib64stdc++6 - 5.4.0-6ubuntu1~16.04.12+esm2 libubsan0 - 5.4.0-6ubuntu1~16.04.12+esm2 libsfphobos-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 gcc-5-base - 5.4.0-6ubuntu1~16.04.12+esm2 gccgo-5-multilib - 5.4.0-6ubuntu1~16.04.12+esm2 gnat-5 - 5.4.0-6ubuntu1~16.04.12+esm2 libquadmath0 - 5.4.0-6ubuntu1~16.04.12+esm2 gcc-5-doc - 5.4.0-6ubuntu1~16.04.12+esm2 gcc-5-multilib - 5.4.0-6ubuntu1~16.04.12+esm2 lib32atomic1 - 5.4.0-6ubuntu1~16.04.12+esm2 lib64gcc-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 libsfgfortran3 - 5.4.0-6ubuntu1~16.04.12+esm2 g++-5-multilib - 5.4.0-6ubuntu1~16.04.12+esm2 gcc-5-source - 5.4.0-6ubuntu1~16.04.12+esm2 gccgo-5-doc - 5.4.0-6ubuntu1~16.04.12+esm2 lib32stdc++6 - 5.4.0-6ubuntu1~16.04.12+esm2 cpp-5-doc - 5.4.0-6ubuntu1~16.04.12+esm2 libsfobjc-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 lib32objc-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 libgnat-5 - 5.4.0-6ubuntu1~16.04.12+esm2 lib64atomic1 - 5.4.0-6ubuntu1~16.04.12+esm2 libcc1-0 - 5.4.0-6ubuntu1~16.04.12+esm2 libgomp1 - 5.4.0-6ubuntu1~16.04.12+esm2 libx32gcc-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 libobjc-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 libx32lsan0 - 5.4.0-6ubuntu1~16.04.12+esm2 lib64mpx0 - 5.4.0-6ubuntu1~16.04.12+esm2 gcj-5-jdk - 5.4.0-6ubuntu1~16.04.12+esm2 gobjc++-5-multilib - 5.4.0-6ubuntu1~16.04.12+esm2 gcc-5 - 5.4.0-6ubuntu1~16.04.12+esm2 libatomic1 - 5.4.0-6ubuntu1~16.04.12+esm2 lib64cilkrts5 - 5.4.0-6ubuntu1~16.04.12+esm2 libsfstdc++-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 libsfasan2 - 5.4.0-6ubuntu1~16.04.12+esm2 gfortran-5-multilib - 5.4.0-6ubuntu1~16.04.12+esm2 libmpx0 - 5.4.0-6ubuntu1~16.04.12+esm2 libstdc++-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 gcc-5-plugin-dev - 5.4.0-6ubuntu1~16.04.12+esm2 gccgo-5 - 5.4.0-6ubuntu1~16.04.12+esm2 lib64gomp1 - 5.4.0-6ubuntu1~16.04.12+esm2 gcc-5-locales - 5.4.0-6ubuntu1~16.04.12+esm2 libtsan0 - 5.4.0-6ubuntu1~16.04.12+esm2 libsfgomp1 - 5.4.0-6ubuntu1~16.04.12+esm2 libx32stdc++6 - 5.4.0-6ubuntu1~16.04.12+esm2 libx32objc4 - 5.4.0-6ubuntu1~16.04.12+esm2 libsfatomic1 - 5.4.0-6ubuntu1~16.04.12+esm2 libsfgfortran-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 libx32asan2 - 5.4.0-6ubuntu1~16.04.12+esm2 gcj-5-source - 5.4.0-6ubuntu1~16.04.12+esm2 cpp-5 - 5.4.0-6ubuntu1~16.04.12+esm2 lib32quadmath0 - 5.4.0-6ubuntu1~16.04.12+esm2 gcj-5-jre-headless - 5.4.0-6ubuntu1~16.04.12+esm2 lib64itm1 - 5.4.0-6ubuntu1~16.04.12+esm2 gobjc-5-multilib - 5.4.0-6ubuntu1~16.04.12+esm2 lib32ubsan0 - 5.4.0-6ubuntu1~16.04.12+esm2 gfortran-5 - 5.4.0-6ubuntu1~16.04.12+esm2 gobjc-5 - 5.4.0-6ubuntu1~16.04.12+esm2 libgcj-doc - 5.4.0-6ubuntu1~16.04.12+esm2 g++-5 - 5.4.0-6ubuntu1~16.04.12+esm2 libx32gfortran-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 libsfgcc-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 libgfortran-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 lib32objc4 - 5.4.0-6ubuntu1~16.04.12+esm2 libstdc++-5-doc - 5.4.0-6ubuntu1~16.04.12+esm2 gcj-5-jre - 5.4.0-6ubuntu1~16.04.12+esm2 lib64objc-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 libx32cilkrts5 - 5.4.0-6ubuntu1~16.04.12+esm2 lib32lsan0 - 5.4.0-6ubuntu1~16.04.12+esm2 lib64ubsan0 - 5.4.0-6ubuntu1~16.04.12+esm2 libsfobjc4 - 5.4.0-6ubuntu1~16.04.12+esm2 libgccjit0 - 5.4.0-6ubuntu1~16.04.12+esm2 libx32atomic1 - 5.4.0-6ubuntu1~16.04.12+esm2 gfortran-5-doc - 5.4.0-6ubuntu1~16.04.12+esm2 libsfubsan0 - 5.4.0-6ubuntu1~16.04.12+esm2 libgfortran3 - 5.4.0-6ubuntu1~16.04.12+esm2 gcj-5-jre-lib - 5.4.0-6ubuntu1~16.04.12+esm2 lib32cilkrts5 - 5.4.0-6ubuntu1~16.04.12+esm2 lib32stdc++-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 gcc-5-hppa64-linux-gnu - 5.4.0-6ubuntu1~16.04.12+esm2 libx32objc-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 lib64phobos-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 libgcj16-dev - 5.4.0-6ubuntu1~16.04.12+esm2 lib64gfortran3 - 5.4.0-6ubuntu1~16.04.12+esm2 libx32gfortran3 - 5.4.0-6ubuntu1~16.04.12+esm2 liblsan0 - 5.4.0-6ubuntu1~16.04.12+esm2 gnat-5-doc - 5.4.0-6ubuntu1~16.04.12+esm2 libx32ubsan0 - 5.4.0-6ubuntu1~16.04.12+esm2 libgcc-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 lib32gcc-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 lib64stdc++-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 libphobos-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 libgnatvsn5 - 5.4.0-6ubuntu1~16.04.12+esm2 libx32quadmath0 - 5.4.0-6ubuntu1~16.04.12+esm2 gobjc++-5 - 5.4.0-6ubuntu1~16.04.12+esm2 libgccjit-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 lib64asan2 - 5.4.0-6ubuntu1~16.04.12+esm2 gcj-5 - 5.4.0-6ubuntu1~16.04.12+esm2 gnat-5-sjlj - 5.4.0-6ubuntu1~16.04.12+esm2 libsfstdc++6 - 5.4.0-6ubuntu1~16.04.12+esm2 gdc-5-multilib - 5.4.0-6ubuntu1~16.04.12+esm2 lib64go7 - 5.4.0-6ubuntu1~16.04.12+esm2 lib32phobos-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 libx32gomp1 - 5.4.0-6ubuntu1~16.04.12+esm2 libgnatvsn5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 libgnatprj5 - 5.4.0-6ubuntu1~16.04.12+esm2 gdc-5 - 5.4.0-6ubuntu1~16.04.12+esm2 libobjc4 - 5.4.0-6ubuntu1~16.04.12+esm2 lib64quadmath0 - 5.4.0-6ubuntu1~16.04.12+esm2 lib64objc4 - 5.4.0-6ubuntu1~16.04.12+esm2 libstdc++6 - 5.4.0-6ubuntu1~16.04.12+esm2 lib32asan2 - 5.4.0-6ubuntu1~16.04.12+esm2 lib32mpx0 - 5.4.0-6ubuntu1~16.04.12+esm2 libasan2 - 5.4.0-6ubuntu1~16.04.12+esm2 libx32itm1 - 5.4.0-6ubuntu1~16.04.12+esm2 gcc-5-test-results - 5.4.0-6ubuntu1~16.04.12+esm2 libgo7 - 5.4.0-6ubuntu1~16.04.12+esm2 lib32gomp1 - 5.4.0-6ubuntu1~16.04.12+esm2 libcilkrts5 - 5.4.0-6ubuntu1~16.04.12+esm2 lib32go7 - 5.4.0-6ubuntu1~16.04.12+esm2 libgcj16 - 5.4.0-6ubuntu1~16.04.12+esm2 libgcj16-awt - 5.4.0-6ubuntu1~16.04.12+esm2 lib32gfortran3 - 5.4.0-6ubuntu1~16.04.12+esm2 libgnatprj5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 libgccjit-5-doc - 5.4.0-6ubuntu1~16.04.12+esm2 lib32gfortran-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 lib64gfortran-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 lib32itm1 - 5.4.0-6ubuntu1~16.04.12+esm2 libx32phobos-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 libx32stdc++-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro libx32go9 - 6.0.1-0ubuntu1+esm1 lib32go9 - 6.0.1-0ubuntu1+esm1 gcc-6-base - 6.0.1-0ubuntu1+esm1 gccgo-6-doc - 6.0.1-0ubuntu1+esm1 gccgo-6 - 6.0.1-0ubuntu1+esm1 gccgo-6-multilib - 6.0.1-0ubuntu1+esm1 lib64go9 - 6.0.1-0ubuntu1+esm1 libgo9 - 6.0.1-0ubuntu1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2017-11671 Ubuntu 16.04 LTS USN-3557-1 fixed vulnerabilities in Squid. This update introduced a regression which could cause the cache log to be filled with many Vary loop messages. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Mathias Fischer discovered that Squid incorrectly handled certain long strings in headers. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2016-2569) William Lima discovered that Squid incorrectly handled XML parsing when processing Edge Side Includes (ESI). A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2016-2570) Alex Rousskov discovered that Squid incorrectly handled response-parsing failures. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS. (CVE-2016-2571) Santiago Ruano Rincón discovered that Squid incorrectly handled certain Vary headers. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2016-3948) Louis Dion-Marcil discovered that Squid incorrectly handled certain Edge Side Includes (ESI) responses. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. (CVE-2018-1000024) Louis Dion-Marcil discovered that Squid incorrectly handled certain Edge Side Includes (ESI) responses. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. (CVE-2018-1000027) Update Instructions: Run `sudo pro fix USN-5771-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squid-common - 3.5.12-1ubuntu7.16+esm1 squid - 3.5.12-1ubuntu7.16+esm1 squid-cgi - 3.5.12-1ubuntu7.16+esm1 squid-purge - 3.5.12-1ubuntu7.16+esm1 squidclient - 3.5.12-1ubuntu7.16+esm1 squid3 - 3.5.12-1ubuntu7.16+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/1999346 Ubuntu 16.04 LTS It was discovered that QEMU incorrectly handled bulk transfers from SPICE clients. A remote attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2021-3682) It was discovered that QEMU did not properly manage memory when it transfers the USB packets. A malicious guest attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2021-3750) It was discovered that the QEMU SCSI device emulation incorrectly handled certain MODE SELECT commands. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2021-3930) It was discovered that QEMU did not properly manage memory when it processing repeated messages to cancel the current SCSI request. A malicious privileged guest attacker could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2022-0216) It was discovered that QEMU did not properly manage memory when it using Tulip device emulation. A malicious guest attacker could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10. (CVE-2022-2962) It was discovered that QEMU did not properly manage memory when processing ClientCutText messages. A attacker could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-3165) Update Instructions: Run `sudo pro fix USN-5772-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.5+dfsg-5ubuntu10.51+esm1 qemu-user-static - 1:2.5+dfsg-5ubuntu10.51+esm1 qemu-system-s390x - 1:2.5+dfsg-5ubuntu10.51+esm1 qemu-block-extra - 1:2.5+dfsg-5ubuntu10.51+esm1 qemu-kvm - 1:2.5+dfsg-5ubuntu10.51+esm1 qemu-user - 1:2.5+dfsg-5ubuntu10.51+esm1 qemu-guest-agent - 1:2.5+dfsg-5ubuntu10.51+esm1 qemu-system - 1:2.5+dfsg-5ubuntu10.51+esm1 qemu-utils - 1:2.5+dfsg-5ubuntu10.51+esm1 qemu-system-aarch64 - 1:2.5+dfsg-5ubuntu10.51+esm1 qemu - 1:2.5+dfsg-5ubuntu10.51+esm1 qemu-user-binfmt - 1:2.5+dfsg-5ubuntu10.51+esm1 qemu-system-x86 - 1:2.5+dfsg-5ubuntu10.51+esm1 qemu-system-misc - 1:2.5+dfsg-5ubuntu10.51+esm1 qemu-system-sparc - 1:2.5+dfsg-5ubuntu10.51+esm1 qemu-system-arm - 1:2.5+dfsg-5ubuntu10.51+esm1 qemu-system-ppc - 1:2.5+dfsg-5ubuntu10.51+esm1 qemu-system-mips - 1:2.5+dfsg-5ubuntu10.51+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-3682 CVE-2021-3750 CVE-2021-3930 CVE-2022-0216 CVE-2022-2962 CVE-2022-3165 Ubuntu 16.04 LTS It was discovered that Vim uses freed memory in recurisve substitution of specially crafted patterns. An attacker could possbly use this to crash Vim and cause denial of service. (CVE-2022-2345) It was discovered that Vim makes illegal memory calls when patterns start with an illegal byte. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. (CVE-2022-2581) It was discovered that Vim could be made to crash when parsing invalid line numbers. An attacker could possbly use this to crash Vim and cause denial of service. (CVE-2022-3099) It was discovered that Vim uses freed memory when autocmd changes a mark. An attacker could possbly use this to crash Vim and cause denial of service. (CVE-2022-3256) It was discovered the Vim uses an incorrect array index when window width is negative. A local attacker could possbly use this to crash Vim and cause denial of service. (CVE-2022-3324) It was discoverd that certain buffers could be sent to the wrong window. An attacker with local access could use this to send messages to the wrong window. (CVE-2022-3591) Update Instructions: Run `sudo pro fix USN-5775-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:7.4.1689-3ubuntu1.5+esm14 vim-nox-py2 - 2:7.4.1689-3ubuntu1.5+esm14 vim-gnome - 2:7.4.1689-3ubuntu1.5+esm14 vim-athena-py2 - 2:7.4.1689-3ubuntu1.5+esm14 vim-athena - 2:7.4.1689-3ubuntu1.5+esm14 vim-gtk - 2:7.4.1689-3ubuntu1.5+esm14 vim-gui-common - 2:7.4.1689-3ubuntu1.5+esm14 vim - 2:7.4.1689-3ubuntu1.5+esm14 vim-gtk3-py2 - 2:7.4.1689-3ubuntu1.5+esm14 vim-doc - 2:7.4.1689-3ubuntu1.5+esm14 vim-gtk-py2 - 2:7.4.1689-3ubuntu1.5+esm14 vim-tiny - 2:7.4.1689-3ubuntu1.5+esm14 vim-gnome-py2 - 2:7.4.1689-3ubuntu1.5+esm14 vim-gtk3 - 2:7.4.1689-3ubuntu1.5+esm14 vim-nox - 2:7.4.1689-3ubuntu1.5+esm14 vim-runtime - 2:7.4.1689-3ubuntu1.5+esm14 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-2345 CVE-2022-2581 CVE-2022-3099 CVE-2022-3256 CVE-2022-3324 CVE-2022-3591 Ubuntu 16.04 LTS USN-5778-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges. Update Instructions: Run `sudo pro fix USN-5778-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xmir - 2:1.18.4-0ubuntu0.12+esm5 xwayland - 2:1.18.4-0ubuntu0.12+esm5 xorg-server-source - 2:1.18.4-0ubuntu0.12+esm5 xserver-xorg-core - 2:1.18.4-0ubuntu0.12+esm5 xdmx - 2:1.18.4-0ubuntu0.12+esm5 xserver-xorg-xmir - 2:1.18.4-0ubuntu0.12+esm5 xserver-xorg-dev - 2:1.18.4-0ubuntu0.12+esm5 xdmx-tools - 2:1.18.4-0ubuntu0.12+esm5 xvfb - 2:1.18.4-0ubuntu0.12+esm5 xnest - 2:1.18.4-0ubuntu0.12+esm5 xserver-common - 2:1.18.4-0ubuntu0.12+esm5 xserver-xephyr - 2:1.18.4-0ubuntu0.12+esm5 xserver-xorg-legacy - 2:1.18.4-0ubuntu0.12+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro xserver-xorg-dev-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.6+esm4 xorg-server-source-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.6+esm4 xserver-xorg-core-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.6+esm4 xmir-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.6+esm4 xserver-xorg-legacy-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.6+esm4 xwayland-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.6+esm4 xserver-xephyr-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.6+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-4283 CVE-2022-46340 CVE-2022-46341 CVE-2022-46342 CVE-2022-46343 CVE-2022-46344 CVE-2023-0494 Ubuntu 16.04 LTS It was discovered that Emacs did not properly manage certain inputs. An attacker could possibly use this issue to execute arbitrary commands. Update Instructions: Run `sudo pro fix USN-5781-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: emacs24-bin-common - 24.5+1-6ubuntu1.1+esm1 emacs24-lucid - 24.5+1-6ubuntu1.1+esm1 emacs24 - 24.5+1-6ubuntu1.1+esm1 emacs24-el - 24.5+1-6ubuntu1.1+esm1 emacs24-nox - 24.5+1-6ubuntu1.1+esm1 emacs24-common - 24.5+1-6ubuntu1.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-45939 Ubuntu 16.04 LTS It was discovered that usbredir incorrectly handled memory when serializing large amounts of data in the case of a slow or blocked destination. An attacker could possibly use this issue to cause applications using usbredir to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5784-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libusbredirparser-dev - 0.7.1-1ubuntu0.16.04.1~esm1 libusbredirhost-dev - 0.7.1-1ubuntu0.16.04.1~esm1 usbredirserver - 0.7.1-1ubuntu0.16.04.1~esm1 libusbredirhost1 - 0.7.1-1ubuntu0.16.04.1~esm1 libusbredirparser1 - 0.7.1-1ubuntu0.16.04.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2021-3700 Ubuntu 16.04 LTS It was discovered that FreeRADIUS incorrectly handled multiple EAP-pwd handshakes. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-17185) Shane Guan discovered that FreeRADIUS incorrectly handled memory when checking unknown SIM option sent by EAP-SIM supplicant. An attacker could possibly use this issue to cause a denial of service on the server. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2022-41860) It was discovered that FreeRADIUS incorrectly handled memory when processing certain abinary attributes. An attacker could possibly use this issue to cause a denial of service on the server. (CVE-2022-41861) Update Instructions: Run `sudo pro fix USN-5785-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: freeradius-mysql - 2.2.8+dfsg-0.1ubuntu0.1+esm1 freeradius-ldap - 2.2.8+dfsg-0.1ubuntu0.1+esm1 libfreeradius2 - 2.2.8+dfsg-0.1ubuntu0.1+esm1 libfreeradius-dev - 2.2.8+dfsg-0.1ubuntu0.1+esm1 freeradius-postgresql - 2.2.8+dfsg-0.1ubuntu0.1+esm1 freeradius-utils - 2.2.8+dfsg-0.1ubuntu0.1+esm1 freeradius - 2.2.8+dfsg-0.1ubuntu0.1+esm1 freeradius-iodbc - 2.2.8+dfsg-0.1ubuntu0.1+esm1 freeradius-common - 2.2.8+dfsg-0.1ubuntu0.1+esm1 freeradius-krb5 - 2.2.8+dfsg-0.1ubuntu0.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-17185 CVE-2022-41860 CVE-2022-41861 Ubuntu 16.04 LTS USN-5787-1 fixed vulnerabilities in Libksba. This update provides the corresponding updates for Ubuntu 16.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Libksba incorrectly handled parsing CRL signatures. A remote attacker could use this issue to cause Libksba to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5787-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libksba8 - 1.3.3-1ubuntu0.16.04.1+esm2 libksba-dev - 1.3.3-1ubuntu0.16.04.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-47629 Ubuntu 16.04 LTS It was discovered that the BPF verifier in the Linux kernel did not properly handle internal data structures. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-4159) It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20421) It was discovered that the Intel 740 frame buffer driver in the Linux kernel contained a divide by zero vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3061) Gwnaun Jung discovered that the SFB packet scheduling implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3586) Jann Horn discovered a race condition existed in the Linux kernel when unmapping VMAs in certain situations, resulting in possible use-after-free vulnerabilities. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-39188) It was discovered that a race condition existed in the EFI capsule loader driver in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-40307) Zheng Wang and Zhuorao Yang discovered that the RealTek RTL8712U wireless driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-4095) Update Instructions: Run `sudo pro fix USN-5790-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1112-oracle - 4.15.0-1112.123~16.04.1 linux-headers-4.15.0-1112-oracle - 4.15.0-1112.123~16.04.1 linux-image-unsigned-4.15.0-1112-oracle - 4.15.0-1112.123~16.04.1 linux-modules-extra-4.15.0-1112-oracle - 4.15.0-1112.123~16.04.1 linux-tools-4.15.0-1112-oracle - 4.15.0-1112.123~16.04.1 linux-oracle-headers-4.15.0-1112 - 4.15.0-1112.123~16.04.1 linux-oracle-tools-4.15.0-1112 - 4.15.0-1112.123~16.04.1 linux-buildinfo-4.15.0-1112-oracle - 4.15.0-1112.123~16.04.1 linux-modules-4.15.0-1112-oracle - 4.15.0-1112.123~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-4.15.0-1142-gcp - 4.15.0-1142.158~16.04.1 linux-image-unsigned-4.15.0-1142-gcp - 4.15.0-1142.158~16.04.1 linux-modules-extra-4.15.0-1142-gcp - 4.15.0-1142.158~16.04.1 linux-headers-4.15.0-1142-gcp - 4.15.0-1142.158~16.04.1 linux-gcp-tools-4.15.0-1142 - 4.15.0-1142.158~16.04.1 linux-image-4.15.0-1142-gcp - 4.15.0-1142.158~16.04.1 linux-buildinfo-4.15.0-1142-gcp - 4.15.0-1142.158~16.04.1 linux-gcp-headers-4.15.0-1142 - 4.15.0-1142.158~16.04.1 linux-modules-4.15.0-1142-gcp - 4.15.0-1142.158~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-4.15.0-1147-aws - 4.15.0-1147.159~16.04.1 linux-tools-4.15.0-1147-aws - 4.15.0-1147.159~16.04.1 linux-headers-4.15.0-1147-aws - 4.15.0-1147.159~16.04.1 linux-aws-headers-4.15.0-1147 - 4.15.0-1147.159~16.04.1 linux-image-unsigned-4.15.0-1147-aws - 4.15.0-1147.159~16.04.1 linux-buildinfo-4.15.0-1147-aws - 4.15.0-1147.159~16.04.1 linux-image-4.15.0-1147-aws-hwe - 4.15.0-1147.159~16.04.1 linux-modules-4.15.0-1147-aws - 4.15.0-1147.159~16.04.1 linux-aws-hwe-tools-4.15.0-1147 - 4.15.0-1147.159~16.04.1 linux-aws-hwe-cloud-tools-4.15.0-1147 - 4.15.0-1147.159~16.04.1 linux-modules-extra-4.15.0-1147-aws - 4.15.0-1147.159~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.15.0-201-lowlatency - 4.15.0-201.212~16.04.1 linux-image-4.15.0-201-generic - 4.15.0-201.212~16.04.1 linux-tools-4.15.0-201-generic - 4.15.0-201.212~16.04.1 linux-hwe-cloud-tools-4.15.0-201 - 4.15.0-201.212~16.04.1 linux-cloud-tools-4.15.0-201-lowlatency - 4.15.0-201.212~16.04.1 linux-hwe-tools-4.15.0-201 - 4.15.0-201.212~16.04.1 linux-cloud-tools-4.15.0-201-generic - 4.15.0-201.212~16.04.1 linux-modules-4.15.0-201-generic - 4.15.0-201.212~16.04.1 linux-headers-4.15.0-201-lowlatency - 4.15.0-201.212~16.04.1 linux-modules-extra-4.15.0-201-generic - 4.15.0-201.212~16.04.1 linux-modules-4.15.0-201-lowlatency - 4.15.0-201.212~16.04.1 linux-headers-4.15.0-201-generic - 4.15.0-201.212~16.04.1 linux-tools-4.15.0-201-lowlatency - 4.15.0-201.212~16.04.1 linux-buildinfo-4.15.0-201-generic - 4.15.0-201.212~16.04.1 linux-image-unsigned-4.15.0-201-generic - 4.15.0-201.212~16.04.1 linux-image-unsigned-4.15.0-201-lowlatency - 4.15.0-201.212~16.04.1 linux-buildinfo-4.15.0-201-lowlatency - 4.15.0-201.212~16.04.1 linux-source-4.15.0 - 4.15.0-201.212~16.04.1 linux-headers-4.15.0-201 - 4.15.0-201.212~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-oracle - 4.15.0.1112.94 linux-signed-image-oracle - 4.15.0.1112.94 linux-headers-oracle - 4.15.0.1112.94 linux-signed-oracle - 4.15.0.1112.94 linux-image-oracle - 4.15.0.1112.94 linux-oracle - 4.15.0.1112.94 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-gke - 4.15.0.1142.134 linux-modules-extra-gcp - 4.15.0.1142.134 linux-tools-gke - 4.15.0.1142.134 linux-tools-gcp - 4.15.0.1142.134 linux-gke - 4.15.0.1142.134 linux-gcp - 4.15.0.1142.134 linux-image-gke - 4.15.0.1142.134 linux-headers-gcp - 4.15.0.1142.134 linux-image-gcp - 4.15.0.1142.134 linux-headers-gke - 4.15.0.1142.134 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-hwe - 4.15.0.1147.132 linux-aws-edge - 4.15.0.1147.132 linux-image-aws-hwe - 4.15.0.1147.132 linux-modules-extra-aws-hwe - 4.15.0.1147.132 linux-headers-aws-hwe - 4.15.0.1147.132 linux-tools-aws-hwe - 4.15.0.1147.132 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-lowlatency-hwe-16.04 - 4.15.0.201.186 linux-image-generic-hwe-16.04-edge - 4.15.0.201.186 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.201.186 linux-image-extra-virtual-hwe-16.04 - 4.15.0.201.186 linux-image-oem - 4.15.0.201.186 linux-headers-generic-hwe-16.04-edge - 4.15.0.201.186 linux-signed-generic-hwe-16.04-edge - 4.15.0.201.186 linux-tools-virtual-hwe-16.04-edge - 4.15.0.201.186 linux-tools-virtual-hwe-16.04 - 4.15.0.201.186 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.201.186 linux-image-virtual-hwe-16.04-edge - 4.15.0.201.186 linux-signed-lowlatency-hwe-16.04 - 4.15.0.201.186 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.201.186 linux-generic-hwe-16.04-edge - 4.15.0.201.186 linux-headers-lowlatency-hwe-16.04 - 4.15.0.201.186 linux-virtual-hwe-16.04 - 4.15.0.201.186 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.201.186 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.201.186 linux-tools-generic-hwe-16.04 - 4.15.0.201.186 linux-tools-oem - 4.15.0.201.186 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.201.186 linux-headers-oem - 4.15.0.201.186 linux-signed-image-generic-hwe-16.04 - 4.15.0.201.186 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.201.186 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.201.186 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.201.186 linux-headers-virtual-hwe-16.04-edge - 4.15.0.201.186 linux-lowlatency-hwe-16.04 - 4.15.0.201.186 linux-headers-generic-hwe-16.04 - 4.15.0.201.186 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.201.186 linux-generic-hwe-16.04 - 4.15.0.201.186 linux-oem - 4.15.0.201.186 linux-lowlatency-hwe-16.04-edge - 4.15.0.201.186 linux-image-generic-hwe-16.04 - 4.15.0.201.186 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.201.186 linux-virtual-hwe-16.04-edge - 4.15.0.201.186 linux-tools-lowlatency-hwe-16.04 - 4.15.0.201.186 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.201.186 linux-headers-virtual-hwe-16.04 - 4.15.0.201.186 linux-signed-oem - 4.15.0.201.186 linux-image-virtual-hwe-16.04 - 4.15.0.201.186 linux-signed-generic-hwe-16.04 - 4.15.0.201.186 linux-signed-image-oem - 4.15.0.201.186 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.201.186 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.201.186 linux-tools-generic-hwe-16.04-edge - 4.15.0.201.186 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-4159 CVE-2022-20421 CVE-2022-3061 CVE-2022-3586 CVE-2022-39188 CVE-2022-40307 CVE-2022-4095 Ubuntu 16.04 LTS It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43945) Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42896) It was discovered that the Xen netback driver in the Linux kernel did not properly handle packets structured in certain ways. An attacker in a guest VM could possibly use this to cause a denial of service (host NIC availability). (CVE-2022-3643) It was discovered that an integer overflow vulnerability existed in the Bluetooth subsystem in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2022-45934) Update Instructions: Run `sudo pro fix USN-5794-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-cloud-tools-4.4.0-1153-aws - 4.4.0-1153.168 linux-aws-tools-4.4.0-1153 - 4.4.0-1153.168 linux-tools-4.4.0-1153-aws - 4.4.0-1153.168 linux-buildinfo-4.4.0-1153-aws - 4.4.0-1153.168 linux-image-4.4.0-1153-aws - 4.4.0-1153.168 linux-aws-cloud-tools-4.4.0-1153 - 4.4.0-1153.168 linux-modules-extra-4.4.0-1153-aws - 4.4.0-1153.168 linux-aws-headers-4.4.0-1153 - 4.4.0-1153.168 linux-headers-4.4.0-1153-aws - 4.4.0-1153.168 linux-modules-4.4.0-1153-aws - 4.4.0-1153.168 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-aws - 4.4.0.1153.157 linux-tools-aws - 4.4.0.1153.157 linux-aws - 4.4.0.1153.157 linux-headers-aws - 4.4.0.1153.157 linux-image-aws - 4.4.0.1153.157 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-3643 CVE-2022-42896 CVE-2022-43945 CVE-2022-45934 Ubuntu 16.04 LTS USN-5795-1 and 5543-1 fixed several vulnerabilities in Net-SNMP. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Net-SNMP incorrectly handled certain requests. A remote attacker could possibly use these issues to cause Net-SNMP to crash, resulting in a denial of service. Yu Zhang and Nanyu Zhong discovered that Net-SNMP incorrectly handled memory operations when processing certain requests. A remote attacker could use this issue to cause Net-SNMP to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5795-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: snmptrapd - 5.7.3+dfsg-1ubuntu4.6+esm1 libsnmp-perl - 5.7.3+dfsg-1ubuntu4.6+esm1 libsnmp-dev - 5.7.3+dfsg-1ubuntu4.6+esm1 libsnmp-base - 5.7.3+dfsg-1ubuntu4.6+esm1 snmp - 5.7.3+dfsg-1ubuntu4.6+esm1 libsnmp30 - 5.7.3+dfsg-1ubuntu4.6+esm1 tkmib - 5.7.3+dfsg-1ubuntu4.6+esm1 snmpd - 5.7.3+dfsg-1ubuntu4.6+esm1 python-netsnmp - 5.7.3+dfsg-1ubuntu4.6+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-24805 CVE-2022-24806 CVE-2022-24807 CVE-2022-24808 CVE-2022-24809 CVE-2022-24810 CVE-2022-44792 CVE-2022-44793 Ubuntu 16.04 LTS It was discovered that Heimdal incorrectly handled certain SPNEGO tokens. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2021-44758) Evgeny Legerov discovered that Heimdal incorrectly handled memory when performing certain DES decryption operations. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2022-3437) Greg Hudson discovered that Kerberos PAC implementation used in Heimdal incorrectly handled certain parsing operations. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2022-42898) It was discovered that Heimdal's KDC did not properly handle certain error conditions. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2022-44640) Update Instructions: Run `sudo pro fix USN-5800-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libhcrypto4-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 libwind0-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 libroken18-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 libgssapi3-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 heimdal-kcm - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 libhdb9-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 libasn1-8-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 libsl0-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 libkadm5clnt7-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 heimdal-kdc - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 libkdc2-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 heimdal-servers - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 libheimntlm0-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 heimdal-docs - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 libheimbase1-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 libkrb5-26-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 libotp0-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 heimdal-dev - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 libkafs0-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 libhx509-5-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 heimdal-multidev - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 libkadm5srv8-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 heimdal-clients - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-44758 CVE-2022-3437 CVE-2022-42898 CVE-2022-44640 Ubuntu 16.04 LTS It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43945) Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42896) It was discovered that the Xen netback driver in the Linux kernel did not properly handle packets structured in certain ways. An attacker in a guest VM could possibly use this to cause a denial of service (host NIC availability). (CVE-2022-3643) It was discovered that an integer overflow vulnerability existed in the Bluetooth subsystem in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2022-45934) Update Instructions: Run `sudo pro fix USN-5802-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1116-kvm - 4.4.0-1116.126 linux-cloud-tools-4.4.0-1116-kvm - 4.4.0-1116.126 linux-kvm-tools-4.4.0-1116 - 4.4.0-1116.126 linux-kvm-cloud-tools-4.4.0-1116 - 4.4.0-1116.126 linux-modules-4.4.0-1116-kvm - 4.4.0-1116.126 linux-headers-4.4.0-1116-kvm - 4.4.0-1116.126 linux-buildinfo-4.4.0-1116-kvm - 4.4.0-1116.126 linux-tools-4.4.0-1116-kvm - 4.4.0-1116.126 linux-kvm-headers-4.4.0-1116 - 4.4.0-1116.126 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-common - 4.4.0-236.270 linux-tools-4.4.0-236 - 4.4.0-236.270 linux-tools-host - 4.4.0-236.270 linux-doc - 4.4.0-236.270 linux-modules-extra-4.4.0-236-generic - 4.4.0-236.270 linux-cloud-tools-4.4.0-236 - 4.4.0-236.270 linux-tools-4.4.0-236-generic - 4.4.0-236.270 linux-headers-4.4.0-236-generic - 4.4.0-236.270 linux-libc-dev - 4.4.0-236.270 linux-cloud-tools-4.4.0-236-lowlatency - 4.4.0-236.270 linux-tools-4.4.0-236-lowlatency - 4.4.0-236.270 linux-buildinfo-4.4.0-236-generic - 4.4.0-236.270 linux-image-4.4.0-236-generic - 4.4.0-236.270 linux-buildinfo-4.4.0-236-lowlatency - 4.4.0-236.270 linux-modules-4.4.0-236-generic - 4.4.0-236.270 linux-image-unsigned-4.4.0-236-generic - 4.4.0-236.270 linux-cloud-tools-4.4.0-236-generic - 4.4.0-236.270 linux-cloud-tools-common - 4.4.0-236.270 linux-modules-4.4.0-236-lowlatency - 4.4.0-236.270 linux-headers-4.4.0-236-lowlatency - 4.4.0-236.270 linux-source-4.4.0 - 4.4.0-236.270 linux-image-unsigned-4.4.0-236-lowlatency - 4.4.0-236.270 linux-headers-4.4.0-236 - 4.4.0-236.270 linux-image-4.4.0-236-lowlatency - 4.4.0-236.270 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-kvm - 4.4.0.1116.113 linux-headers-kvm - 4.4.0.1116.113 linux-tools-kvm - 4.4.0.1116.113 linux-image-kvm - 4.4.0.1116.113 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-image-generic-lts-utopic - 4.4.0.236.242 linux-cloud-tools-generic-lts-wily - 4.4.0.236.242 linux-cloud-tools-virtual-lts-xenial - 4.4.0.236.242 linux-cloud-tools-virtual - 4.4.0.236.242 linux-cloud-tools-virtual-lts-utopic - 4.4.0.236.242 linux-tools-generic-lts-vivid - 4.4.0.236.242 linux-image-extra-virtual-lts-xenial - 4.4.0.236.242 linux-image-extra-virtual-lts-wily - 4.4.0.236.242 linux-headers-generic-lts-wily - 4.4.0.236.242 linux-headers-lowlatency-lts-wily - 4.4.0.236.242 linux-tools-virtual-lts-vivid - 4.4.0.236.242 linux-image-virtual - 4.4.0.236.242 linux-generic-lts-vivid - 4.4.0.236.242 linux-image-lowlatency-lts-vivid - 4.4.0.236.242 linux-cloud-tools-virtual-lts-vivid - 4.4.0.236.242 linux-tools-lowlatency-lts-vivid - 4.4.0.236.242 linux-cloud-tools-generic-lts-utopic - 4.4.0.236.242 linux-headers-virtual-lts-vivid - 4.4.0.236.242 linux-image-lowlatency-lts-wily - 4.4.0.236.242 linux-image-generic - 4.4.0.236.242 linux-tools-lowlatency - 4.4.0.236.242 linux-image-lowlatency-lts-xenial - 4.4.0.236.242 linux-tools-virtual-lts-xenial - 4.4.0.236.242 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.236.242 linux-image-extra-virtual-lts-vivid - 4.4.0.236.242 linux-image-generic-lts-wily - 4.4.0.236.242 linux-virtual-lts-utopic - 4.4.0.236.242 linux-signed-generic-lts-wily - 4.4.0.236.242 linux-cloud-tools-lowlatency-lts-wily - 4.4.0.236.242 linux-image-extra-virtual-lts-utopic - 4.4.0.236.242 linux-signed-generic-lts-utopic - 4.4.0.236.242 linux-tools-lowlatency-lts-xenial - 4.4.0.236.242 linux-headers-generic-lts-xenial - 4.4.0.236.242 linux-signed-generic-lts-vivid - 4.4.0.236.242 linux-crashdump - 4.4.0.236.242 linux-virtual-lts-vivid - 4.4.0.236.242 linux-signed-lowlatency-lts-xenial - 4.4.0.236.242 linux-headers-lowlatency-lts-vivid - 4.4.0.236.242 linux-lowlatency-lts-xenial - 4.4.0.236.242 linux-image-virtual-lts-utopic - 4.4.0.236.242 linux-signed-generic-lts-xenial - 4.4.0.236.242 linux-source - 4.4.0.236.242 linux-signed-image-generic - 4.4.0.236.242 linux-lowlatency - 4.4.0.236.242 linux-cloud-tools-lowlatency-lts-vivid - 4.4.0.236.242 linux-generic-lts-xenial - 4.4.0.236.242 linux-cloud-tools-generic - 4.4.0.236.242 linux-virtual - 4.4.0.236.242 linux-tools-virtual - 4.4.0.236.242 linux-cloud-tools-generic-lts-vivid - 4.4.0.236.242 linux-cloud-tools-lowlatency-lts-utopic - 4.4.0.236.242 linux-signed-image-generic-lts-vivid - 4.4.0.236.242 linux-image-virtual-lts-xenial - 4.4.0.236.242 linux-image-virtual-lts-vivid - 4.4.0.236.242 linux-virtual-lts-xenial - 4.4.0.236.242 linux-tools-lowlatency-lts-utopic - 4.4.0.236.242 linux-signed-image-generic-lts-wily - 4.4.0.236.242 linux-signed-image-lowlatency-lts-xenial - 4.4.0.236.242 linux-image-generic-lts-vivid - 4.4.0.236.242 linux-generic - 4.4.0.236.242 linux-tools-generic-lts-wily - 4.4.0.236.242 linux-tools-virtual-lts-utopic - 4.4.0.236.242 linux-headers-lowlatency - 4.4.0.236.242 linux-lowlatency-lts-vivid - 4.4.0.236.242 linux-generic-lts-wily - 4.4.0.236.242 linux-image-hwe-virtual-trusty - 4.4.0.236.242 linux-signed-image-generic-lts-xenial - 4.4.0.236.242 linux-tools-virtual-lts-wily - 4.4.0.236.242 linux-headers-virtual-lts-wily - 4.4.0.236.242 linux-tools-lowlatency-lts-wily - 4.4.0.236.242 linux-headers-virtual-lts-xenial - 4.4.0.236.242 linux-headers-lowlatency-lts-utopic - 4.4.0.236.242 linux-tools-generic-lts-utopic - 4.4.0.236.242 linux-hwe-generic-trusty - 4.4.0.236.242 linux-tools-generic - 4.4.0.236.242 linux-image-extra-virtual - 4.4.0.236.242 linux-signed-lowlatency-lts-wily - 4.4.0.236.242 linux-image-generic-lts-xenial - 4.4.0.236.242 linux-headers-generic-lts-utopic - 4.4.0.236.242 linux-cloud-tools-virtual-lts-wily - 4.4.0.236.242 linux-cloud-tools-lowlatency - 4.4.0.236.242 linux-lowlatency-lts-utopic - 4.4.0.236.242 linux-tools-generic-lts-xenial - 4.4.0.236.242 linux-signed-image-lowlatency - 4.4.0.236.242 linux-image-generic-lts-utopic - 4.4.0.236.242 linux-image-virtual-lts-wily - 4.4.0.236.242 linux-signed-generic - 4.4.0.236.242 linux-lowlatency-lts-wily - 4.4.0.236.242 linux-headers-generic - 4.4.0.236.242 linux-tools-lts-utopic - 4.4.0.236.242 linux-generic-lts-utopic - 4.4.0.236.242 linux-headers-lowlatency-lts-xenial - 4.4.0.236.242 linux-image-hwe-generic-trusty - 4.4.0.236.242 linux-signed-image-lowlatency-lts-wily - 4.4.0.236.242 linux-headers-generic-lts-vivid - 4.4.0.236.242 linux-headers-virtual - 4.4.0.236.242 linux-cloud-tools-generic-lts-xenial - 4.4.0.236.242 linux-virtual-lts-wily - 4.4.0.236.242 linux-headers-virtual-lts-utopic - 4.4.0.236.242 linux-hwe-virtual-trusty - 4.4.0.236.242 linux-signed-lowlatency - 4.4.0.236.242 linux-image-lowlatency-lts-utopic - 4.4.0.236.242 linux-image-lowlatency - 4.4.0.236.242 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-3643 CVE-2022-42896 CVE-2022-43945 CVE-2022-45934 Ubuntu 16.04 LTS It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43945) Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42896) It was discovered that the Xen netback driver in the Linux kernel did not properly handle packets structured in certain ways. An attacker in a guest VM could possibly use this to cause a denial of service (host NIC availability). (CVE-2022-3643) It was discovered that an integer overflow vulnerability existed in the Bluetooth subsystem in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2022-45934) Update Instructions: Run `sudo pro fix USN-5804-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1143-gcp - 4.15.0-1143.159~16.04.1 linux-image-unsigned-4.15.0-1143-gcp - 4.15.0-1143.159~16.04.1 linux-tools-4.15.0-1143-gcp - 4.15.0-1143.159~16.04.1 linux-buildinfo-4.15.0-1143-gcp - 4.15.0-1143.159~16.04.1 linux-gcp-tools-4.15.0-1143 - 4.15.0-1143.159~16.04.1 linux-modules-extra-4.15.0-1143-gcp - 4.15.0-1143.159~16.04.1 linux-headers-4.15.0-1143-gcp - 4.15.0-1143.159~16.04.1 linux-gcp-headers-4.15.0-1143 - 4.15.0-1143.159~16.04.1 linux-modules-4.15.0-1143-gcp - 4.15.0-1143.159~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-4.15.0-1148-aws - 4.15.0-1148.160~16.04.1 linux-image-unsigned-4.15.0-1148-aws - 4.15.0-1148.160~16.04.1 linux-modules-4.15.0-1148-aws - 4.15.0-1148.160~16.04.1 linux-aws-hwe-cloud-tools-4.15.0-1148 - 4.15.0-1148.160~16.04.1 linux-aws-headers-4.15.0-1148 - 4.15.0-1148.160~16.04.1 linux-image-4.15.0-1148-aws-hwe - 4.15.0-1148.160~16.04.1 linux-cloud-tools-4.15.0-1148-aws - 4.15.0-1148.160~16.04.1 linux-headers-4.15.0-1148-aws - 4.15.0-1148.160~16.04.1 linux-modules-extra-4.15.0-1148-aws - 4.15.0-1148.160~16.04.1 linux-aws-hwe-tools-4.15.0-1148 - 4.15.0-1148.160~16.04.1 linux-buildinfo-4.15.0-1148-aws - 4.15.0-1148.160~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-202-lowlatency - 4.15.0-202.213~16.04.1 linux-tools-4.15.0-202-generic - 4.15.0-202.213~16.04.1 linux-modules-extra-4.15.0-202-generic - 4.15.0-202.213~16.04.1 linux-hwe-cloud-tools-4.15.0-202 - 4.15.0-202.213~16.04.1 linux-hwe-tools-4.15.0-202 - 4.15.0-202.213~16.04.1 linux-cloud-tools-4.15.0-202-generic - 4.15.0-202.213~16.04.1 linux-buildinfo-4.15.0-202-generic - 4.15.0-202.213~16.04.1 linux-headers-4.15.0-202-generic - 4.15.0-202.213~16.04.1 linux-image-4.15.0-202-generic - 4.15.0-202.213~16.04.1 linux-modules-4.15.0-202-generic - 4.15.0-202.213~16.04.1 linux-image-unsigned-4.15.0-202-lowlatency - 4.15.0-202.213~16.04.1 linux-headers-4.15.0-202-lowlatency - 4.15.0-202.213~16.04.1 linux-image-unsigned-4.15.0-202-generic - 4.15.0-202.213~16.04.1 linux-tools-4.15.0-202-lowlatency - 4.15.0-202.213~16.04.1 linux-cloud-tools-4.15.0-202-lowlatency - 4.15.0-202.213~16.04.1 linux-modules-4.15.0-202-lowlatency - 4.15.0-202.213~16.04.1 linux-source-4.15.0 - 4.15.0-202.213~16.04.1 linux-headers-4.15.0-202 - 4.15.0-202.213~16.04.1 linux-image-4.15.0-202-lowlatency - 4.15.0-202.213~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-gke - 4.15.0.1143.135 linux-headers-gke - 4.15.0.1143.135 linux-modules-extra-gcp - 4.15.0.1143.135 linux-tools-gke - 4.15.0.1143.135 linux-tools-gcp - 4.15.0.1143.135 linux-gke - 4.15.0.1143.135 linux-gcp - 4.15.0.1143.135 linux-image-gke - 4.15.0.1143.135 linux-headers-gcp - 4.15.0.1143.135 linux-image-gcp - 4.15.0.1143.135 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-hwe - 4.15.0.1148.133 linux-modules-extra-aws-hwe - 4.15.0.1148.133 linux-aws-edge - 4.15.0.1148.133 linux-image-aws-hwe - 4.15.0.1148.133 linux-headers-aws-hwe - 4.15.0.1148.133 linux-tools-aws-hwe - 4.15.0.1148.133 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-lowlatency-hwe-16.04 - 4.15.0.202.187 linux-signed-generic-hwe-16.04-edge - 4.15.0.202.187 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.202.187 linux-image-extra-virtual-hwe-16.04 - 4.15.0.202.187 linux-image-oem - 4.15.0.202.187 linux-headers-generic-hwe-16.04-edge - 4.15.0.202.187 linux-tools-virtual-hwe-16.04 - 4.15.0.202.187 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.202.187 linux-image-virtual-hwe-16.04-edge - 4.15.0.202.187 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.202.187 linux-generic-hwe-16.04-edge - 4.15.0.202.187 linux-headers-lowlatency-hwe-16.04 - 4.15.0.202.187 linux-virtual-hwe-16.04 - 4.15.0.202.187 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.202.187 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.202.187 linux-tools-generic-hwe-16.04 - 4.15.0.202.187 linux-tools-oem - 4.15.0.202.187 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.202.187 linux-headers-oem - 4.15.0.202.187 linux-signed-image-generic-hwe-16.04 - 4.15.0.202.187 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.202.187 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.202.187 linux-headers-virtual-hwe-16.04-edge - 4.15.0.202.187 linux-lowlatency-hwe-16.04 - 4.15.0.202.187 linux-headers-generic-hwe-16.04 - 4.15.0.202.187 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.202.187 linux-generic-hwe-16.04 - 4.15.0.202.187 linux-tools-virtual-hwe-16.04-edge - 4.15.0.202.187 linux-oem - 4.15.0.202.187 linux-image-generic-hwe-16.04-edge - 4.15.0.202.187 linux-lowlatency-hwe-16.04-edge - 4.15.0.202.187 linux-image-generic-hwe-16.04 - 4.15.0.202.187 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.202.187 linux-virtual-hwe-16.04-edge - 4.15.0.202.187 linux-tools-lowlatency-hwe-16.04 - 4.15.0.202.187 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.202.187 linux-headers-virtual-hwe-16.04 - 4.15.0.202.187 linux-signed-oem - 4.15.0.202.187 linux-image-virtual-hwe-16.04 - 4.15.0.202.187 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.202.187 linux-signed-lowlatency-hwe-16.04 - 4.15.0.202.187 linux-signed-generic-hwe-16.04 - 4.15.0.202.187 linux-signed-image-oem - 4.15.0.202.187 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.202.187 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.202.187 linux-tools-generic-hwe-16.04-edge - 4.15.0.202.187 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-3643 CVE-2022-42896 CVE-2022-43945 CVE-2022-45934 Ubuntu 16.04 LTS Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications which generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user would receive from a vulnerable application. Update Instructions: Run `sudo pro fix USN-5806-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libruby2.3 - 2.3.1-2~ubuntu16.04.16+esm4 ruby2.3-tcltk - 2.3.1-2~ubuntu16.04.16+esm4 ruby2.3 - 2.3.1-2~ubuntu16.04.16+esm4 ruby2.3-dev - 2.3.1-2~ubuntu16.04.16+esm4 ruby2.3-doc - 2.3.1-2~ubuntu16.04.16+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-33621 Ubuntu 16.04 LTS USN-5807-1 fixed vulnerabilities in libXpm. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: Martin Ettl discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service. (CVE-2022-44617) Marco Ivaldi discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service. (CVE-2022-46285) Alan Coopersmith discovered that libXpm incorrectly handled calling external helper binaries. If libXpm was being used by a setuid binary, a local attacker could possibly use this issue to escalate privileges. (CVE-2022-4883) Update Instructions: Run `sudo pro fix USN-5807-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xpmutils - 1:3.5.11-1ubuntu0.16.04.1+esm1 libxpm-dev - 1:3.5.11-1ubuntu0.16.04.1+esm1 libxpm4 - 1:3.5.11-1ubuntu0.16.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-44617 CVE-2022-46285 CVE-2022-4883 Ubuntu 16.04 LTS USN-5810-1 fixed several vulnerabilities in Git. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain gitattributes. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-23521) Joern Schneeweisz discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-41903) Update Instructions: Run `sudo pro fix USN-5810-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:2.7.4-0ubuntu1.10+esm4 gitweb - 1:2.7.4-0ubuntu1.10+esm4 git-gui - 1:2.7.4-0ubuntu1.10+esm4 git-daemon-sysvinit - 1:2.7.4-0ubuntu1.10+esm4 git-arch - 1:2.7.4-0ubuntu1.10+esm4 git-el - 1:2.7.4-0ubuntu1.10+esm4 gitk - 1:2.7.4-0ubuntu1.10+esm4 git-all - 1:2.7.4-0ubuntu1.10+esm4 git-mediawiki - 1:2.7.4-0ubuntu1.10+esm4 git-daemon-run - 1:2.7.4-0ubuntu1.10+esm4 git-man - 1:2.7.4-0ubuntu1.10+esm4 git-doc - 1:2.7.4-0ubuntu1.10+esm4 git-svn - 1:2.7.4-0ubuntu1.10+esm4 git-cvs - 1:2.7.4-0ubuntu1.10+esm4 git-core - 1:2.7.4-0ubuntu1.10+esm4 git-email - 1:2.7.4-0ubuntu1.10+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-23521 CVE-2022-41903 Ubuntu 16.04 LTS USN-5811-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly handled user-specified editors when using the sudoedit command. A local attacker that has permission to use the sudoedit command could possibly use this issue to edit arbitrary files. (CVE-2023-22809) Update Instructions: Run `sudo pro fix USN-5811-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sudo-ldap - 1.8.16-0ubuntu1.10+esm1 sudo - 1.8.16-0ubuntu1.10+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-22809 Ubuntu 16.04 LTS It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43945) Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42896) It was discovered that the Xen netback driver in the Linux kernel did not properly handle packets structured in certain ways. An attacker in a guest VM could possibly use this to cause a denial of service (host NIC availability). (CVE-2022-3643) It was discovered that an integer overflow vulnerability existed in the Bluetooth subsystem in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2022-45934) Update Instructions: Run `sudo pro fix USN-5813-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-4.15.0-1113-oracle - 4.15.0-1113.124~16.04.1 linux-headers-4.15.0-1113-oracle - 4.15.0-1113.124~16.04.1 linux-image-unsigned-4.15.0-1113-oracle - 4.15.0-1113.124~16.04.1 linux-modules-extra-4.15.0-1113-oracle - 4.15.0-1113.124~16.04.1 linux-image-4.15.0-1113-oracle - 4.15.0-1113.124~16.04.1 linux-buildinfo-4.15.0-1113-oracle - 4.15.0-1113.124~16.04.1 linux-oracle-tools-4.15.0-1113 - 4.15.0-1113.124~16.04.1 linux-tools-4.15.0-1113-oracle - 4.15.0-1113.124~16.04.1 linux-oracle-headers-4.15.0-1113 - 4.15.0-1113.124~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-oracle - 4.15.0.1113.95 linux-tools-oracle - 4.15.0.1113.95 linux-signed-image-oracle - 4.15.0.1113.95 linux-headers-oracle - 4.15.0.1113.95 linux-oracle - 4.15.0.1113.95 linux-image-oracle - 4.15.0.1113.95 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-3643 CVE-2022-42896 CVE-2022-43945 CVE-2022-45934 Ubuntu 16.04 LTS Sebastian Chnelik discovered that setuptools incorrectly handled certain regex inputs. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5817-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-setuptools - 20.7.0-1ubuntu0.1~esm1 python-setuptools-doc - 20.7.0-1ubuntu0.1~esm1 python3-pkg-resources - 20.7.0-1ubuntu0.1~esm1 pypy-setuptools - 20.7.0-1ubuntu0.1~esm1 pypy-pkg-resources - 20.7.0-1ubuntu0.1~esm1 python3-setuptools - 20.7.0-1ubuntu0.1~esm1 python-pkg-resources - 20.7.0-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-40897 Ubuntu 16.04 LTS Lorenz Hipp discovered a flaw in exuberant-ctags handling of the tag filename command-line argument. A crafted tag filename specified in the command line or in the configuration file could result in arbitrary command execution. Update Instructions: Run `sudo pro fix USN-5820-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exuberant-ctags - 1:5.9~svn20110310-11ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-4515 Ubuntu 16.04 LTS USN-5821-1 fixed a vulnerability in wheel. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Sebastian Chnelik discovered that wheel incorrectly handled certain file names when validated against a regex expression. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5821-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-wheel - 0.29.0-1ubuntu0.1~esm1 python-wheel-common - 0.29.0-1ubuntu0.1~esm1 python3-wheel - 0.29.0-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-40898 Ubuntu 16.04 LTS USN-5821-1 fixed a vulnerability in wheel and pip. Unfortunately, it was missing a commit to fix it properly in pip. We apologize for the inconvenience. Original advisory details: Sebastian Chnelik discovered that wheel incorrectly handled certain file names when validated against a regex expression. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5821-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-pip - 8.1.1-2ubuntu0.6+esm4 python-pip-whl - 8.1.1-2ubuntu0.6+esm4 python3-pip - 8.1.1-2ubuntu0.6+esm4 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-40898 Ubuntu 16.04 LTS USN-5821-3 fixed a vulnerability in pip. The update introduced a minor regression in Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Sebastian Chnelik discovered that wheel incorrectly handled certain file names when validated against a regex expression. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5821-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-pip - 8.1.1-2ubuntu0.6+esm5 python-pip-whl - 8.1.1-2ubuntu0.6+esm5 python3-pip - 8.1.1-2ubuntu0.6+esm5 Available with Ubuntu Pro: https://ubuntu.com/pro None https://launchpad.net/bugs/2009130 Ubuntu 16.04 LTS USN-5823-1 fixed a vulnerability in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to MySQL 5.7.41. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-41.html https://www.oracle.com/security-alerts/cpujan2023.html Update Instructions: Run `sudo pro fix USN-5823-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.41-0ubuntu0.16.04.1+esm1 mysql-source-5.7 - 5.7.41-0ubuntu0.16.04.1+esm1 libmysqlclient-dev - 5.7.41-0ubuntu0.16.04.1+esm1 mysql-client-core-5.7 - 5.7.41-0ubuntu0.16.04.1+esm1 mysql-client-5.7 - 5.7.41-0ubuntu0.16.04.1+esm1 libmysqlclient20 - 5.7.41-0ubuntu0.16.04.1+esm1 mysql-server-5.7 - 5.7.41-0ubuntu0.16.04.1+esm1 mysql-common - 5.7.41-0ubuntu0.16.04.1+esm1 mysql-server - 5.7.41-0ubuntu0.16.04.1+esm1 mysql-server-core-5.7 - 5.7.41-0ubuntu0.16.04.1+esm1 mysql-testsuite - 5.7.41-0ubuntu0.16.04.1+esm1 libmysqld-dev - 5.7.41-0ubuntu0.16.04.1+esm1 mysql-testsuite-5.7 - 5.7.41-0ubuntu0.16.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-21840 Ubuntu 16.04 LTS It was discovered that PAM did not correctly restrict login from an IP address that is not resolvable via DNS. An attacker could possibly use this issue to bypass authentication. Update Instructions: Run `sudo pro fix USN-5825-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpam-runtime - 1.1.8-3.2ubuntu2.3+esm2 libpam0g-dev - 1.1.8-3.2ubuntu2.3+esm2 libpam-modules - 1.1.8-3.2ubuntu2.3+esm2 libpam-modules-bin - 1.1.8-3.2ubuntu2.3+esm2 libpam-doc - 1.1.8-3.2ubuntu2.3+esm2 libpam-cracklib - 1.1.8-3.2ubuntu2.3+esm2 libpam0g - 1.1.8-3.2ubuntu2.3+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Negligible CVE-2022-28321 Ubuntu 16.04 LTS USN-5825-1 fixed vulnerabilities in PAM. Unfortunately that update was incomplete and could introduce a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that PAM did not correctly restrict login from an IP address that is not resolvable via DNS. An attacker could possibly use this issue to bypass authentication. Update Instructions: Run `sudo pro fix USN-5825-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpam-runtime - 1.1.8-3.2ubuntu2.3+esm4 libpam0g-dev - 1.1.8-3.2ubuntu2.3+esm4 libpam-modules - 1.1.8-3.2ubuntu2.3+esm4 libpam-modules-bin - 1.1.8-3.2ubuntu2.3+esm4 libpam-doc - 1.1.8-3.2ubuntu2.3+esm4 libpam-cracklib - 1.1.8-3.2ubuntu2.3+esm4 libpam0g - 1.1.8-3.2ubuntu2.3+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Negligible CVE-2022-28321 https://launchpad.net/bugs/2006073 Ubuntu 16.04 LTS It was discovered that Kerberos incorrectly handled certain S4U2Self requests. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2018-20217) Greg Hudson discovered that Kerberos PAC implementation incorrectly handled certain parsing operations. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2022-42898) Update Instructions: Run `sudo pro fix USN-5828-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libkadm5srv-mit9 - 1.13.2+dfsg-5ubuntu2.2+esm3 krb5-doc - 1.13.2+dfsg-5ubuntu2.2+esm3 krb5-user - 1.13.2+dfsg-5ubuntu2.2+esm3 libgssrpc4 - 1.13.2+dfsg-5ubuntu2.2+esm3 libkrb5support0 - 1.13.2+dfsg-5ubuntu2.2+esm3 libk5crypto3 - 1.13.2+dfsg-5ubuntu2.2+esm3 libkrb5-dev - 1.13.2+dfsg-5ubuntu2.2+esm3 krb5-pkinit - 1.13.2+dfsg-5ubuntu2.2+esm3 libkrb5-3 - 1.13.2+dfsg-5ubuntu2.2+esm3 krb5-kdc-ldap - 1.13.2+dfsg-5ubuntu2.2+esm3 krb5-otp - 1.13.2+dfsg-5ubuntu2.2+esm3 libkadm5clnt-mit9 - 1.13.2+dfsg-5ubuntu2.2+esm3 krb5-gss-samples - 1.13.2+dfsg-5ubuntu2.2+esm3 krb5-multidev - 1.13.2+dfsg-5ubuntu2.2+esm3 krb5-locales - 1.13.2+dfsg-5ubuntu2.2+esm3 libgssapi-krb5-2 - 1.13.2+dfsg-5ubuntu2.2+esm3 krb5-kdc - 1.13.2+dfsg-5ubuntu2.2+esm3 libkrad-dev - 1.13.2+dfsg-5ubuntu2.2+esm3 libkdb5-8 - 1.13.2+dfsg-5ubuntu2.2+esm3 krb5-k5tls - 1.13.2+dfsg-5ubuntu2.2+esm3 libkrad0 - 1.13.2+dfsg-5ubuntu2.2+esm3 krb5-admin-server - 1.13.2+dfsg-5ubuntu2.2+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-20217 CVE-2022-42898 Ubuntu 16.04 LTS Sebastian Chnelik discovered that python-future incorrectly handled certain HTTP header field. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5833-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-future-doc - 0.15.2-1ubuntu0.1~esm1 python3-future - 0.15.2-1ubuntu0.1~esm1 python-future - 0.15.2-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-40899 Ubuntu 16.04 LTS It was discovered that the Apache HTTP Server mod_dav module did not properly handle specially crafted request headers. A remote attacker could possibly use this issue to cause the process to crash, leading to a denial of service. (CVE-2006-20001) It was discovered that the Apache HTTP Server mod_proxy_ajp module did not properly handle certain invalid Transfer-Encoding headers. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. (CVE-2022-36760) Update Instructions: Run `sudo pro fix USN-5834-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2-data - 2.4.18-2ubuntu3.17+esm8 apache2-utils - 2.4.18-2ubuntu3.17+esm8 apache2-dev - 2.4.18-2ubuntu3.17+esm8 apache2-suexec-pristine - 2.4.18-2ubuntu3.17+esm8 apache2-suexec-custom - 2.4.18-2ubuntu3.17+esm8 apache2 - 2.4.18-2ubuntu3.17+esm8 apache2-doc - 2.4.18-2ubuntu3.17+esm8 apache2-bin - 2.4.18-2ubuntu3.17+esm8 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2006-20001 CVE-2022-36760 Ubuntu 16.04 LTS It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5836-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:7.4.1689-3ubuntu1.5+esm15 vim-nox-py2 - 2:7.4.1689-3ubuntu1.5+esm15 vim-gnome - 2:7.4.1689-3ubuntu1.5+esm15 vim-athena-py2 - 2:7.4.1689-3ubuntu1.5+esm15 vim-athena - 2:7.4.1689-3ubuntu1.5+esm15 vim-gtk - 2:7.4.1689-3ubuntu1.5+esm15 vim-gui-common - 2:7.4.1689-3ubuntu1.5+esm15 vim - 2:7.4.1689-3ubuntu1.5+esm15 vim-gtk3-py2 - 2:7.4.1689-3ubuntu1.5+esm15 vim-doc - 2:7.4.1689-3ubuntu1.5+esm15 vim-gtk-py2 - 2:7.4.1689-3ubuntu1.5+esm15 vim-tiny - 2:7.4.1689-3ubuntu1.5+esm15 vim-gnome-py2 - 2:7.4.1689-3ubuntu1.5+esm15 vim-gtk3 - 2:7.4.1689-3ubuntu1.5+esm15 vim-nox - 2:7.4.1689-3ubuntu1.5+esm15 vim-runtime - 2:7.4.1689-3ubuntu1.5+esm15 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-47024 CVE-2023-0049 CVE-2023-0054 CVE-2023-0288 CVE-2023-0433 Ubuntu 16.04 LTS USN-5837-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Nick Pope discovered that Django incorrectly handled certain Accept-Language headers. A remote attacker could possibly use this issue to cause Django to consume memory, leading to a denial of service. Update Instructions: Run `sudo pro fix USN-5837-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1.8.7-1ubuntu5.15+esm6 python-django-doc - 1.8.7-1ubuntu5.15+esm6 python-django-common - 1.8.7-1ubuntu5.15+esm6 python-django - 1.8.7-1ubuntu5.15+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-23969 Ubuntu 16.04 LTS It was discovered that AdvanceCOMP did not properly manage memory while performing read operations on MNG file. If a user were tricked into opening a specially crafted MNG file, a remote attacker could possibly use this issue to cause AdvanceCOMP to crash, resulting in a denial of service. (CVE-2022-35014, CVE-2022-35017, CVE-2022-35018, CVE-2022-35019, CVE-2022-35020) It was discovered that AdvanceCOMP did not properly manage memory while performing read operations on ZIP file. If a user were tricked into opening a specially crafted ZIP file, a remote attacker could possibly use this issue to cause AdvanceCOMP to crash, resulting in a denial of service. (CVE-2022-35015, CVE-2022-35016) Update Instructions: Run `sudo pro fix USN-5838-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: advancecomp - 1.20-1ubuntu0.2+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-35014 CVE-2022-35015 CVE-2022-35016 CVE-2022-35017 CVE-2022-35018 CVE-2022-35019 CVE-2022-35020 Ubuntu 16.04 LTS USN-5839-1 fixed a vulnerability in Apache. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server mod_proxy module incorrectly truncated certain response headers. This may result in later headers not being interpreted by the client. (CVE-2022-37436) Update Instructions: Run `sudo pro fix USN-5839-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2-data - 2.4.18-2ubuntu3.17+esm9 apache2-utils - 2.4.18-2ubuntu3.17+esm9 apache2-dev - 2.4.18-2ubuntu3.17+esm9 apache2-suexec-pristine - 2.4.18-2ubuntu3.17+esm9 apache2-suexec-custom - 2.4.18-2ubuntu3.17+esm9 apache2 - 2.4.18-2ubuntu3.17+esm9 apache2-doc - 2.4.18-2ubuntu3.17+esm9 apache2-bin - 2.4.18-2ubuntu3.17+esm9 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-37436 Ubuntu 16.04 LTS It was discovered that Long Range ZIP incorrectly handled pointers. If a user or an automated system were tricked into opening a certain specially crafted ZIP file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2020-25467) It was discovered that Long Range ZIP incorrectly handled pointers. If a user or an automated system were tricked into opening a certain specially crafted ZIP file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-27345, CVE-2021-27347) It was discovered that Long Range ZIP incorrectly handled pointers. If a user or an automated system were tricked into opening a certain specially crafted ZIP file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2022-26291) It was discovered that Long Range ZIP incorrectly handled memory allocation, which could lead to a heap memory corruption. An attacker could possibly use this issue to cause denial of service. This issue affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-28044) Update Instructions: Run `sudo pro fix USN-5840-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lrzip - 0.621-1ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-5786 CVE-2020-25467 CVE-2021-27345 CVE-2021-27347 CVE-2022-26291 CVE-2022-28044 Ubuntu 16.04 LTS It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue was only fixed in Ubuntu 14.04 ESM. (CVE-2019-14973, CVE-2019-17546, CVE-2020-35523, CVE-2020-35524, CVE-2022-3970) It was discovered that LibTIFF was incorrectly acessing a data structure when processing data with the tiffcrop tool, which could lead to a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-48281) Update Instructions: Run `sudo pro fix USN-5841-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.6-1ubuntu0.8+esm9 libtiffxx5 - 4.0.6-1ubuntu0.8+esm9 libtiff5-dev - 4.0.6-1ubuntu0.8+esm9 libtiff5 - 4.0.6-1ubuntu0.8+esm9 libtiff-tools - 4.0.6-1ubuntu0.8+esm9 libtiff-doc - 4.0.6-1ubuntu0.8+esm9 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-14973 CVE-2019-17546 CVE-2020-35523 CVE-2020-35524 CVE-2022-3970 CVE-2022-48281 Ubuntu 16.04 LTS Mark Esler and David Fernandez Gonzalez discovered that EditorConfig Core C incorrectly handled memory when handling certain inputs. An attacker could possibly use this issue to cause applications using EditorConfig Core C to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5842-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: editorconfig-doc - 0.12.0-2ubuntu0.1~esm1 libeditorconfig0 - 0.12.0-2ubuntu0.1~esm1 editorconfig - 0.12.0-2ubuntu0.1~esm1 libeditorconfig-dev - 0.12.0-2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-0341 Ubuntu 16.04 LTS It was discovered that tmux incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5843-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tmux - 2.1-3ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-47016 Ubuntu 16.04 LTS USN-5845-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: David Benjamin discovered that OpenSSL incorrectly handled X.400 address processing. A remote attacker could possibly use this issue to read arbitrary memory contents or cause OpenSSL to crash, resulting in a denial of service. (CVE-2023-0286) Octavio Galland and Marcel Böhme discovered that OpenSSL incorrectly handled streaming ASN.1 data. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-0215) Update Instructions: Run `sudo pro fix USN-5845-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl-dev - 1.0.2g-1ubuntu4.20+esm6 openssl - 1.0.2g-1ubuntu4.20+esm6 libssl-doc - 1.0.2g-1ubuntu4.20+esm6 libssl1.0.0 - 1.0.2g-1ubuntu4.20+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-0215 CVE-2023-0286 Ubuntu 16.04 LTS Helmut Grohne discovered that Heimdal GSSAPI incorrectly handled logical conditions that are related to memory management operations. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5849-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libhcrypto4-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm4 libwind0-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm4 libroken18-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm4 libgssapi3-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm4 heimdal-kcm - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm4 libhdb9-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm4 libasn1-8-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm4 libsl0-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm4 libkadm5clnt7-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm4 heimdal-kdc - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm4 libkdc2-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm4 heimdal-servers - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm4 libheimntlm0-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm4 heimdal-docs - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm4 libheimbase1-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm4 libkrb5-26-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm4 libotp0-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm4 heimdal-dev - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm4 libkafs0-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm4 libhx509-5-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm4 heimdal-multidev - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm4 libkadm5srv8-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm4 heimdal-clients - 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-45142 Ubuntu 16.04 LTS USN-5855-1 fixed vulnerabilities in ImageMagick. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that ImageMagick incorrectly handled certain PNG images. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause ImageMagick to stop responding, resulting in a denial of service, or possibly obtain the contents of arbitrary files by including them into images. Update Instructions: Run `sudo pro fix USN-5855-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.8.9.9-7ubuntu5.16+esm7 libmagickcore-6.q16-dev - 8:6.8.9.9-7ubuntu5.16+esm7 imagemagick - 8:6.8.9.9-7ubuntu5.16+esm7 imagemagick-doc - 8:6.8.9.9-7ubuntu5.16+esm7 libmagickwand-6.q16-dev - 8:6.8.9.9-7ubuntu5.16+esm7 libmagick++-6-headers - 8:6.8.9.9-7ubuntu5.16+esm7 libimage-magick-q16-perl - 8:6.8.9.9-7ubuntu5.16+esm7 libmagickwand-dev - 8:6.8.9.9-7ubuntu5.16+esm7 libimage-magick-perl - 8:6.8.9.9-7ubuntu5.16+esm7 libmagick++-dev - 8:6.8.9.9-7ubuntu5.16+esm7 imagemagick-6.q16 - 8:6.8.9.9-7ubuntu5.16+esm7 libmagick++-6.q16-5v5 - 8:6.8.9.9-7ubuntu5.16+esm7 perlmagick - 8:6.8.9.9-7ubuntu5.16+esm7 libmagickwand-6.q16-2 - 8:6.8.9.9-7ubuntu5.16+esm7 libmagickcore-6-headers - 8:6.8.9.9-7ubuntu5.16+esm7 libmagickcore-6-arch-config - 8:6.8.9.9-7ubuntu5.16+esm7 libmagick++-6.q16-dev - 8:6.8.9.9-7ubuntu5.16+esm7 libmagickcore-6.q16-2-extra - 8:6.8.9.9-7ubuntu5.16+esm7 libmagickcore-dev - 8:6.8.9.9-7ubuntu5.16+esm7 libmagickwand-6-headers - 8:6.8.9.9-7ubuntu5.16+esm7 libmagickcore-6.q16-2 - 8:6.8.9.9-7ubuntu5.16+esm7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-44267 CVE-2022-44268 Ubuntu 16.04 LTS It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43945) Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42896) It was discovered that the Xen netback driver in the Linux kernel did not properly handle packets structured in certain ways. An attacker in a guest VM could possibly use this to cause a denial of service (host NIC availability). (CVE-2022-3643) It was discovered that an integer overflow vulnerability existed in the Bluetooth subsystem in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2022-45934) Update Instructions: Run `sudo pro fix USN-5863-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-azure-tools-4.15.0-1159 - 4.15.0-1159.174~16.04.1 linux-modules-extra-4.15.0-1159-azure - 4.15.0-1159.174~16.04.1 linux-cloud-tools-4.15.0-1159-azure - 4.15.0-1159.174~16.04.1 linux-modules-4.15.0-1159-azure - 4.15.0-1159.174~16.04.1 linux-tools-4.15.0-1159-azure - 4.15.0-1159.174~16.04.1 linux-image-4.15.0-1159-azure - 4.15.0-1159.174~16.04.1 linux-headers-4.15.0-1159-azure - 4.15.0-1159.174~16.04.1 linux-azure-headers-4.15.0-1159 - 4.15.0-1159.174~16.04.1 linux-azure-cloud-tools-4.15.0-1159 - 4.15.0-1159.174~16.04.1 linux-buildinfo-4.15.0-1159-azure - 4.15.0-1159.174~16.04.1 linux-image-unsigned-4.15.0-1159-azure - 4.15.0-1159.174~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1159.144 linux-tools-azure-edge - 4.15.0.1159.144 linux-signed-image-azure-edge - 4.15.0.1159.144 linux-image-azure - 4.15.0.1159.144 linux-cloud-tools-azure - 4.15.0.1159.144 linux-cloud-tools-azure-edge - 4.15.0.1159.144 linux-tools-azure - 4.15.0.1159.144 linux-headers-azure-edge - 4.15.0.1159.144 linux-azure - 4.15.0.1159.144 linux-image-azure-edge - 4.15.0.1159.144 linux-headers-azure - 4.15.0.1159.144 linux-modules-extra-azure - 4.15.0.1159.144 linux-modules-extra-azure-edge - 4.15.0.1159.144 linux-azure-edge - 4.15.0.1159.144 linux-signed-azure-edge - 4.15.0.1159.144 linux-signed-image-azure - 4.15.0.1159.144 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-3643 CVE-2022-42896 CVE-2022-43945 CVE-2022-45934 Ubuntu 16.04 LTS It was discovered that Nova did not properly manage data logged into the log file. An attacker with read access to the service's logs could exploit this issue and may obtain sensitive information. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2015-9543) It was discovered that Nova did not properly handle attaching and reattaching the encrypted volume. An attacker could possibly use this issue to perform a denial of service attack. This issue only affected Ubuntu 16.04 ESM. (CVE-2017-18191) It was discovered that Nova did not properly handle the updation of domain XML after live migration. An attacker could possibly use this issue to corrupt the volume or perform a denial of service attack. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-17376) It was discovered that Nova was not properly validating the URL passed to noVNC. An attacker could possibly use this issue by providing malicious URL to the noVNC proxy to redirect to any desired URL. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2021-3654) It was discovered that Nova did not properly handle changes in the neutron port of vnic_type type. An authenticated user could possibly use this issue to perform a denial of service attack. This issue only affected Ubuntu 20.04 LTS. (CVE-2022-37394) Update Instructions: Run `sudo pro fix USN-5866-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nova-api - 2:13.1.4-0ubuntu4.5+esm1 nova-common - 2:13.1.4-0ubuntu4.5+esm1 nova-compute-xen - 2:13.1.4-0ubuntu4.5+esm1 nova-api-os-compute - 2:13.1.4-0ubuntu4.5+esm1 nova-novncproxy - 2:13.1.4-0ubuntu4.5+esm1 nova-serialproxy - 2:13.1.4-0ubuntu4.5+esm1 nova-api-os-volume - 2:13.1.4-0ubuntu4.5+esm1 nova-compute-lxc - 2:13.1.4-0ubuntu4.5+esm1 nova-consoleauth - 2:13.1.4-0ubuntu4.5+esm1 python-nova - 2:13.1.4-0ubuntu4.5+esm1 nova-network - 2:13.1.4-0ubuntu4.5+esm1 nova-api-metadata - 2:13.1.4-0ubuntu4.5+esm1 nova-ajax-console-proxy - 2:13.1.4-0ubuntu4.5+esm1 nova-compute-kvm - 2:13.1.4-0ubuntu4.5+esm1 nova-xvpvncproxy - 2:13.1.4-0ubuntu4.5+esm1 nova-doc - 2:13.1.4-0ubuntu4.5+esm1 nova-conductor - 2:13.1.4-0ubuntu4.5+esm1 nova-volume - 2:13.1.4-0ubuntu4.5+esm1 nova-compute-vmware - 2:13.1.4-0ubuntu4.5+esm1 nova-spiceproxy - 2:13.1.4-0ubuntu4.5+esm1 nova-scheduler - 2:13.1.4-0ubuntu4.5+esm1 nova-console - 2:13.1.4-0ubuntu4.5+esm1 nova-compute-libvirt - 2:13.1.4-0ubuntu4.5+esm1 nova-cert - 2:13.1.4-0ubuntu4.5+esm1 nova-compute - 2:13.1.4-0ubuntu4.5+esm1 nova-compute-qemu - 2:13.1.4-0ubuntu4.5+esm1 nova-cells - 2:13.1.4-0ubuntu4.5+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2015-9543 CVE-2017-18191 CVE-2020-17376 CVE-2021-3654 CVE-2022-37394 Ubuntu 16.04 LTS Ronald Crane discovered that APR-util did not properly handled memory when encoding or decoding certain input data. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5870-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libaprutil1-dbd-odbc - 1.5.4-1ubuntu0.1~esm2 libaprutil1 - 1.5.4-1ubuntu0.1~esm2 libaprutil1-dbd-mysql - 1.5.4-1ubuntu0.1~esm2 libaprutil1-ldap - 1.5.4-1ubuntu0.1~esm2 libaprutil1-dbd-sqlite3 - 1.5.4-1ubuntu0.1~esm2 libaprutil1-dbd-pgsql - 1.5.4-1ubuntu0.1~esm2 libaprutil1-dev - 1.5.4-1ubuntu0.1~esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-25147 Ubuntu 16.04 LTS It was discovered that Git incorrectly handled certain repositories. An attacker could use this issue to make Git uses its local clone optimization even when using a non-local transport. (CVE-2023-22490) Joern Schneeweisz discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwrite a patch outside the working tree. (CVE-2023-23946) Update Instructions: Run `sudo pro fix USN-5871-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:2.7.4-0ubuntu1.10+esm5 gitweb - 1:2.7.4-0ubuntu1.10+esm5 git-gui - 1:2.7.4-0ubuntu1.10+esm5 git-daemon-sysvinit - 1:2.7.4-0ubuntu1.10+esm5 git-arch - 1:2.7.4-0ubuntu1.10+esm5 git-el - 1:2.7.4-0ubuntu1.10+esm5 gitk - 1:2.7.4-0ubuntu1.10+esm5 git-all - 1:2.7.4-0ubuntu1.10+esm5 git-mediawiki - 1:2.7.4-0ubuntu1.10+esm5 git-daemon-run - 1:2.7.4-0ubuntu1.10+esm5 git-man - 1:2.7.4-0ubuntu1.10+esm5 git-doc - 1:2.7.4-0ubuntu1.10+esm5 git-svn - 1:2.7.4-0ubuntu1.10+esm5 git-cvs - 1:2.7.4-0ubuntu1.10+esm5 git-core - 1:2.7.4-0ubuntu1.10+esm5 git-email - 1:2.7.4-0ubuntu1.10+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-22490 CVE-2023-23946 Ubuntu 16.04 LTS Tavis Ormandy discovered that NSS incorrectly handled an empty pkcs7 sequence. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. (CVE-2022-22747) Ronald Crane discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-34480) Update Instructions: Run `sudo pro fix USN-5872-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.28.4-0ubuntu0.16.04.14+esm3 libnss3-dev - 2:3.28.4-0ubuntu0.16.04.14+esm3 libnss3 - 2:3.28.4-0ubuntu0.16.04.14+esm3 libnss3-1d - 2:3.28.4-0ubuntu0.16.04.14+esm3 libnss3-tools - 2:3.28.4-0ubuntu0.16.04.14+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-22747 CVE-2022-34480 Ubuntu 16.04 LTS Gjoko Krstic discovered that DCMTK incorrectly handled buffers. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-8979) Omar Ganiev discovered that DCMTK incorrectly handled buffers. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-1010228) Jinsheng Ba discovered that DCMTK incorrectly handled certain requests. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2021-41687, CVE-2021-41688, CVE-2021-41689, and CVE-2021-41690) Sharon Brizinov and Noam Moshe discovered that DCMTK incorrectly handled certain inputs. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-2119 and CVE-2022-2120) Sharon Brizinov and Noam Moshe discovered that DCMTK incorrectly handled pointers. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-2121) It was discovered that DCMTK incorrectly handled certain inputs. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-43272) Update Instructions: Run `sudo pro fix USN-5882-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libdcmtk5 - 3.6.1~20150924-5ubuntu0.1~esm1 dcmtk - 3.6.1~20150924-5ubuntu0.1~esm1 dcmtk-doc - 3.6.1~20150924-5ubuntu0.1~esm1 libdcmtk-dev - 3.6.1~20150924-5ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2015-8979 CVE-2019-1010228 CVE-2021-41687 CVE-2021-41688 CVE-2021-41689 CVE-2021-41690 CVE-2022-2119 CVE-2022-2120 CVE-2022-2121 CVE-2022-43272 Ubuntu 16.04 LTS Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-4378) It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 (V4L2) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20369) Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan and Ariel Sabba discovered that some Intel processors with Enhanced Indirect Branch Restricted Speculation (eIBRS) did not properly handle RET instructions after a VM exits. A local attacker could potentially use this to expose sensitive information. (CVE-2022-26373) David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering. (CVE-2022-2663) Johannes Wikner and Kaveh Razavi discovered that for some AMD x86-64 processors, the branch predictor could by mis-trained for return instructions in certain circumstances. A local attacker could possibly use this to expose sensitive information. (CVE-2022-29900) Johannes Wikner and Kaveh Razavi discovered that for some Intel x86-64 processors, the Linux kernel's protections against speculative branch target injection attacks were insufficient in some circumstances. A local attacker could possibly use this to expose sensitive information. (CVE-2022-29901) It was discovered that a race condition existed in the Kernel Connection Multiplexor (KCM) socket implementation in the Linux kernel when releasing sockets in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3521) It was discovered that the Netronome Ethernet driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3545) It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform bounds checking in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3628) It was discovered that a use-after-free vulnerability existed in the Bluetooth stack in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3640) It was discovered that the NILFS2 file system implementation in the Linux kernel did not properly deallocate memory in certain error conditions. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3646) Khalid Masum discovered that the NILFS2 file system implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-3649) Hyunwoo Kim discovered that an integer overflow vulnerability existed in the PXA3xx graphics driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-39842) It was discovered that a race condition existed in the SMSC UFX USB driver implementation in the Linux kernel, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41849) It was discovered that a race condition existed in the Roccat HID driver in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41850) It was discovered that a race condition existed in the Xen network backend driver in the Linux kernel when handling dropped packets in certain circumstances. An attacker could use this to cause a denial of service (kernel deadlock). (CVE-2022-42328) Tamás Koczka discovered that the Bluetooth L2CAP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-42895) It was discovered that the USB monitoring (usbmon) component in the Linux kernel did not properly set permissions on memory mapped in to user space processes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43750) It was discovered that the Upper Level Protocol (ULP) subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-0461) Update Instructions: Run `sudo pro fix USN-5883-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-tools-4.15.0-206-lowlatency - 4.15.0-206.217~16.04.1 linux-cloud-tools-4.15.0-206-generic - 4.15.0-206.217~16.04.1 linux-modules-4.15.0-206-lowlatency - 4.15.0-206.217~16.04.1 linux-image-unsigned-4.15.0-206-generic - 4.15.0-206.217~16.04.1 linux-headers-4.15.0-206-lowlatency - 4.15.0-206.217~16.04.1 linux-tools-4.15.0-206-generic - 4.15.0-206.217~16.04.1 linux-hwe-tools-4.15.0-206 - 4.15.0-206.217~16.04.1 linux-headers-4.15.0-206-generic - 4.15.0-206.217~16.04.1 linux-cloud-tools-4.15.0-206-lowlatency - 4.15.0-206.217~16.04.1 linux-buildinfo-4.15.0-206-generic - 4.15.0-206.217~16.04.1 linux-modules-4.15.0-206-generic - 4.15.0-206.217~16.04.1 linux-buildinfo-4.15.0-206-lowlatency - 4.15.0-206.217~16.04.1 linux-modules-extra-4.15.0-206-generic - 4.15.0-206.217~16.04.1 linux-source-4.15.0 - 4.15.0-206.217~16.04.1 linux-image-unsigned-4.15.0-206-lowlatency - 4.15.0-206.217~16.04.1 linux-headers-4.15.0-206 - 4.15.0-206.217~16.04.1 linux-hwe-cloud-tools-4.15.0-206 - 4.15.0-206.217~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.15.0-206-lowlatency - 4.15.0-206.217~16.04.1+1 linux-image-4.15.0-206-generic - 4.15.0-206.217~16.04.1+1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.206.191 linux-tools-oem - 4.15.0.206.191 linux-lowlatency-hwe-16.04-edge - 4.15.0.206.191 linux-image-virtual-hwe-16.04-edge - 4.15.0.206.191 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.206.191 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.206.191 linux-image-lowlatency-hwe-16.04 - 4.15.0.206.191 linux-signed-generic-hwe-16.04-edge - 4.15.0.206.191 linux-image-generic-hwe-16.04-edge - 4.15.0.206.191 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.206.191 linux-headers-oem - 4.15.0.206.191 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.206.191 linux-tools-lowlatency-hwe-16.04 - 4.15.0.206.191 linux-tools-generic-hwe-16.04 - 4.15.0.206.191 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.206.191 linux-signed-lowlatency-hwe-16.04 - 4.15.0.206.191 linux-image-extra-virtual-hwe-16.04 - 4.15.0.206.191 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.206.191 linux-headers-virtual-hwe-16.04 - 4.15.0.206.191 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.206.191 linux-signed-generic-hwe-16.04 - 4.15.0.206.191 linux-signed-image-generic-hwe-16.04 - 4.15.0.206.191 linux-image-virtual-hwe-16.04 - 4.15.0.206.191 linux-virtual-hwe-16.04-edge - 4.15.0.206.191 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.206.191 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.206.191 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.206.191 linux-image-oem - 4.15.0.206.191 linux-signed-oem - 4.15.0.206.191 linux-headers-virtual-hwe-16.04-edge - 4.15.0.206.191 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.206.191 linux-lowlatency-hwe-16.04 - 4.15.0.206.191 linux-headers-generic-hwe-16.04 - 4.15.0.206.191 linux-generic-hwe-16.04-edge - 4.15.0.206.191 linux-virtual-hwe-16.04 - 4.15.0.206.191 linux-headers-lowlatency-hwe-16.04 - 4.15.0.206.191 linux-signed-image-oem - 4.15.0.206.191 linux-generic-hwe-16.04 - 4.15.0.206.191 linux-tools-virtual-hwe-16.04-edge - 4.15.0.206.191 linux-image-generic-hwe-16.04 - 4.15.0.206.191 linux-headers-generic-hwe-16.04-edge - 4.15.0.206.191 linux-tools-generic-hwe-16.04-edge - 4.15.0.206.191 linux-oem - 4.15.0.206.191 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.206.191 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.206.191 linux-tools-virtual-hwe-16.04 - 4.15.0.206.191 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-20369 CVE-2022-26373 CVE-2022-2663 CVE-2022-29900 CVE-2022-29901 CVE-2022-3521 CVE-2022-3545 CVE-2022-3628 CVE-2022-3640 CVE-2022-3646 CVE-2022-3649 CVE-2022-39842 CVE-2022-41849 CVE-2022-41850 CVE-2022-42328 CVE-2022-42895 CVE-2022-43750 CVE-2022-4378 CVE-2023-0461 Ubuntu 16.04 LTS Kirill Tkhai discovered that the XFS file system implementation in the Linux kernel did not calculate size correctly when pre-allocating space in some situations. A local attacker could use this to expose sensitive information. (CVE-2021-4155) Lee Jones discovered that a use-after-free vulnerability existed in the Bluetooth implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20566) Duoming Zhou discovered that a race condition existed in the SLIP driver in the Linux kernel, leading to a null pointer dereference vulnerability. An attacker could use this to cause a denial of service (system crash). (CVE-2022-41858) Tamás Koczka discovered that the Bluetooth L2CAP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-42895) José Oliveira and Rodrigo Branco discovered that the prctl syscall implementation in the Linux kernel did not properly protect against indirect branch prediction attacks in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-0045) It was discovered that the RNDIS USB driver in the Linux kernel contained an integer overflow vulnerability. A local attacker with physical access could plug in a malicious USB device to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-23559) Update Instructions: Run `sudo pro fix USN-5884-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.4.0-1154-aws - 4.4.0-1154.169 linux-aws-tools-4.4.0-1154 - 4.4.0-1154.169 linux-modules-4.4.0-1154-aws - 4.4.0-1154.169 linux-buildinfo-4.4.0-1154-aws - 4.4.0-1154.169 linux-headers-4.4.0-1154-aws - 4.4.0-1154.169 linux-aws-cloud-tools-4.4.0-1154 - 4.4.0-1154.169 linux-cloud-tools-4.4.0-1154-aws - 4.4.0-1154.169 linux-aws-headers-4.4.0-1154 - 4.4.0-1154.169 linux-modules-extra-4.4.0-1154-aws - 4.4.0-1154.169 linux-tools-4.4.0-1154-aws - 4.4.0-1154.169 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-aws - 4.4.0.1154.158 linux-aws - 4.4.0.1154.158 linux-tools-aws - 4.4.0.1154.158 linux-headers-aws - 4.4.0.1154.158 linux-image-aws - 4.4.0.1154.158 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-4155 CVE-2022-20566 CVE-2022-41858 CVE-2022-42895 CVE-2023-0045 CVE-2023-23559 Ubuntu 16.04 LTS Erik C. Bjorge discovered that some Intel(R) Atom and Intel Xeon Scalable Processors did not properly implement access controls for out-of-band management. This may allow a privileged network-adjacent user to potentially escalate privileges. (CVE-2022-21216) Cfir Cohen, Erdem Aktas, Felix Wilhelm, James Forshaw, Josh Eads, Nagaraju Kodalapura Nagabhushana Rao, Przemyslaw Duda, Liron Shacham and Ron Anderson discovered that some Intel(R) Xeon(R) Processors used incorrect default permissions in some memory controller configurations when using Intel(R) Software Guard Extensions. This may allow a privileged local user to potentially escalate privileges. (CVE-2022-33196) It was discovered that some 3rd Generation Intel(R) Xeon(R) Scalable Processors did not properly calculate microkey keying. This may allow a privileged local user to potentially disclose information. (CVE-2022-33972) Joseph Nuzman discovered that some Intel(R) Processors when using Intel(R) Software Guard Extensions did not properly isolate shared resources. This may allow a privileged local user to potentially disclose information. (CVE-2022-38090) Update Instructions: Run `sudo pro fix USN-5886-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20230214.0ubuntu0.16.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-21216 CVE-2022-33196 CVE-2022-33972 CVE-2022-38090 Ubuntu 16.04 LTS Simon Scannell discovered that ClamAV incorrectly handled parsing HFS+ files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2023-20032) Simon Scannell discovered that ClamAV incorrectly handled parsing DMG files. A remote attacker could possibly use this issue to expose sensitive information. (CVE-2023-20052) Update Instructions: Run `sudo pro fix USN-5887-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.103.8+dfsg-0ubuntu0.16.04.1+esm1 clamav-testfiles - 0.103.8+dfsg-0ubuntu0.16.04.1+esm1 clamav-base - 0.103.8+dfsg-0ubuntu0.16.04.1+esm1 clamav - 0.103.8+dfsg-0ubuntu0.16.04.1+esm1 clamav-daemon - 0.103.8+dfsg-0ubuntu0.16.04.1+esm1 clamav-milter - 0.103.8+dfsg-0ubuntu0.16.04.1+esm1 clamav-docs - 0.103.8+dfsg-0ubuntu0.16.04.1+esm1 clamav-freshclam - 0.103.8+dfsg-0ubuntu0.16.04.1+esm1 libclamav9 - 0.103.8+dfsg-0ubuntu0.16.04.1+esm1 clamdscan - 0.103.8+dfsg-0ubuntu0.16.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-20032 CVE-2023-20052 Ubuntu 16.04 LTS It was discovered that ZoneMinder was not properly sanitizing URL parameters for certain views. An attacker could possibly use this issue to perform a cross-site scripting (XSS) attack. This issue was only fixed in Ubuntu 16.04 ESM. (CVE-2019-6777) It was discovered that ZoneMinder was not properly sanitizing stored user input later printed to the user in certain views. An attacker could possibly use this issue to perform a cross-site scripting (XSS) attack. This issue was only fixed in Ubuntu 16.04 ESM. (CVE-2019-6990, CVE-2019-6992) It was discovered that ZoneMinder was not properly limiting data size and not properly performing bound checks when processing username and password data, which could lead to a stack buffer overflow. An attacker could possibly use this issue to bypass authentication, cause a denial of service or execute arbitrary code. This issue was only fixed in Ubuntu 16.04 ESM. (CVE-2019-6991) It was discovered that ZoneMinder was not properly defining and filtering data that was appended to the webroot URL of a view. An attacker could possibly use this issue to perform cross-site scripting (XSS) attacks. This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 20.04 ESM. (CVE-2019-7325, CVE-2019-7329) It was discovered that ZoneMinder was not properly sanitizing stored user input later printed to the user in certain views. An attacker could possibly use this issue to perform a cross-site scripting (XSS) attack. This issue was only fixed in Ubuntu 20.04 ESM. (CVE-2019-7326) It was discovered that ZoneMinder was not properly sanitizing URL parameters for certain views. An attacker could possibly use this issue to perform a cross-site scripting (XSS) attack. This issue was only fixed in Ubuntu 20.04 ESM. (CVE-2019-7327, CVE-2019-7328, CVE-2019-7330, CVE-2019-7332) It was discovered that ZoneMinder was not properly sanitizing user input in the monitor editing view. An attacker could possibly use this issue to perform a cross-site scripting (XSS) attack. This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 20.04 ESM. (CVE-2019-7331) It was discovered that ZoneMinder was not properly sanitizing data related to file paths in a system. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-29806) Update Instructions: Run `sudo pro fix USN-5889-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: zoneminder-doc - 1.29.0+dfsg-1ubuntu2+esm1 zoneminder - 1.29.0+dfsg-1ubuntu2+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2019-6777 CVE-2019-6990 CVE-2019-6991 CVE-2019-6992 CVE-2019-7325 CVE-2019-7326 CVE-2019-7327 CVE-2019-7328 CVE-2019-7329 CVE-2019-7330 CVE-2019-7331 CVE-2019-7332 CVE-2022-29806 Ubuntu 16.04 LTS USN-5892-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Christian Holler discovered that NSS incorrectly handled certain PKCS 12 certificated bundles. A remote attacker could use this issue to cause NSS to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2023-0767) Update Instructions: Run `sudo pro fix USN-5892-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-nssdb - 2:3.28.4-0ubuntu0.16.04.14+esm4 libnss3-dev - 2:3.28.4-0ubuntu0.16.04.14+esm4 libnss3 - 2:3.28.4-0ubuntu0.16.04.14+esm4 libnss3-1d - 2:3.28.4-0ubuntu0.16.04.14+esm4 libnss3-tools - 2:3.28.4-0ubuntu0.16.04.14+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-0767 Ubuntu 16.04 LTS Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled TELNET connections when the -t option was used on the command line. Uninitialized data possibly containing sensitive information could be sent to the remote server, contrary to expectations. This issue was only fixed in Ubuntu 14.04 ESM. (CVE-2021-22898, CVE-2021-22925) It was discovered that curl incorrectly handled denials when using HTTP proxies. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-43552) Update Instructions: Run `sudo pro fix USN-5894-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.47.0-1ubuntu2.19+esm7 libcurl4-openssl-dev - 7.47.0-1ubuntu2.19+esm7 libcurl3-gnutls - 7.47.0-1ubuntu2.19+esm7 libcurl4-doc - 7.47.0-1ubuntu2.19+esm7 libcurl3-nss - 7.47.0-1ubuntu2.19+esm7 libcurl4-nss-dev - 7.47.0-1ubuntu2.19+esm7 libcurl3 - 7.47.0-1ubuntu2.19+esm7 curl - 7.47.0-1ubuntu2.19+esm7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-22898 CVE-2021-22925 CVE-2022-43552 Ubuntu 16.04 LTS It was discovered that MPlayer could be made to divide by zero when processing certain malformed media files. If a user were tricked into opening a specially crafted media file, an attacker could possibly use this issue to cause MPlayer to crash, resulting in a denial of service. (CVE-2022-38850, CVE-2022-38860, CVE-2022-38865) It was discovered that MPlayer could be made to read out of bounds when processing certain malformed media files. If a user were tricked into opening a specially crafted media file, an attacker could possibly use this issue to cause MPlayer to crash, resulting in a denial of service. (CVE-2022-38851) It was discovered that MPlayer could be made to write out of bounds when processing certain malformed media files. If a user were tricked into opening a specially crafted media file, an attacker could possibly use this issue to cause MPlayer to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-38855, CVE-2022-38858, CVE-2022-38863, CVE-2022-38864, CVE-2022-38866) It was discovered that MPlayer did not properly managed memory when processing certain malformed media files. If a user were tricked into opening a specially crafted media file, an attacker could possibly use this issue to cause MPlayer to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-38861) Update Instructions: Run `sudo pro fix USN-5895-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mplayer-doc - 2:1.2.1-1ubuntu1.1+esm1 mplayer-gui - 2:1.2.1-1ubuntu1.1+esm1 mplayer2 - 2:1.2.1-1ubuntu1.1+esm1 mplayer - 2:1.2.1-1ubuntu1.1+esm1 mencoder - 2:1.2.1-1ubuntu1.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-38850 CVE-2022-38851 CVE-2022-38855 CVE-2022-38858 CVE-2022-38860 CVE-2022-38861 CVE-2022-38863 CVE-2022-38864 CVE-2022-38865 CVE-2022-38866 Ubuntu 16.04 LTS It was discovered that the Serialization component of OpenJDK did not properly handle the deserialization of some CORBA objects. An attacker could possibly use this to bypass Java sandbox restrictions. (CVE-2023-21830) Markus Loewe discovered that the Java Sound subsystem in OpenJDK did not properly validate the origin of a Soundbank. An attacker could use this to specially craft an untrusted Java application or applet that could load a Soundbank from an attacker controlled remote URL. (CVE-2023-21843) Update Instructions: Run `sudo pro fix USN-5898-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-8-doc - 8u362-ga-0ubuntu1~16.04.1 openjdk-8-jdk - 8u362-ga-0ubuntu1~16.04.1 openjdk-8-jre-headless - 8u362-ga-0ubuntu1~16.04.1 openjdk-8-jre - 8u362-ga-0ubuntu1~16.04.1 openjdk-8-jdk-headless - 8u362-ga-0ubuntu1~16.04.1 openjdk-8-source - 8u362-ga-0ubuntu1~16.04.1 openjdk-8-jre-zero - 8u362-ga-0ubuntu1~16.04.1 openjdk-8-demo - 8u362-ga-0ubuntu1~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-21830 CVE-2023-21843 Ubuntu 16.04 LTS It was discovered that AWStats did not properly sanitize the content of whois responses in the hostinfo plugin. An attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. Update Instructions: Run `sudo pro fix USN-5899-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: awstats - 7.4+dfsg-1ubuntu0.4+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2022-46391 Ubuntu 16.04 LTS It was discovered that tar incorrectly handled certain files. An attacker could possibly use this issue to expose sensitive information or cause a crash. Update Instructions: Run `sudo pro fix USN-5900-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tar-scripts - 1.28-2.1ubuntu0.2+esm2 tar - 1.28-2.1ubuntu0.2+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-48303 Ubuntu 16.04 LTS Helmut Grohne discovered that SoX incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS. (CVE-2019-13590) Helmut Grohne discovered that SoX incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2021-23159, CVE-2021-23172, CVE-2021-23210, CVE-2021-33844, CVE-2021-3643, CVE-2021-40426, CVE-2022-31650, and CVE-2022-31651) Update Instructions: Run `sudo pro fix USN-5904-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsox-fmt-mp3 - 14.4.1-5+deb8u4ubuntu0.1+esm1 libsox-fmt-pulse - 14.4.1-5+deb8u4ubuntu0.1+esm1 libsox-fmt-ao - 14.4.1-5+deb8u4ubuntu0.1+esm1 sox - 14.4.1-5+deb8u4ubuntu0.1+esm1 libsox2 - 14.4.1-5+deb8u4ubuntu0.1+esm1 libsox-fmt-base - 14.4.1-5+deb8u4ubuntu0.1+esm1 libsox-fmt-all - 14.4.1-5+deb8u4ubuntu0.1+esm1 libsox-dev - 14.4.1-5+deb8u4ubuntu0.1+esm1 libsox-fmt-alsa - 14.4.1-5+deb8u4ubuntu0.1+esm1 libsox-fmt-oss - 14.4.1-5+deb8u4ubuntu0.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-13590 CVE-2021-23159 CVE-2021-23172 CVE-2021-23210 CVE-2021-33844 CVE-2021-3643 CVE-2021-40426 CVE-2022-31650 CVE-2022-31651 Ubuntu 16.04 LTS USN-5904-1 fixed vulnerabilities in SoX. It was discovered that the fix for CVE-2021-33844 was incomplete. This update fixes the problem. Original advisory details: Helmut Grohne discovered that SoX incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS. (CVE-2019-13590) Helmut Grohne discovered that SoX incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2021-23159, CVE-2021-23172, CVE-2021-23210, CVE-2021-33844, CVE-2021-3643, CVE-2021-40426, CVE-2022-31650, and CVE-2022-31651) Update Instructions: Run `sudo pro fix USN-5904-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsox-fmt-mp3 - 14.4.1-5+deb8u4ubuntu0.1+esm2 libsox-fmt-pulse - 14.4.1-5+deb8u4ubuntu0.1+esm2 libsox-fmt-ao - 14.4.1-5+deb8u4ubuntu0.1+esm2 sox - 14.4.1-5+deb8u4ubuntu0.1+esm2 libsox2 - 14.4.1-5+deb8u4ubuntu0.1+esm2 libsox-fmt-base - 14.4.1-5+deb8u4ubuntu0.1+esm2 libsox-fmt-all - 14.4.1-5+deb8u4ubuntu0.1+esm2 libsox-dev - 14.4.1-5+deb8u4ubuntu0.1+esm2 libsox-fmt-alsa - 14.4.1-5+deb8u4ubuntu0.1+esm2 libsox-fmt-oss - 14.4.1-5+deb8u4ubuntu0.1+esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-33844 Ubuntu 16.04 LTS It was discovered that PHP incorrectly handled certain gzip files. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-31628) It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to compromise data integrity. (CVE-2022-31629) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-31631) It was discovered that PHP incorrectly handled resolving long paths. A remote attacker could possibly use this issue to obtain or modify sensitive information. (CVE-2023-0568) It was discovered that PHP incorrectly handled a large number of field and file parts in HTTP form uploads. A remote attacker could possibly use this issue to cause PHP to consume resources, leading to a denial of service. (CVE-2023-0662) Update Instructions: Run `sudo pro fix USN-5905-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.0-cgi - 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-mcrypt - 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-xsl - 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-fpm - 7.0.33-0ubuntu0.16.04.16+esm5 libphp7.0-embed - 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-phpdbg - 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-curl - 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-ldap - 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-mbstring - 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-gmp - 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-sqlite3 - 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-gd - 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-common - 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-enchant - 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-soap - 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-odbc - 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-cli - 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-json - 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-pgsql - 7.0.33-0ubuntu0.16.04.16+esm5 libapache2-mod-php7.0 - 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-mysql - 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-dba - 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-sybase - 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-pspell - 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-xml - 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-bz2 - 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-recode - 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-zip - 7.0.33-0ubuntu0.16.04.16+esm5 php7.0 - 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-tidy - 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-interbase - 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-opcache - 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-readline - 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-intl - 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-imap - 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-xmlrpc - 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-bcmath - 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-dev - 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-snmp - 7.0.33-0ubuntu0.16.04.16+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-31628 CVE-2022-31629 CVE-2022-31631 CVE-2023-0568 CVE-2023-0662 Ubuntu 16.04 LTS It was discovered that Rack did not properly structure regular expressions in some of its parsing components, which could result in uncontrolled resource consumption if an application using Rack received specially crafted input. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2022-44570, CVE-2022-44571) It was discovered that Rack did not properly structure regular expressions in its multipart parsing component, which could result in uncontrolled resource consumption if an application using Rack to parse multipart posts received specially crafted input. A remote attacker could possibly use this issue to cause a denial of service. This issue was only fixed in Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. (CVE-2022-44572) Update Instructions: Run `sudo pro fix USN-5910-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby-rack - 1.6.4-3ubuntu0.2+esm4 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-44570 CVE-2022-44571 CVE-2022-44572 Ubuntu 16.04 LTS It was discovered that the Upper Level Protocol (ULP) subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-0461) Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-4378) It was discovered that a race condition existed in the Kernel Connection Multiplexor (KCM) socket implementation in the Linux kernel when releasing sockets in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3521) It was discovered that the Netronome Ethernet driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3545) It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform bounds checking in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3628) It was discovered that a use-after-free vulnerability existed in the Bluetooth stack in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3640) It was discovered that the NILFS2 file system implementation in the Linux kernel did not properly deallocate memory in certain error conditions. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3646) Khalid Masum discovered that the NILFS2 file system implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-3649) It was discovered that a race condition existed in the Xen network backend driver in the Linux kernel when handling dropped packets in certain circumstances. An attacker could use this to cause a denial of service (kernel deadlock). (CVE-2022-42328, CVE-2022-42329) Tamás Koczka discovered that the Bluetooth L2CAP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-42895) It was discovered that the USB monitoring (usbmon) component in the Linux kernel did not properly set permissions on memory mapped in to user space processes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43750) Update Instructions: Run `sudo pro fix USN-5919-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1115-oracle - 4.15.0-1115.126~16.04.1 linux-headers-4.15.0-1115-oracle - 4.15.0-1115.126~16.04.1 linux-image-unsigned-4.15.0-1115-oracle - 4.15.0-1115.126~16.04.1 linux-modules-extra-4.15.0-1115-oracle - 4.15.0-1115.126~16.04.1 linux-modules-4.15.0-1115-oracle - 4.15.0-1115.126~16.04.1 linux-image-4.15.0-1115-oracle - 4.15.0-1115.126~16.04.1 linux-oracle-headers-4.15.0-1115 - 4.15.0-1115.126~16.04.1 linux-tools-4.15.0-1115-oracle - 4.15.0-1115.126~16.04.1 linux-oracle-tools-4.15.0-1115 - 4.15.0-1115.126~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.15.0-1151-aws - 4.15.0-1151.164~16.04.1 linux-tools-4.15.0-1151-aws - 4.15.0-1151.164~16.04.1 linux-aws-hwe-cloud-tools-4.15.0-1151 - 4.15.0-1151.164~16.04.1 linux-modules-extra-4.15.0-1151-aws - 4.15.0-1151.164~16.04.1 linux-headers-4.15.0-1151-aws - 4.15.0-1151.164~16.04.1 linux-aws-hwe-tools-4.15.0-1151 - 4.15.0-1151.164~16.04.1 linux-image-unsigned-4.15.0-1151-aws - 4.15.0-1151.164~16.04.1 linux-cloud-tools-4.15.0-1151-aws - 4.15.0-1151.164~16.04.1 linux-buildinfo-4.15.0-1151-aws - 4.15.0-1151.164~16.04.1 linux-modules-4.15.0-1151-aws - 4.15.0-1151.164~16.04.1 linux-aws-headers-4.15.0-1151 - 4.15.0-1151.164~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-image-oracle - 4.15.0.1115.96 linux-headers-oracle - 4.15.0.1115.96 linux-image-oracle - 4.15.0.1115.96 linux-signed-oracle - 4.15.0.1115.96 linux-tools-oracle - 4.15.0.1115.96 linux-oracle - 4.15.0.1115.96 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-aws-hwe - 4.15.0.1151.134 linux-aws-hwe - 4.15.0.1151.134 linux-modules-extra-aws-hwe - 4.15.0.1151.134 linux-aws-edge - 4.15.0.1151.134 linux-tools-aws-hwe - 4.15.0.1151.134 linux-image-aws-hwe - 4.15.0.1151.134 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-3521 CVE-2022-3545 CVE-2022-3628 CVE-2022-3640 CVE-2022-3646 CVE-2022-3649 CVE-2022-42328 CVE-2022-42329 CVE-2022-42895 CVE-2022-43750 CVE-2022-4378 CVE-2023-0461 Ubuntu 16.04 LTS It was discovered that FriBidi incorrectly handled the processing of input strings, resulting in memory corruption. An attacker could possibly use this issue to cause FriBidi to crash, resulting in a denial of service, or potentially execute arbitrary code. (CVE-2022-25308) It was discovered that FriBidi incorrectly validated input data to its CapRTL unicode encoder, resulting in memory corruption. An attacker could possibly use this issue to cause FriBidi to crash, resulting in a denial of service, or potentially execute arbitrary code. (CVE-2022-25309) It was discovered that FriBidi incorrectly handled empty input when removing marks from unicode strings. An attacker could possibly use this to cause FriBidi to crash, resulting in a denial of service, or potentially execute arbitrary code. (CVE-2022-25310) Update Instructions: Run `sudo pro fix USN-5922-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfribidi-bin - 0.19.7-1ubuntu0.1~esm1 libfribidi0 - 0.19.7-1ubuntu0.1~esm1 libfribidi-dev - 0.19.7-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-25308 CVE-2022-25309 CVE-2022-25310 Ubuntu 16.04 LTS It was discovered that LibTIFF could be made to read out of bounds when processing certain malformed image files with the tiffcrop tool. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service. (CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0799) It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files with the tiffcrop tool. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804) Update Instructions: Run `sudo pro fix USN-5923-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.6-1ubuntu0.8+esm10 libtiffxx5 - 4.0.6-1ubuntu0.8+esm10 libtiff5-dev - 4.0.6-1ubuntu0.8+esm10 libtiff5 - 4.0.6-1ubuntu0.8+esm10 libtiff-tools - 4.0.6-1ubuntu0.8+esm10 libtiff-doc - 4.0.6-1ubuntu0.8+esm10 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799 CVE-2023-0800 CVE-2023-0801 CVE-2023-0802 CVE-2023-0803 CVE-2023-0804 Ubuntu 16.04 LTS Kirill Tkhai discovered that the XFS file system implementation in the Linux kernel did not calculate size correctly when pre-allocating space in some situations. A local attacker could use this to expose sensitive information. (CVE-2021-4155) Lee Jones discovered that a use-after-free vulnerability existed in the Bluetooth implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20566) Duoming Zhou discovered that a race condition existed in the SLIP driver in the Linux kernel, leading to a null pointer dereference vulnerability. An attacker could use this to cause a denial of service (system crash). (CVE-2022-41858) Tamás Koczka discovered that the Bluetooth L2CAP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-42895) José Oliveira and Rodrigo Branco discovered that the prctl syscall implementation in the Linux kernel did not properly protect against indirect branch prediction attacks in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-0045) It was discovered that the RNDIS USB driver in the Linux kernel contained an integer overflow vulnerability. A local attacker with physical access could plug in a malicious USB device to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-23559) Update Instructions: Run `sudo pro fix USN-5926-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-tools-4.4.0-1117-kvm - 4.4.0-1117.127 linux-buildinfo-4.4.0-1117-kvm - 4.4.0-1117.127 linux-image-4.4.0-1117-kvm - 4.4.0-1117.127 linux-kvm-tools-4.4.0-1117 - 4.4.0-1117.127 linux-kvm-cloud-tools-4.4.0-1117 - 4.4.0-1117.127 linux-modules-4.4.0-1117-kvm - 4.4.0-1117.127 linux-cloud-tools-4.4.0-1117-kvm - 4.4.0-1117.127 linux-kvm-headers-4.4.0-1117 - 4.4.0-1117.127 linux-headers-4.4.0-1117-kvm - 4.4.0-1117.127 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.4.0-237-generic - 4.4.0-237.271 linux-tools-common - 4.4.0-237.271 linux-tools-4.4.0-237 - 4.4.0-237.271 linux-tools-host - 4.4.0-237.271 linux-source-4.4.0 - 4.4.0-237.271 linux-doc - 4.4.0-237.271 linux-modules-extra-4.4.0-237-generic - 4.4.0-237.271 linux-tools-4.4.0-237-generic - 4.4.0-237.271 linux-libc-dev - 4.4.0-237.271 linux-image-unsigned-4.4.0-237-generic - 4.4.0-237.271 linux-headers-4.4.0-237-generic - 4.4.0-237.271 linux-cloud-tools-4.4.0-237-generic - 4.4.0-237.271 linux-cloud-tools-4.4.0-237 - 4.4.0-237.271 linux-modules-4.4.0-237-generic - 4.4.0-237.271 linux-headers-4.4.0-237 - 4.4.0-237.271 linux-modules-4.4.0-237-lowlatency - 4.4.0-237.271 linux-tools-4.4.0-237-lowlatency - 4.4.0-237.271 linux-cloud-tools-common - 4.4.0-237.271 linux-cloud-tools-4.4.0-237-lowlatency - 4.4.0-237.271 linux-buildinfo-4.4.0-237-lowlatency - 4.4.0-237.271 linux-headers-4.4.0-237-lowlatency - 4.4.0-237.271 linux-image-unsigned-4.4.0-237-lowlatency - 4.4.0-237.271 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.4.0-237-generic - 4.4.0-237.271+1 linux-image-4.4.0-237-lowlatency - 4.4.0-237.271+1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-kvm - 4.4.0.1117.114 linux-headers-kvm - 4.4.0.1117.114 linux-tools-kvm - 4.4.0.1117.114 linux-image-kvm - 4.4.0.1117.114 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-image-generic-lts-utopic - 4.4.0.237.243 linux-cloud-tools-generic-lts-wily - 4.4.0.237.243 linux-cloud-tools-virtual-lts-xenial - 4.4.0.237.243 linux-cloud-tools-virtual - 4.4.0.237.243 linux-cloud-tools-virtual-lts-utopic - 4.4.0.237.243 linux-tools-generic-lts-vivid - 4.4.0.237.243 linux-image-extra-virtual-lts-xenial - 4.4.0.237.243 linux-image-extra-virtual-lts-wily - 4.4.0.237.243 linux-headers-generic-lts-wily - 4.4.0.237.243 linux-tools-virtual-lts-vivid - 4.4.0.237.243 linux-tools-virtual-lts-utopic - 4.4.0.237.243 linux-tools-virtual-lts-wily - 4.4.0.237.243 linux-image-lowlatency-lts-vivid - 4.4.0.237.243 linux-tools-lowlatency-lts-vivid - 4.4.0.237.243 linux-cloud-tools-generic-lts-utopic - 4.4.0.237.243 linux-headers-virtual-lts-vivid - 4.4.0.237.243 linux-image-lowlatency-lts-wily - 4.4.0.237.243 linux-image-generic - 4.4.0.237.243 linux-tools-lowlatency - 4.4.0.237.243 linux-image-lowlatency-lts-xenial - 4.4.0.237.243 linux-tools-virtual-lts-xenial - 4.4.0.237.243 linux-signed-lowlatency-lts-wily - 4.4.0.237.243 linux-image-extra-virtual-lts-vivid - 4.4.0.237.243 linux-image-generic-lts-wily - 4.4.0.237.243 linux-virtual-lts-utopic - 4.4.0.237.243 linux-signed-generic-lts-wily - 4.4.0.237.243 linux-cloud-tools-lowlatency-lts-wily - 4.4.0.237.243 linux-image-extra-virtual-lts-utopic - 4.4.0.237.243 linux-signed-generic-lts-utopic - 4.4.0.237.243 linux-tools-lowlatency-lts-xenial - 4.4.0.237.243 linux-headers-generic-lts-xenial - 4.4.0.237.243 linux-signed-generic-lts-vivid - 4.4.0.237.243 linux-headers-lowlatency-lts-wily - 4.4.0.237.243 linux-virtual-lts-vivid - 4.4.0.237.243 linux-signed-lowlatency-lts-xenial - 4.4.0.237.243 linux-headers-lowlatency-lts-vivid - 4.4.0.237.243 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.237.243 linux-lowlatency-lts-xenial - 4.4.0.237.243 linux-signed-generic-lts-xenial - 4.4.0.237.243 linux-source - 4.4.0.237.243 linux-signed-image-generic - 4.4.0.237.243 linux-lowlatency - 4.4.0.237.243 linux-cloud-tools-lowlatency-lts-vivid - 4.4.0.237.243 linux-generic-lts-xenial - 4.4.0.237.243 linux-cloud-tools-generic - 4.4.0.237.243 linux-cloud-tools-generic-lts-xenial - 4.4.0.237.243 linux-virtual - 4.4.0.237.243 linux-tools-virtual - 4.4.0.237.243 linux-cloud-tools-generic-lts-vivid - 4.4.0.237.243 linux-tools-generic-lts-utopic - 4.4.0.237.243 linux-cloud-tools-lowlatency-lts-utopic - 4.4.0.237.243 linux-signed-image-generic-lts-vivid - 4.4.0.237.243 linux-image-virtual-lts-xenial - 4.4.0.237.243 linux-image-virtual-lts-vivid - 4.4.0.237.243 linux-virtual-lts-xenial - 4.4.0.237.243 linux-cloud-tools-virtual-lts-vivid - 4.4.0.237.243 linux-tools-lowlatency-lts-utopic - 4.4.0.237.243 linux-signed-image-generic-lts-wily - 4.4.0.237.243 linux-signed-image-lowlatency-lts-xenial - 4.4.0.237.243 linux-image-generic-lts-vivid - 4.4.0.237.243 linux-generic - 4.4.0.237.243 linux-tools-generic-lts-wily - 4.4.0.237.243 linux-image-virtual - 4.4.0.237.243 linux-headers-lowlatency - 4.4.0.237.243 linux-lowlatency-lts-vivid - 4.4.0.237.243 linux-generic-lts-wily - 4.4.0.237.243 linux-image-hwe-virtual-trusty - 4.4.0.237.243 linux-signed-image-generic-lts-xenial - 4.4.0.237.243 linux-generic-lts-vivid - 4.4.0.237.243 linux-tools-lowlatency-lts-wily - 4.4.0.237.243 linux-headers-virtual-lts-xenial - 4.4.0.237.243 linux-headers-lowlatency-lts-utopic - 4.4.0.237.243 linux-hwe-generic-trusty - 4.4.0.237.243 linux-tools-generic - 4.4.0.237.243 linux-crashdump - 4.4.0.237.243 linux-image-extra-virtual - 4.4.0.237.243 linux-headers-generic-lts-utopic - 4.4.0.237.243 linux-cloud-tools-virtual-lts-wily - 4.4.0.237.243 linux-cloud-tools-lowlatency - 4.4.0.237.243 linux-lowlatency-lts-utopic - 4.4.0.237.243 linux-tools-generic-lts-xenial - 4.4.0.237.243 linux-signed-image-lowlatency - 4.4.0.237.243 linux-image-generic-lts-utopic - 4.4.0.237.243 linux-image-virtual-lts-wily - 4.4.0.237.243 linux-signed-generic - 4.4.0.237.243 linux-lowlatency-lts-wily - 4.4.0.237.243 linux-image-virtual-lts-utopic - 4.4.0.237.243 linux-headers-generic - 4.4.0.237.243 linux-tools-lts-utopic - 4.4.0.237.243 linux-generic-lts-utopic - 4.4.0.237.243 linux-headers-lowlatency-lts-xenial - 4.4.0.237.243 linux-image-hwe-generic-trusty - 4.4.0.237.243 linux-signed-image-lowlatency-lts-wily - 4.4.0.237.243 linux-headers-generic-lts-vivid - 4.4.0.237.243 linux-headers-virtual - 4.4.0.237.243 linux-image-generic-lts-xenial - 4.4.0.237.243 linux-virtual-lts-wily - 4.4.0.237.243 linux-headers-virtual-lts-utopic - 4.4.0.237.243 linux-headers-virtual-lts-wily - 4.4.0.237.243 linux-hwe-virtual-trusty - 4.4.0.237.243 linux-signed-lowlatency - 4.4.0.237.243 linux-image-lowlatency-lts-utopic - 4.4.0.237.243 linux-image-lowlatency - 4.4.0.237.243 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-4155 CVE-2022-20566 CVE-2022-41858 CVE-2022-42895 CVE-2023-0045 CVE-2023-23559 Ubuntu 16.04 LTS It was discovered that systemd did not properly validate the time and accuracy values provided to the format_timespan() function. An attacker could possibly use this issue to cause a buffer overrun, leading to a denial of service attack. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-3821) It was discovered that systemd did not properly manage the fs.suid_dumpable kernel configurations. A local attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-4415) It was discovered that systemd did not properly manage a crash with long backtrace data. A local attacker could possibly use this issue to cause a deadlock, leading to a denial of service attack. This issue only affected Ubuntu 22.10. (CVE-2022-45873) Update Instructions: Run `sudo pro fix USN-5928-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: systemd-coredump - 229-4ubuntu21.31+esm3 systemd - 229-4ubuntu21.31+esm3 libsystemd0 - 229-4ubuntu21.31+esm3 systemd-container - 229-4ubuntu21.31+esm3 libnss-myhostname - 229-4ubuntu21.31+esm3 libudev1 - 229-4ubuntu21.31+esm3 libsystemd-dev - 229-4ubuntu21.31+esm3 systemd-journal-remote - 229-4ubuntu21.31+esm3 libpam-systemd - 229-4ubuntu21.31+esm3 libudev-dev - 229-4ubuntu21.31+esm3 libnss-mymachines - 229-4ubuntu21.31+esm3 libnss-resolve - 229-4ubuntu21.31+esm3 systemd-sysv - 229-4ubuntu21.31+esm3 udev - 229-4ubuntu21.31+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-3821 CVE-2022-4415 CVE-2022-45873 Ubuntu 16.04 LTS It was discovered that Sofia-SIP incorrectly handled specially crafted SDP packets. A remote attacker could use this issue to cause applications using Sofia-SIP to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-31001, CVE-2022-31002, CVE-2022-31003) It was discovered that Sofia-SIP incorrectly handled specially crafted UDP packets. A remote attacker could use this issue to cause applications using Sofia-SIP to crash, leading to a denial of service. (CVE-2022-47516) Qiuhao Li discovered that Sofia-SIP incorrectly handled specially crafted STUN packets. A remote attacker could use this issue to cause applications using Sofia-SIP to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2023-22741) Update Instructions: Run `sudo pro fix USN-5932-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sofia-sip-doc - 1.12.11+20110422.1-2.1+deb10u3ubuntu0.16.04.1~esm1 libsofia-sip-ua-glib3 - 1.12.11+20110422.1-2.1+deb10u3ubuntu0.16.04.1~esm1 libsofia-sip-ua0 - 1.12.11+20110422.1-2.1+deb10u3ubuntu0.16.04.1~esm1 sofia-sip-bin - 1.12.11+20110422.1-2.1+deb10u3ubuntu0.16.04.1~esm1 libsofia-sip-ua-glib-dev - 1.12.11+20110422.1-2.1+deb10u3ubuntu0.16.04.1~esm1 libsofia-sip-ua-dev - 1.12.11+20110422.1-2.1+deb10u3ubuntu0.16.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-31001 CVE-2022-31002 CVE-2022-31003 CVE-2022-47516 CVE-2023-22741 Ubuntu 16.04 LTS It was discovered that Opusfile was not properly validating pointer arguments in some of its functions, which could lead to a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service or have other unspecified impacts. Update Instructions: Run `sudo pro fix USN-5937-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libopusfile-doc - 0.7-1ubuntu0.1~esm1 libopusfile-dev - 0.7-1ubuntu0.1~esm1 libopusfile0 - 0.7-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-47021 Ubuntu 16.04 LTS USN-5942-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding update for CVE-2023-25690 for Ubuntu 16.04 ESM. Original advisory details: Lars Krapf discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain configurations. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. (CVE-2023-25690) Update Instructions: Run `sudo pro fix USN-5942-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2-data - 2.4.18-2ubuntu3.17+esm10 apache2-utils - 2.4.18-2ubuntu3.17+esm10 apache2-dev - 2.4.18-2ubuntu3.17+esm10 apache2-suexec-pristine - 2.4.18-2ubuntu3.17+esm10 apache2-suexec-custom - 2.4.18-2ubuntu3.17+esm10 apache2 - 2.4.18-2ubuntu3.17+esm10 apache2-doc - 2.4.18-2ubuntu3.17+esm10 apache2-bin - 2.4.18-2ubuntu3.17+esm10 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-25690 Ubuntu 16.04 LTS It was discovered that SnakeYAML did not limit the maximal nested depth for collections when parsing YAML data. If a user or automated system were tricked into opening a specially crafted YAML file, an attacker could possibly use this issue to cause applications using SnakeYAML to crash, resulting in a denial of service. (CVE-2022-25857, CVE-2022-38749, CVE-2022-38750) It was discovered that SnakeYAML did not limit the maximal data matched with regular expressions when parsing YAML data. If a user or automated system were tricked into opening a specially crafted YAML file, an attacker could possibly use this issue to cause applications using SnakeYAML to crash, resulting in a denial of service. (CVE-2022-38751) Update Instructions: Run `sudo pro fix USN-5944-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libyaml-snake-java - 1.12-2ubuntu0.16.04.1~esm1 libyaml-snake-java-doc - 1.12-2ubuntu0.16.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-25857 CVE-2022-38749 CVE-2022-38750 CVE-2022-38751 Ubuntu 16.04 LTS Lai Han discovered that XStream incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-39140) It was discovered that XStream incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-39139, CVE-2021-39141, CVE-2021-39144, CVE-2021-39145, CVE-2021-39146, CVE-2021-39147, CVE-2021-39148, CVE-2021-39149, CVE-2021-39151, CVE-2021-39153, CVE-2021-39154) It was discovered that XStream incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-39150, CVE-2021-39152) Lai Han discovered that XStream incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2022-41966) Update Instructions: Run `sudo pro fix USN-5946-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxstream-java - 1.4.8-1ubuntu0.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-39139 CVE-2021-39140 CVE-2021-39141 CVE-2021-39144 CVE-2021-39145 CVE-2021-39146 CVE-2021-39147 CVE-2021-39148 CVE-2021-39149 CVE-2021-39150 CVE-2021-39151 CVE-2021-39152 CVE-2021-39153 CVE-2021-39154 CVE-2022-41966 Ubuntu 16.04 LTS Fabien Potencier discovered that Twig was not properly enforcing sandbox policies when dealing with objects automatically cast to strings by PHP. An attacker could possibly use this issue to expose sensitive information. This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2019-9942) Marlon Starkloff discovered that Twig was not properly enforcing closure constraints in some of its array filtering functions. An attacker could possibly use this issue to execute arbitrary code. This issue was only fixed in Ubuntu 20.04 ESM. (CVE-2022-23614) Dariusz Tytko discovered that Twig was not properly verifying input data utilized when defining pathnames used to access files in a system. An attacker could possibly use this issue to access unauthorized resources and expose sensitive information. (CVE-2022-39261) Update Instructions: Run `sudo pro fix USN-5947-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php-twig-doc - 1.23.1-1ubuntu4+esm1 php-twig - 1.23.1-1ubuntu4+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-9942 CVE-2022-23614 CVE-2022-39261 Ubuntu 16.04 LTS It was discovered that Werkzeug did not properly handle the parsing of nameless cookies. A remote attacker could possibly use this issue to shadow other cookies. (CVE-2023-23934) It was discovered that Werkzeug could be made to process unlimited number of multipart form data parts. A remote attacker could possibly use this issue to cause Werkzeug to consume resources, leading to a denial of service. (CVE-2023-25577) Update Instructions: Run `sudo pro fix USN-5948-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-werkzeug - 0.10.4+dfsg1-1ubuntu1.2+esm1 python-werkzeug - 0.10.4+dfsg1-1ubuntu1.2+esm1 python-werkzeug-doc - 0.10.4+dfsg1-1ubuntu1.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-23934 CVE-2023-25577 Ubuntu 16.04 LTS Sebastian Poeplau discovered that OpenJPEG incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-6851, CVE-2020-8112) It was discovered that OpenJPEG incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-15389, CVE-2020-27814, CVE-2020-27823, CVE-2020-27824, CVE-2020-27841, CVE-2020-27845) It was discovered that OpenJPEG incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2020-27842, CVE-2020-27843) Update Instructions: Run `sudo pro fix USN-5952-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libopenjp2-tools - 2.1.2-1.1+deb9u6ubuntu0.1~esm3 libopenjpip-server - 2.1.2-1.1+deb9u6ubuntu0.1~esm3 libopenjpip-viewer - 2.1.2-1.1+deb9u6ubuntu0.1~esm3 libopenjp3d-tools - 2.1.2-1.1+deb9u6ubuntu0.1~esm3 libopenjpip7 - 2.1.2-1.1+deb9u6ubuntu0.1~esm3 libopenjp2-7 - 2.1.2-1.1+deb9u6ubuntu0.1~esm3 libopenjp2-7-dev - 2.1.2-1.1+deb9u6ubuntu0.1~esm3 libopenjp3d7 - 2.1.2-1.1+deb9u6ubuntu0.1~esm3 libopenjpip-dec-server - 2.1.2-1.1+deb9u6ubuntu0.1~esm3 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-6851 CVE-2020-8112 CVE-2020-15389 CVE-2020-27814 CVE-2020-27823 CVE-2020-27824 CVE-2020-27841 CVE-2020-27842 CVE-2020-27843 CVE-2020-27845 Ubuntu 16.04 LTS It was discovered that Emacs did not properly manage certain files when using htmlfontify functionality. A local attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary commands. Update Instructions: Run `sudo pro fix USN-5955-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: emacs24-bin-common - 24.5+1-6ubuntu1.1+esm2 emacs24-lucid - 24.5+1-6ubuntu1.1+esm2 emacs24 - 24.5+1-6ubuntu1.1+esm2 emacs24-el - 24.5+1-6ubuntu1.1+esm2 emacs24-nox - 24.5+1-6ubuntu1.1+esm2 emacs24-common - 24.5+1-6ubuntu1.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-48339 Ubuntu 16.04 LTS Dawid Golunski discovered that PHPMailer was not properly escaping user input data used as arguments to functions executed by the system shell. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. (CVE-2016-10033, CVE-2016-10045) It was discovered that PHPMailer was not properly escaping characters in certain fields of the code_generator.php example code. An attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2017-11503) Yongxiang Li discovered that PHPMailer was not properly converting relative paths provided as user input when adding attachments to messages, which could lead to relative image URLs being treated as absolute local file paths and added as attachments. An attacker could possibly use this issue to access unauthorized resources and expose sensitive information. This issue only affected Ubuntu 16.04 ESM. (CVE-2017-5223) Sehun Oh discovered that PHPMailer was not properly processing untrusted non-local file attachments, which could lead to an object injection. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. (CVE-2018-19296) Elar Lang discovered that PHPMailer was not properly escaping file attachment names, which could lead to a misinterpretation of file types by entities processing the message. An attacker could possibly use this issue to bypass attachment filters. This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-13625) It was discovered that PHPMailer was not properly handling callables in its validateAddress function, which could result in untrusted code being called should the global namespace contain a function called 'php'. An attacker could possibly use this issue to execute arbitrary code. This issue was only fixed in Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. (CVE-2021-3603) Update Instructions: Run `sudo pro fix USN-5956-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libphp-phpmailer - 5.2.14+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2016-10033 CVE-2016-10045 CVE-2017-11503 CVE-2017-5223 CVE-2018-19296 CVE-2020-13625 CVE-2021-3603 Ubuntu 16.04 LTS USN-5956-1 fixed vulnerabilities in PHPMailer. It was discovered that the fix for CVE-2017-11503 was incomplete. This update fixes the problem. Original advisory details: Dawid Golunski discovered that PHPMailer was not properly escaping user input data used as arguments to functions executed by the system shell. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. (CVE-2016-10033, CVE-2016-10045) It was discovered that PHPMailer was not properly escaping characters in certain fields of the code_generator.php example code. An attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2017-11503) Yongxiang Li discovered that PHPMailer was not properly converting relative paths provided as user input when adding attachments to messages, which could lead to relative image URLs being treated as absolute local file paths and added as attachments. An attacker could possibly use this issue to access unauthorized resources and expose sensitive information. This issue only affected Ubuntu 16.04 ESM. (CVE-2017-5223) Sehun Oh discovered that PHPMailer was not properly processing untrusted non-local file attachments, which could lead to an object injection. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. (CVE-2018-19296) Elar Lang discovered that PHPMailer was not properly escaping file attachment names, which could lead to a misinterpretation of file types by entities processing the message. An attacker could possibly use this issue to bypass attachment filters. This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-13625) It was discovered that PHPMailer was not properly handling callables in its validateAddress function, which could result in untrusted code being called should the global namespace contain a function called 'php'. An attacker could possibly use this issue to execute arbitrary code. This issue was only fixed in Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. (CVE-2021-3603) Update Instructions: Run `sudo pro fix USN-5956-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libphp-phpmailer - 5.2.14+dfsg-1ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Low CVE-2017-11503 Ubuntu 16.04 LTS Cody Sixteen discovered that LibreCAD incorrectly handled memory when parsing DXF files. An attacker could use this issue to cause LibreCAD to crash, leading to a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-19105) Lilith of Cisco Talos discovered that LibreCAD incorrectly handled memory when parsing DWG files. An attacker could use this issue to cause LibreCAD to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2021-21898, CVE-2021-21899) Lilith of Cisco Talos discovered that LibreCAD incorrectly handled memory when parsing DRW files. An attacker could use this issue to cause LibreCAD to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2021-21900) Albin Eldstål-Ahrens discovered that LibreCAD incorrectly handled memory when parsing JWW files. An attacker could use this issue to cause LibreCAD to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2021-45341, CVE-2021-45342) Albin Eldstål-Ahrens discovered that LibreCAD incorrectly handled memory when parsing DXF files. An attacker could use this issue to cause LibreCAD to crash, leading to a denial of service. (CVE-2021-45343) Update Instructions: Run `sudo pro fix USN-5957-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: librecad-data - 2.0.9-2ubuntu0.1~esm1 librecad - 2.0.9-2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-19105 CVE-2021-21898 CVE-2021-21899 CVE-2021-21900 CVE-2021-45341 CVE-2021-45342 CVE-2021-45343 Ubuntu 16.04 LTS It was discovered that FFmpeg could be made to dereference a null pointer. An attacker could possibly use this to cause a denial of service via application crash. These issues only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-3109, CVE-2022-3341) It was discovered that FFmpeg could be made to access an out-of-bounds frame by the Apple RPZA encoder. An attacker could possibly use this to cause a denial of service via application crash or access sensitive information. This issue only affected Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-3964) It was discovered that FFmpeg could be made to access an out-of-bounds frame by the QuickTime encoder. An attacker could possibly use this to cause a denial of service via application crash or access sensitive information. This issue only affected Ubuntu 22.10. (CVE-2022-3965) Update Instructions: Run `sudo pro fix USN-5958-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ffmpeg - 7:2.8.17-0ubuntu0.1+esm5 ffmpeg-doc - 7:2.8.17-0ubuntu0.1+esm5 libav-tools - 7:2.8.17-0ubuntu0.1+esm5 libavcodec-dev - 7:2.8.17-0ubuntu0.1+esm5 libavcodec-extra - 7:2.8.17-0ubuntu0.1+esm5 libavcodec-ffmpeg-extra56 - 7:2.8.17-0ubuntu0.1+esm5 libavcodec-ffmpeg56 - 7:2.8.17-0ubuntu0.1+esm5 libavdevice-dev - 7:2.8.17-0ubuntu0.1+esm5 libavdevice-ffmpeg56 - 7:2.8.17-0ubuntu0.1+esm5 libavfilter-dev - 7:2.8.17-0ubuntu0.1+esm5 libavfilter-ffmpeg5 - 7:2.8.17-0ubuntu0.1+esm5 libavformat-dev - 7:2.8.17-0ubuntu0.1+esm5 libavformat-ffmpeg56 - 7:2.8.17-0ubuntu0.1+esm5 libavresample-dev - 7:2.8.17-0ubuntu0.1+esm5 libavresample-ffmpeg2 - 7:2.8.17-0ubuntu0.1+esm5 libavutil-dev - 7:2.8.17-0ubuntu0.1+esm5 libavutil-ffmpeg54 - 7:2.8.17-0ubuntu0.1+esm5 libpostproc-dev - 7:2.8.17-0ubuntu0.1+esm5 libpostproc-ffmpeg53 - 7:2.8.17-0ubuntu0.1+esm5 libswresample-dev - 7:2.8.17-0ubuntu0.1+esm5 libswresample-ffmpeg1 - 7:2.8.17-0ubuntu0.1+esm5 libswscale-dev - 7:2.8.17-0ubuntu0.1+esm5 libswscale-ffmpeg3 - 7:2.8.17-0ubuntu0.1+esm5 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-3109 CVE-2022-3341 CVE-2022-3964 CVE-2022-3965 https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/2007269 Ubuntu 16.04 LTS Yebo Cao discovered that Python incorrectly handled certain URLs. An attacker could possibly use this issue to bypass blocklisting methods by supplying a URL that starts with blank characters. Update Instructions: Run `sudo pro fix USN-5960-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python2.7-dev - 2.7.12-1ubuntu0~16.04.18+esm4 python2.7-doc - 2.7.12-1ubuntu0~16.04.18+esm4 libpython2.7-stdlib - 2.7.12-1ubuntu0~16.04.18+esm4 libpython2.7-minimal - 2.7.12-1ubuntu0~16.04.18+esm4 libpython2.7 - 2.7.12-1ubuntu0~16.04.18+esm4 libpython2.7-testsuite - 2.7.12-1ubuntu0~16.04.18+esm4 python2.7 - 2.7.12-1ubuntu0~16.04.18+esm4 idle-python2.7 - 2.7.12-1ubuntu0~16.04.18+esm4 python2.7-examples - 2.7.12-1ubuntu0~16.04.18+esm4 libpython2.7-dev - 2.7.12-1ubuntu0~16.04.18+esm4 python2.7-minimal - 2.7.12-1ubuntu0~16.04.18+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro libpython3.5-stdlib - 3.5.2-2ubuntu0~16.04.13+esm7 python3.5-venv - 3.5.2-2ubuntu0~16.04.13+esm7 python3.5-doc - 3.5.2-2ubuntu0~16.04.13+esm7 python3.5-dev - 3.5.2-2ubuntu0~16.04.13+esm7 libpython3.5-dev - 3.5.2-2ubuntu0~16.04.13+esm7 libpython3.5-minimal - 3.5.2-2ubuntu0~16.04.13+esm7 python3.5 - 3.5.2-2ubuntu0~16.04.13+esm7 idle-python3.5 - 3.5.2-2ubuntu0~16.04.13+esm7 libpython3.5-testsuite - 3.5.2-2ubuntu0~16.04.13+esm7 python3.5-examples - 3.5.2-2ubuntu0~16.04.13+esm7 python3.5-minimal - 3.5.2-2ubuntu0~16.04.13+esm7 libpython3.5 - 3.5.2-2ubuntu0~16.04.13+esm7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-24329 Ubuntu 16.04 LTS It was discovered that abcm2ps incorrectly handled memory when parsing specially crafted ABC files. An attacker could use this issue to cause abcm2ps to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2018-10753, CVE-2018-10771, CVE-2019-1010069) Chiba of Topsec Alpha Lab discovered that abcm2ps incorrectly handled memory when parsing specially crafted ABC files. An attacker could use this issue to cause abcm2ps to crash, leading to a denial of service. (CVE-2021-32434, CVE-2021-32435, CVE-2021-32436) Update Instructions: Run `sudo pro fix USN-5961-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: abcm2ps - 7.8.9-1ubuntu0.16.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-10753 CVE-2018-10771 CVE-2019-1010069 CVE-2021-32434 CVE-2021-32435 CVE-2021-32436 Ubuntu 16.04 LTS It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-47024, CVE-2023-0049, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433) It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2023-0051) It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2023-1170, CVE-2023-1175) It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2023-1264) Update Instructions: Run `sudo pro fix USN-5963-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:7.4.1689-3ubuntu1.5+esm17 vim-nox-py2 - 2:7.4.1689-3ubuntu1.5+esm17 vim-gnome - 2:7.4.1689-3ubuntu1.5+esm17 vim-athena-py2 - 2:7.4.1689-3ubuntu1.5+esm17 vim-athena - 2:7.4.1689-3ubuntu1.5+esm17 vim-gtk - 2:7.4.1689-3ubuntu1.5+esm17 vim-gui-common - 2:7.4.1689-3ubuntu1.5+esm17 vim - 2:7.4.1689-3ubuntu1.5+esm17 vim-gtk3-py2 - 2:7.4.1689-3ubuntu1.5+esm17 vim-doc - 2:7.4.1689-3ubuntu1.5+esm17 vim-gtk-py2 - 2:7.4.1689-3ubuntu1.5+esm17 vim-tiny - 2:7.4.1689-3ubuntu1.5+esm17 vim-gnome-py2 - 2:7.4.1689-3ubuntu1.5+esm17 vim-gtk3 - 2:7.4.1689-3ubuntu1.5+esm17 vim-nox - 2:7.4.1689-3ubuntu1.5+esm17 vim-runtime - 2:7.4.1689-3ubuntu1.5+esm17 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-47024 CVE-2023-0049 CVE-2023-0051 CVE-2023-0054 CVE-2023-0288 CVE-2023-0433 CVE-2023-1170 CVE-2023-1175 CVE-2023-1264 Ubuntu 16.04 LTS USN-5964-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Harry Sintonen discovered that curl incorrectly handled certain TELNET connection options. Due to lack of proper input scrubbing, curl could pass on user name and telnet options to the server as provided, contrary to expectations. (CVE-2023-27533) Harry Sintonen discovered that curl incorrectly reused certain FTP connections. This could lead to the wrong credentials being reused, contrary to expectations. (CVE-2023-27535) Harry Sintonen discovered that curl incorrectly reused connections when the GSS delegation option had been changed. This could lead to the option being reused, contrary to expectations. (CVE-2023-27536) Update Instructions: Run `sudo pro fix USN-5964-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.47.0-1ubuntu2.19+esm8 libcurl4-openssl-dev - 7.47.0-1ubuntu2.19+esm8 libcurl3-gnutls - 7.47.0-1ubuntu2.19+esm8 libcurl4-doc - 7.47.0-1ubuntu2.19+esm8 libcurl3-nss - 7.47.0-1ubuntu2.19+esm8 libcurl4-nss-dev - 7.47.0-1ubuntu2.19+esm8 libcurl3 - 7.47.0-1ubuntu2.19+esm8 curl - 7.47.0-1ubuntu2.19+esm8 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-27533 CVE-2023-27535 CVE-2023-27536 Ubuntu 16.04 LTS Maher Azzouzi discovered an information disclosure vulnerability in the calcsize binary within amanda. calcsize is a suid binary owned by root that could possibly be used by a malicious local attacker to expose sensitive file system information. (CVE-2022-37703) Maher Azzouzi discovered a privilege escalation vulnerability in the rundump binary within amanda. rundump is a suid binary owned by root that did not perform adequate sanitization of environment variables or commandline options and could possibly be used by a malicious local attacker to escalate privileges. (CVE-2022-37704) Maher Azzouzi discovered a privilege escalation vulnerability in the runtar binary within amanda. runtar is a suid binary owned by root that did not perform adequate sanitization of commandline options and could possibly be used by a malicious local attacker to escalate privileges. (CVE-2022-37705) Update Instructions: Run `sudo pro fix USN-5966-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: amanda-client - 1:3.3.6-4.1ubuntu0.1 amanda-common - 1:3.3.6-4.1ubuntu0.1 amanda-server - 1:3.3.6-4.1ubuntu0.1 No subscription required High CVE-2022-37703 CVE-2022-37704 CVE-2022-37705 Ubuntu 16.04 LTS USN-5966-1 fixed vulnerabilities in amanda. Unfortunately it introduced a regression in GNUTAR-based backups. This update reverts all of the changes in amanda until a better fix is provided. We apologize for the inconvenience. Original advisory details: Maher Azzouzi discovered an information disclosure vulnerability in the calcsize binary within amanda. calcsize is a suid binary owned by root that could possibly be used by a malicious local attacker to expose sensitive file system information. (CVE-2022-37703) Maher Azzouzi discovered a privilege escalation vulnerability in the rundump binary within amanda. rundump is a suid binary owned by root that did not perform adequate sanitization of environment variables or commandline options and could possibly be used by a malicious local attacker to escalate privileges. (CVE-2022-37704) Maher Azzouzi discovered a privilege escalation vulnerability in the runtar binary within amanda. runtar is a suid binary owned by root that did not perform adequate sanitization of commandline options and could possibly be used by a malicious local attacker to escalate privileges. (CVE-2022-37705) Update Instructions: Run `sudo pro fix USN-5966-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: amanda-client - 1:3.3.6-4.1ubuntu0.1+esm2 amanda-common - 1:3.3.6-4.1ubuntu0.1+esm2 amanda-server - 1:3.3.6-4.1ubuntu0.1+esm2 Available with Ubuntu Pro: https://ubuntu.com/pro None https://launchpad.net/bugs/2012536 Ubuntu 16.04 LTS It was discovered that GitPython did not properly sanitize user inputs for remote URLs in the clone command. By injecting a maliciously crafted remote URL, an attacker could possibly use this issue to execute arbitrary commands on the host. Update Instructions: Run `sudo pro fix USN-5968-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-git-doc - 1.0.1+git137-gc8b8379-2.1ubuntu0.1~esm1 python-git - 1.0.1+git137-gc8b8379-2.1ubuntu0.1~esm1 python3-git - 1.0.1+git137-gc8b8379-2.1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-24439 Ubuntu 16.04 LTS It was discovered that gif2apng contained multiple heap-base overflows. An attacker could potentially exploit this to cause a denial of service (system crash). (CVE-2021-45909, CVE-2021-45910, CVE-2021-45911) Update Instructions: Run `sudo pro fix USN-5969-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gif2apng - 1.7-3ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-45909 CVE-2021-45910 CVE-2021-45911 Ubuntu 16.04 LTS It was discovered that url-parse incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service, or to perform a server-side request forgery attack or open redirect attack. (CVE-2018-3774) It was discovered that url-parse incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to bypass input validation. This issue was only fixed in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-8124) Yaniv Nizry discovered that url-parse incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service, or to perform a server-side request forgery attack or open redirect attack. This issue was only fixed in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-27515) It was discovered that url-parse incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service, or to perform a server-side request forgery attack or open redirect attack. This issue was only fixed in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-3664) It was discovered that url-parse incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to bypass authorization. This issue was only fixed in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2022-0512, CVE-2022-0639, CVE-2022-0691) Rohan Sharma discovered that url-parse incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to bypass authorization. This issue was only fixed in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2022-0686) Update Instructions: Run `sudo pro fix USN-5973-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: node-url-parse - 1.0.5-2ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-3774 CVE-2020-8124 CVE-2021-27515 CVE-2021-3664 CVE-2022-0512 CVE-2022-0639 CVE-2022-0686 CVE-2022-0691 Ubuntu 16.04 LTS It was discovered that GraphicsMagick was not properly performing bounds checks when processing TGA image files, which could lead to a heap buffer overflow. If a user or automated system were tricked into processing a specially crafted TGA image file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2018-20184) It was discovered that GraphicsMagick was not properly validating bits per pixel data when processing DIB image files. If a user or automated system were tricked into processing a specially crafted DIB image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2018-20189) It was discovered that GraphicsMagick was not properly processing bit-field mask values in BMP image files, which could result in the execution of an infinite loop. If a user or automated system were tricked into processing a specially crafted BMP image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2018-5685) It was discovered that GraphicsMagick was not properly validating data used in arithmetic operations when processing MNG image files, which could result in a divide-by-zero error. If a user or automated system were tricked into processing a specially crafted MNG image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2018-9018) It was discovered that GraphicsMagick was not properly performing bounds checks when processing MIFF image files, which could lead to a heap buffer overflow. If a user or automated system were tricked into processing a specially crafted MIFF image file, an attacker could possibly use this issue to cause a denial of service or expose sensitive information. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2019-11006) It was discovered that GraphicsMagick did not properly magnify certain MNG image files, which could lead to a heap buffer overflow. If a user or automated system were tricked into processing a specially crafted MNG image file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-12672) It was discovered that GraphicsMagick was not properly performing bounds checks when parsing certain MIFF image files, which could lead to a heap buffer overflow. If a user or automated system were tricked into processing a specially crafted MIFF image file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1270) Update Instructions: Run `sudo pro fix USN-5974-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgraphics-magick-perl - 1.3.23-1ubuntu0.6+esm2 libgraphicsmagick-q16-3 - 1.3.23-1ubuntu0.6+esm2 libgraphicsmagick1-dev - 1.3.23-1ubuntu0.6+esm2 graphicsmagick - 1.3.23-1ubuntu0.6+esm2 graphicsmagick-imagemagick-compat - 1.3.23-1ubuntu0.6+esm2 graphicsmagick-libmagick-dev-compat - 1.3.23-1ubuntu0.6+esm2 libgraphicsmagick++-q16-12 - 1.3.23-1ubuntu0.6+esm2 libgraphicsmagick++1-dev - 1.3.23-1ubuntu0.6+esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-20184 CVE-2018-20189 CVE-2018-5685 CVE-2018-9018 CVE-2019-11006 CVE-2020-12672 CVE-2022-1270 Ubuntu 16.04 LTS Updated on 2023-04-11: Please note that when USN 5975-1 was originally published, it incorrectly included the linux-gcp kernel for Ubuntu 16.04 ESM. References to that kernel have been removed from this USN and the correct information for it has been published in USN 6007-1. Original advisory details: It was discovered that the Upper Level Protocol (ULP) subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-0461) It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-3669) It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 (V4L2) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20369) Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan and Ariel Sabba discovered that some Intel processors with Enhanced Indirect Branch Restricted Speculation (eIBRS) did not properly handle RET instructions after a VM exits. A local attacker could potentially use this to expose sensitive information. (CVE-2022-26373) David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering. (CVE-2022-2663) Johannes Wikner and Kaveh Razavi discovered that for some AMD x86-64 processors, the branch predictor could by mis-trained for return instructions in certain circumstances. A local attacker could possibly use this to expose sensitive information. (CVE-2022-29900) Johannes Wikner and Kaveh Razavi discovered that for some Intel x86-64 processors, the Linux kernel's protections against speculative branch target injection attacks were insufficient in some circumstances. A local attacker could possibly use this to expose sensitive information. (CVE-2022-29901) It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3424) It was discovered that a race condition existed in the Kernel Connection Multiplexor (KCM) socket implementation in the Linux kernel when releasing sockets in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3521) It was discovered that the Netronome Ethernet driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3545) It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform bounds checking in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3628) Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36280) It was discovered that a use-after-free vulnerability existed in the Bluetooth stack in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3640) It was discovered that the NILFS2 file system implementation in the Linux kernel did not properly deallocate memory in certain error conditions. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3646) Khalid Masum discovered that the NILFS2 file system implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-3649) Hyunwoo Kim discovered that an integer overflow vulnerability existed in the PXA3xx graphics driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-39842) Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41218) It was discovered that a race condition existed in the SMSC UFX USB driver implementation in the Linux kernel, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41849) It was discovered that a race condition existed in the Roccat HID driver in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41850) It was discovered that a race condition existed in the Xen network backend driver in the Linux kernel when handling dropped packets in certain circumstances. An attacker could use this to cause a denial of service (kernel deadlock). (CVE-2022-42328, CVE-2022-42329) Tamás Koczka discovered that the Bluetooth L2CAP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-42895) It was discovered that the USB monitoring (usbmon) component in the Linux kernel did not properly set permissions on memory mapped in to user space processes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43750) It was discovered that the network queuing discipline implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-47929) José Oliveira and Rodrigo Branco discovered that the prctl syscall implementation in the Linux kernel did not properly protect against indirect branch prediction attacks in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-0045) It was discovered that a use-after-free vulnerability existed in the Advanced Linux Sound Architecture (ALSA) subsystem. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-0266) Kyle Zeng discovered that the IPv6 implementation in the Linux kernel contained a NULL pointer dereference vulnerability in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-0394) Kyle Zeng discovered that the ATM VC queuing discipline implementation in the Linux kernel contained a type confusion vulnerability in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2023-23455) It was discovered that the RNDIS USB driver in the Linux kernel contained an integer overflow vulnerability. A local attacker with physical access could plug in a malicious USB device to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-23559) It was discovered that the NTFS file system implementation in the Linux kernel did not properly validate attributes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2023-26607) Wei Chen discovered that the DVB USB AZ6027 driver in the Linux kernel contained a null pointer dereference when handling certain messages from user space. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-28328) Update Instructions: Run `sudo pro fix USN-5975-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-azure-headers-4.15.0-1162 - 4.15.0-1162.177~16.04.1 linux-tools-4.15.0-1162-azure - 4.15.0-1162.177~16.04.1 linux-headers-4.15.0-1162-azure - 4.15.0-1162.177~16.04.1 linux-image-4.15.0-1162-azure - 4.15.0-1162.177~16.04.1 linux-image-unsigned-4.15.0-1162-azure - 4.15.0-1162.177~16.04.1 linux-buildinfo-4.15.0-1162-azure - 4.15.0-1162.177~16.04.1 linux-azure-tools-4.15.0-1162 - 4.15.0-1162.177~16.04.1 linux-modules-extra-4.15.0-1162-azure - 4.15.0-1162.177~16.04.1 linux-cloud-tools-4.15.0-1162-azure - 4.15.0-1162.177~16.04.1 linux-azure-cloud-tools-4.15.0-1162 - 4.15.0-1162.177~16.04.1 linux-modules-4.15.0-1162-azure - 4.15.0-1162.177~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1162.146 linux-cloud-tools-azure - 4.15.0.1162.146 linux-tools-azure-edge - 4.15.0.1162.146 linux-azure - 4.15.0.1162.146 linux-signed-image-azure-edge - 4.15.0.1162.146 linux-image-azure - 4.15.0.1162.146 linux-signed-image-azure - 4.15.0.1162.146 linux-cloud-tools-azure-edge - 4.15.0.1162.146 linux-tools-azure - 4.15.0.1162.146 linux-headers-azure-edge - 4.15.0.1162.146 linux-image-azure-edge - 4.15.0.1162.146 linux-modules-extra-azure - 4.15.0.1162.146 linux-azure-edge - 4.15.0.1162.146 linux-headers-azure - 4.15.0.1162.146 linux-modules-extra-azure-edge - 4.15.0.1162.146 linux-signed-azure-edge - 4.15.0.1162.146 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-3669 CVE-2022-20369 CVE-2022-26373 CVE-2022-2663 CVE-2022-29900 CVE-2022-29901 CVE-2022-3424 CVE-2022-3521 CVE-2022-3545 CVE-2022-3628 CVE-2022-36280 CVE-2022-3640 CVE-2022-3646 CVE-2022-3649 CVE-2022-39842 CVE-2022-41218 CVE-2022-41849 CVE-2022-41850 CVE-2022-42328 CVE-2022-42329 CVE-2022-42895 CVE-2022-43750 CVE-2022-47929 CVE-2023-0045 CVE-2023-0266 CVE-2023-0394 CVE-2023-0461 CVE-2023-23455 CVE-2023-23559 CVE-2023-26607 CVE-2023-28328 Ubuntu 16.04 LTS It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-3669) It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3424) Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36280) Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41218) It was discovered that the network queuing discipline implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-47929) José Oliveira and Rodrigo Branco discovered that the prctl syscall implementation in the Linux kernel did not properly protect against indirect branch prediction attacks in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-0045) It was discovered that a use-after-free vulnerability existed in the Advanced Linux Sound Architecture (ALSA) subsystem. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-0266) Kyle Zeng discovered that the IPv6 implementation in the Linux kernel contained a NULL pointer dereference vulnerability in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-0394) Kyle Zeng discovered that the ATM VC queuing discipline implementation in the Linux kernel contained a type confusion vulnerability in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2023-23455) It was discovered that the RNDIS USB driver in the Linux kernel contained an integer overflow vulnerability. A local attacker with physical access could plug in a malicious USB device to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-23559) Wei Chen discovered that the DVB USB AZ6027 driver in the Linux kernel contained a null pointer dereference when handling certain messages from user space. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-28328) Update Instructions: Run `sudo pro fix USN-5981-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-oracle-tools-4.15.0-1116 - 4.15.0-1116.127~16.04.1 linux-modules-4.15.0-1116-oracle - 4.15.0-1116.127~16.04.1 linux-modules-extra-4.15.0-1116-oracle - 4.15.0-1116.127~16.04.1 linux-buildinfo-4.15.0-1116-oracle - 4.15.0-1116.127~16.04.1 linux-image-4.15.0-1116-oracle - 4.15.0-1116.127~16.04.1 linux-headers-4.15.0-1116-oracle - 4.15.0-1116.127~16.04.1 linux-tools-4.15.0-1116-oracle - 4.15.0-1116.127~16.04.1 linux-image-unsigned-4.15.0-1116-oracle - 4.15.0-1116.127~16.04.1 linux-oracle-headers-4.15.0-1116 - 4.15.0-1116.127~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-headers-4.15.0-1153 - 4.15.0-1153.166~16.04.1 linux-tools-4.15.0-1153-aws - 4.15.0-1153.166~16.04.1 linux-image-unsigned-4.15.0-1153-aws - 4.15.0-1153.166~16.04.1 linux-aws-hwe-tools-4.15.0-1153 - 4.15.0-1153.166~16.04.1 linux-image-4.15.0-1153-aws - 4.15.0-1153.166~16.04.1 linux-cloud-tools-4.15.0-1153-aws - 4.15.0-1153.166~16.04.1 linux-aws-hwe-cloud-tools-4.15.0-1153 - 4.15.0-1153.166~16.04.1 linux-headers-4.15.0-1153-aws - 4.15.0-1153.166~16.04.1 linux-modules-extra-4.15.0-1153-aws - 4.15.0-1153.166~16.04.1 linux-buildinfo-4.15.0-1153-aws - 4.15.0-1153.166~16.04.1 linux-modules-4.15.0-1153-aws - 4.15.0-1153.166~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-208-generic - 4.15.0-208.219~16.04.1 linux-hwe-cloud-tools-4.15.0-208 - 4.15.0-208.219~16.04.1 linux-hwe-tools-4.15.0-208 - 4.15.0-208.219~16.04.1 linux-tools-4.15.0-208-lowlatency - 4.15.0-208.219~16.04.1 linux-image-unsigned-4.15.0-208-lowlatency - 4.15.0-208.219~16.04.1 linux-modules-4.15.0-208-generic - 4.15.0-208.219~16.04.1 linux-headers-4.15.0-208-generic - 4.15.0-208.219~16.04.1 linux-image-unsigned-4.15.0-208-generic - 4.15.0-208.219~16.04.1 linux-cloud-tools-4.15.0-208-generic - 4.15.0-208.219~16.04.1 linux-image-4.15.0-208-generic - 4.15.0-208.219~16.04.1 linux-image-4.15.0-208-lowlatency - 4.15.0-208.219~16.04.1 linux-modules-extra-4.15.0-208-generic - 4.15.0-208.219~16.04.1 linux-headers-4.15.0-208-lowlatency - 4.15.0-208.219~16.04.1 linux-cloud-tools-4.15.0-208-lowlatency - 4.15.0-208.219~16.04.1 linux-modules-4.15.0-208-lowlatency - 4.15.0-208.219~16.04.1 linux-buildinfo-4.15.0-208-lowlatency - 4.15.0-208.219~16.04.1 linux-source-4.15.0 - 4.15.0-208.219~16.04.1 linux-headers-4.15.0-208 - 4.15.0-208.219~16.04.1 linux-tools-4.15.0-208-generic - 4.15.0-208.219~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 4.15.0.1116.97 linux-signed-image-oracle - 4.15.0.1116.97 linux-signed-oracle - 4.15.0.1116.97 linux-tools-oracle - 4.15.0.1116.97 linux-image-oracle - 4.15.0.1116.97 linux-oracle - 4.15.0.1116.97 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-hwe - 4.15.0.1153.136 linux-modules-extra-aws-hwe - 4.15.0.1153.136 linux-aws-edge - 4.15.0.1153.136 linux-tools-aws-hwe - 4.15.0.1153.136 linux-image-aws-hwe - 4.15.0.1153.136 linux-headers-aws-hwe - 4.15.0.1153.136 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-lowlatency-hwe-16.04 - 4.15.0.208.193 linux-signed-generic-hwe-16.04-edge - 4.15.0.208.193 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.208.193 linux-image-extra-virtual-hwe-16.04 - 4.15.0.208.193 linux-image-oem - 4.15.0.208.193 linux-headers-generic-hwe-16.04-edge - 4.15.0.208.193 linux-image-lowlatency-hwe-16.04 - 4.15.0.208.193 linux-tools-virtual-hwe-16.04-edge - 4.15.0.208.193 linux-tools-virtual-hwe-16.04 - 4.15.0.208.193 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.208.193 linux-image-virtual-hwe-16.04-edge - 4.15.0.208.193 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.208.193 linux-generic-hwe-16.04-edge - 4.15.0.208.193 linux-headers-lowlatency-hwe-16.04 - 4.15.0.208.193 linux-virtual-hwe-16.04 - 4.15.0.208.193 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.208.193 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.208.193 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.208.193 linux-tools-oem - 4.15.0.208.193 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.208.193 linux-headers-oem - 4.15.0.208.193 linux-signed-image-generic-hwe-16.04 - 4.15.0.208.193 linux-virtual-hwe-16.04-edge - 4.15.0.208.193 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.208.193 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.208.193 linux-headers-virtual-hwe-16.04-edge - 4.15.0.208.193 linux-headers-generic-hwe-16.04 - 4.15.0.208.193 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.208.193 linux-generic-hwe-16.04 - 4.15.0.208.193 linux-oem - 4.15.0.208.193 linux-image-generic-hwe-16.04-edge - 4.15.0.208.193 linux-lowlatency-hwe-16.04-edge - 4.15.0.208.193 linux-image-generic-hwe-16.04 - 4.15.0.208.193 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.208.193 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.208.193 linux-tools-lowlatency-hwe-16.04 - 4.15.0.208.193 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.208.193 linux-headers-virtual-hwe-16.04 - 4.15.0.208.193 linux-signed-oem - 4.15.0.208.193 linux-image-virtual-hwe-16.04 - 4.15.0.208.193 linux-signed-lowlatency-hwe-16.04 - 4.15.0.208.193 linux-signed-generic-hwe-16.04 - 4.15.0.208.193 linux-signed-image-oem - 4.15.0.208.193 linux-tools-generic-hwe-16.04 - 4.15.0.208.193 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.208.193 linux-tools-generic-hwe-16.04-edge - 4.15.0.208.193 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-3669 CVE-2022-3424 CVE-2022-36280 CVE-2022-41218 CVE-2022-47929 CVE-2023-0045 CVE-2023-0266 CVE-2023-0394 CVE-2023-23455 CVE-2023-23559 CVE-2023-28328 Ubuntu 16.04 LTS Cyku Hong discovered that Nette was not properly handling and validating data used for code generation. A remote attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5983-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php-nette - 2.3.8-1ubuntu1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-15227 Ubuntu 16.04 LTS It was discovered that integer overflows vulnerabilities existed in Xcftools. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-5086, CVE-2019-5087) Update Instructions: Run `sudo pro fix USN-5988-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xcftools - 1.0.7-5ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-5086 CVE-2019-5087 Ubuntu 16.04 LTS Tao Lyu discovered that GlusterFS did not properly handle certain event notifications. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5989-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: glusterfs-client - 3.7.6-1ubuntu1+esm2 glusterfs-server - 3.7.6-1ubuntu1+esm2 glusterfs-common - 3.7.6-1ubuntu1+esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-26253 Ubuntu 16.04 LTS It was discovered that musl did not handle certain i386 math functions properly. An attacker could use this vulnerability to cause a denial of service (crash) or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS. (CVE-2019-14697) It was discovered that musl did not handle wide-character conversion properly. A remote attacker could use this vulnerability to cause resource consumption (infinite loop), denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2020-28928) Update Instructions: Run `sudo pro fix USN-5990-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: musl-dev - 1.1.9-1ubuntu0.1~esm3 musl-tools - 1.1.9-1ubuntu0.1~esm3 musl - 1.1.9-1ubuntu0.1~esm3 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-14697 CVE-2020-28928 Ubuntu 16.04 LTS It was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-26767, CVE-2023-26768, CVE-2023-26769) Update Instructions: Run `sudo pro fix USN-5996-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblouis9 - 2.6.4-2ubuntu0.4+esm1 liblouis-bin - 2.6.4-2ubuntu0.4+esm1 python-louis - 2.6.4-2ubuntu0.4+esm1 liblouis-dev - 2.6.4-2ubuntu0.4+esm1 python3-louis - 2.6.4-2ubuntu0.4+esm1 liblouis-data - 2.6.4-2ubuntu0.4+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-26767 CVE-2023-26768 CVE-2023-26769 Ubuntu 16.04 LTS It was discovered that IPMItool was not properly checking the data received from a remote LAN party. A remote attacker could possibly use this issue to to cause a crash or arbitrary code execution. Update Instructions: Run `sudo pro fix USN-5997-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ipmitool - 1.8.16-3ubuntu0.2+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-5208 Ubuntu 16.04 LTS It was discovered that the SocketServer component of Apache Log4j 1.2 incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. (CVE-2019-17571) It was discovered that the JMSSink component of Apache Log4j 1.2 incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-23302) It was discovered that Apache Log4j 1.2 incorrectly handled certain SQL statements. A remote attacker could possibly use this issue to perform an SQL injection attack and alter the database. This issue was only fixed in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2022-23305) It was discovered that the Chainsaw component of Apache Log4j 1.2 incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code. This issue was only fixed in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2022-23307) Update Instructions: Run `sudo pro fix USN-5998-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblog4j1.2-java-doc - 1.2.17-7ubuntu1+esm1 liblog4j1.2-java - 1.2.17-7ubuntu1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 CVE-2019-17571 Ubuntu 16.04 LTS Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service (connection termination) or inject forged data. (CVE-2020-36516) Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2021-26401) Jürgen Groß discovered that the Xen subsystem within the Linux kernel did not adequately limit the number of events driver domains (unprivileged PV backends) could send to other guest VMs. An attacker in a driver domain could use this to cause a denial of service in other guest VMs. (CVE-2021-28712, CVE-2021-28713) Wolfgang Frisch discovered that the ext4 file system implementation in the Linux kernel contained an integer overflow when handling metadata inode extents. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service (system crash). (CVE-2021-3428) It was discovered that the IEEE 802.15.4 wireless network subsystem in the Linux kernel did not properly handle certain error conditions, leading to a null pointer dereference vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2021-3659) It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-3669) Alois Wohlschlager discovered that the overlay file system in the Linux kernel did not restrict private clones in some situations. An attacker could use this to expose sensitive information. (CVE-2021-3732) It was discovered that the SCTP protocol implementation in the Linux kernel did not properly verify VTAGs in some situations. A remote attacker could possibly use this to cause a denial of service (connection disassociation). (CVE-2021-3772) It was discovered that the btrfs file system implementation in the Linux kernel did not properly handle locking in certain error conditions. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2021-4149) Jann Horn discovered that the socket subsystem in the Linux kernel contained a race condition when handling listen() and connect() operations, leading to a read-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2021-4203) It was discovered that the file system quotas implementation in the Linux kernel did not properly validate the quota block number. An attacker could use this to construct a malicious file system image that, when mounted and operated on, could cause a denial of service (system crash). (CVE-2021-45868) Zhihua Yao discovered that the MOXART SD/MMC driver in the Linux kernel did not properly handle device removal, leading to a use-after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-0487) It was discovered that the block layer subsystem in the Linux kernel did not properly initialize memory in some situations. A privileged local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-0494) It was discovered that the UDF file system implementation in the Linux kernel could attempt to dereference a null pointer in some situations. An attacker could use this to construct a malicious UDF image that, when mounted and operated on, could cause a denial of service (system crash). (CVE-2022-0617) David Bouman discovered that the netfilter subsystem in the Linux kernel did not initialize memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-1016) It was discovered that the implementation of the 6pack and mkiss protocols in the Linux kernel did not handle detach events properly in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1195) Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol implementation in the Linux kernel, leading to use-after-free vulnerabilities. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1205) It was discovered that the tty subsystem in the Linux kernel contained a race condition in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2022-1462) It was discovered that the implementation of X.25 network protocols in the Linux kernel did not terminate link layer sessions properly. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1516) Duoming Zhou discovered a race condition in the NFC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1974) Duoming Zhou discovered that the NFC subsystem in the Linux kernel did not properly prevent context switches from occurring during certain atomic context operations. A privileged local attacker could use this to cause a denial of service (system crash). (CVE-2022-1975) It was discovered that the HID subsystem in the Linux kernel did not properly validate inputs in certain conditions. A local attacker with physical access could plug in a specially crafted USB device to expose sensitive information. (CVE-2022-20132) It was discovered that the device-mapper verity (dm-verity) driver in the Linux kernel did not properly verify targets being loaded into the device- mapper table. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20572, CVE-2022-2503) Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-2318) Zheyu Ma discovered that the Silicon Motion SM712 framebuffer driver in the Linux kernel did not properly handle very small reads. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-2380) David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering. (CVE-2022-2663) Lucas Leong discovered that the LightNVM subsystem in the Linux kernel did not properly handle data lengths in certain situations. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2991) It was discovered that the Intel 740 frame buffer driver in the Linux kernel contained a divide by zero vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3061) Jiasheng Jiang discovered that the wm8350 charger driver in the Linux kernel did not properly deallocate memory, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3111) It was discovered that the sound subsystem in the Linux kernel contained a race condition in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3303) It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform bounds checking in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3628) Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36280) It was discovered that the NILFS2 file system implementation in the Linux kernel did not properly deallocate memory in certain error conditions. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3646) It was discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36879) It was discovered that the infrared transceiver USB driver did not properly handle USB control messages. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (memory exhaustion). (CVE-2022-3903) Jann Horn discovered a race condition existed in the Linux kernel when unmapping VMAs in certain situations, resulting in possible use-after-free vulnerabilities. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-39188) Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41218) It was discovered that a race condition existed in the SMSC UFX USB driver implementation in the Linux kernel, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41849) It was discovered that a race condition existed in the Roccat HID driver in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41850) It was discovered that the USB core subsystem in the Linux kernel did not properly handle nested reset events. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (kernel deadlock). (CVE-2022-4662) It was discovered that the network queuing discipline implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-47929) Kyle Zeng discovered that the IPv6 implementation in the Linux kernel contained a NULL pointer dereference vulnerability in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-0394) It was discovered that a memory leak existed in the SCTP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2023-1074) Mingi Cho discovered that the netfilter subsystem in the Linux kernel did not properly initialize a data structure, leading to a null pointer dereference vulnerability. An attacker could use this to cause a denial of service (system crash). (CVE-2023-1095) Kyle Zeng discovered that the ATM VC queuing discipline implementation in the Linux kernel contained a type confusion vulnerability in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2023-23455) Lianhui Tang discovered that the MPLS implementation in the Linux kernel did not properly handle certain sysctl allocation failure conditions, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-26545) It was discovered that the NTFS file system implementation in the Linux kernel did not properly validate attributes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2023-26607) Duoming Zhou discovered that a race condition existed in the infrared receiver/transceiver driver in the Linux kernel, leading to a use-after- free vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-1118) Update Instructions: Run `sudo pro fix USN-6001-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-aws-tools-4.4.0-1155 - 4.4.0-1155.170 linux-cloud-tools-4.4.0-1155-aws - 4.4.0-1155.170 linux-buildinfo-4.4.0-1155-aws - 4.4.0-1155.170 linux-modules-4.4.0-1155-aws - 4.4.0-1155.170 linux-aws-headers-4.4.0-1155 - 4.4.0-1155.170 linux-modules-extra-4.4.0-1155-aws - 4.4.0-1155.170 linux-aws-cloud-tools-4.4.0-1155 - 4.4.0-1155.170 linux-headers-4.4.0-1155-aws - 4.4.0-1155.170 linux-image-4.4.0-1155-aws - 4.4.0-1155.170 linux-tools-4.4.0-1155-aws - 4.4.0-1155.170 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-aws - 4.4.0.1155.159 linux-tools-aws - 4.4.0.1155.159 linux-aws - 4.4.0.1155.159 linux-headers-aws - 4.4.0.1155.159 linux-image-aws - 4.4.0.1155.159 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-36516 CVE-2021-26401 CVE-2021-28712 CVE-2021-28713 CVE-2021-3428 CVE-2021-3659 CVE-2021-3669 CVE-2021-3732 CVE-2021-3772 CVE-2021-4149 CVE-2021-4203 CVE-2021-45868 CVE-2022-0487 CVE-2022-0494 CVE-2022-0617 CVE-2022-1016 CVE-2022-1195 CVE-2022-1205 CVE-2022-1462 CVE-2022-1516 CVE-2022-1974 CVE-2022-1975 CVE-2022-20132 CVE-2022-20572 CVE-2022-2318 CVE-2022-2380 CVE-2022-2503 CVE-2022-2663 CVE-2022-2991 CVE-2022-3061 CVE-2022-3111 CVE-2022-3303 CVE-2022-3628 CVE-2022-36280 CVE-2022-3646 CVE-2022-36879 CVE-2022-3903 CVE-2022-39188 CVE-2022-41218 CVE-2022-41849 CVE-2022-41850 CVE-2022-4662 CVE-2022-47929 CVE-2023-0394 CVE-2023-1074 CVE-2023-1095 CVE-2023-1118 CVE-2023-23455 CVE-2023-26545 CVE-2023-26607 Ubuntu 16.04 LTS Xi Lu discovered that Emacs did not properly handle certain inputs. An attacker could possibly use this issue to execute arbitrary commands. Update Instructions: Run `sudo pro fix USN-6003-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: emacs24-bin-common - 24.5+1-6ubuntu1.1+esm3 emacs24-lucid - 24.5+1-6ubuntu1.1+esm3 emacs24 - 24.5+1-6ubuntu1.1+esm3 emacs24-el - 24.5+1-6ubuntu1.1+esm3 emacs24-nox - 24.5+1-6ubuntu1.1+esm3 emacs24-common - 24.5+1-6ubuntu1.1+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-28617 Ubuntu 16.04 LTS USN-6005-1 fixed vulnerabilities in Sudo. This update provides the corresponding updates for Ubuntu 16.04 LTS. Original advisory details: Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly escaped control characters in log messages and sudoreplay output. An attacker could possibly use these issues to inject terminal control characters that alter output when being viewed. Update Instructions: Run `sudo pro fix USN-6005-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sudo-ldap - 1.8.16-0ubuntu1.10+esm2 sudo - 1.8.16-0ubuntu1.10+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-28486 CVE-2023-28487 Ubuntu 16.04 LTS It was discovered that the Upper Level Protocol (ULP) subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-0461) It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 (V4L2) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20369) Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan and Ariel Sabba discovered that some Intel processors with Enhanced Indirect Branch Restricted Speculation (eIBRS) did not properly handle RET instructions after a VM exits. A local attacker could potentially use this to expose sensitive information. (CVE-2022-26373) David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering. (CVE-2022-2663) Johannes Wikner and Kaveh Razavi discovered that for some AMD x86-64 processors, the branch predictor could by mis-trained for return instructions in certain circumstances. A local attacker could possibly use this to expose sensitive information. (CVE-2022-29900) Johannes Wikner and Kaveh Razavi discovered that for some Intel x86-64 processors, the Linux kernel's protections against speculative branch target injection attacks were insufficient in some circumstances. A local attacker could possibly use this to expose sensitive information. (CVE-2022-29901) It was discovered that a race condition existed in the Kernel Connection Multiplexor (KCM) socket implementation in the Linux kernel when releasing sockets in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3521) It was discovered that the Netronome Ethernet driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3545) It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform bounds checking in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3628) It was discovered that a use-after-free vulnerability existed in the Bluetooth stack in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3640) It was discovered that the NILFS2 file system implementation in the Linux kernel did not properly deallocate memory in certain error conditions. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3646) Khalid Masum discovered that the NILFS2 file system implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-3649) Hyunwoo Kim discovered that an integer overflow vulnerability existed in the PXA3xx graphics driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-39842) It was discovered that a race condition existed in the SMSC UFX USB driver implementation in the Linux kernel, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41849) It was discovered that a race condition existed in the Roccat HID driver in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41850) It was discovered that a race condition existed in the Xen network backend driver in the Linux kernel when handling dropped packets in certain circumstances. An attacker could use this to cause a denial of service (kernel deadlock). (CVE-2022-42328, CVE-2022-42329) Tamás Koczka discovered that the Bluetooth L2CAP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-42895) It was discovered that the USB monitoring (usbmon) component in the Linux kernel did not properly set permissions on memory mapped in to user space processes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43750) It was discovered that the NTFS file system implementation in the Linux kernel did not properly validate attributes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2023-26607) Update Instructions: Run `sudo pro fix USN-6007-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1146-gcp - 4.15.0-1146.162~16.04.1 linux-image-4.15.0-1146-gcp - 4.15.0-1146.162~16.04.1 linux-gcp-tools-4.15.0-1146 - 4.15.0-1146.162~16.04.1 linux-modules-4.15.0-1146-gcp - 4.15.0-1146.162~16.04.1 linux-image-unsigned-4.15.0-1146-gcp - 4.15.0-1146.162~16.04.1 linux-gcp-headers-4.15.0-1146 - 4.15.0-1146.162~16.04.1 linux-tools-4.15.0-1146-gcp - 4.15.0-1146.162~16.04.1 linux-modules-extra-4.15.0-1146-gcp - 4.15.0-1146.162~16.04.1 linux-headers-4.15.0-1146-gcp - 4.15.0-1146.162~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-gke - 4.15.0.1146.136 linux-image-gke - 4.15.0.1146.136 linux-headers-gcp - 4.15.0.1146.136 linux-tools-gcp - 4.15.0.1146.136 linux-image-gcp - 4.15.0.1146.136 linux-modules-extra-gcp - 4.15.0.1146.136 linux-headers-gke - 4.15.0.1146.136 linux-gke - 4.15.0.1146.136 linux-tools-gke - 4.15.0.1146.136 linux-gcp - 4.15.0.1146.136 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-20369 CVE-2022-26373 CVE-2022-2663 CVE-2022-29900 CVE-2022-29901 CVE-2022-3521 CVE-2022-3545 CVE-2022-3628 CVE-2022-3640 CVE-2022-3646 CVE-2022-3649 CVE-2022-39842 CVE-2022-41849 CVE-2022-41850 CVE-2022-42328 CVE-2022-42329 CVE-2022-42895 CVE-2022-43750 CVE-2023-0461 CVE-2023-26607 Ubuntu 16.04 LTS It was discovered that Exo did not properly sanitized desktop files. A remote attacker could possibly use this issue to to cause a crash or arbitrary code execution. Update Instructions: Run `sudo pro fix USN-6008-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libexo-common - 0.10.7-1ubuntu0.1~esm1 libexo-1-dev - 0.10.7-1ubuntu0.1~esm1 libexo-1-0 - 0.10.7-1ubuntu0.1~esm1 libexo-helpers - 0.10.7-1ubuntu0.1~esm1 exo-utils - 0.10.7-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-32278 Ubuntu 16.04 LTS It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-3669) It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3424) Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36280) Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41218) It was discovered that the network queuing discipline implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-47929) José Oliveira and Rodrigo Branco discovered that the prctl syscall implementation in the Linux kernel did not properly protect against indirect branch prediction attacks in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-0045) It was discovered that a use-after-free vulnerability existed in the Advanced Linux Sound Architecture (ALSA) subsystem. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-0266) Kyle Zeng discovered that the IPv6 implementation in the Linux kernel contained a NULL pointer dereference vulnerability in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-0394) Kyle Zeng discovered that the ATM VC queuing discipline implementation in the Linux kernel contained a type confusion vulnerability in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2023-23455) It was discovered that the RNDIS USB driver in the Linux kernel contained an integer overflow vulnerability. A local attacker with physical access could plug in a malicious USB device to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-23559) Wei Chen discovered that the DVB USB AZ6027 driver in the Linux kernel contained a null pointer dereference when handling certain messages from user space. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-28328) Update Instructions: Run `sudo pro fix USN-6009-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-extra-4.15.0-1147-gcp - 4.15.0-1147.163~16.04.1 linux-image-unsigned-4.15.0-1147-gcp - 4.15.0-1147.163~16.04.1 linux-buildinfo-4.15.0-1147-gcp - 4.15.0-1147.163~16.04.1 linux-gcp-tools-4.15.0-1147 - 4.15.0-1147.163~16.04.1 linux-tools-4.15.0-1147-gcp - 4.15.0-1147.163~16.04.1 linux-modules-4.15.0-1147-gcp - 4.15.0-1147.163~16.04.1 linux-headers-4.15.0-1147-gcp - 4.15.0-1147.163~16.04.1 linux-image-4.15.0-1147-gcp - 4.15.0-1147.163~16.04.1 linux-gcp-headers-4.15.0-1147 - 4.15.0-1147.163~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-gke - 4.15.0.1147.137 linux-headers-gcp - 4.15.0.1147.137 linux-tools-gcp - 4.15.0.1147.137 linux-image-gcp - 4.15.0.1147.137 linux-modules-extra-gcp - 4.15.0.1147.137 linux-modules-extra-gke - 4.15.0.1147.137 linux-headers-gke - 4.15.0.1147.137 linux-gke - 4.15.0.1147.137 linux-tools-gke - 4.15.0.1147.137 linux-gcp - 4.15.0.1147.137 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-3669 CVE-2022-3424 CVE-2022-36280 CVE-2022-41218 CVE-2022-47929 CVE-2023-0045 CVE-2023-0266 CVE-2023-0394 CVE-2023-23455 CVE-2023-23559 CVE-2023-28328 Ubuntu 16.04 LTS Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service (connection termination) or inject forged data. (CVE-2020-36516) Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2021-26401) Jürgen Groß discovered that the Xen subsystem within the Linux kernel did not adequately limit the number of events driver domains (unprivileged PV backends) could send to other guest VMs. An attacker in a driver domain could use this to cause a denial of service in other guest VMs. (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713) Wolfgang Frisch discovered that the ext4 file system implementation in the Linux kernel contained an integer overflow when handling metadata inode extents. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service (system crash). (CVE-2021-3428) It was discovered that the IEEE 802.15.4 wireless network subsystem in the Linux kernel did not properly handle certain error conditions, leading to a null pointer dereference vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2021-3659) It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-3669) Alois Wohlschlager discovered that the overlay file system in the Linux kernel did not restrict private clones in some situations. An attacker could use this to expose sensitive information. (CVE-2021-3732) It was discovered that the SCTP protocol implementation in the Linux kernel did not properly verify VTAGs in some situations. A remote attacker could possibly use this to cause a denial of service (connection disassociation). (CVE-2021-3772) It was discovered that the btrfs file system implementation in the Linux kernel did not properly handle locking in certain error conditions. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2021-4149) Jann Horn discovered that the socket subsystem in the Linux kernel contained a race condition when handling listen() and connect() operations, leading to a read-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2021-4203) It was discovered that the file system quotas implementation in the Linux kernel did not properly validate the quota block number. An attacker could use this to construct a malicious file system image that, when mounted and operated on, could cause a denial of service (system crash). (CVE-2021-45868) Zhihua Yao discovered that the MOXART SD/MMC driver in the Linux kernel did not properly handle device removal, leading to a use-after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-0487) It was discovered that the block layer subsystem in the Linux kernel did not properly initialize memory in some situations. A privileged local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-0494) It was discovered that the UDF file system implementation in the Linux kernel could attempt to dereference a null pointer in some situations. An attacker could use this to construct a malicious UDF image that, when mounted and operated on, could cause a denial of service (system crash). (CVE-2022-0617) David Bouman discovered that the netfilter subsystem in the Linux kernel did not initialize memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-1016) It was discovered that the implementation of the 6pack and mkiss protocols in the Linux kernel did not handle detach events properly in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1195) Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol implementation in the Linux kernel, leading to use-after-free vulnerabilities. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1205) It was discovered that the tty subsystem in the Linux kernel contained a race condition in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2022-1462) It was discovered that the implementation of X.25 network protocols in the Linux kernel did not terminate link layer sessions properly. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1516) Duoming Zhou discovered a race condition in the NFC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1974) Duoming Zhou discovered that the NFC subsystem in the Linux kernel did not properly prevent context switches from occurring during certain atomic context operations. A privileged local attacker could use this to cause a denial of service (system crash). (CVE-2022-1975) It was discovered that the HID subsystem in the Linux kernel did not properly validate inputs in certain conditions. A local attacker with physical access could plug in a specially crafted USB device to expose sensitive information. (CVE-2022-20132) It was discovered that the device-mapper verity (dm-verity) driver in the Linux kernel did not properly verify targets being loaded into the device- mapper table. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20572, CVE-2022-2503) Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-2318) Zheyu Ma discovered that the Silicon Motion SM712 framebuffer driver in the Linux kernel did not properly handle very small reads. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-2380) David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering. (CVE-2022-2663) Lucas Leong discovered that the LightNVM subsystem in the Linux kernel did not properly handle data lengths in certain situations. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2991) It was discovered that the Intel 740 frame buffer driver in the Linux kernel contained a divide by zero vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3061) Jiasheng Jiang discovered that the wm8350 charger driver in the Linux kernel did not properly deallocate memory, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3111) It was discovered that the sound subsystem in the Linux kernel contained a race condition in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3303) It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform bounds checking in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3628) Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36280) It was discovered that the NILFS2 file system implementation in the Linux kernel did not properly deallocate memory in certain error conditions. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3646) It was discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36879) It was discovered that the infrared transceiver USB driver did not properly handle USB control messages. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (memory exhaustion). (CVE-2022-3903) Jann Horn discovered a race condition existed in the Linux kernel when unmapping VMAs in certain situations, resulting in possible use-after-free vulnerabilities. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-39188) Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41218) It was discovered that a race condition existed in the SMSC UFX USB driver implementation in the Linux kernel, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41849) It was discovered that a race condition existed in the Roccat HID driver in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41850) It was discovered that the USB core subsystem in the Linux kernel did not properly handle nested reset events. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (kernel deadlock). (CVE-2022-4662) It was discovered that the network queuing discipline implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-47929) Kyle Zeng discovered that the IPv6 implementation in the Linux kernel contained a NULL pointer dereference vulnerability in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-0394) It was discovered that a memory leak existed in the SCTP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2023-1074) Mingi Cho discovered that the netfilter subsystem in the Linux kernel did not properly initialize a data structure, leading to a null pointer dereference vulnerability. An attacker could use this to cause a denial of service (system crash). (CVE-2023-1095) Kyle Zeng discovered that the ATM VC queuing discipline implementation in the Linux kernel contained a type confusion vulnerability in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2023-23455) Lianhui Tang discovered that the MPLS implementation in the Linux kernel did not properly handle certain sysctl allocation failure conditions, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-26545) It was discovered that the NTFS file system implementation in the Linux kernel did not properly validate attributes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2023-26607) Duoming Zhou discovered that a race condition existed in the infrared receiver/transceiver driver in the Linux kernel, leading to a use-after- free vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-1118) Update Instructions: Run `sudo pro fix USN-6014-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-tools-4.4.0-1118-kvm - 4.4.0-1118.128 linux-modules-4.4.0-1118-kvm - 4.4.0-1118.128 linux-kvm-tools-4.4.0-1118 - 4.4.0-1118.128 linux-kvm-cloud-tools-4.4.0-1118 - 4.4.0-1118.128 linux-headers-4.4.0-1118-kvm - 4.4.0-1118.128 linux-image-4.4.0-1118-kvm - 4.4.0-1118.128 linux-buildinfo-4.4.0-1118-kvm - 4.4.0-1118.128 linux-kvm-headers-4.4.0-1118 - 4.4.0-1118.128 linux-cloud-tools-4.4.0-1118-kvm - 4.4.0-1118.128 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-common - 4.4.0-239.273 linux-modules-extra-4.4.0-239-generic - 4.4.0-239.273 linux-tools-4.4.0-239 - 4.4.0-239.273 linux-source-4.4.0 - 4.4.0-239.273 linux-doc - 4.4.0-239.273 linux-cloud-tools-4.4.0-239-generic - 4.4.0-239.273 linux-modules-4.4.0-239-generic - 4.4.0-239.273 linux-cloud-tools-4.4.0-239-lowlatency - 4.4.0-239.273 linux-libc-dev - 4.4.0-239.273 linux-cloud-tools-4.4.0-239 - 4.4.0-239.273 linux-tools-4.4.0-239-generic - 4.4.0-239.273 linux-buildinfo-4.4.0-239-generic - 4.4.0-239.273 linux-image-4.4.0-239-lowlatency - 4.4.0-239.273 linux-tools-host - 4.4.0-239.273 linux-image-4.4.0-239-generic - 4.4.0-239.273 linux-image-unsigned-4.4.0-239-lowlatency - 4.4.0-239.273 linux-headers-4.4.0-239-lowlatency - 4.4.0-239.273 linux-headers-4.4.0-239-generic - 4.4.0-239.273 linux-cloud-tools-common - 4.4.0-239.273 linux-image-unsigned-4.4.0-239-generic - 4.4.0-239.273 linux-modules-4.4.0-239-lowlatency - 4.4.0-239.273 linux-buildinfo-4.4.0-239-lowlatency - 4.4.0-239.273 linux-headers-4.4.0-239 - 4.4.0-239.273 linux-tools-4.4.0-239-lowlatency - 4.4.0-239.273 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-kvm - 4.4.0.1118.115 linux-kvm - 4.4.0.1118.115 linux-headers-kvm - 4.4.0.1118.115 linux-image-kvm - 4.4.0.1118.115 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-image-generic-lts-utopic - 4.4.0.239.245 linux-cloud-tools-generic-lts-wily - 4.4.0.239.245 linux-cloud-tools-virtual-lts-xenial - 4.4.0.239.245 linux-cloud-tools-virtual - 4.4.0.239.245 linux-cloud-tools-virtual-lts-utopic - 4.4.0.239.245 linux-tools-generic-lts-vivid - 4.4.0.239.245 linux-image-extra-virtual-lts-xenial - 4.4.0.239.245 linux-image-extra-virtual-lts-wily - 4.4.0.239.245 linux-headers-generic-lts-wily - 4.4.0.239.245 linux-crashdump - 4.4.0.239.245 linux-tools-virtual-lts-vivid - 4.4.0.239.245 linux-image-virtual - 4.4.0.239.245 linux-tools-virtual-lts-wily - 4.4.0.239.245 linux-image-lowlatency-lts-vivid - 4.4.0.239.245 linux-tools-lowlatency-lts-vivid - 4.4.0.239.245 linux-cloud-tools-generic-lts-utopic - 4.4.0.239.245 linux-headers-virtual-lts-vivid - 4.4.0.239.245 linux-image-lowlatency-lts-wily - 4.4.0.239.245 linux-image-generic - 4.4.0.239.245 linux-tools-lowlatency - 4.4.0.239.245 linux-image-lowlatency-lts-xenial - 4.4.0.239.245 linux-tools-virtual-lts-xenial - 4.4.0.239.245 linux-signed-lowlatency-lts-wily - 4.4.0.239.245 linux-image-extra-virtual-lts-vivid - 4.4.0.239.245 linux-image-generic-lts-wily - 4.4.0.239.245 linux-virtual-lts-utopic - 4.4.0.239.245 linux-signed-generic-lts-wily - 4.4.0.239.245 linux-cloud-tools-lowlatency-lts-wily - 4.4.0.239.245 linux-image-extra-virtual-lts-utopic - 4.4.0.239.245 linux-signed-generic-lts-utopic - 4.4.0.239.245 linux-tools-lowlatency-lts-xenial - 4.4.0.239.245 linux-headers-generic-lts-xenial - 4.4.0.239.245 linux-signed-generic-lts-vivid - 4.4.0.239.245 linux-headers-lowlatency-lts-wily - 4.4.0.239.245 linux-virtual-lts-vivid - 4.4.0.239.245 linux-signed-lowlatency-lts-xenial - 4.4.0.239.245 linux-headers-lowlatency-lts-vivid - 4.4.0.239.245 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.239.245 linux-lowlatency-lts-xenial - 4.4.0.239.245 linux-signed-generic-lts-xenial - 4.4.0.239.245 linux-source - 4.4.0.239.245 linux-signed-image-generic - 4.4.0.239.245 linux-lowlatency - 4.4.0.239.245 linux-cloud-tools-lowlatency-lts-vivid - 4.4.0.239.245 linux-generic-lts-xenial - 4.4.0.239.245 linux-cloud-tools-generic - 4.4.0.239.245 linux-virtual - 4.4.0.239.245 linux-tools-virtual - 4.4.0.239.245 linux-cloud-tools-generic-lts-vivid - 4.4.0.239.245 linux-tools-generic-lts-utopic - 4.4.0.239.245 linux-cloud-tools-lowlatency-lts-utopic - 4.4.0.239.245 linux-signed-image-generic-lts-vivid - 4.4.0.239.245 linux-image-virtual-lts-vivid - 4.4.0.239.245 linux-virtual-lts-xenial - 4.4.0.239.245 linux-cloud-tools-virtual-lts-vivid - 4.4.0.239.245 linux-tools-lowlatency-lts-utopic - 4.4.0.239.245 linux-signed-image-generic-lts-wily - 4.4.0.239.245 linux-signed-image-lowlatency-lts-xenial - 4.4.0.239.245 linux-image-generic-lts-vivid - 4.4.0.239.245 linux-generic - 4.4.0.239.245 linux-tools-generic-lts-wily - 4.4.0.239.245 linux-tools-virtual-lts-utopic - 4.4.0.239.245 linux-headers-generic-lts-utopic - 4.4.0.239.245 linux-headers-lowlatency - 4.4.0.239.245 linux-lowlatency-lts-vivid - 4.4.0.239.245 linux-generic-lts-wily - 4.4.0.239.245 linux-image-hwe-virtual-trusty - 4.4.0.239.245 linux-signed-image-generic-lts-xenial - 4.4.0.239.245 linux-generic-lts-vivid - 4.4.0.239.245 linux-tools-lowlatency-lts-wily - 4.4.0.239.245 linux-headers-virtual-lts-xenial - 4.4.0.239.245 linux-headers-lowlatency-lts-utopic - 4.4.0.239.245 linux-hwe-generic-trusty - 4.4.0.239.245 linux-tools-generic - 4.4.0.239.245 linux-image-extra-virtual - 4.4.0.239.245 linux-image-generic-lts-xenial - 4.4.0.239.245 linux-cloud-tools-virtual-lts-wily - 4.4.0.239.245 linux-cloud-tools-lowlatency - 4.4.0.239.245 linux-lowlatency-lts-utopic - 4.4.0.239.245 linux-tools-generic-lts-xenial - 4.4.0.239.245 linux-signed-image-lowlatency - 4.4.0.239.245 linux-image-generic-lts-utopic - 4.4.0.239.245 linux-image-virtual-lts-wily - 4.4.0.239.245 linux-signed-generic - 4.4.0.239.245 linux-lowlatency-lts-wily - 4.4.0.239.245 linux-image-virtual-lts-utopic - 4.4.0.239.245 linux-headers-generic - 4.4.0.239.245 linux-tools-lts-utopic - 4.4.0.239.245 linux-generic-lts-utopic - 4.4.0.239.245 linux-headers-lowlatency-lts-xenial - 4.4.0.239.245 linux-image-hwe-generic-trusty - 4.4.0.239.245 linux-signed-image-lowlatency-lts-wily - 4.4.0.239.245 linux-headers-generic-lts-vivid - 4.4.0.239.245 linux-headers-virtual - 4.4.0.239.245 linux-cloud-tools-generic-lts-xenial - 4.4.0.239.245 linux-virtual-lts-wily - 4.4.0.239.245 linux-headers-virtual-lts-utopic - 4.4.0.239.245 linux-headers-virtual-lts-wily - 4.4.0.239.245 linux-hwe-virtual-trusty - 4.4.0.239.245 linux-signed-lowlatency - 4.4.0.239.245 linux-image-virtual-lts-xenial - 4.4.0.239.245 linux-image-lowlatency-lts-utopic - 4.4.0.239.245 linux-image-lowlatency - 4.4.0.239.245 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-36516 CVE-2021-26401 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-3428 CVE-2021-3659 CVE-2021-3669 CVE-2021-3732 CVE-2021-3772 CVE-2021-4149 CVE-2021-4203 CVE-2021-45868 CVE-2022-0487 CVE-2022-0494 CVE-2022-0617 CVE-2022-1016 CVE-2022-1195 CVE-2022-1205 CVE-2022-1462 CVE-2022-1516 CVE-2022-1974 CVE-2022-1975 CVE-2022-20132 CVE-2022-20572 CVE-2022-2318 CVE-2022-2380 CVE-2022-2503 CVE-2022-2663 CVE-2022-2991 CVE-2022-3061 CVE-2022-3111 CVE-2022-3303 CVE-2022-3628 CVE-2022-36280 CVE-2022-3646 CVE-2022-36879 CVE-2022-3903 CVE-2022-39188 CVE-2022-41218 CVE-2022-41849 CVE-2022-41850 CVE-2022-4662 CVE-2022-47929 CVE-2023-0394 CVE-2023-1074 CVE-2023-1095 CVE-2023-1118 CVE-2023-23455 CVE-2023-26545 CVE-2023-26607 Ubuntu 16.04 LTS Hadrien Perrineau discovered that Ghostscript incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6017-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.16.04.14+esm5 ghostscript-x - 9.26~dfsg+0-0ubuntu0.16.04.14+esm5 libgs-dev - 9.26~dfsg+0-0ubuntu0.16.04.14+esm5 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.16.04.14+esm5 libgs9 - 9.26~dfsg+0-0ubuntu0.16.04.14+esm5 libgs9-common - 9.26~dfsg+0-0ubuntu0.16.04.14+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-28879 Ubuntu 16.04 LTS It was discovered that Kamailio did not properly sanitize SIP messages under certain circumstances. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 ESM and 18.04 ESM. (CVE-2018-16657) It was discovered that Kamailio did not properly validate INVITE requests under certain circumstances. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code. (CVE-2020-27507) Update Instructions: Run `sudo pro fix USN-6022-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: kamailio-purple-modules - 4.3.4-1.1ubuntu2.1+esm1 kamailio-lua-modules - 4.3.4-1.1ubuntu2.1+esm1 kamailio-postgres-modules - 4.3.4-1.1ubuntu2.1+esm1 kamailio-perl-modules - 4.3.4-1.1ubuntu2.1+esm1 kamailio-mysql-modules - 4.3.4-1.1ubuntu2.1+esm1 kamailio-radius-modules - 4.3.4-1.1ubuntu2.1+esm1 kamailio-extra-modules - 4.3.4-1.1ubuntu2.1+esm1 kamailio - 4.3.4-1.1ubuntu2.1+esm1 kamailio-cpl-modules - 4.3.4-1.1ubuntu2.1+esm1 kamailio-mono-modules - 4.3.4-1.1ubuntu2.1+esm1 kamailio-kazoo-modules - 4.3.4-1.1ubuntu2.1+esm1 kamailio-cnxcc-modules - 4.3.4-1.1ubuntu2.1+esm1 kamailio-snmpstats-modules - 4.3.4-1.1ubuntu2.1+esm1 kamailio-java-modules - 4.3.4-1.1ubuntu2.1+esm1 kamailio-carrierroute-modules - 4.3.4-1.1ubuntu2.1+esm1 kamailio-tls-modules - 4.3.4-1.1ubuntu2.1+esm1 kamailio-xmpp-modules - 4.3.4-1.1ubuntu2.1+esm1 kamailio-presence-modules - 4.3.4-1.1ubuntu2.1+esm1 kamailio-dnssec-modules - 4.3.4-1.1ubuntu2.1+esm1 kamailio-json-modules - 4.3.4-1.1ubuntu2.1+esm1 kamailio-geoip-modules - 4.3.4-1.1ubuntu2.1+esm1 kamailio-sqlite-modules - 4.3.4-1.1ubuntu2.1+esm1 kamailio-ldap-modules - 4.3.4-1.1ubuntu2.1+esm1 kamailio-websocket-modules - 4.3.4-1.1ubuntu2.1+esm1 kamailio-ims-modules - 4.3.4-1.1ubuntu2.1+esm1 kamailio-redis-modules - 4.3.4-1.1ubuntu2.1+esm1 kamailio-erlang-modules - 4.3.4-1.1ubuntu2.1+esm1 kamailio-autheph-modules - 4.3.4-1.1ubuntu2.1+esm1 kamailio-outbound-modules - 4.3.4-1.1ubuntu2.1+esm1 kamailio-python-modules - 4.3.4-1.1ubuntu2.1+esm1 kamailio-berkeley-modules - 4.3.4-1.1ubuntu2.1+esm1 kamailio-utils-modules - 4.3.4-1.1ubuntu2.1+esm1 kamailio-unixodbc-modules - 4.3.4-1.1ubuntu2.1+esm1 kamailio-sctp-modules - 4.3.4-1.1ubuntu2.1+esm1 kamailio-xml-modules - 4.3.4-1.1ubuntu2.1+esm1 kamailio-berkeley-bin - 4.3.4-1.1ubuntu2.1+esm1 kamailio-memcached-modules - 4.3.4-1.1ubuntu2.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-16657 CVE-2020-27507 Ubuntu 16.04 LTS It was discovered that lixml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2023-28484) It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash. (CVE-2023-29469) Update Instructions: Run `sudo pro fix USN-6028-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxml2 - 2.9.3+dfsg1-1ubuntu0.7+esm5 libxml2-dev - 2.9.3+dfsg1-1ubuntu0.7+esm5 python-libxml2 - 2.9.3+dfsg1-1ubuntu0.7+esm5 libxml2-doc - 2.9.3+dfsg1-1ubuntu0.7+esm5 libxml2-utils - 2.9.3+dfsg1-1ubuntu0.7+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-28484 CVE-2023-29469 Ubuntu 16.04 LTS It was discovered that the Traffic-Control Index (TCINDEX) implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-1281) It was discovered that the infrared transceiver USB driver did not properly handle USB control messages. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (memory exhaustion). (CVE-2022-3903) It was discovered that the Human Interface Device (HID) support driver in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-1073) It was discovered that a memory leak existed in the SCTP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2023-1074) Lianhui Tang discovered that the MPLS implementation in the Linux kernel did not properly handle certain sysctl allocation failure conditions, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-26545) Update Instructions: Run `sudo pro fix USN-6029-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1117-oracle - 4.15.0-1117.128~16.04.1 linux-headers-4.15.0-1117-oracle - 4.15.0-1117.128~16.04.1 linux-image-unsigned-4.15.0-1117-oracle - 4.15.0-1117.128~16.04.1 linux-image-4.15.0-1117-oracle - 4.15.0-1117.128~16.04.1 linux-oracle-headers-4.15.0-1117 - 4.15.0-1117.128~16.04.1 linux-oracle-tools-4.15.0-1117 - 4.15.0-1117.128~16.04.1 linux-modules-extra-4.15.0-1117-oracle - 4.15.0-1117.128~16.04.1 linux-tools-4.15.0-1117-oracle - 4.15.0-1117.128~16.04.1 linux-modules-4.15.0-1117-oracle - 4.15.0-1117.128~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-4.15.0-1148-gcp - 4.15.0-1148.164~16.04.1 linux-buildinfo-4.15.0-1148-gcp - 4.15.0-1148.164~16.04.1 linux-tools-4.15.0-1148-gcp - 4.15.0-1148.164~16.04.1 linux-image-unsigned-4.15.0-1148-gcp - 4.15.0-1148.164~16.04.1 linux-image-4.15.0-1148-gcp - 4.15.0-1148.164~16.04.1 linux-headers-4.15.0-1148-gcp - 4.15.0-1148.164~16.04.1 linux-gcp-tools-4.15.0-1148 - 4.15.0-1148.164~16.04.1 linux-modules-4.15.0-1148-gcp - 4.15.0-1148.164~16.04.1 linux-gcp-headers-4.15.0-1148 - 4.15.0-1148.164~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-headers-4.15.0-1154 - 4.15.0-1154.167~16.04.1 linux-buildinfo-4.15.0-1154-aws - 4.15.0-1154.167~16.04.1 linux-cloud-tools-4.15.0-1154-aws - 4.15.0-1154.167~16.04.1 linux-modules-extra-4.15.0-1154-aws - 4.15.0-1154.167~16.04.1 linux-tools-4.15.0-1154-aws - 4.15.0-1154.167~16.04.1 linux-aws-hwe-tools-4.15.0-1154 - 4.15.0-1154.167~16.04.1 linux-aws-hwe-cloud-tools-4.15.0-1154 - 4.15.0-1154.167~16.04.1 linux-headers-4.15.0-1154-aws - 4.15.0-1154.167~16.04.1 linux-image-4.15.0-1154-aws - 4.15.0-1154.167~16.04.1 linux-image-unsigned-4.15.0-1154-aws - 4.15.0-1154.167~16.04.1 linux-modules-4.15.0-1154-aws - 4.15.0-1154.167~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-unsigned-4.15.0-1163-azure - 4.15.0-1163.178~16.04.1 linux-image-4.15.0-1163-azure - 4.15.0-1163.178~16.04.1 linux-azure-tools-4.15.0-1163 - 4.15.0-1163.178~16.04.1 linux-buildinfo-4.15.0-1163-azure - 4.15.0-1163.178~16.04.1 linux-azure-cloud-tools-4.15.0-1163 - 4.15.0-1163.178~16.04.1 linux-modules-4.15.0-1163-azure - 4.15.0-1163.178~16.04.1 linux-headers-4.15.0-1163-azure - 4.15.0-1163.178~16.04.1 linux-azure-headers-4.15.0-1163 - 4.15.0-1163.178~16.04.1 linux-tools-4.15.0-1163-azure - 4.15.0-1163.178~16.04.1 linux-cloud-tools-4.15.0-1163-azure - 4.15.0-1163.178~16.04.1 linux-modules-extra-4.15.0-1163-azure - 4.15.0-1163.178~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-4.15.0-209-lowlatency - 4.15.0-209.220~16.04.1 linux-hwe-tools-4.15.0-209 - 4.15.0-209.220~16.04.1 linux-buildinfo-4.15.0-209-lowlatency - 4.15.0-209.220~16.04.1 linux-hwe-cloud-tools-4.15.0-209 - 4.15.0-209.220~16.04.1 linux-tools-4.15.0-209-lowlatency - 4.15.0-209.220~16.04.1 linux-modules-4.15.0-209-generic - 4.15.0-209.220~16.04.1 linux-image-unsigned-4.15.0-209-generic - 4.15.0-209.220~16.04.1 linux-image-4.15.0-209-lowlatency - 4.15.0-209.220~16.04.1 linux-image-unsigned-4.15.0-209-lowlatency - 4.15.0-209.220~16.04.1 linux-modules-extra-4.15.0-209-generic - 4.15.0-209.220~16.04.1 linux-tools-4.15.0-209-generic - 4.15.0-209.220~16.04.1 linux-modules-4.15.0-209-lowlatency - 4.15.0-209.220~16.04.1 linux-cloud-tools-4.15.0-209-generic - 4.15.0-209.220~16.04.1 linux-buildinfo-4.15.0-209-generic - 4.15.0-209.220~16.04.1 linux-image-4.15.0-209-generic - 4.15.0-209.220~16.04.1 linux-headers-4.15.0-209 - 4.15.0-209.220~16.04.1 linux-source-4.15.0 - 4.15.0-209.220~16.04.1 linux-cloud-tools-4.15.0-209-lowlatency - 4.15.0-209.220~16.04.1 linux-headers-4.15.0-209-generic - 4.15.0-209.220~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 4.15.0.1117.98 linux-tools-oracle - 4.15.0.1117.98 linux-signed-image-oracle - 4.15.0.1117.98 linux-signed-oracle - 4.15.0.1117.98 linux-image-oracle - 4.15.0.1117.98 linux-oracle - 4.15.0.1117.98 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-gke - 4.15.0.1148.138 linux-headers-gke - 4.15.0.1148.138 linux-modules-extra-gcp - 4.15.0.1148.138 linux-tools-gke - 4.15.0.1148.138 linux-tools-gcp - 4.15.0.1148.138 linux-gke - 4.15.0.1148.138 linux-gcp - 4.15.0.1148.138 linux-image-gke - 4.15.0.1148.138 linux-headers-gcp - 4.15.0.1148.138 linux-image-gcp - 4.15.0.1148.138 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-hwe - 4.15.0.1154.137 linux-modules-extra-aws-hwe - 4.15.0.1154.137 linux-aws-edge - 4.15.0.1154.137 linux-image-aws-hwe - 4.15.0.1154.137 linux-headers-aws-hwe - 4.15.0.1154.137 linux-tools-aws-hwe - 4.15.0.1154.137 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1163.147 linux-tools-azure-edge - 4.15.0.1163.147 linux-cloud-tools-azure - 4.15.0.1163.147 linux-tools-azure - 4.15.0.1163.147 linux-image-azure-edge - 4.15.0.1163.147 linux-signed-image-azure-edge - 4.15.0.1163.147 linux-cloud-tools-azure-edge - 4.15.0.1163.147 linux-modules-extra-azure - 4.15.0.1163.147 linux-azure - 4.15.0.1163.147 linux-image-azure - 4.15.0.1163.147 linux-signed-image-azure - 4.15.0.1163.147 linux-headers-azure-edge - 4.15.0.1163.147 linux-azure-edge - 4.15.0.1163.147 linux-modules-extra-azure-edge - 4.15.0.1163.147 linux-signed-azure-edge - 4.15.0.1163.147 linux-headers-azure - 4.15.0.1163.147 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-generic-hwe-16.04-edge - 4.15.0.209.194 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.209.194 linux-image-extra-virtual-hwe-16.04 - 4.15.0.209.194 linux-image-oem - 4.15.0.209.194 linux-headers-generic-hwe-16.04-edge - 4.15.0.209.194 linux-image-lowlatency-hwe-16.04 - 4.15.0.209.194 linux-tools-virtual-hwe-16.04 - 4.15.0.209.194 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.209.194 linux-image-virtual-hwe-16.04-edge - 4.15.0.209.194 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.209.194 linux-signed-lowlatency-hwe-16.04 - 4.15.0.209.194 linux-generic-hwe-16.04-edge - 4.15.0.209.194 linux-signed-image-oem - 4.15.0.209.194 linux-headers-lowlatency-hwe-16.04 - 4.15.0.209.194 linux-virtual-hwe-16.04 - 4.15.0.209.194 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.209.194 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.209.194 linux-tools-generic-hwe-16.04 - 4.15.0.209.194 linux-tools-oem - 4.15.0.209.194 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.209.194 linux-headers-oem - 4.15.0.209.194 linux-signed-image-generic-hwe-16.04 - 4.15.0.209.194 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.209.194 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.209.194 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.209.194 linux-headers-virtual-hwe-16.04-edge - 4.15.0.209.194 linux-lowlatency-hwe-16.04 - 4.15.0.209.194 linux-headers-generic-hwe-16.04 - 4.15.0.209.194 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.209.194 linux-generic-hwe-16.04 - 4.15.0.209.194 linux-tools-virtual-hwe-16.04-edge - 4.15.0.209.194 linux-oem - 4.15.0.209.194 linux-lowlatency-hwe-16.04-edge - 4.15.0.209.194 linux-image-generic-hwe-16.04 - 4.15.0.209.194 linux-image-generic-hwe-16.04-edge - 4.15.0.209.194 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.209.194 linux-virtual-hwe-16.04-edge - 4.15.0.209.194 linux-tools-lowlatency-hwe-16.04 - 4.15.0.209.194 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.209.194 linux-headers-virtual-hwe-16.04 - 4.15.0.209.194 linux-signed-oem - 4.15.0.209.194 linux-image-virtual-hwe-16.04 - 4.15.0.209.194 linux-signed-generic-hwe-16.04 - 4.15.0.209.194 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.209.194 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.209.194 linux-tools-generic-hwe-16.04-edge - 4.15.0.209.194 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-3903 CVE-2023-1073 CVE-2023-1074 CVE-2023-1281 CVE-2023-26545 Ubuntu 16.04 LTS It was discovered that Dnsmasq was sending large DNS messages over UDP, possibly causing transmission failures due to IP fragmentation. This update lowers the default maximum size of DNS messages to improve transmission reliability over UDP. Update Instructions: Run `sudo pro fix USN-6034-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsmasq - 2.79-1ubuntu0.16.04.1+esm2 dnsmasq-base-lua - 2.79-1ubuntu0.16.04.1+esm2 dnsmasq-utils - 2.79-1ubuntu0.16.04.1+esm2 dnsmasq-base - 2.79-1ubuntu0.16.04.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-28450 Ubuntu 16.04 LTS It was discovered that KAuth incorrectly handled some configuration parameters with specially crafted arbitrary types. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6035-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libkf5auth-data - 5.18.0-0ubuntu2+esm1 libkf5auth-bin-dev - 5.18.0-0ubuntu2+esm1 libkf5auth-dev - 5.18.0-0ubuntu2+esm1 libkf5auth5 - 5.18.0-0ubuntu2+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-7443 Ubuntu 16.04 LTS ZeddYu Lu discovered that the FTP client from Apache Commons Net trusted the host from PASV responses by default. A remote attacker with a malicious FTP server could redirect the client to another server, which could possibly result in leaked information about services running on the private network of the client. Update Instructions: Run `sudo pro fix USN-6037-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcommons-net-java-doc - 3.4-2ubuntu2+esm1 libcommons-net-java - 3.4-2ubuntu2+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-37533 Ubuntu 16.04 LTS USN-6038-1 fixed several vulnerabilities in Go 1.18. This update provides the corresponding updates for Go 1.13 and Go 1.16. CVE-2022-29526 and CVE-2022-30630 only affected Go 1.16. Original advisory details: It was discovered that the Go net/http module incorrectly handled Transfer-Encoding headers in the HTTP/1 client. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. (CVE-2022-1705) It was discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting into a denial of service. (CVE-2022-1962, CVE-2022-27664, CVE-2022-28131, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632, CVE-2022-30633, CVE-2022-30635, CVE-2022-32189, CVE-2022-41715, CVE-2022-41717, CVE-2023-24534, CVE-2023-24537) It was discovered that Go did not properly implemented the maximum size of file headers in Reader.Read. An attacker could possibly use this issue to cause a panic resulting into a denial of service. (CVE-2022-2879) It was discovered that the Go net/http module incorrectly handled query parameters in requests forwarded by ReverseProxy. A remote attacker could possibly use this issue to perform an HTTP Query Parameter Smuggling attack. (CVE-2022-2880) It was discovered that Go did not properly manage the permissions for Faccessat function. A attacker could possibly use this issue to expose sensitive information. (CVE-2022-29526) It was discovered that Go did not properly generate the values for ticket_age_add in session tickets. An attacker could possibly use this issue to observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption. (CVE-2022-30629) It was discovered that Go did not properly manage client IP addresses in net/http. An attacker could possibly use this issue to cause ReverseProxy to set the client IP as the value of the X-Forwarded-For header. (CVE-2022-32148) It was discovered that Go did not properly validate backticks (`) as Javascript string delimiters, and do not escape them as expected. An attacker could possibly use this issue to inject arbitrary Javascript code into the Go template. (CVE-2023-24538) Update Instructions: Run `sudo pro fix USN-6038-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: golang-1.13 - 1.13.8-1ubuntu1~16.04.3+esm3 golang-1.13-doc - 1.13.8-1ubuntu1~16.04.3+esm3 golang-1.13-go - 1.13.8-1ubuntu1~16.04.3+esm3 golang-1.13-src - 1.13.8-1ubuntu1~16.04.3+esm3 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-1705 CVE-2022-27664 CVE-2022-28131 CVE-2022-2879 CVE-2022-2880 CVE-2022-29526 CVE-2022-30629 CVE-2022-30630 CVE-2022-30631 CVE-2022-30632 CVE-2022-30633 CVE-2022-30635 CVE-2022-32148 CVE-2022-32189 CVE-2022-41717 CVE-2023-24534 CVE-2023-24537 CVE-2023-24538 Ubuntu 16.04 LTS It was discovered that OpenSSL was not properly managing file locks when processing policy constraints. If a user or automated system were tricked into processing a certificate chain with specially crafted policy constraints, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-3996) David Benjamin discovered that OpenSSL was not properly performing the verification of X.509 certificate chains that include policy constraints, which could lead to excessive resource consumption. If a user or automated system were tricked into processing a specially crafted X.509 certificate chain that includes policy constraints, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-0464) David Benjamin discovered that OpenSSL was not properly handling invalid certificate policies in leaf certificates, which would result in certain policy checks being skipped for the certificate. If a user or automated system were tricked into processing a specially crafted certificate, a remote attacker could possibly use this issue to assert invalid certificate policies and circumvent policy checking. (CVE-2023-0465) David Benjamin discovered that OpenSSL incorrectly documented the functionalities of function X509_VERIFY_PARAM_add0_policy, stating that it would implicitly enable certificate policy checks when doing certificate verifications, contrary to its implementation. This could cause users and applications to not perform certificate policy checks even when expected to do so. (CVE-2023-0466) Update Instructions: Run `sudo pro fix USN-6039-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl-dev - 1.0.2g-1ubuntu4.20+esm7 openssl - 1.0.2g-1ubuntu4.20+esm7 libssl-doc - 1.0.2g-1ubuntu4.20+esm7 libssl1.0.0 - 1.0.2g-1ubuntu4.20+esm7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2022-3996 CVE-2023-0464 CVE-2023-0466 Ubuntu 16.04 LTS James Golovich discovered that sensitive data could be exposed in logs. An attacker could use this information to find hashed passwords and possibly escalate their privilege. Update Instructions: Run `sudo pro fix USN-6042-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cloud-init - 21.1-19-gbad84ad4-0ubuntu1~16.04.4 ec2-init - 21.1-19-gbad84ad4-0ubuntu1~16.04.4 grub-legacy-ec2 - 21.1-19-gbad84ad4-0ubuntu1~16.04.4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-1786 https://bugs.launchpad.net/cloud-init/+bug/2013967 Ubuntu 16.04 LTS It was discovered that the Traffic-Control Index (TCINDEX) implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. (CVE-2023-1829) Gwnaun Jung discovered that the SFB packet scheduling implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3586) Zheng Wang and Zhuorao Yang discovered that the RealTek RTL8712U wireless driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-4095) It was discovered that the TIPC protocol implementation in the Linux kernel did not properly validate the queue of socket buffers (skb) when handling certain UDP packets. A remote attacker could use this to cause a denial of service. (CVE-2023-1390) It was discovered that the Xircom PCMCIA network device driver in the Linux kernel did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2023-1670) Update Instructions: Run `sudo pro fix USN-6045-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.4.0-1119-kvm - 4.4.0-1119.129 linux-modules-4.4.0-1119-kvm - 4.4.0-1119.129 linux-kvm-cloud-tools-4.4.0-1119 - 4.4.0-1119.129 linux-cloud-tools-4.4.0-1119-kvm - 4.4.0-1119.129 linux-kvm-tools-4.4.0-1119 - 4.4.0-1119.129 linux-headers-4.4.0-1119-kvm - 4.4.0-1119.129 linux-kvm-headers-4.4.0-1119 - 4.4.0-1119.129 linux-tools-4.4.0-1119-kvm - 4.4.0-1119.129 linux-image-4.4.0-1119-kvm - 4.4.0-1119.129 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-headers-4.4.0-1156 - 4.4.0-1156.171 linux-modules-4.4.0-1156-aws - 4.4.0-1156.171 linux-headers-4.4.0-1156-aws - 4.4.0-1156.171 linux-aws-cloud-tools-4.4.0-1156 - 4.4.0-1156.171 linux-tools-4.4.0-1156-aws - 4.4.0-1156.171 linux-buildinfo-4.4.0-1156-aws - 4.4.0-1156.171 linux-modules-extra-4.4.0-1156-aws - 4.4.0-1156.171 linux-aws-tools-4.4.0-1156 - 4.4.0-1156.171 linux-image-4.4.0-1156-aws - 4.4.0-1156.171 linux-cloud-tools-4.4.0-1156-aws - 4.4.0-1156.171 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-common - 4.4.0-240.274 linux-tools-host - 4.4.0-240.274 linux-modules-extra-4.4.0-240-generic - 4.4.0-240.274 linux-doc - 4.4.0-240.274 linux-cloud-tools-4.4.0-240-lowlatency - 4.4.0-240.274 linux-image-unsigned-4.4.0-240-generic - 4.4.0-240.274 linux-libc-dev - 4.4.0-240.274 linux-buildinfo-4.4.0-240-generic - 4.4.0-240.274 linux-image-4.4.0-240-lowlatency - 4.4.0-240.274 linux-buildinfo-4.4.0-240-lowlatency - 4.4.0-240.274 linux-tools-4.4.0-240-lowlatency - 4.4.0-240.274 linux-modules-4.4.0-240-lowlatency - 4.4.0-240.274 linux-tools-4.4.0-240 - 4.4.0-240.274 linux-headers-4.4.0-240-lowlatency - 4.4.0-240.274 linux-image-unsigned-4.4.0-240-lowlatency - 4.4.0-240.274 linux-cloud-tools-common - 4.4.0-240.274 linux-headers-4.4.0-240 - 4.4.0-240.274 linux-source-4.4.0 - 4.4.0-240.274 linux-modules-4.4.0-240-generic - 4.4.0-240.274 linux-image-4.4.0-240-generic - 4.4.0-240.274 linux-tools-4.4.0-240-generic - 4.4.0-240.274 linux-cloud-tools-4.4.0-240 - 4.4.0-240.274 linux-cloud-tools-4.4.0-240-generic - 4.4.0-240.274 linux-headers-4.4.0-240-generic - 4.4.0-240.274 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-kvm - 4.4.0.1119.116 linux-headers-kvm - 4.4.0.1119.116 linux-image-kvm - 4.4.0.1119.116 linux-tools-kvm - 4.4.0.1119.116 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-aws - 4.4.0.1156.160 linux-image-aws - 4.4.0.1156.160 linux-aws - 4.4.0.1156.160 linux-tools-aws - 4.4.0.1156.160 linux-modules-extra-aws - 4.4.0.1156.160 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-image-generic-lts-utopic - 4.4.0.240.246 linux-cloud-tools-generic-lts-wily - 4.4.0.240.246 linux-cloud-tools-virtual-lts-xenial - 4.4.0.240.246 linux-cloud-tools-virtual - 4.4.0.240.246 linux-cloud-tools-virtual-lts-utopic - 4.4.0.240.246 linux-tools-generic-lts-vivid - 4.4.0.240.246 linux-image-extra-virtual-lts-xenial - 4.4.0.240.246 linux-headers-lowlatency-lts-utopic - 4.4.0.240.246 linux-image-extra-virtual-lts-wily - 4.4.0.240.246 linux-headers-generic-lts-wily - 4.4.0.240.246 linux-crashdump - 4.4.0.240.246 linux-tools-virtual-lts-vivid - 4.4.0.240.246 linux-image-virtual - 4.4.0.240.246 linux-generic-lts-vivid - 4.4.0.240.246 linux-image-lowlatency-lts-vivid - 4.4.0.240.246 linux-tools-lowlatency-lts-vivid - 4.4.0.240.246 linux-cloud-tools-generic-lts-utopic - 4.4.0.240.246 linux-headers-virtual-lts-vivid - 4.4.0.240.246 linux-image-lowlatency-lts-wily - 4.4.0.240.246 linux-image-generic - 4.4.0.240.246 linux-tools-lowlatency - 4.4.0.240.246 linux-image-lowlatency-lts-xenial - 4.4.0.240.246 linux-tools-virtual-lts-xenial - 4.4.0.240.246 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.240.246 linux-image-extra-virtual-lts-vivid - 4.4.0.240.246 linux-image-generic-lts-wily - 4.4.0.240.246 linux-virtual-lts-utopic - 4.4.0.240.246 linux-signed-generic-lts-wily - 4.4.0.240.246 linux-cloud-tools-lowlatency-lts-wily - 4.4.0.240.246 linux-image-extra-virtual-lts-utopic - 4.4.0.240.246 linux-signed-generic-lts-utopic - 4.4.0.240.246 linux-tools-lowlatency-lts-xenial - 4.4.0.240.246 linux-headers-generic-lts-xenial - 4.4.0.240.246 linux-signed-generic-lts-vivid - 4.4.0.240.246 linux-headers-lowlatency-lts-wily - 4.4.0.240.246 linux-virtual-lts-vivid - 4.4.0.240.246 linux-signed-lowlatency-lts-xenial - 4.4.0.240.246 linux-headers-lowlatency-lts-vivid - 4.4.0.240.246 linux-lowlatency-lts-xenial - 4.4.0.240.246 linux-image-virtual-lts-utopic - 4.4.0.240.246 linux-signed-generic-lts-xenial - 4.4.0.240.246 linux-source - 4.4.0.240.246 linux-signed-image-generic - 4.4.0.240.246 linux-lowlatency - 4.4.0.240.246 linux-cloud-tools-lowlatency-lts-vivid - 4.4.0.240.246 linux-generic-lts-xenial - 4.4.0.240.246 linux-tools-virtual - 4.4.0.240.246 linux-virtual - 4.4.0.240.246 linux-cloud-tools-generic-lts-vivid - 4.4.0.240.246 linux-tools-generic-lts-utopic - 4.4.0.240.246 linux-cloud-tools-lowlatency-lts-utopic - 4.4.0.240.246 linux-signed-image-generic-lts-vivid - 4.4.0.240.246 linux-image-virtual-lts-xenial - 4.4.0.240.246 linux-image-virtual-lts-vivid - 4.4.0.240.246 linux-virtual-lts-xenial - 4.4.0.240.246 linux-cloud-tools-virtual-lts-vivid - 4.4.0.240.246 linux-tools-lowlatency-lts-utopic - 4.4.0.240.246 linux-signed-image-generic-lts-wily - 4.4.0.240.246 linux-signed-image-lowlatency-lts-xenial - 4.4.0.240.246 linux-image-generic-lts-vivid - 4.4.0.240.246 linux-generic - 4.4.0.240.246 linux-tools-generic-lts-wily - 4.4.0.240.246 linux-tools-virtual-lts-utopic - 4.4.0.240.246 linux-headers-lowlatency - 4.4.0.240.246 linux-lowlatency-lts-vivid - 4.4.0.240.246 linux-generic-lts-wily - 4.4.0.240.246 linux-image-hwe-virtual-trusty - 4.4.0.240.246 linux-signed-image-generic-lts-xenial - 4.4.0.240.246 linux-tools-virtual-lts-wily - 4.4.0.240.246 linux-tools-lowlatency-lts-wily - 4.4.0.240.246 linux-headers-virtual-lts-xenial - 4.4.0.240.246 linux-hwe-generic-trusty - 4.4.0.240.246 linux-tools-generic - 4.4.0.240.246 linux-image-extra-virtual - 4.4.0.240.246 linux-signed-lowlatency-lts-wily - 4.4.0.240.246 linux-cloud-tools-generic - 4.4.0.240.246 linux-image-generic-lts-xenial - 4.4.0.240.246 linux-headers-generic-lts-utopic - 4.4.0.240.246 linux-cloud-tools-virtual-lts-wily - 4.4.0.240.246 linux-cloud-tools-lowlatency - 4.4.0.240.246 linux-lowlatency-lts-utopic - 4.4.0.240.246 linux-tools-generic-lts-xenial - 4.4.0.240.246 linux-signed-image-lowlatency - 4.4.0.240.246 linux-image-generic-lts-utopic - 4.4.0.240.246 linux-image-virtual-lts-wily - 4.4.0.240.246 linux-signed-generic - 4.4.0.240.246 linux-lowlatency-lts-wily - 4.4.0.240.246 linux-headers-generic - 4.4.0.240.246 linux-headers-virtual-lts-utopic - 4.4.0.240.246 linux-generic-lts-utopic - 4.4.0.240.246 linux-headers-lowlatency-lts-xenial - 4.4.0.240.246 linux-image-hwe-generic-trusty - 4.4.0.240.246 linux-signed-image-lowlatency-lts-wily - 4.4.0.240.246 linux-headers-generic-lts-vivid - 4.4.0.240.246 linux-headers-virtual - 4.4.0.240.246 linux-cloud-tools-generic-lts-xenial - 4.4.0.240.246 linux-virtual-lts-wily - 4.4.0.240.246 linux-headers-virtual-lts-wily - 4.4.0.240.246 linux-tools-lts-utopic - 4.4.0.240.246 linux-hwe-virtual-trusty - 4.4.0.240.246 linux-signed-lowlatency - 4.4.0.240.246 linux-image-lowlatency-lts-utopic - 4.4.0.240.246 linux-image-lowlatency - 4.4.0.240.246 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-3586 CVE-2022-4095 CVE-2023-1390 CVE-2023-1670 CVE-2023-1829 Ubuntu 16.04 LTS It was discovered that OpenSSL-ibmca incorrectly handled certain RSA decryption. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-6046-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssl-ibmca - 1.3.0-0ubuntu2.16.04.3 Available with Ubuntu Pro: https://ubuntu.com/pro None https://launchpad.net/bugs/2015454 Ubuntu 16.04 LTS It was discovered that the Traffic-Control Index (TCINDEX) implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. Update Instructions: Run `sudo pro fix USN-6047-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-extra-4.15.0-1118-oracle - 4.15.0-1118.129~16.04.1 linux-image-4.15.0-1118-oracle - 4.15.0-1118.129~16.04.1 linux-buildinfo-4.15.0-1118-oracle - 4.15.0-1118.129~16.04.1 linux-headers-4.15.0-1118-oracle - 4.15.0-1118.129~16.04.1 linux-oracle-headers-4.15.0-1118 - 4.15.0-1118.129~16.04.1 linux-oracle-tools-4.15.0-1118 - 4.15.0-1118.129~16.04.1 linux-modules-4.15.0-1118-oracle - 4.15.0-1118.129~16.04.1 linux-image-unsigned-4.15.0-1118-oracle - 4.15.0-1118.129~16.04.1 linux-tools-4.15.0-1118-oracle - 4.15.0-1118.129~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-1149-gcp - 4.15.0-1149.165~16.04.1 linux-modules-extra-4.15.0-1149-gcp - 4.15.0-1149.165~16.04.1 linux-headers-4.15.0-1149-gcp - 4.15.0-1149.165~16.04.1 linux-modules-4.15.0-1149-gcp - 4.15.0-1149.165~16.04.1 linux-gcp-tools-4.15.0-1149 - 4.15.0-1149.165~16.04.1 linux-image-4.15.0-1149-gcp - 4.15.0-1149.165~16.04.1 linux-gcp-headers-4.15.0-1149 - 4.15.0-1149.165~16.04.1 linux-image-unsigned-4.15.0-1149-gcp - 4.15.0-1149.165~16.04.1 linux-tools-4.15.0-1149-gcp - 4.15.0-1149.165~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-unsigned-4.15.0-1164-azure - 4.15.0-1164.179~16.04.1 linux-headers-4.15.0-1164-azure - 4.15.0-1164.179~16.04.1 linux-tools-4.15.0-1164-azure - 4.15.0-1164.179~16.04.1 linux-modules-extra-4.15.0-1164-azure - 4.15.0-1164.179~16.04.1 linux-azure-tools-4.15.0-1164 - 4.15.0-1164.179~16.04.1 linux-azure-cloud-tools-4.15.0-1164 - 4.15.0-1164.179~16.04.1 linux-buildinfo-4.15.0-1164-azure - 4.15.0-1164.179~16.04.1 linux-azure-headers-4.15.0-1164 - 4.15.0-1164.179~16.04.1 linux-cloud-tools-4.15.0-1164-azure - 4.15.0-1164.179~16.04.1 linux-image-4.15.0-1164-azure - 4.15.0-1164.179~16.04.1 linux-modules-4.15.0-1164-azure - 4.15.0-1164.179~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-4.15.0-210-generic - 4.15.0-210.221~16.04.1 linux-hwe-cloud-tools-4.15.0-210 - 4.15.0-210.221~16.04.1 linux-hwe-tools-4.15.0-210 - 4.15.0-210.221~16.04.1 linux-image-4.15.0-210-lowlatency - 4.15.0-210.221~16.04.1 linux-headers-4.15.0-210-lowlatency - 4.15.0-210.221~16.04.1 linux-cloud-tools-4.15.0-210-lowlatency - 4.15.0-210.221~16.04.1 linux-headers-4.15.0-210 - 4.15.0-210.221~16.04.1 linux-buildinfo-4.15.0-210-lowlatency - 4.15.0-210.221~16.04.1 linux-buildinfo-4.15.0-210-generic - 4.15.0-210.221~16.04.1 linux-image-4.15.0-210-generic - 4.15.0-210.221~16.04.1 linux-image-unsigned-4.15.0-210-lowlatency - 4.15.0-210.221~16.04.1 linux-modules-4.15.0-210-lowlatency - 4.15.0-210.221~16.04.1 linux-modules-4.15.0-210-generic - 4.15.0-210.221~16.04.1 linux-modules-extra-4.15.0-210-generic - 4.15.0-210.221~16.04.1 linux-image-unsigned-4.15.0-210-generic - 4.15.0-210.221~16.04.1 linux-tools-4.15.0-210-generic - 4.15.0-210.221~16.04.1 linux-headers-4.15.0-210-generic - 4.15.0-210.221~16.04.1 linux-tools-4.15.0-210-lowlatency - 4.15.0-210.221~16.04.1 linux-source-4.15.0 - 4.15.0-210.221~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 4.15.0.1118.99 linux-tools-oracle - 4.15.0.1118.99 linux-signed-image-oracle - 4.15.0.1118.99 linux-signed-oracle - 4.15.0.1118.99 linux-image-oracle - 4.15.0.1118.99 linux-oracle - 4.15.0.1118.99 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-gke - 4.15.0.1149.139 linux-tools-gke - 4.15.0.1149.139 linux-tools-gcp - 4.15.0.1149.139 linux-gke - 4.15.0.1149.139 linux-gcp - 4.15.0.1149.139 linux-image-gke - 4.15.0.1149.139 linux-headers-gke - 4.15.0.1149.139 linux-headers-gcp - 4.15.0.1149.139 linux-image-gcp - 4.15.0.1149.139 linux-modules-extra-gcp - 4.15.0.1149.139 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1164.148 linux-tools-azure-edge - 4.15.0.1164.148 linux-tools-azure - 4.15.0.1164.148 linux-cloud-tools-azure - 4.15.0.1164.148 linux-image-azure-edge - 4.15.0.1164.148 linux-cloud-tools-azure-edge - 4.15.0.1164.148 linux-modules-extra-azure - 4.15.0.1164.148 linux-azure - 4.15.0.1164.148 linux-signed-image-azure-edge - 4.15.0.1164.148 linux-image-azure - 4.15.0.1164.148 linux-signed-image-azure - 4.15.0.1164.148 linux-headers-azure-edge - 4.15.0.1164.148 linux-azure-edge - 4.15.0.1164.148 linux-modules-extra-azure-edge - 4.15.0.1164.148 linux-signed-azure-edge - 4.15.0.1164.148 linux-headers-azure - 4.15.0.1164.148 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-virtual-hwe-16.04-edge - 4.15.0.210.195 linux-signed-generic-hwe-16.04-edge - 4.15.0.210.195 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.210.195 linux-image-extra-virtual-hwe-16.04 - 4.15.0.210.195 linux-headers-virtual-hwe-16.04 - 4.15.0.210.195 linux-image-oem - 4.15.0.210.195 linux-headers-generic-hwe-16.04-edge - 4.15.0.210.195 linux-image-lowlatency-hwe-16.04 - 4.15.0.210.195 linux-tools-virtual-hwe-16.04 - 4.15.0.210.195 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.210.195 linux-image-virtual-hwe-16.04-edge - 4.15.0.210.195 linux-signed-lowlatency-hwe-16.04 - 4.15.0.210.195 linux-headers-oem - 4.15.0.210.195 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.210.195 linux-generic-hwe-16.04-edge - 4.15.0.210.195 linux-headers-lowlatency-hwe-16.04 - 4.15.0.210.195 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.210.195 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.210.195 linux-tools-generic-hwe-16.04 - 4.15.0.210.195 linux-tools-oem - 4.15.0.210.195 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.210.195 linux-signed-image-generic-hwe-16.04 - 4.15.0.210.195 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.210.195 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.210.195 linux-lowlatency-hwe-16.04 - 4.15.0.210.195 linux-headers-generic-hwe-16.04 - 4.15.0.210.195 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.210.195 linux-generic-hwe-16.04 - 4.15.0.210.195 linux-tools-virtual-hwe-16.04-edge - 4.15.0.210.195 linux-oem - 4.15.0.210.195 linux-virtual-hwe-16.04 - 4.15.0.210.195 linux-tools-generic-hwe-16.04-edge - 4.15.0.210.195 linux-lowlatency-hwe-16.04-edge - 4.15.0.210.195 linux-image-generic-hwe-16.04 - 4.15.0.210.195 linux-image-generic-hwe-16.04-edge - 4.15.0.210.195 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.210.195 linux-virtual-hwe-16.04-edge - 4.15.0.210.195 linux-tools-lowlatency-hwe-16.04 - 4.15.0.210.195 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.210.195 linux-signed-oem - 4.15.0.210.195 linux-image-virtual-hwe-16.04 - 4.15.0.210.195 linux-signed-generic-hwe-16.04 - 4.15.0.210.195 linux-signed-image-oem - 4.15.0.210.195 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.210.195 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.210.195 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.210.195 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-1829 Ubuntu 16.04 LTS It was discovered that ZenLib doesn't check the return value of a specific operation before using it. An attacker could use a specially crafted input to crash programs using the library. Update Instructions: Run `sudo pro fix USN-6048-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libzen-dev - 0.4.32-1ubuntu0.16.04.1+esm1 libzen-doc - 0.4.32-1ubuntu0.16.04.1+esm1 libzen0v5 - 0.4.32-1ubuntu0.16.04.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-36646 Ubuntu 16.04 LTS It was discovered that Netty's Zlib decoders did not limit memory allocations. A remote attacker could possibly use this issue to cause Netty to exhaust memory via malicious input, leading to a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-11612) It was discovered that Netty created temporary files with excessive permissions. A local attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM, and Ubuntu 20.04 ESM. (CVE-2021-21290) It was discovered that Netty did not properly validate content-length headers. A remote attacker could possibly use this issue to smuggle requests. This issue was only fixed in Ubuntu 20.04 ESM. (CVE-2021-21295, CVE-2021-21409) It was discovered that Netty's Bzip2 decompression decoder did not limit the decompressed output data size. A remote attacker could possibly use this issue to cause Netty to exhaust memory via malicious input, leading to a denial of service. This issue only affected Ubuntu 18.04 ESM, Ubuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2021-37136) It was discovered that Netty's Snappy frame decoder function did not limit chunk lengths. A remote attacker could possibly use this issue to cause Netty to exhaust memory via malicious input, leading to a denial of service. (CVE-2021-37137) It was discovered that Netty did not properly handle control chars at the beginning and end of header names. A remote attacker could possibly use this issue to smuggle requests. This issue only affected Ubuntu 18.04 ESM, Ubuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2021-43797) It was discovered that Netty could be made into an infinite recursion when parsing a malformed crafted message. A remote attacker could possibly use this issue to cause Netty to crash, leading to a denial of service. This issue only affected Ubuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-41881) It was discovered that Netty did not validate header values under certain circumstances. A remote attacker could possibly use this issue to perform HTTP response splitting via malicious header values. This issue only affected Ubuntu 18.04 ESM, Ubuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-41915) Update Instructions: Run `sudo pro fix USN-6049-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnetty-java - 1:4.0.34-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-11612 CVE-2021-21290 CVE-2021-21295 CVE-2021-21409 CVE-2021-37136 CVE-2021-37137 CVE-2021-43797 CVE-2022-41881 CVE-2022-41915 Ubuntu 16.04 LTS USN-6050-1 fixed several vulnerabilities in Git. This update provides the corresponding updates for CVE-2023-25652 and CVE-2023-29007 on Ubuntu 16.04 LTS. Original advisory details: It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwrite paths. (CVE-2023-25652) André Baptista and Vítor Pinho discovered that Git incorrectly handled certain configurations. An attacker could possibly use this issue to achieve arbitrary configuration injection. (CVE-2023-29007) Update Instructions: Run `sudo pro fix USN-6050-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:2.7.4-0ubuntu1.10+esm7 gitweb - 1:2.7.4-0ubuntu1.10+esm7 git-gui - 1:2.7.4-0ubuntu1.10+esm7 git-daemon-sysvinit - 1:2.7.4-0ubuntu1.10+esm7 git-arch - 1:2.7.4-0ubuntu1.10+esm7 git-el - 1:2.7.4-0ubuntu1.10+esm7 gitk - 1:2.7.4-0ubuntu1.10+esm7 git-all - 1:2.7.4-0ubuntu1.10+esm7 git-mediawiki - 1:2.7.4-0ubuntu1.10+esm7 git-daemon-run - 1:2.7.4-0ubuntu1.10+esm7 git-man - 1:2.7.4-0ubuntu1.10+esm7 git-doc - 1:2.7.4-0ubuntu1.10+esm7 git-svn - 1:2.7.4-0ubuntu1.10+esm7 git-cvs - 1:2.7.4-0ubuntu1.10+esm7 git-core - 1:2.7.4-0ubuntu1.10+esm7 git-email - 1:2.7.4-0ubuntu1.10+esm7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-25652 CVE-2023-29007 Ubuntu 16.04 LTS It was discovered that PHP incorrectly handled certain invalid Blowfish password hashes. An invalid password hash could possibly allow applications to accept any password as valid, contrary to expectations. Update Instructions: Run `sudo pro fix USN-6053-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.0-cgi - 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-mcrypt - 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-xsl - 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-fpm - 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-phpdbg - 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-curl - 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-ldap - 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-mbstring - 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-gmp - 7.0.33-0ubuntu0.16.04.16+esm6 libphp7.0-embed - 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-gd - 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-common - 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-enchant - 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-soap - 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-odbc - 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-cli - 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-json - 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-pgsql - 7.0.33-0ubuntu0.16.04.16+esm6 libapache2-mod-php7.0 - 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-zip - 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-mysql - 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-dba - 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-sqlite3 - 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-sybase - 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-pspell - 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-xml - 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-bz2 - 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-recode - 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-dev - 7.0.33-0ubuntu0.16.04.16+esm6 php7.0 - 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-tidy - 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-interbase - 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-opcache - 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-readline - 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-intl - 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-imap - 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-xmlrpc - 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-bcmath - 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-snmp - 7.0.33-0ubuntu0.16.04.16+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-0567 Ubuntu 16.04 LTS USN-6054-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Moataz Al-Sharida and nawaik discovered that Django incorrectly handled uploading multiple files using one form field. A remote attacker could possibly use this issue to bypass certain validations. Update Instructions: Run `sudo pro fix USN-6054-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1.8.7-1ubuntu5.15+esm7 python-django-doc - 1.8.7-1ubuntu5.15+esm7 python-django-common - 1.8.7-1ubuntu5.15+esm7 python-django - 1.8.7-1ubuntu5.15+esm7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-31047 Ubuntu 16.04 LTS It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-28755) It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. This issue is being addressed only for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2023-28756) Update Instructions: Run `sudo pro fix USN-6055-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libruby2.3 - 2.3.1-2~ubuntu16.04.16+esm5 ruby2.3-tcltk - 2.3.1-2~ubuntu16.04.16+esm5 ruby2.3 - 2.3.1-2~ubuntu16.04.16+esm5 ruby2.3-dev - 2.3.1-2~ubuntu16.04.16+esm5 ruby2.3-doc - 2.3.1-2~ubuntu16.04.16+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-28755 CVE-2023-28756 Ubuntu 16.04 LTS USN-6055-1 fixed a vulnerability in Ruby. Unfortunately it introduced a regression. This update reverts the patches applied to CVE-2023-28755 in order to fix the regression pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-28755) Update Instructions: Run `sudo pro fix USN-6055-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libruby2.3 - 2.3.1-2~ubuntu16.04.16+esm6 ruby2.3-tcltk - 2.3.1-2~ubuntu16.04.16+esm6 ruby2.3 - 2.3.1-2~ubuntu16.04.16+esm6 ruby2.3-dev - 2.3.1-2~ubuntu16.04.16+esm6 ruby2.3-doc - 2.3.1-2~ubuntu16.04.16+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-28755 https://launchpad.net/bugs/2018547 Ubuntu 16.04 LTS It was discovered that the Traffic-Control Index (TCINDEX) implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. Update Instructions: Run `sudo pro fix USN-6058-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-cloud-tools-4.15.0-1155-aws - 4.15.0-1155.168~16.04.1 linux-modules-4.15.0-1155-aws - 4.15.0-1155.168~16.04.1 linux-image-unsigned-4.15.0-1155-aws - 4.15.0-1155.168~16.04.1 linux-buildinfo-4.15.0-1155-aws - 4.15.0-1155.168~16.04.1 linux-tools-4.15.0-1155-aws - 4.15.0-1155.168~16.04.1 linux-aws-hwe-tools-4.15.0-1155 - 4.15.0-1155.168~16.04.1 linux-aws-headers-4.15.0-1155 - 4.15.0-1155.168~16.04.1 linux-modules-extra-4.15.0-1155-aws - 4.15.0-1155.168~16.04.1 linux-image-4.15.0-1155-aws - 4.15.0-1155.168~16.04.1 linux-aws-hwe-cloud-tools-4.15.0-1155 - 4.15.0-1155.168~16.04.1 linux-headers-4.15.0-1155-aws - 4.15.0-1155.168~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-edge - 4.15.0.1155.138 linux-modules-extra-aws-hwe - 4.15.0.1155.138 linux-aws-hwe - 4.15.0.1155.138 linux-headers-aws-hwe - 4.15.0.1155.138 linux-tools-aws-hwe - 4.15.0.1155.138 linux-image-aws-hwe - 4.15.0.1155.138 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-1829 Ubuntu 16.04 LTS USN-6060-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.7.42 in Ubuntu 16.04 ESM. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-42.html https://www.oracle.com/security-alerts/cpuapr2023.html Update Instructions: Run `sudo pro fix USN-6060-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.42-0ubuntu0.16.04.1+esm1 mysql-source-5.7 - 5.7.42-0ubuntu0.16.04.1+esm1 libmysqlclient-dev - 5.7.42-0ubuntu0.16.04.1+esm1 mysql-client-core-5.7 - 5.7.42-0ubuntu0.16.04.1+esm1 mysql-client-5.7 - 5.7.42-0ubuntu0.16.04.1+esm1 libmysqlclient20 - 5.7.42-0ubuntu0.16.04.1+esm1 mysql-server-5.7 - 5.7.42-0ubuntu0.16.04.1+esm1 mysql-common - 5.7.42-0ubuntu0.16.04.1+esm1 mysql-server - 5.7.42-0ubuntu0.16.04.1+esm1 mysql-server-core-5.7 - 5.7.42-0ubuntu0.16.04.1+esm1 mysql-testsuite - 5.7.42-0ubuntu0.16.04.1+esm1 libmysqld-dev - 5.7.42-0ubuntu0.16.04.1+esm1 mysql-testsuite-5.7 - 5.7.42-0ubuntu0.16.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-21912 CVE-2023-21980 Ubuntu 16.04 LTS It was discovered that css-what incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2021-33587, CVE-2022-21222) Update Instructions: Run `sudo pro fix USN-6065-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: node-css-what - 2.1.0-1ubuntu0.16.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-33587 CVE-2022-21222 Ubuntu 16.04 LTS Ben Smyth discovered that OpenJDK incorrectly handled half-duplex connections during TLS handshake. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2023-21930) It was discovered that OpenJDK incorrectly handled certain inputs. An attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2023-21937) It was discovered that OpenJDK incorrectly handled command arguments. An attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2023-21938) It was discovered that OpenJDK incorrectly validated HTML documents. An attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2023-21939) Ramki Ramakrishna discovered that OpenJDK incorrectly handled garbage collection. An attacker could possibly use this issue to bypass Java sandbox restrictions. (CVE-2023-21954) Jonathan Looney discovered that OpenJDK incorrectly handled certificate chains during TLS session negotiation. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-21967) Adam Reziouk discovered that OpenJDK incorrectly sanitized URIs. An attacker could possibly use this issue to bypass Java sandbox restrictions. (CVE-2023-21968) Update Instructions: Run `sudo pro fix USN-6077-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-8-doc - 8u372-ga~us1-0ubuntu1~16.04 openjdk-8-jdk - 8u372-ga~us1-0ubuntu1~16.04 openjdk-8-jre-headless - 8u372-ga~us1-0ubuntu1~16.04 openjdk-8-jre - 8u372-ga~us1-0ubuntu1~16.04 openjdk-8-jdk-headless - 8u372-ga~us1-0ubuntu1~16.04 openjdk-8-source - 8u372-ga~us1-0ubuntu1~16.04 openjdk-8-jre-zero - 8u372-ga~us1-0ubuntu1~16.04 openjdk-8-demo - 8u372-ga~us1-0ubuntu1~16.04 openjdk-8-jre-jamvm - 8u372-ga~us1-0ubuntu1~16.04 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968 Ubuntu 16.04 LTS USN-6078-1 fixed a vulnerability in libwebp. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: Irvan Kurniawan discovered that libwebp incorrectly handled certain memory operations. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause libwebp to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6078-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libwebp-dev - 0.4.4-1ubuntu0.1~esm2 libwebp5 - 0.4.4-1ubuntu0.1~esm2 libwebpdemux1 - 0.4.4-1ubuntu0.1~esm2 libwebpmux1 - 0.4.4-1ubuntu0.1~esm2 webp - 0.4.4-1ubuntu0.1~esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-1999 Ubuntu 16.04 LTS Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-0459) Xingyuan Mo discovered that the x86 KVM implementation in the Linux kernel did not properly initialize some data structures. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-1513) It was discovered that a use-after-free vulnerability existed in the iSCSI TCP implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-2162) It was discovered that the NET/ROM protocol implementation in the Linux kernel contained a race condition in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32269) Duoming Zhou discovered that a race condition existed in the infrared receiver/transceiver driver in the Linux kernel, leading to a use-after- free vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-1118) Update Instructions: Run `sudo pro fix USN-6081-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-extra-4.15.0-1156-aws - 4.15.0-1156.169~16.04.1 linux-tools-4.15.0-1156-aws - 4.15.0-1156.169~16.04.1 linux-image-unsigned-4.15.0-1156-aws - 4.15.0-1156.169~16.04.1 linux-image-4.15.0-1156-aws - 4.15.0-1156.169~16.04.1 linux-modules-4.15.0-1156-aws - 4.15.0-1156.169~16.04.1 linux-buildinfo-4.15.0-1156-aws - 4.15.0-1156.169~16.04.1 linux-cloud-tools-4.15.0-1156-aws - 4.15.0-1156.169~16.04.1 linux-headers-4.15.0-1156-aws - 4.15.0-1156.169~16.04.1 linux-aws-headers-4.15.0-1156 - 4.15.0-1156.169~16.04.1 linux-aws-hwe-tools-4.15.0-1156 - 4.15.0-1156.169~16.04.1 linux-aws-hwe-cloud-tools-4.15.0-1156 - 4.15.0-1156.169~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-edge - 4.15.0.1156.139 linux-modules-extra-aws-hwe - 4.15.0.1156.139 linux-aws-hwe - 4.15.0.1156.139 linux-tools-aws-hwe - 4.15.0.1156.139 linux-image-aws-hwe - 4.15.0.1156.139 linux-headers-aws-hwe - 4.15.0.1156.139 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-0459 CVE-2023-1118 CVE-2023-1513 CVE-2023-2162 CVE-2023-32269 Ubuntu 16.04 LTS It was discovered that EventSource incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. Update Instructions: Run `sudo pro fix USN-6082-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: node-eventsource - 0.1.6-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-1650 Ubuntu 16.04 LTS USN-6083-1 fixed a vulnerability in cups-filters. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: It was discovered that cups-filters incorrectly handled the beh CUPS backend. A remote attacker could possibly use this issue to cause the backend to stop responding or to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6083-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfontembed-dev - 1.8.3-2ubuntu3.5+esm1 libfontembed1 - 1.8.3-2ubuntu3.5+esm1 libcupsfilters-dev - 1.8.3-2ubuntu3.5+esm1 cups-filters - 1.8.3-2ubuntu3.5+esm1 cups-browsed - 1.8.3-2ubuntu3.5+esm1 cups-filters-core-drivers - 1.8.3-2ubuntu3.5+esm1 libcupsfilters1 - 1.8.3-2ubuntu3.5+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-24805 Ubuntu 16.04 LTS Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-0459) Xingyuan Mo discovered that the x86 KVM implementation in the Linux kernel did not properly initialize some data structures. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-1513) It was discovered that a use-after-free vulnerability existed in the iSCSI TCP implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-2162) It was discovered that the NET/ROM protocol implementation in the Linux kernel contained a race condition in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32269) Duoming Zhou discovered that a race condition existed in the infrared receiver/transceiver driver in the Linux kernel, leading to a use-after- free vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-1118) Update Instructions: Run `sudo pro fix USN-6084-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-4.15.0-1119-oracle - 4.15.0-1119.130~16.04.1 linux-modules-extra-4.15.0-1119-oracle - 4.15.0-1119.130~16.04.1 linux-image-unsigned-4.15.0-1119-oracle - 4.15.0-1119.130~16.04.1 linux-image-4.15.0-1119-oracle - 4.15.0-1119.130~16.04.1 linux-oracle-headers-4.15.0-1119 - 4.15.0-1119.130~16.04.1 linux-oracle-tools-4.15.0-1119 - 4.15.0-1119.130~16.04.1 linux-buildinfo-4.15.0-1119-oracle - 4.15.0-1119.130~16.04.1 linux-headers-4.15.0-1119-oracle - 4.15.0-1119.130~16.04.1 linux-tools-4.15.0-1119-oracle - 4.15.0-1119.130~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-oracle - 4.15.0.1119.100 linux-signed-image-oracle - 4.15.0.1119.100 linux-headers-oracle - 4.15.0.1119.100 linux-oracle - 4.15.0.1119.100 linux-image-oracle - 4.15.0.1119.100 linux-tools-oracle - 4.15.0.1119.100 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-0459 CVE-2023-1118 CVE-2023-1513 CVE-2023-2162 CVE-2023-32269 Ubuntu 16.04 LTS It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-28755) It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possily use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM. (CVE-2023-28756) Update Instructions: Run `sudo pro fix USN-6087-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libruby2.3 - 2.3.1-2~ubuntu16.04.16+esm7 ruby2.3-tcltk - 2.3.1-2~ubuntu16.04.16+esm7 ruby2.3 - 2.3.1-2~ubuntu16.04.16+esm7 ruby2.3-dev - 2.3.1-2~ubuntu16.04.16+esm7 ruby2.3-doc - 2.3.1-2~ubuntu16.04.16+esm7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-28755 CVE-2023-28756 Ubuntu 16.04 LTS USN-6088-1 fixed vulnerabilities in runC. This update provides the corresponding updates for Ubuntu 16.04 LTS. It was discovered that runC incorrectly performed access control when mounting /proc to non-directories. An attacker could possibly use this issue to escalate privileges. (CVE-2019-19921) Felix Wilhelm discovered that runC incorrecly handled netlink messages. An attacker could possibly use this issue to escalate privileges. (CVE-2021-43784) Andrew G. Morgan discovered that runC incorrectly set inherited process capabilities inside the container. An attacker could possibly use this issue to escalate privileges. (CVE-2022-29162) Original advisory details: It was discovered that runC incorrectly made /sys/fs/cgroup writable when in rootless mode. An attacker could possibly use this issue to escalate privileges. (CVE-2023-25809) It was discovered that runC incorrectly performed access control when mounting /proc to non-directories. An attacker could possibly use this issue to escalate privileges. (CVE-2023-27561) It was discovered that runC incorrectly handled /proc and /sys mounts inside a container. An attacker could possibly use this issue to bypass AppArmor, and potentially SELinux. (CVE-2023-28642) Update Instructions: Run `sudo pro fix USN-6088-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: golang-github-opencontainers-runc-dev - 1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4+esm4 runc - 1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4+esm4 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-19921 CVE-2021-43784 CVE-2022-29162 CVE-2023-25809 CVE-2023-27561 CVE-2023-28642 Ubuntu 16.04 LTS Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-0459) Xingyuan Mo discovered that the x86 KVM implementation in the Linux kernel did not properly initialize some data structures. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-1513) It was discovered that a use-after-free vulnerability existed in the iSCSI TCP implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-2162) It was discovered that the NET/ROM protocol implementation in the Linux kernel contained a race condition in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32269) Duoming Zhou discovered that a race condition existed in the infrared receiver/transceiver driver in the Linux kernel, leading to a use-after- free vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-1118) Update Instructions: Run `sudo pro fix USN-6092-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-4.15.0-1165-azure - 4.15.0-1165.180~16.04.1 linux-azure-headers-4.15.0-1165 - 4.15.0-1165.180~16.04.1 linux-image-4.15.0-1165-azure - 4.15.0-1165.180~16.04.1 linux-buildinfo-4.15.0-1165-azure - 4.15.0-1165.180~16.04.1 linux-tools-4.15.0-1165-azure - 4.15.0-1165.180~16.04.1 linux-cloud-tools-4.15.0-1165-azure - 4.15.0-1165.180~16.04.1 linux-modules-extra-4.15.0-1165-azure - 4.15.0-1165.180~16.04.1 linux-azure-tools-4.15.0-1165 - 4.15.0-1165.180~16.04.1 linux-image-unsigned-4.15.0-1165-azure - 4.15.0-1165.180~16.04.1 linux-azure-cloud-tools-4.15.0-1165 - 4.15.0-1165.180~16.04.1 linux-headers-4.15.0-1165-azure - 4.15.0-1165.180~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1165.149 linux-tools-azure-edge - 4.15.0.1165.149 linux-azure - 4.15.0.1165.149 linux-signed-image-azure-edge - 4.15.0.1165.149 linux-image-azure - 4.15.0.1165.149 linux-cloud-tools-azure - 4.15.0.1165.149 linux-cloud-tools-azure-edge - 4.15.0.1165.149 linux-tools-azure - 4.15.0.1165.149 linux-headers-azure-edge - 4.15.0.1165.149 linux-image-azure-edge - 4.15.0.1165.149 linux-headers-azure - 4.15.0.1165.149 linux-modules-extra-azure - 4.15.0.1165.149 linux-azure-edge - 4.15.0.1165.149 linux-signed-azure-edge - 4.15.0.1165.149 linux-signed-image-azure - 4.15.0.1165.149 linux-modules-extra-azure-edge - 4.15.0.1165.149 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-0459 CVE-2023-1118 CVE-2023-1513 CVE-2023-2162 CVE-2023-32269 Ubuntu 16.04 LTS Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-0459) Xingyuan Mo discovered that the x86 KVM implementation in the Linux kernel did not properly initialize some data structures. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-1513) It was discovered that a use-after-free vulnerability existed in the iSCSI TCP implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-2162) It was discovered that the NET/ROM protocol implementation in the Linux kernel contained a race condition in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32269) Duoming Zhou discovered that a race condition existed in the infrared receiver/transceiver driver in the Linux kernel, leading to a use-after- free vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-1118) Update Instructions: Run `sudo pro fix USN-6095-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-gcp-tools-4.15.0-1150 - 4.15.0-1150.166~16.04.1 linux-image-4.15.0-1150-gcp - 4.15.0-1150.166~16.04.1 linux-modules-4.15.0-1150-gcp - 4.15.0-1150.166~16.04.1 linux-headers-4.15.0-1150-gcp - 4.15.0-1150.166~16.04.1 linux-tools-4.15.0-1150-gcp - 4.15.0-1150.166~16.04.1 linux-modules-extra-4.15.0-1150-gcp - 4.15.0-1150.166~16.04.1 linux-buildinfo-4.15.0-1150-gcp - 4.15.0-1150.166~16.04.1 linux-gcp-headers-4.15.0-1150 - 4.15.0-1150.166~16.04.1 linux-image-unsigned-4.15.0-1150-gcp - 4.15.0-1150.166~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-211-generic - 4.15.0-211.222~16.04.1 linux-cloud-tools-4.15.0-211-generic - 4.15.0-211.222~16.04.1 linux-headers-4.15.0-211-generic - 4.15.0-211.222~16.04.1 linux-buildinfo-4.15.0-211-lowlatency - 4.15.0-211.222~16.04.1 linux-image-4.15.0-211-generic - 4.15.0-211.222~16.04.1 linux-hwe-tools-4.15.0-211 - 4.15.0-211.222~16.04.1 linux-hwe-cloud-tools-4.15.0-211 - 4.15.0-211.222~16.04.1 linux-headers-4.15.0-211 - 4.15.0-211.222~16.04.1 linux-image-4.15.0-211-lowlatency - 4.15.0-211.222~16.04.1 linux-modules-4.15.0-211-lowlatency - 4.15.0-211.222~16.04.1 linux-tools-4.15.0-211-lowlatency - 4.15.0-211.222~16.04.1 linux-image-unsigned-4.15.0-211-lowlatency - 4.15.0-211.222~16.04.1 linux-modules-4.15.0-211-generic - 4.15.0-211.222~16.04.1 linux-cloud-tools-4.15.0-211-lowlatency - 4.15.0-211.222~16.04.1 linux-tools-4.15.0-211-generic - 4.15.0-211.222~16.04.1 linux-source-4.15.0 - 4.15.0-211.222~16.04.1 linux-image-unsigned-4.15.0-211-generic - 4.15.0-211.222~16.04.1 linux-headers-4.15.0-211-lowlatency - 4.15.0-211.222~16.04.1 linux-modules-extra-4.15.0-211-generic - 4.15.0-211.222~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-gke - 4.15.0.1150.140 linux-modules-extra-gcp - 4.15.0.1150.140 linux-gke - 4.15.0.1150.140 linux-tools-gke - 4.15.0.1150.140 linux-gcp - 4.15.0.1150.140 linux-image-gke - 4.15.0.1150.140 linux-headers-gke - 4.15.0.1150.140 linux-headers-gcp - 4.15.0.1150.140 linux-tools-gcp - 4.15.0.1150.140 linux-image-gcp - 4.15.0.1150.140 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.211.196 linux-headers-virtual-hwe-16.04-edge - 4.15.0.211.196 linux-lowlatency-hwe-16.04-edge - 4.15.0.211.196 linux-image-virtual-hwe-16.04-edge - 4.15.0.211.196 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.211.196 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.211.196 linux-virtual-hwe-16.04-edge - 4.15.0.211.196 linux-image-generic-hwe-16.04 - 4.15.0.211.196 linux-tools-oem - 4.15.0.211.196 linux-image-generic-hwe-16.04-edge - 4.15.0.211.196 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.211.196 linux-tools-generic-hwe-16.04-edge - 4.15.0.211.196 linux-headers-oem - 4.15.0.211.196 linux-tools-lowlatency-hwe-16.04 - 4.15.0.211.196 linux-generic-hwe-16.04-edge - 4.15.0.211.196 linux-signed-lowlatency-hwe-16.04 - 4.15.0.211.196 linux-image-extra-virtual-hwe-16.04 - 4.15.0.211.196 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.211.196 linux-signed-oem - 4.15.0.211.196 linux-headers-virtual-hwe-16.04 - 4.15.0.211.196 linux-signed-image-generic-hwe-16.04 - 4.15.0.211.196 linux-image-virtual-hwe-16.04 - 4.15.0.211.196 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.211.196 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.211.196 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.211.196 linux-image-oem - 4.15.0.211.196 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.211.196 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.211.196 linux-lowlatency-hwe-16.04 - 4.15.0.211.196 linux-headers-generic-hwe-16.04 - 4.15.0.211.196 linux-tools-virtual-hwe-16.04-edge - 4.15.0.211.196 linux-headers-lowlatency-hwe-16.04 - 4.15.0.211.196 linux-signed-generic-hwe-16.04 - 4.15.0.211.196 linux-signed-image-oem - 4.15.0.211.196 linux-generic-hwe-16.04 - 4.15.0.211.196 linux-tools-generic-hwe-16.04 - 4.15.0.211.196 linux-image-lowlatency-hwe-16.04 - 4.15.0.211.196 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.211.196 linux-headers-generic-hwe-16.04-edge - 4.15.0.211.196 linux-signed-generic-hwe-16.04-edge - 4.15.0.211.196 linux-virtual-hwe-16.04 - 4.15.0.211.196 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.211.196 linux-oem - 4.15.0.211.196 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.211.196 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.211.196 linux-tools-virtual-hwe-16.04 - 4.15.0.211.196 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-0459 CVE-2023-1118 CVE-2023-1513 CVE-2023-2162 CVE-2023-32269 Ubuntu 16.04 LTS It was discovered that Linux PTP did not properly perform a length check when forwarding a PTP message between ports. A remote attacker could possibly use this issue to access sensitive information, execute arbitrary code, or cause a denial of service. Update Instructions: Run `sudo pro fix USN-6097-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linuxptp - 1.6-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-3570 Ubuntu 16.04 LTS It was discovered that Jhead did not properly handle certain crafted images while processing the JFIF markers. An attacker could cause Jhead to crash. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. (CVE-2019-19035) It was discovered that Jhead did not properly handle certain crafted images while processing longitude tags. An attacker could cause Jhead to crash. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-1010301) It was discovered that Jhead did not properly handle certain crafted images while processing IPTC data. An attacker could cause Jhead to crash. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-1010302) Binbin Li discovered that Jhead did not properly handle certain crafted images while processing the DQT data. An attacker could cause Jhead to crash. (CVE-2020-6624) Binbin Li discovered that Jhead did not properly handle certain crafted images while processing longitude data. An attacker could cause Jhead to crash. (CVE-2020-6625) Feng Zhao Yang discovered that Jhead did not properly handle certain crafted images while reading JPEG sections. An attacker could cause Jhead to crash. (CVE-2020-26208) It was discovered that Jhead did not properly handle certain crafted images while processing Canon images. An attacker could cause Jhead to crash. (CVE-2021-28276) It was discovered that Jhead did not properly handle certain crafted images when removing a certain type of sections. An attacker could cause Jhead to crash. (CVE-2021-28278) Update Instructions: Run `sudo pro fix USN-6098-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: jhead - 1:3.00-4+deb9u1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-1010301 CVE-2019-1010302 CVE-2019-19035 CVE-2020-26208 CVE-2020-6624 CVE-2020-6625 CVE-2021-28276 CVE-2021-28278 Ubuntu 16.04 LTS It was discovered that ncurses was incorrectly performing bounds checks when processing invalid hashcodes. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-17594) It was discovered that ncurses was incorrectly handling end-of-string characters when processing terminfo and termcap files. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-17595) It was discovered that ncurses was incorrectly handling end-of-string characters when converting between termcap and terminfo formats. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-39537) It was discovered that ncurses was incorrectly performing bounds checks when dealing with corrupt terminfo data while reading a terminfo file. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-29458) It was discovered that ncurses was parsing environment variables when running with setuid applications and not properly handling the processing of malformed data when doing so. A local attacker could possibly use this issue to cause a denial of service (application crash) or execute arbitrary code. (CVE-2023-29491) Update Instructions: Run `sudo pro fix USN-6099-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libx32ncurses5 - 6.0+20160213-1ubuntu1+esm3 lib32tinfo-dev - 6.0+20160213-1ubuntu1+esm3 ncurses-examples - 6.0+20160213-1ubuntu1+esm3 ncurses-bin - 6.0+20160213-1ubuntu1+esm3 lib32ncurses5-dev - 6.0+20160213-1ubuntu1+esm3 lib32ncursesw5 - 6.0+20160213-1ubuntu1+esm3 libtinfo-dev - 6.0+20160213-1ubuntu1+esm3 lib32ncursesw5-dev - 6.0+20160213-1ubuntu1+esm3 lib32tinfo5 - 6.0+20160213-1ubuntu1+esm3 libtinfo5 - 6.0+20160213-1ubuntu1+esm3 lib32ncurses5 - 6.0+20160213-1ubuntu1+esm3 lib64tinfo5 - 6.0+20160213-1ubuntu1+esm3 libncurses5-dev - 6.0+20160213-1ubuntu1+esm3 lib64ncurses5 - 6.0+20160213-1ubuntu1+esm3 lib64ncurses5-dev - 6.0+20160213-1ubuntu1+esm3 libncurses5 - 6.0+20160213-1ubuntu1+esm3 libx32ncurses5-dev - 6.0+20160213-1ubuntu1+esm3 libncursesw5 - 6.0+20160213-1ubuntu1+esm3 ncurses-base - 6.0+20160213-1ubuntu1+esm3 libx32tinfo-dev - 6.0+20160213-1ubuntu1+esm3 ncurses-doc - 6.0+20160213-1ubuntu1+esm3 libx32ncursesw5 - 6.0+20160213-1ubuntu1+esm3 libx32ncursesw5-dev - 6.0+20160213-1ubuntu1+esm3 libx32tinfo5 - 6.0+20160213-1ubuntu1+esm3 libncursesw5-dev - 6.0+20160213-1ubuntu1+esm3 ncurses-term - 6.0+20160213-1ubuntu1+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-17594 CVE-2019-17595 CVE-2021-39537 CVE-2022-29458 CVE-2023-29491 Ubuntu 16.04 LTS It was discovered that HTML::StripScripts does not properly parse HTML content with certain style attributes. A remote attacker could use this issue to cause a regular expression denial of service (ReDoS). Update Instructions: Run `sudo pro fix USN-6100-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libhtml-stripscripts-perl - 1.05-2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-24038 Ubuntu 16.04 LTS It was discovered that GNU binutils incorrectly handled certain DWARF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 22.10. (CVE-2023-1579) It was discovered that GNU binutils did not properly verify the version definitions in zer0-lengthverdef table. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10 and Ubuntu 23.04. (CVE-2023-1972) It was discovered that GNU binutils did not properly validate the size of length parameter in vms-alpha. An attacker could possibly use this issue to cause a crash or access sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2023-25584) It was discovered that GNU binutils did not properly initialized the file_table field of struct module and the_bfd field of asymbol. An attacker could possibly use this issue to cause a crash. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-25585, CVE-2023-25588) Update Instructions: Run `sudo pro fix USN-6101-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: binutils-dev - 2.26.1-1ubuntu1~16.04.8+esm6 binutils-powerpc-linux-gnuspe - 2.26.1-1ubuntu1~16.04.8+esm6 binutils-arm-linux-gnueabihf - 2.26.1-1ubuntu1~16.04.8+esm6 binutils-hppa64-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm6 binutils-multiarch - 2.26.1-1ubuntu1~16.04.8+esm6 binutils-mipsel-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm6 binutils-m68k-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm6 binutils-s390x-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm6 binutils-multiarch-dev - 2.26.1-1ubuntu1~16.04.8+esm6 binutils-doc - 2.26.1-1ubuntu1~16.04.8+esm6 binutils-sh4-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm6 binutils-mips64-linux-gnuabi64 - 2.26.1-1ubuntu1~16.04.8+esm6 binutils-aarch64-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm6 binutils-source - 2.26.1-1ubuntu1~16.04.8+esm6 binutils-mips64el-linux-gnuabi64 - 2.26.1-1ubuntu1~16.04.8+esm6 binutils-mips-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm6 binutils-powerpc64le-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm6 binutils-powerpc64-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm6 binutils-hppa-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm6 binutils-sparc64-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm6 binutils-arm-linux-gnueabi - 2.26.1-1ubuntu1~16.04.8+esm6 binutils-alpha-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm6 binutils-powerpc-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm6 binutils - 2.26.1-1ubuntu1~16.04.8+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-1579 CVE-2023-1972 CVE-2023-25584 CVE-2023-25585 CVE-2023-25588 Ubuntu 16.04 LTS USN-6105-1 updated ca-certificates. This provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.60 version of the Mozilla certificate authority bundle. Update Instructions: Run `sudo pro fix USN-6105-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ca-certificates - 20230311~16.04.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/ Ubuntu 16.04 LTS It was discovered that Jhead did not properly handle certain crafted images while rotating them. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service. (CVE-2021-34055) Kyle Brown discovered that Jhead did not properly handle certain crafted images while regenerating the Exif thumbnail. An attacker could possibly use this issue to execute arbitrary commands. (CVE-2022-41751) Update Instructions: Run `sudo pro fix USN-6108-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: jhead - 1:3.00-4+deb9u1ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-34055 CVE-2022-41751 Ubuntu 16.04 LTS It was discovered that Jhead did not properly handle certain crafted Canon images when processing them. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-3496) It was discovered that Jhead did not properly handle certain crafted images when printing Canon-specific information. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service. This issue only affected Ubuntu 20.04. (CVE-2021-28275) It was discovered that Jhead did not properly handle certain crafted images when removing unknown sections. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-28277) Kyle Brown discovered that Jhead did not properly handle certain crafted images when editing their comments. An attacker could possibly use this to crash Jhead, resulting in a denial of service. (LP: #2020068) Update Instructions: Run `sudo pro fix USN-6110-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: jhead - 1:3.00-4+deb9u1ubuntu0.1~esm3 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-28275 CVE-2021-28277 CVE-2021-3496 https://launchpad.net/bugs/2020068 Ubuntu 16.04 LTS It was discovered that Perl was not properly verifying TLS certificates when using CPAN together with HTTP::Tiny to download modules over HTTPS. If a remote attacker were able to intercept communications, this flaw could potentially be used to install altered modules. Update Instructions: Run `sudo pro fix USN-6112-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: perl-modules-5.22 - 5.22.1-9ubuntu0.9+esm2 libperl-dev - 5.22.1-9ubuntu0.9+esm2 perl-doc - 5.22.1-9ubuntu0.9+esm2 perl - 5.22.1-9ubuntu0.9+esm2 perl-base - 5.22.1-9ubuntu0.9+esm2 perl-debug - 5.22.1-9ubuntu0.9+esm2 libperl5.22 - 5.22.1-9ubuntu0.9+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-31484 Ubuntu 16.04 LTS It was discovered that Jhead did not properly handle certain crafted images while processing the Exif markers. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6113-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: jhead - 1:3.00-4+deb9u1ubuntu0.1~esm4 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-6612 Ubuntu 16.04 LTS It was discovered that Apache Batik incorrectly handled certain inputs. An attacker could possibly use this to perform a cross site request forgery attack. (CVE-2019-17566, CVE-2020-11987, CVE-2022-38398, CVE-2022-38648) It was discovered that Apache Batik incorrectly handled Jar URLs in some situations. A remote attacker could use this issue to access files on the server. (CVE-2022-40146) It was discovered that Apache Batik allowed running untrusted Java code from an SVG. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2022-41704, CVE-2022-42890) Update Instructions: Run `sudo pro fix USN-6117-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libbatik-java - 1.8-3ubuntu1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-17566 CVE-2020-11987 CVE-2022-38398 CVE-2022-38648 CVE-2022-40146 CVE-2022-41704 CVE-2022-42890 Ubuntu 16.04 LTS It was discovered that the snap sandbox did not restrict the use of the ioctl system call with a TIOCLINUX request. This could be exploited by a malicious snap to inject commands into the controlling terminal which would then be executed outside of the snap sandbox once the snap had exited. This could allow an attacker to execute arbitrary commands outside of the confined snap sandbox. Note: graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console. Update Instructions: Run `sudo pro fix USN-6125-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ubuntu-core-snapd-units - 2.54.3+16.04.0ubuntu0.1~esm6 ubuntu-core-launcher - 2.54.3+16.04.0ubuntu0.1~esm6 snap-confine - 2.54.3+16.04.0ubuntu0.1~esm6 ubuntu-snappy-cli - 2.54.3+16.04.0ubuntu0.1~esm6 golang-github-snapcore-snapd-dev - 2.54.3+16.04.0ubuntu0.1~esm6 snapd-xdg-open - 2.54.3+16.04.0ubuntu0.1~esm6 snapd - 2.54.3+16.04.0ubuntu0.1~esm6 golang-github-ubuntu-core-snappy-dev - 2.54.3+16.04.0ubuntu0.1~esm6 ubuntu-snappy - 2.54.3+16.04.0ubuntu0.1~esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-1523 Ubuntu 16.04 LTS USN-6128-1 fixed a vulnerability in CUPS. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that CUPS incorrectly handled logging. A remote attacker could use this issue to cause CUPS to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6128-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcupscgi1 - 2.1.3-4ubuntu0.11+esm2 libcups2-dev - 2.1.3-4ubuntu0.11+esm2 cups-bsd - 2.1.3-4ubuntu0.11+esm2 libcupsmime1 - 2.1.3-4ubuntu0.11+esm2 cups-common - 2.1.3-4ubuntu0.11+esm2 cups-core-drivers - 2.1.3-4ubuntu0.11+esm2 cups-server-common - 2.1.3-4ubuntu0.11+esm2 libcupsimage2 - 2.1.3-4ubuntu0.11+esm2 cups-client - 2.1.3-4ubuntu0.11+esm2 libcupscgi1-dev - 2.1.3-4ubuntu0.11+esm2 cups-ipp-utils - 2.1.3-4ubuntu0.11+esm2 libcups2 - 2.1.3-4ubuntu0.11+esm2 libcupsmime1-dev - 2.1.3-4ubuntu0.11+esm2 cups-ppdc - 2.1.3-4ubuntu0.11+esm2 libcupsppdc1 - 2.1.3-4ubuntu0.11+esm2 cups - 2.1.3-4ubuntu0.11+esm2 libcupsppdc1-dev - 2.1.3-4ubuntu0.11+esm2 libcupsimage2-dev - 2.1.3-4ubuntu0.11+esm2 cups-daemon - 2.1.3-4ubuntu0.11+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-32324 Ubuntu 16.04 LTS USN-6129-1 fixed a vulnerability in Avahi. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that Avahi incorrectly handled certain DBus messages. A local attacker could possibly use this issue to cause Avahi to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6129-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: avahi-autoipd - 0.6.32~rc+dfsg-1ubuntu2.3+esm2 avahi-daemon - 0.6.32~rc+dfsg-1ubuntu2.3+esm2 avahi-discover - 0.6.32~rc+dfsg-1ubuntu2.3+esm2 avahi-dnsconfd - 0.6.32~rc+dfsg-1ubuntu2.3+esm2 avahi-ui-utils - 0.6.32~rc+dfsg-1ubuntu2.3+esm2 avahi-utils - 0.6.32~rc+dfsg-1ubuntu2.3+esm2 libavahi-client-dev - 0.6.32~rc+dfsg-1ubuntu2.3+esm2 libavahi-client3 - 0.6.32~rc+dfsg-1ubuntu2.3+esm2 libavahi-common-data - 0.6.32~rc+dfsg-1ubuntu2.3+esm2 libavahi-common-dev - 0.6.32~rc+dfsg-1ubuntu2.3+esm2 libavahi-common3 - 0.6.32~rc+dfsg-1ubuntu2.3+esm2 libavahi-compat-libdnssd-dev - 0.6.32~rc+dfsg-1ubuntu2.3+esm2 libavahi-compat-libdnssd1 - 0.6.32~rc+dfsg-1ubuntu2.3+esm2 libavahi-core-dev - 0.6.32~rc+dfsg-1ubuntu2.3+esm2 libavahi-core7 - 0.6.32~rc+dfsg-1ubuntu2.3+esm2 libavahi-glib-dev - 0.6.32~rc+dfsg-1ubuntu2.3+esm2 libavahi-glib1 - 0.6.32~rc+dfsg-1ubuntu2.3+esm2 libavahi-gobject-dev - 0.6.32~rc+dfsg-1ubuntu2.3+esm2 libavahi-gobject0 - 0.6.32~rc+dfsg-1ubuntu2.3+esm2 libavahi-qt4-1 - 0.6.32~rc+dfsg-1ubuntu2.3+esm2 libavahi-qt4-dev - 0.6.32~rc+dfsg-1ubuntu2.3+esm2 libavahi-ui-dev - 0.6.32~rc+dfsg-1ubuntu2.3+esm2 libavahi-ui-gtk3-0 - 0.6.32~rc+dfsg-1ubuntu2.3+esm2 libavahi-ui-gtk3-dev - 0.6.32~rc+dfsg-1ubuntu2.3+esm2 libavahi-ui0 - 0.6.32~rc+dfsg-1ubuntu2.3+esm2 python-avahi - 0.6.32~rc+dfsg-1ubuntu2.3+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-1981 Ubuntu 16.04 LTS Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32233) Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-31436) Reima Ishii discovered that the nested KVM implementation for Intel x86 processors in the Linux kernel did not properly validate control registers in certain situations. An attacker in a guest VM could use this to cause a denial of service (guest crash). (CVE-2023-30456) It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform data buffer size validation in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-1380) Update Instructions: Run `sudo pro fix USN-6130-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1120-oracle - 4.15.0-1120.131~16.04.1 linux-oracle-headers-4.15.0-1120 - 4.15.0-1120.131~16.04.1 linux-modules-4.15.0-1120-oracle - 4.15.0-1120.131~16.04.1 linux-oracle-tools-4.15.0-1120 - 4.15.0-1120.131~16.04.1 linux-image-unsigned-4.15.0-1120-oracle - 4.15.0-1120.131~16.04.1 linux-modules-extra-4.15.0-1120-oracle - 4.15.0-1120.131~16.04.1 linux-tools-4.15.0-1120-oracle - 4.15.0-1120.131~16.04.1 linux-image-4.15.0-1120-oracle - 4.15.0-1120.131~16.04.1 linux-headers-4.15.0-1120-oracle - 4.15.0-1120.131~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-4.15.0-1151-gcp - 4.15.0-1151.167~16.04.1 linux-modules-extra-4.15.0-1151-gcp - 4.15.0-1151.167~16.04.1 linux-tools-4.15.0-1151-gcp - 4.15.0-1151.167~16.04.1 linux-headers-4.15.0-1151-gcp - 4.15.0-1151.167~16.04.1 linux-image-unsigned-4.15.0-1151-gcp - 4.15.0-1151.167~16.04.1 linux-buildinfo-4.15.0-1151-gcp - 4.15.0-1151.167~16.04.1 linux-gcp-tools-4.15.0-1151 - 4.15.0-1151.167~16.04.1 linux-modules-4.15.0-1151-gcp - 4.15.0-1151.167~16.04.1 linux-gcp-headers-4.15.0-1151 - 4.15.0-1151.167~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-headers-4.15.0-1157 - 4.15.0-1157.170~16.04.1 linux-headers-4.15.0-1157-aws - 4.15.0-1157.170~16.04.1 linux-cloud-tools-4.15.0-1157-aws - 4.15.0-1157.170~16.04.1 linux-image-4.15.0-1157-aws - 4.15.0-1157.170~16.04.1 linux-modules-extra-4.15.0-1157-aws - 4.15.0-1157.170~16.04.1 linux-aws-hwe-tools-4.15.0-1157 - 4.15.0-1157.170~16.04.1 linux-aws-hwe-cloud-tools-4.15.0-1157 - 4.15.0-1157.170~16.04.1 linux-buildinfo-4.15.0-1157-aws - 4.15.0-1157.170~16.04.1 linux-modules-4.15.0-1157-aws - 4.15.0-1157.170~16.04.1 linux-tools-4.15.0-1157-aws - 4.15.0-1157.170~16.04.1 linux-image-unsigned-4.15.0-1157-aws - 4.15.0-1157.170~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-image-unsigned-4.15.0-1166-azure - 4.15.0-1166.181~16.04.1 linux-image-4.15.0-1166-azure - 4.15.0-1166.181~16.04.1 linux-headers-4.15.0-1166-azure - 4.15.0-1166.181~16.04.1 linux-modules-4.15.0-1166-azure - 4.15.0-1166.181~16.04.1 linux-azure-tools-4.15.0-1166 - 4.15.0-1166.181~16.04.1 linux-azure-cloud-tools-4.15.0-1166 - 4.15.0-1166.181~16.04.1 linux-modules-extra-4.15.0-1166-azure - 4.15.0-1166.181~16.04.1 linux-cloud-tools-4.15.0-1166-azure - 4.15.0-1166.181~16.04.1 linux-buildinfo-4.15.0-1166-azure - 4.15.0-1166.181~16.04.1 linux-azure-headers-4.15.0-1166 - 4.15.0-1166.181~16.04.1 linux-tools-4.15.0-1166-azure - 4.15.0-1166.181~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-4.15.0-212-lowlatency - 4.15.0-212.223~16.04.1 linux-hwe-cloud-tools-4.15.0-212 - 4.15.0-212.223~16.04.1 linux-hwe-tools-4.15.0-212 - 4.15.0-212.223~16.04.1 linux-buildinfo-4.15.0-212-generic - 4.15.0-212.223~16.04.1 linux-tools-4.15.0-212-generic - 4.15.0-212.223~16.04.1 linux-modules-4.15.0-212-generic - 4.15.0-212.223~16.04.1 linux-image-unsigned-4.15.0-212-generic - 4.15.0-212.223~16.04.1 linux-cloud-tools-4.15.0-212-generic - 4.15.0-212.223~16.04.1 linux-headers-4.15.0-212-generic - 4.15.0-212.223~16.04.1 linux-image-4.15.0-212-lowlatency - 4.15.0-212.223~16.04.1 linux-modules-extra-4.15.0-212-generic - 4.15.0-212.223~16.04.1 linux-cloud-tools-4.15.0-212-lowlatency - 4.15.0-212.223~16.04.1 linux-modules-4.15.0-212-lowlatency - 4.15.0-212.223~16.04.1 linux-image-4.15.0-212-generic - 4.15.0-212.223~16.04.1 linux-image-unsigned-4.15.0-212-lowlatency - 4.15.0-212.223~16.04.1 linux-buildinfo-4.15.0-212-lowlatency - 4.15.0-212.223~16.04.1 linux-headers-4.15.0-212 - 4.15.0-212.223~16.04.1 linux-tools-4.15.0-212-lowlatency - 4.15.0-212.223~16.04.1 linux-source-4.15.0 - 4.15.0-212.223~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 4.15.0.1120.101 linux-tools-oracle - 4.15.0.1120.101 linux-signed-image-oracle - 4.15.0.1120.101 linux-signed-oracle - 4.15.0.1120.101 linux-image-oracle - 4.15.0.1120.101 linux-oracle - 4.15.0.1120.101 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-gke - 4.15.0.1151.141 linux-modules-extra-gcp - 4.15.0.1151.141 linux-tools-gke - 4.15.0.1151.141 linux-tools-gcp - 4.15.0.1151.141 linux-gke - 4.15.0.1151.141 linux-gcp - 4.15.0.1151.141 linux-image-gke - 4.15.0.1151.141 linux-headers-gke - 4.15.0.1151.141 linux-headers-gcp - 4.15.0.1151.141 linux-image-gcp - 4.15.0.1151.141 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-modules-extra-aws-hwe - 4.15.0.1157.140 linux-aws-edge - 4.15.0.1157.140 linux-aws-hwe - 4.15.0.1157.140 linux-image-aws-hwe - 4.15.0.1157.140 linux-headers-aws-hwe - 4.15.0.1157.140 linux-tools-aws-hwe - 4.15.0.1157.140 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-azure - 4.15.0.1166.150 linux-tools-azure-edge - 4.15.0.1166.150 linux-tools-azure - 4.15.0.1166.150 linux-cloud-tools-azure - 4.15.0.1166.150 linux-image-azure-edge - 4.15.0.1166.150 linux-signed-image-azure-edge - 4.15.0.1166.150 linux-cloud-tools-azure-edge - 4.15.0.1166.150 linux-modules-extra-azure - 4.15.0.1166.150 linux-azure - 4.15.0.1166.150 linux-image-azure - 4.15.0.1166.150 linux-signed-image-azure - 4.15.0.1166.150 linux-headers-azure-edge - 4.15.0.1166.150 linux-azure-edge - 4.15.0.1166.150 linux-modules-extra-azure-edge - 4.15.0.1166.150 linux-signed-azure-edge - 4.15.0.1166.150 linux-headers-azure - 4.15.0.1166.150 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-virtual-hwe-16.04-edge - 4.15.0.212.197 linux-signed-generic-hwe-16.04-edge - 4.15.0.212.197 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.212.197 linux-image-extra-virtual-hwe-16.04 - 4.15.0.212.197 linux-image-oem - 4.15.0.212.197 linux-image-lowlatency-hwe-16.04 - 4.15.0.212.197 linux-headers-generic-hwe-16.04-edge - 4.15.0.212.197 linux-tools-virtual-hwe-16.04 - 4.15.0.212.197 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.212.197 linux-image-virtual-hwe-16.04-edge - 4.15.0.212.197 linux-signed-lowlatency-hwe-16.04 - 4.15.0.212.197 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.212.197 linux-generic-hwe-16.04-edge - 4.15.0.212.197 linux-headers-lowlatency-hwe-16.04 - 4.15.0.212.197 linux-virtual-hwe-16.04 - 4.15.0.212.197 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.212.197 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.212.197 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.212.197 linux-tools-oem - 4.15.0.212.197 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.212.197 linux-headers-oem - 4.15.0.212.197 linux-signed-image-generic-hwe-16.04 - 4.15.0.212.197 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.212.197 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.212.197 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.212.197 linux-lowlatency-hwe-16.04 - 4.15.0.212.197 linux-headers-generic-hwe-16.04 - 4.15.0.212.197 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.212.197 linux-generic-hwe-16.04 - 4.15.0.212.197 linux-tools-virtual-hwe-16.04-edge - 4.15.0.212.197 linux-oem - 4.15.0.212.197 linux-image-generic-hwe-16.04-edge - 4.15.0.212.197 linux-lowlatency-hwe-16.04-edge - 4.15.0.212.197 linux-image-generic-hwe-16.04 - 4.15.0.212.197 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.212.197 linux-tools-lowlatency-hwe-16.04 - 4.15.0.212.197 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.212.197 linux-headers-virtual-hwe-16.04 - 4.15.0.212.197 linux-virtual-hwe-16.04-edge - 4.15.0.212.197 linux-signed-oem - 4.15.0.212.197 linux-image-virtual-hwe-16.04 - 4.15.0.212.197 linux-signed-generic-hwe-16.04 - 4.15.0.212.197 linux-signed-image-oem - 4.15.0.212.197 linux-tools-generic-hwe-16.04 - 4.15.0.212.197 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.212.197 linux-tools-generic-hwe-16.04-edge - 4.15.0.212.197 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-1380 CVE-2023-30456 CVE-2023-31436 CVE-2023-32233 Ubuntu 16.04 LTS Yebo Cao discovered that Python incorrectly handled certain URLs. An attacker could use this issue to bypass blockinglisting methods. This issue was first addressed in USN-5960-1, but was incomplete. Here we address an additional fix to that issue. (CVE-2023-24329) Update Instructions: Run `sudo pro fix USN-6139-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python2.7-dev - 2.7.12-1ubuntu0~16.04.18+esm5 python2.7-doc - 2.7.12-1ubuntu0~16.04.18+esm5 libpython2.7-stdlib - 2.7.12-1ubuntu0~16.04.18+esm5 libpython2.7-minimal - 2.7.12-1ubuntu0~16.04.18+esm5 libpython2.7 - 2.7.12-1ubuntu0~16.04.18+esm5 libpython2.7-testsuite - 2.7.12-1ubuntu0~16.04.18+esm5 python2.7 - 2.7.12-1ubuntu0~16.04.18+esm5 idle-python2.7 - 2.7.12-1ubuntu0~16.04.18+esm5 python2.7-examples - 2.7.12-1ubuntu0~16.04.18+esm5 libpython2.7-dev - 2.7.12-1ubuntu0~16.04.18+esm5 python2.7-minimal - 2.7.12-1ubuntu0~16.04.18+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro libpython3.5-stdlib - 3.5.2-2ubuntu0~16.04.13+esm8 python3.5-venv - 3.5.2-2ubuntu0~16.04.13+esm8 python3.5-doc - 3.5.2-2ubuntu0~16.04.13+esm8 python3.5-dev - 3.5.2-2ubuntu0~16.04.13+esm8 libpython3.5-dev - 3.5.2-2ubuntu0~16.04.13+esm8 libpython3.5-minimal - 3.5.2-2ubuntu0~16.04.13+esm8 python3.5 - 3.5.2-2ubuntu0~16.04.13+esm8 idle-python3.5 - 3.5.2-2ubuntu0~16.04.13+esm8 libpython3.5-testsuite - 3.5.2-2ubuntu0~16.04.13+esm8 python3.5-examples - 3.5.2-2ubuntu0~16.04.13+esm8 python3.5-minimal - 3.5.2-2ubuntu0~16.04.13+esm8 libpython3.5 - 3.5.2-2ubuntu0~16.04.13+esm8 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-24329 Ubuntu 16.04 LTS Gal Goldshtein discovered that nghttp2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6142-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnghttp2-14 - 1.7.1-1ubuntu0.1~esm1 libnghttp2-doc - 1.7.1-1ubuntu0.1~esm1 libnghttp2-dev - 1.7.1-1ubuntu0.1~esm1 nghttp2-proxy - 1.7.1-1ubuntu0.1~esm1 nghttp2 - 1.7.1-1ubuntu0.1~esm1 nghttp2-client - 1.7.1-1ubuntu0.1~esm1 nghttp2-server - 1.7.1-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-11080 Ubuntu 16.04 LTS It was discovered that Sysstat incorrectly handled certain arithmetic multiplications. An attacker could use this issue to cause Sysstat to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue was only fixed for Ubuntu 16.04 LTS. (CVE-2022-39377) It was discovered that Sysstat incorrectly handled certain arithmetic multiplications in 64-bit systems, as a result of an incomplete fix for CVE-2022-39377. An attacker could use this issue to cause Sysstat to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-33204) Update Instructions: Run `sudo pro fix USN-6145-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: isag - 11.2.0-1ubuntu0.3+esm2 sysstat - 11.2.0-1ubuntu0.3+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-39377 CVE-2023-33204 Ubuntu 16.04 LTS It was discovered that Netatalk did not properly validate the length of user-supplied data in the DSI structures. A remote attacker could possibly use this issue to execute arbitrary code with the privileges of the user invoking the programs. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2021-31439) It was discovered that Netatalk did not properly validate the length of user-supplied data in the ad_addcomment function. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0194) It was discovered that Netatalk did not properly handle errors when parsing AppleDouble entries. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23121) It was discovered that Netatalk did not properly validate the length of user-supplied data in the setfilparams function. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23122) It was discovered that Netatalk did not properly validate the length of user-supplied data in the getdirparams function. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23123) It was discovered that Netatalk did not properly validate the length of user-supplied data in the get_finderinfo function. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23124) It was discovered that Netatalk did not properly validate the length of user-supplied data in the copyapplfile function. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23125) It was discovered that Netatalk did not properly validate the length of user-supplied data in the dsi_writeinit function. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-43634) It was discovered that Netatalk did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted .appl file, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2022-45188) Update Instructions: Run `sudo pro fix USN-6146-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: netatalk - 2.2.5-1ubuntu0.2+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2021-31439 CVE-2022-0194 CVE-2022-23121 CVE-2022-23122 CVE-2022-23123 CVE-2022-23124 CVE-2022-23125 CVE-2022-43634 CVE-2022-45188 Ubuntu 16.04 LTS Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32233) Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-31436) Reima Ishii discovered that the nested KVM implementation for Intel x86 processors in the Linux kernel did not properly validate control registers in certain situations. An attacker in a guest VM could use this to cause a denial of service (guest crash). (CVE-2023-30456) It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform data buffer size validation in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-1380) It was discovered that the Human Interface Device (HID) support driver in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-1073) Wei Chen discovered that the DVB USB AZ6027 driver in the Linux kernel contained a null pointer dereference when handling certain messages from user space. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-28328) Update Instructions: Run `sudo pro fix USN-6149-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-kvm-tools-4.4.0-1120 - 4.4.0-1120.130 linux-tools-4.4.0-1120-kvm - 4.4.0-1120.130 linux-kvm-headers-4.4.0-1120 - 4.4.0-1120.130 linux-headers-4.4.0-1120-kvm - 4.4.0-1120.130 linux-modules-4.4.0-1120-kvm - 4.4.0-1120.130 linux-buildinfo-4.4.0-1120-kvm - 4.4.0-1120.130 linux-image-4.4.0-1120-kvm - 4.4.0-1120.130 linux-kvm-cloud-tools-4.4.0-1120 - 4.4.0-1120.130 linux-cloud-tools-4.4.0-1120-kvm - 4.4.0-1120.130 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-4.4.0-1157-aws - 4.4.0-1157.172 linux-aws-headers-4.4.0-1157 - 4.4.0-1157.172 linux-modules-4.4.0-1157-aws - 4.4.0-1157.172 linux-image-4.4.0-1157-aws - 4.4.0-1157.172 linux-aws-cloud-tools-4.4.0-1157 - 4.4.0-1157.172 linux-modules-extra-4.4.0-1157-aws - 4.4.0-1157.172 linux-cloud-tools-4.4.0-1157-aws - 4.4.0-1157.172 linux-headers-4.4.0-1157-aws - 4.4.0-1157.172 linux-aws-tools-4.4.0-1157 - 4.4.0-1157.172 linux-buildinfo-4.4.0-1157-aws - 4.4.0-1157.172 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-tools-common - 4.4.0-241.275 linux-image-4.4.0-241-lowlatency - 4.4.0-241.275 linux-tools-host - 4.4.0-241.275 linux-source-4.4.0 - 4.4.0-241.275 linux-doc - 4.4.0-241.275 linux-libc-dev - 4.4.0-241.275 linux-tools-4.4.0-241 - 4.4.0-241.275 linux-cloud-tools-4.4.0-241-generic - 4.4.0-241.275 linux-modules-extra-4.4.0-241-generic - 4.4.0-241.275 linux-tools-4.4.0-241-generic - 4.4.0-241.275 linux-modules-4.4.0-241-lowlatency - 4.4.0-241.275 linux-buildinfo-4.4.0-241-lowlatency - 4.4.0-241.275 linux-cloud-tools-4.4.0-241-lowlatency - 4.4.0-241.275 linux-cloud-tools-common - 4.4.0-241.275 linux-buildinfo-4.4.0-241-generic - 4.4.0-241.275 linux-headers-4.4.0-241-generic - 4.4.0-241.275 linux-headers-4.4.0-241 - 4.4.0-241.275 linux-modules-4.4.0-241-generic - 4.4.0-241.275 linux-image-4.4.0-241-generic - 4.4.0-241.275 linux-headers-4.4.0-241-lowlatency - 4.4.0-241.275 linux-tools-4.4.0-241-lowlatency - 4.4.0-241.275 linux-image-unsigned-4.4.0-241-generic - 4.4.0-241.275 linux-cloud-tools-4.4.0-241 - 4.4.0-241.275 linux-image-unsigned-4.4.0-241-lowlatency - 4.4.0-241.275 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-kvm - 4.4.0.1120.117 linux-headers-kvm - 4.4.0.1120.117 linux-tools-kvm - 4.4.0.1120.117 linux-image-kvm - 4.4.0.1120.117 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-aws - 4.4.0.1157.161 linux-image-aws - 4.4.0.1157.161 linux-aws - 4.4.0.1157.161 linux-tools-aws - 4.4.0.1157.161 linux-modules-extra-aws - 4.4.0.1157.161 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-signed-image-generic-lts-utopic - 4.4.0.241.247 linux-cloud-tools-generic-lts-wily - 4.4.0.241.247 linux-cloud-tools-virtual-lts-xenial - 4.4.0.241.247 linux-cloud-tools-virtual - 4.4.0.241.247 linux-cloud-tools-virtual-lts-utopic - 4.4.0.241.247 linux-tools-generic-lts-vivid - 4.4.0.241.247 linux-image-extra-virtual-lts-xenial - 4.4.0.241.247 linux-image-extra-virtual-lts-wily - 4.4.0.241.247 linux-headers-generic-lts-wily - 4.4.0.241.247 linux-headers-lowlatency-lts-wily - 4.4.0.241.247 linux-image-virtual - 4.4.0.241.247 linux-tools-virtual-lts-wily - 4.4.0.241.247 linux-image-lowlatency-lts-vivid - 4.4.0.241.247 linux-tools-lowlatency-lts-vivid - 4.4.0.241.247 linux-cloud-tools-generic-lts-utopic - 4.4.0.241.247 linux-tools-lowlatency-lts-wily - 4.4.0.241.247 linux-headers-virtual-lts-vivid - 4.4.0.241.247 linux-image-lowlatency-lts-wily - 4.4.0.241.247 linux-signed-image-lowlatency - 4.4.0.241.247 linux-image-generic - 4.4.0.241.247 linux-tools-lowlatency - 4.4.0.241.247 linux-signed-generic-lts-vivid - 4.4.0.241.247 linux-image-lowlatency-lts-xenial - 4.4.0.241.247 linux-tools-lowlatency-lts-utopic - 4.4.0.241.247 linux-tools-virtual-lts-xenial - 4.4.0.241.247 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.241.247 linux-image-extra-virtual-lts-vivid - 4.4.0.241.247 linux-image-generic-lts-wily - 4.4.0.241.247 linux-virtual-lts-utopic - 4.4.0.241.247 linux-signed-generic-lts-wily - 4.4.0.241.247 linux-cloud-tools-lowlatency-lts-wily - 4.4.0.241.247 linux-image-extra-virtual-lts-utopic - 4.4.0.241.247 linux-signed-generic-lts-utopic - 4.4.0.241.247 linux-tools-lowlatency-lts-xenial - 4.4.0.241.247 linux-headers-generic-lts-xenial - 4.4.0.241.247 linux-image-virtual-lts-vivid - 4.4.0.241.247 linux-crashdump - 4.4.0.241.247 linux-virtual-lts-vivid - 4.4.0.241.247 linux-signed-lowlatency-lts-xenial - 4.4.0.241.247 linux-signed-image-generic - 4.4.0.241.247 linux-signed-lowlatency-lts-wily - 4.4.0.241.247 linux-lowlatency-lts-xenial - 4.4.0.241.247 linux-headers-lowlatency-lts-xenial - 4.4.0.241.247 linux-signed-generic-lts-xenial - 4.4.0.241.247 linux-source - 4.4.0.241.247 linux-headers-lowlatency-lts-vivid - 4.4.0.241.247 linux-lowlatency - 4.4.0.241.247 linux-cloud-tools-lowlatency-lts-vivid - 4.4.0.241.247 linux-generic-lts-xenial - 4.4.0.241.247 linux-cloud-tools-generic - 4.4.0.241.247 linux-signed-lowlatency - 4.4.0.241.247 linux-tools-virtual - 4.4.0.241.247 linux-cloud-tools-generic-lts-vivid - 4.4.0.241.247 linux-tools-generic-lts-utopic - 4.4.0.241.247 linux-cloud-tools-lowlatency-lts-utopic - 4.4.0.241.247 linux-signed-image-generic-lts-vivid - 4.4.0.241.247 linux-image-virtual-lts-xenial - 4.4.0.241.247 linux-image-lowlatency-lts-utopic - 4.4.0.241.247 linux-virtual-lts-xenial - 4.4.0.241.247 linux-cloud-tools-virtual-lts-vivid - 4.4.0.241.247 linux-image-generic-lts-xenial - 4.4.0.241.247 linux-signed-image-generic-lts-wily - 4.4.0.241.247 linux-signed-image-lowlatency-lts-xenial - 4.4.0.241.247 linux-tools-virtual-lts-vivid - 4.4.0.241.247 linux-image-generic-lts-vivid - 4.4.0.241.247 linux-generic - 4.4.0.241.247 linux-tools-generic-lts-wily - 4.4.0.241.247 linux-virtual - 4.4.0.241.247 linux-tools-virtual-lts-utopic - 4.4.0.241.247 linux-headers-lowlatency - 4.4.0.241.247 linux-lowlatency-lts-vivid - 4.4.0.241.247 linux-generic-lts-wily - 4.4.0.241.247 linux-image-hwe-virtual-trusty - 4.4.0.241.247 linux-signed-image-generic-lts-xenial - 4.4.0.241.247 linux-generic-lts-vivid - 4.4.0.241.247 linux-headers-virtual-lts-xenial - 4.4.0.241.247 linux-headers-lowlatency-lts-utopic - 4.4.0.241.247 linux-hwe-generic-trusty - 4.4.0.241.247 linux-tools-generic - 4.4.0.241.247 linux-image-extra-virtual - 4.4.0.241.247 linux-headers-generic-lts-utopic - 4.4.0.241.247 linux-cloud-tools-virtual-lts-wily - 4.4.0.241.247 linux-cloud-tools-lowlatency - 4.4.0.241.247 linux-lowlatency-lts-utopic - 4.4.0.241.247 linux-tools-generic-lts-xenial - 4.4.0.241.247 linux-image-generic-lts-utopic - 4.4.0.241.247 linux-image-virtual-lts-wily - 4.4.0.241.247 linux-lowlatency-lts-wily - 4.4.0.241.247 linux-image-virtual-lts-utopic - 4.4.0.241.247 linux-headers-generic - 4.4.0.241.247 linux-tools-lts-utopic - 4.4.0.241.247 linux-generic-lts-utopic - 4.4.0.241.247 linux-image-hwe-generic-trusty - 4.4.0.241.247 linux-signed-image-lowlatency-lts-wily - 4.4.0.241.247 linux-headers-generic-lts-vivid - 4.4.0.241.247 linux-headers-virtual - 4.4.0.241.247 linux-cloud-tools-generic-lts-xenial - 4.4.0.241.247 linux-virtual-lts-wily - 4.4.0.241.247 linux-headers-virtual-lts-utopic - 4.4.0.241.247 linux-headers-virtual-lts-wily - 4.4.0.241.247 linux-signed-generic - 4.4.0.241.247 linux-hwe-virtual-trusty - 4.4.0.241.247 linux-image-lowlatency - 4.4.0.241.247 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-1073 CVE-2023-1380 CVE-2023-28328 CVE-2023-30456 CVE-2023-31436 CVE-2023-32233 Ubuntu 16.04 LTS It was discovered that Vim was using uninitialized memory when fuzzy matching, which could lead to invalid memory access. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10 and Ubuntu 23.04. (CVE-2023-2426) It was discovered that Vim was not properly performing bounds checks when processing register contents, which could lead to a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2023-2609) It was discovered that Vim was not properly limiting the length of substitution expression strings, which could lead to excessive memory consumption. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-2610) Update Instructions: Run `sudo pro fix USN-6154-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:7.4.1689-3ubuntu1.5+esm18 vim-nox-py2 - 2:7.4.1689-3ubuntu1.5+esm18 vim-gnome - 2:7.4.1689-3ubuntu1.5+esm18 vim-athena-py2 - 2:7.4.1689-3ubuntu1.5+esm18 vim-athena - 2:7.4.1689-3ubuntu1.5+esm18 vim-gtk - 2:7.4.1689-3ubuntu1.5+esm18 vim-gui-common - 2:7.4.1689-3ubuntu1.5+esm18 vim - 2:7.4.1689-3ubuntu1.5+esm18 vim-gtk3-py2 - 2:7.4.1689-3ubuntu1.5+esm18 vim-doc - 2:7.4.1689-3ubuntu1.5+esm18 vim-gtk-py2 - 2:7.4.1689-3ubuntu1.5+esm18 vim-tiny - 2:7.4.1689-3ubuntu1.5+esm18 vim-gnome-py2 - 2:7.4.1689-3ubuntu1.5+esm18 vim-gtk3 - 2:7.4.1689-3ubuntu1.5+esm18 vim-nox - 2:7.4.1689-3ubuntu1.5+esm18 vim-runtime - 2:7.4.1689-3ubuntu1.5+esm18 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-2426 CVE-2023-2609 CVE-2023-2610 Ubuntu 16.04 LTS USN-6155-1 fixed a vulnerability in Requests. This update provides the corresponding update for Ubuntu 16.04 ESM and 18.04 ESM. Original advisory details: Dennis Brinkrolf and Tobias Funke discovered that Requests incorrectly leaked Proxy-Authorization headers. A remote attacker could possibly use this issue to obtain sensitive information. Update Instructions: Run `sudo pro fix USN-6155-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-requests - 2.9.1-3ubuntu0.1+esm1 python-requests - 2.9.1-3ubuntu0.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-32681 Ubuntu 16.04 LTS It was discovered that Tornado incorrectly handled certain redirect. An remote attacker could possibly use this issue to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL. Update Instructions: Run `sudo pro fix USN-6159-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-tornado - 4.2.1-1ubuntu3.1+esm1 python3-tornado - 4.2.1-1ubuntu3.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-28370 Ubuntu 16.04 LTS It was discovered that pano13 did not properly validate the prefix provided for PTcrop's output. An attacker could use this issue to cause pano13 to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-20307) It was discovered that pano13 did not properly handle certain crafted TIFF images. An attacker could use this issue to cause pano13 to crash, resulting in a denial of service. (CVE-2021-33293) Update Instructions: Run `sudo pro fix USN-6163-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpano13-dev - 2.9.19+dfsg-2ubuntu0.1~esm1 libpano13-bin - 2.9.19+dfsg-2ubuntu0.1~esm1 libpano13-3 - 2.9.19+dfsg-2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-20307 CVE-2021-33293 Ubuntu 16.04 LTS USN-6164-1 fixed several vulnerabilities in c-ares. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Hannes Moesl discovered that c-ares incorrectly handled certain ipv6 addresses. An attacker could use this issue to cause c-ares to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-31130) Xiang Li discovered that c-ares incorrectly handled certain UDP packets. A remote attacker could possibly use this issue to cause c-res to crash, resulting in a denial of service. (CVE-2023-32067) Update Instructions: Run `sudo pro fix USN-6164-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc-ares-dev - 1.10.0-3ubuntu0.2+esm2 libc-ares2 - 1.10.0-3ubuntu0.2+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-31130 CVE-2023-32067 Ubuntu 16.04 LTS USN-6165-1 fixed vulnerabilities in GLib. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that GLib incorrectly handled non-normal GVariants. An attacker could use this issue to cause GLib to crash, resulting in a denial of service, or perform other unknown attacks. Update Instructions: Run `sudo pro fix USN-6165-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libglib2.0-0 - 2.48.2-0ubuntu4.8+esm3 libglib2.0-0-refdbg - 2.48.2-0ubuntu4.8+esm3 libglib2.0-bin - 2.48.2-0ubuntu4.8+esm3 libglib2.0-data - 2.48.2-0ubuntu4.8+esm3 libglib2.0-dev - 2.48.2-0ubuntu4.8+esm3 libglib2.0-doc - 2.48.2-0ubuntu4.8+esm3 libglib2.0-tests - 2.48.2-0ubuntu4.8+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-29499 CVE-2023-32611 CVE-2023-32636 CVE-2023-32643 CVE-2023-32665 Ubuntu 16.04 LTS USN-6166-1 fixed a vulnerability in libcap2. This update provides the corresponding update for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. Original advisory details: Richard Weinberger discovered that libcap2 incorrectly handled certain long input strings. An attacker could use this issue to cause libcap2 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-2603) Update Instructions: Run `sudo pro fix USN-6166-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcap2 - 1:2.24-12ubuntu0.1~esm1 libcap2-bin - 1:2.24-12ubuntu0.1~esm1 libpam-cap - 1:2.24-12ubuntu0.1~esm1 libcap-dev - 1:2.24-12ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-2603 Ubuntu 16.04 LTS It was discovered that QEMU did not properly manage the guest drivers when shared buffers are not allocated. A malicious guest driver could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-1050) It was discovered that QEMU did not properly check the size of the structure pointed to by the guest physical address pqxl. A malicious guest attacker could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-4144) It was discovered that QEMU did not properly manage memory in the ACPI Error Record Serialization Table (ERST) device. A malicious guest attacker could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10. (CVE-2022-4172) It was discovered that QEMU did not properly manage memory when DMA memory writes happen repeatedly in the lsi53c895a device. A malicious guest attacker could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2023-0330) Update Instructions: Run `sudo pro fix USN-6167-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.5+dfsg-5ubuntu10.51+esm2 qemu-user-static - 1:2.5+dfsg-5ubuntu10.51+esm2 qemu-system-misc - 1:2.5+dfsg-5ubuntu10.51+esm2 qemu-block-extra - 1:2.5+dfsg-5ubuntu10.51+esm2 qemu-system-s390x - 1:2.5+dfsg-5ubuntu10.51+esm2 qemu-kvm - 1:2.5+dfsg-5ubuntu10.51+esm2 qemu-user - 1:2.5+dfsg-5ubuntu10.51+esm2 qemu-guest-agent - 1:2.5+dfsg-5ubuntu10.51+esm2 qemu-system - 1:2.5+dfsg-5ubuntu10.51+esm2 qemu-utils - 1:2.5+dfsg-5ubuntu10.51+esm2 qemu-system-aarch64 - 1:2.5+dfsg-5ubuntu10.51+esm2 qemu-user-binfmt - 1:2.5+dfsg-5ubuntu10.51+esm2 qemu-system-x86 - 1:2.5+dfsg-5ubuntu10.51+esm2 qemu-system-arm - 1:2.5+dfsg-5ubuntu10.51+esm2 qemu-system-sparc - 1:2.5+dfsg-5ubuntu10.51+esm2 qemu - 1:2.5+dfsg-5ubuntu10.51+esm2 qemu-system-ppc - 1:2.5+dfsg-5ubuntu10.51+esm2 qemu-system-mips - 1:2.5+dfsg-5ubuntu10.51+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-1050 CVE-2022-4144 CVE-2022-4172 CVE-2023-0330 Ubuntu 16.04 LTS USN-6168-1 fixed a vulnerability in libx11. This update provides the corresponding update for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. Original advisory details: Gregory James Duck discovered that libx11 incorrectly handled certain Request, Event, or Error IDs. If a user were tricked into connecting to a malicious X Server, a remote attacker could possibly use this issue to cause libx11 to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6168-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libx11-6 - 2:1.6.3-1ubuntu2.2+esm2 libx11-data - 2:1.6.3-1ubuntu2.2+esm2 libx11-dev - 2:1.6.3-1ubuntu2.2+esm2 libx11-doc - 2:1.6.3-1ubuntu2.2+esm2 libx11-xcb-dev - 2:1.6.3-1ubuntu2.2+esm2 libx11-xcb1 - 2:1.6.3-1ubuntu2.2+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-3138 Ubuntu 16.04 LTS It was discovered that GNU SASL's GSSAPI server could make an out-of-bounds reads if given specially crafted GSS-API authentication data. A remote attacker could possibly use this issue to cause a denial of service or to expose sensitive information. Update Instructions: Run `sudo pro fix USN-6169-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgsasl7 - 1.8.0-8ubuntu2+esm1 libgsasl7-dev - 1.8.0-8ubuntu2+esm1 gsasl - 1.8.0-8ubuntu2+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Low CVE-2022-2469 Ubuntu 16.04 LTS It was discovered that PyPDF2 incorrectly handled certain PDF files. If a user or automated system were tricked into processing a specially crafted file, an attacker could possibly use this issue to consume system resources, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6176-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-pypdf2 - 1.25.1-1ubuntu0.1~esm1 python-pypdf2 - 1.25.1-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-24859 Ubuntu 16.04 LTS It was discovered that Jettison incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6177-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjettison-java - 1.2-3ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-40149 CVE-2022-40150 CVE-2022-45685 CVE-2022-45693 Ubuntu 16.04 LTS It was discovered that Jettison incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6179-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjettison-java - 1.2-3ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-1436 Ubuntu 16.04 LTS It was discovered that VLC could be made to read out of bounds when decoding image files. If a user were tricked into opening a crafted image file, a remote attacker could possibly use this issue to cause VLC to crash, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-19721) It was discovered that VLC could be made to write out of bounds when processing H.264 video files. If a user were tricked into opening a crafted H.264 video file, a remote attacker could possibly use this issue to cause VLC to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-13428) It was discovered that VLC could be made to read out of bounds when processing AVI video files. If a user were tricked into opening a crafted AVI video file, a remote attacker could possibly use this issue to cause VLC to crash, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-25801, CVE-2021-25802, CVE-2021-25803, CVE-2021-25804) It was discovered that the VNC module of VLC contained an arithmetic overflow. If a user were tricked into opening a crafted playlist or connecting to a rouge VNC server, a remote attacker could possibly use this issue to cause VLC to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2022-41325) Update Instructions: Run `sudo pro fix USN-6180-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvlc-dev - 2.2.2-5ubuntu0.16.04.5+esm2 libvlc5 - 2.2.2-5ubuntu0.16.04.5+esm2 libvlccore-dev - 2.2.2-5ubuntu0.16.04.5+esm2 libvlccore8 - 2.2.2-5ubuntu0.16.04.5+esm2 vlc - 2.2.2-5ubuntu0.16.04.5+esm2 vlc-data - 2.2.2-5ubuntu0.16.04.5+esm2 vlc-nox - 2.2.2-5ubuntu0.16.04.5+esm2 vlc-plugin-fluidsynth - 2.2.2-5ubuntu0.16.04.5+esm2 vlc-plugin-jack - 2.2.2-5ubuntu0.16.04.5+esm2 vlc-plugin-notify - 2.2.2-5ubuntu0.16.04.5+esm2 vlc-plugin-samba - 2.2.2-5ubuntu0.16.04.5+esm2 vlc-plugin-sdl - 2.2.2-5ubuntu0.16.04.5+esm2 vlc-plugin-svg - 2.2.2-5ubuntu0.16.04.5+esm2 vlc-plugin-zvbi - 2.2.2-5ubuntu0.16.04.5+esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-19721 CVE-2020-13428 CVE-2021-25801 CVE-2021-25802 CVE-2021-25803 CVE-2021-25804 CVE-2022-41325 Ubuntu 16.04 LTS It was discovered that pngcheck incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6182-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: pngcheck - 2.3.0-7ubuntu0.16.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-27818 CVE-2020-35511 Ubuntu 16.04 LTS USN-6183-1 fixed vulnerabilities in Bind. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered that Bind incorrectly handled the cache size limit. A remote attacker could possibly use this issue to consume memory, leading to a denial of service. (CVE-2023-2828) It was discovered that Bind incorrectly handled the recursive-clients quota. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. (CVE-2023-2911) Update Instructions: Run `sudo pro fix USN-6183-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bind9 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm6 bind9-doc - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm6 bind9-host - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm6 bind9utils - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm6 dnsutils - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm6 host - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm6 libbind-dev - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm6 libbind-export-dev - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm6 libbind9-140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm6 libdns-export162 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm6 libdns162 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm6 libirs-export141 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm6 libirs141 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm6 libisc-export160 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm6 libisc160 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm6 libisccc-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm6 libisccc-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm6 libisccc140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm6 libisccfg-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm6 libisccfg140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm6 liblwres141 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm6 lwresd - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-2828 Ubuntu 16.04 LTS USN-6184-1 fixed a vulnerability in CUPS. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that CUPS incorrectly handled certain memory operations. An attacker could possibly use this issue to cause CUPS to crash, resulting in a denial of service, or to possibly obtain sensitive information. Update Instructions: Run `sudo pro fix USN-6184-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cups - 2.1.3-4ubuntu0.11+esm3 cups-bsd - 2.1.3-4ubuntu0.11+esm3 cups-client - 2.1.3-4ubuntu0.11+esm3 cups-common - 2.1.3-4ubuntu0.11+esm3 cups-core-drivers - 2.1.3-4ubuntu0.11+esm3 cups-daemon - 2.1.3-4ubuntu0.11+esm3 cups-ipp-utils - 2.1.3-4ubuntu0.11+esm3 cups-ppdc - 2.1.3-4ubuntu0.11+esm3 cups-server-common - 2.1.3-4ubuntu0.11+esm3 libcups2 - 2.1.3-4ubuntu0.11+esm3 libcups2-dev - 2.1.3-4ubuntu0.11+esm3 libcupscgi1 - 2.1.3-4ubuntu0.11+esm3 libcupscgi1-dev - 2.1.3-4ubuntu0.11+esm3 libcupsimage2 - 2.1.3-4ubuntu0.11+esm3 libcupsimage2-dev - 2.1.3-4ubuntu0.11+esm3 libcupsmime1 - 2.1.3-4ubuntu0.11+esm3 libcupsmime1-dev - 2.1.3-4ubuntu0.11+esm3 libcupsppdc1 - 2.1.3-4ubuntu0.11+esm3 libcupsppdc1-dev - 2.1.3-4ubuntu0.11+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-34241 Ubuntu 16.04 LTS Matt Caswell discovered that OpenSSL incorrectly handled certain ASN.1 object identifiers. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6188-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl-dev - 1.0.2g-1ubuntu4.20+esm9 libssl-doc - 1.0.2g-1ubuntu4.20+esm9 libssl1.0.0 - 1.0.2g-1ubuntu4.20+esm9 openssl - 1.0.2g-1ubuntu4.20+esm9 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-2650 Ubuntu 16.04 LTS USN-6190-1 fixed a vulnerability in AccountsService. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Kevin Backhouse discovered that AccountsService incorrectly handled certain D-Bus messages. A local attacker could use this issue to cause AccountsService to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6190-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: accountsservice - 0.6.40-2ubuntu11.6+esm1 gir1.2-accountsservice-1.0 - 0.6.40-2ubuntu11.6+esm1 libaccountsservice-dev - 0.6.40-2ubuntu11.6+esm1 libaccountsservice-doc - 0.6.40-2ubuntu11.6+esm1 libaccountsservice0 - 0.6.40-2ubuntu11.6+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-3297 Ubuntu 16.04 LTS USN-6081-1, USN-6084-1, USN-6092-1 and USN-6095-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a spurious warning in the IPv6 subsystem. This update removes the undesired warning message. Update Instructions: Run `sudo pro fix USN-6191-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1121-oracle - 4.15.0-1121.132~16.04.1 linux-headers-4.15.0-1121-oracle - 4.15.0-1121.132~16.04.1 linux-image-4.15.0-1121-oracle - 4.15.0-1121.132~16.04.1 linux-image-unsigned-4.15.0-1121-oracle - 4.15.0-1121.132~16.04.1 linux-modules-4.15.0-1121-oracle - 4.15.0-1121.132~16.04.1 linux-modules-extra-4.15.0-1121-oracle - 4.15.0-1121.132~16.04.1 linux-oracle-headers-4.15.0-1121 - 4.15.0-1121.132~16.04.1 linux-oracle-tools-4.15.0-1121 - 4.15.0-1121.132~16.04.1 linux-tools-4.15.0-1121-oracle - 4.15.0-1121.132~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-1152-gcp - 4.15.0-1152.168~16.04.1 linux-gcp-headers-4.15.0-1152 - 4.15.0-1152.168~16.04.1 linux-gcp-tools-4.15.0-1152 - 4.15.0-1152.168~16.04.1 linux-headers-4.15.0-1152-gcp - 4.15.0-1152.168~16.04.1 linux-image-4.15.0-1152-gcp - 4.15.0-1152.168~16.04.1 linux-image-unsigned-4.15.0-1152-gcp - 4.15.0-1152.168~16.04.1 linux-modules-4.15.0-1152-gcp - 4.15.0-1152.168~16.04.1 linux-modules-extra-4.15.0-1152-gcp - 4.15.0-1152.168~16.04.1 linux-tools-4.15.0-1152-gcp - 4.15.0-1152.168~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-headers-4.15.0-1158 - 4.15.0-1158.171~16.04.1 linux-aws-hwe-cloud-tools-4.15.0-1158 - 4.15.0-1158.171~16.04.1 linux-aws-hwe-tools-4.15.0-1158 - 4.15.0-1158.171~16.04.1 linux-buildinfo-4.15.0-1158-aws - 4.15.0-1158.171~16.04.1 linux-cloud-tools-4.15.0-1158-aws - 4.15.0-1158.171~16.04.1 linux-headers-4.15.0-1158-aws - 4.15.0-1158.171~16.04.1 linux-image-4.15.0-1158-aws - 4.15.0-1158.171~16.04.1 linux-image-unsigned-4.15.0-1158-aws - 4.15.0-1158.171~16.04.1 linux-modules-4.15.0-1158-aws - 4.15.0-1158.171~16.04.1 linux-modules-extra-4.15.0-1158-aws - 4.15.0-1158.171~16.04.1 linux-tools-4.15.0-1158-aws - 4.15.0-1158.171~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-cloud-tools-4.15.0-1167 - 4.15.0-1167.182~16.04.1 linux-azure-headers-4.15.0-1167 - 4.15.0-1167.182~16.04.1 linux-azure-tools-4.15.0-1167 - 4.15.0-1167.182~16.04.1 linux-buildinfo-4.15.0-1167-azure - 4.15.0-1167.182~16.04.1 linux-cloud-tools-4.15.0-1167-azure - 4.15.0-1167.182~16.04.1 linux-headers-4.15.0-1167-azure - 4.15.0-1167.182~16.04.1 linux-image-4.15.0-1167-azure - 4.15.0-1167.182~16.04.1 linux-image-unsigned-4.15.0-1167-azure - 4.15.0-1167.182~16.04.1 linux-modules-4.15.0-1167-azure - 4.15.0-1167.182~16.04.1 linux-modules-extra-4.15.0-1167-azure - 4.15.0-1167.182~16.04.1 linux-tools-4.15.0-1167-azure - 4.15.0-1167.182~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-213-generic - 4.15.0-213.224~16.04.1 linux-buildinfo-4.15.0-213-lowlatency - 4.15.0-213.224~16.04.1 linux-cloud-tools-4.15.0-213-generic - 4.15.0-213.224~16.04.1 linux-cloud-tools-4.15.0-213-lowlatency - 4.15.0-213.224~16.04.1 linux-headers-4.15.0-213 - 4.15.0-213.224~16.04.1 linux-headers-4.15.0-213-generic - 4.15.0-213.224~16.04.1 linux-headers-4.15.0-213-lowlatency - 4.15.0-213.224~16.04.1 linux-hwe-cloud-tools-4.15.0-213 - 4.15.0-213.224~16.04.1 linux-hwe-tools-4.15.0-213 - 4.15.0-213.224~16.04.1 linux-image-4.15.0-213-generic - 4.15.0-213.224~16.04.1 linux-image-4.15.0-213-lowlatency - 4.15.0-213.224~16.04.1 linux-image-unsigned-4.15.0-213-generic - 4.15.0-213.224~16.04.1 linux-image-unsigned-4.15.0-213-lowlatency - 4.15.0-213.224~16.04.1 linux-modules-4.15.0-213-generic - 4.15.0-213.224~16.04.1 linux-modules-4.15.0-213-lowlatency - 4.15.0-213.224~16.04.1 linux-modules-extra-4.15.0-213-generic - 4.15.0-213.224~16.04.1 linux-source-4.15.0 - 4.15.0-213.224~16.04.1 linux-tools-4.15.0-213-generic - 4.15.0-213.224~16.04.1 linux-tools-4.15.0-213-lowlatency - 4.15.0-213.224~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 4.15.0.1121.102 linux-image-oracle - 4.15.0.1121.102 linux-oracle - 4.15.0.1121.102 linux-signed-image-oracle - 4.15.0.1121.102 linux-signed-oracle - 4.15.0.1121.102 linux-tools-oracle - 4.15.0.1121.102 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp - 4.15.0.1152.142 linux-gke - 4.15.0.1152.142 linux-headers-gcp - 4.15.0.1152.142 linux-headers-gke - 4.15.0.1152.142 linux-image-gcp - 4.15.0.1152.142 linux-image-gke - 4.15.0.1152.142 linux-modules-extra-gcp - 4.15.0.1152.142 linux-modules-extra-gke - 4.15.0.1152.142 linux-tools-gcp - 4.15.0.1152.142 linux-tools-gke - 4.15.0.1152.142 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-edge - 4.15.0.1158.141 linux-aws-hwe - 4.15.0.1158.141 linux-headers-aws-hwe - 4.15.0.1158.141 linux-image-aws-hwe - 4.15.0.1158.141 linux-modules-extra-aws-hwe - 4.15.0.1158.141 linux-tools-aws-hwe - 4.15.0.1158.141 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 4.15.0.1167.151 linux-azure-edge - 4.15.0.1167.151 linux-cloud-tools-azure - 4.15.0.1167.151 linux-cloud-tools-azure-edge - 4.15.0.1167.151 linux-headers-azure - 4.15.0.1167.151 linux-headers-azure-edge - 4.15.0.1167.151 linux-image-azure - 4.15.0.1167.151 linux-image-azure-edge - 4.15.0.1167.151 linux-modules-extra-azure - 4.15.0.1167.151 linux-modules-extra-azure-edge - 4.15.0.1167.151 linux-signed-azure - 4.15.0.1167.151 linux-signed-azure-edge - 4.15.0.1167.151 linux-signed-image-azure - 4.15.0.1167.151 linux-signed-image-azure-edge - 4.15.0.1167.151 linux-tools-azure - 4.15.0.1167.151 linux-tools-azure-edge - 4.15.0.1167.151 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-hwe-16.04 - 4.15.0.213.198 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.213.198 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.213.198 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.213.198 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.213.198 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.213.198 linux-generic-hwe-16.04 - 4.15.0.213.198 linux-generic-hwe-16.04-edge - 4.15.0.213.198 linux-headers-generic-hwe-16.04 - 4.15.0.213.198 linux-headers-generic-hwe-16.04-edge - 4.15.0.213.198 linux-headers-lowlatency-hwe-16.04 - 4.15.0.213.198 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.213.198 linux-headers-oem - 4.15.0.213.198 linux-headers-virtual-hwe-16.04 - 4.15.0.213.198 linux-headers-virtual-hwe-16.04-edge - 4.15.0.213.198 linux-image-extra-virtual-hwe-16.04 - 4.15.0.213.198 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.213.198 linux-image-generic-hwe-16.04 - 4.15.0.213.198 linux-image-generic-hwe-16.04-edge - 4.15.0.213.198 linux-image-lowlatency-hwe-16.04 - 4.15.0.213.198 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.213.198 linux-image-oem - 4.15.0.213.198 linux-image-virtual-hwe-16.04 - 4.15.0.213.198 linux-image-virtual-hwe-16.04-edge - 4.15.0.213.198 linux-lowlatency-hwe-16.04 - 4.15.0.213.198 linux-lowlatency-hwe-16.04-edge - 4.15.0.213.198 linux-oem - 4.15.0.213.198 linux-signed-generic-hwe-16.04 - 4.15.0.213.198 linux-signed-generic-hwe-16.04-edge - 4.15.0.213.198 linux-signed-image-generic-hwe-16.04 - 4.15.0.213.198 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.213.198 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.213.198 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.213.198 linux-signed-image-oem - 4.15.0.213.198 linux-signed-lowlatency-hwe-16.04 - 4.15.0.213.198 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.213.198 linux-signed-oem - 4.15.0.213.198 linux-tools-generic-hwe-16.04 - 4.15.0.213.198 linux-tools-generic-hwe-16.04-edge - 4.15.0.213.198 linux-tools-lowlatency-hwe-16.04 - 4.15.0.213.198 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.213.198 linux-tools-oem - 4.15.0.213.198 linux-tools-virtual-hwe-16.04 - 4.15.0.213.198 linux-tools-virtual-hwe-16.04-edge - 4.15.0.213.198 linux-virtual-hwe-16.04 - 4.15.0.213.198 linux-virtual-hwe-16.04-edge - 4.15.0.213.198 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/2020279 Ubuntu 16.04 LTS It was discovered that OpenLDAP was not properly performing bounds checks when executing functions related to LDAP URLs. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6197-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ldap-utils - 2.4.42+dfsg-2ubuntu3.13+esm2 libldap-2.4-2 - 2.4.42+dfsg-2ubuntu3.13+esm2 libldap2-dev - 2.4.42+dfsg-2ubuntu3.13+esm2 slapd - 2.4.42+dfsg-2ubuntu3.13+esm2 slapd-smbk5pwd - 2.4.42+dfsg-2ubuntu3.13+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-2953 Ubuntu 16.04 LTS It was discovered that GNU Screen was not properly checking user identifiers before sending certain signals to target processes. If GNU Screen was installed as setuid or setgid, a local attacker could possibly use this issue to cause a denial of service on a target application. Update Instructions: Run `sudo pro fix USN-6198-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: screen - 4.3.1-2ubuntu0.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-24626 Ubuntu 16.04 LTS USN-6199-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that PHP incorrectly handled certain Digest authentication for SOAP. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-6199-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-php7.0 - 7.0.33-0ubuntu0.16.04.16+esm7 libphp7.0-embed - 7.0.33-0ubuntu0.16.04.16+esm7 php7.0 - 7.0.33-0ubuntu0.16.04.16+esm7 php7.0-bcmath - 7.0.33-0ubuntu0.16.04.16+esm7 php7.0-bz2 - 7.0.33-0ubuntu0.16.04.16+esm7 php7.0-cgi - 7.0.33-0ubuntu0.16.04.16+esm7 php7.0-cli - 7.0.33-0ubuntu0.16.04.16+esm7 php7.0-common - 7.0.33-0ubuntu0.16.04.16+esm7 php7.0-curl - 7.0.33-0ubuntu0.16.04.16+esm7 php7.0-dba - 7.0.33-0ubuntu0.16.04.16+esm7 php7.0-dev - 7.0.33-0ubuntu0.16.04.16+esm7 php7.0-enchant - 7.0.33-0ubuntu0.16.04.16+esm7 php7.0-fpm - 7.0.33-0ubuntu0.16.04.16+esm7 php7.0-gd - 7.0.33-0ubuntu0.16.04.16+esm7 php7.0-gmp - 7.0.33-0ubuntu0.16.04.16+esm7 php7.0-imap - 7.0.33-0ubuntu0.16.04.16+esm7 php7.0-interbase - 7.0.33-0ubuntu0.16.04.16+esm7 php7.0-intl - 7.0.33-0ubuntu0.16.04.16+esm7 php7.0-json - 7.0.33-0ubuntu0.16.04.16+esm7 php7.0-ldap - 7.0.33-0ubuntu0.16.04.16+esm7 php7.0-mbstring - 7.0.33-0ubuntu0.16.04.16+esm7 php7.0-mcrypt - 7.0.33-0ubuntu0.16.04.16+esm7 php7.0-mysql - 7.0.33-0ubuntu0.16.04.16+esm7 php7.0-odbc - 7.0.33-0ubuntu0.16.04.16+esm7 php7.0-opcache - 7.0.33-0ubuntu0.16.04.16+esm7 php7.0-pgsql - 7.0.33-0ubuntu0.16.04.16+esm7 php7.0-phpdbg - 7.0.33-0ubuntu0.16.04.16+esm7 php7.0-pspell - 7.0.33-0ubuntu0.16.04.16+esm7 php7.0-readline - 7.0.33-0ubuntu0.16.04.16+esm7 php7.0-recode - 7.0.33-0ubuntu0.16.04.16+esm7 php7.0-snmp - 7.0.33-0ubuntu0.16.04.16+esm7 php7.0-soap - 7.0.33-0ubuntu0.16.04.16+esm7 php7.0-sqlite3 - 7.0.33-0ubuntu0.16.04.16+esm7 php7.0-sybase - 7.0.33-0ubuntu0.16.04.16+esm7 php7.0-tidy - 7.0.33-0ubuntu0.16.04.16+esm7 php7.0-xml - 7.0.33-0ubuntu0.16.04.16+esm7 php7.0-xmlrpc - 7.0.33-0ubuntu0.16.04.16+esm7 php7.0-xsl - 7.0.33-0ubuntu0.16.04.16+esm7 php7.0-zip - 7.0.33-0ubuntu0.16.04.16+esm7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-3247 Ubuntu 16.04 LTS It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arbitrary code execution. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-29599) It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-20224) Zhang Xiaohui discovered that ImageMagick incorrectly handled certain values when processing image data. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-20241, CVE-2021-20243) It was discovered that ImageMagick incorrectly handled certain values when processing visual effects based image files. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-20244, CVE-2021-20309) It was discovered that ImageMagick incorrectly handled certain values when performing resampling operations. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-20246) It was discovered that ImageMagick incorrectly handled certain values when processing thumbnail image data. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-20312) It was discovered that ImageMagick incorrectly handled memory cleanup when performing certain cryptographic operations. Under certain conditions sensitive cryptographic information could be disclosed. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-20313) It was discovered that ImageMagick did not use the correct rights when specifically excluded by a module policy. An attacker could use this issue to read and write certain restricted files. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-39212) It was discovered that ImageMagick incorrectly handled memory under certain circumstances. If a user were tricked into opening a specially crafted image file, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 20.04 LTS. (CVE-2022-28463, CVE-2022-32545, CVE-2022-32546, CVE-2022-32547) It was discovered that ImageMagick incorrectly handled memory under certain circumstances. If a user were tricked into opening a specially crafted image file, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. (CVE-2021-3610, CVE-2023-1906, CVE-2023-3428) It was discovered that ImageMagick incorrectly handled certain values when processing specially crafted SVG files. By tricking a user into opening a specially crafted SVG file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. (CVE-2023-1289) It was discovered that ImageMagick incorrectly handled memory under certain circumstances. If a user were tricked into opening a specially crafted tiff file, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. (CVE-2023-3195) It was discovered that ImageMagick incorrectly handled memory under certain circumstances. If a user were tricked into opening a specially crafted image file, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact. (CVE-2023-34151) Update Instructions: Run `sudo pro fix USN-6200-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick - 8:6.8.9.9-7ubuntu5.16+esm8 imagemagick-6.q16 - 8:6.8.9.9-7ubuntu5.16+esm8 imagemagick-common - 8:6.8.9.9-7ubuntu5.16+esm8 imagemagick-doc - 8:6.8.9.9-7ubuntu5.16+esm8 libimage-magick-perl - 8:6.8.9.9-7ubuntu5.16+esm8 libimage-magick-q16-perl - 8:6.8.9.9-7ubuntu5.16+esm8 libmagick++-6-headers - 8:6.8.9.9-7ubuntu5.16+esm8 libmagick++-6.q16-5v5 - 8:6.8.9.9-7ubuntu5.16+esm8 libmagick++-6.q16-dev - 8:6.8.9.9-7ubuntu5.16+esm8 libmagick++-dev - 8:6.8.9.9-7ubuntu5.16+esm8 libmagickcore-6-arch-config - 8:6.8.9.9-7ubuntu5.16+esm8 libmagickcore-6-headers - 8:6.8.9.9-7ubuntu5.16+esm8 libmagickcore-6.q16-2 - 8:6.8.9.9-7ubuntu5.16+esm8 libmagickcore-6.q16-2-extra - 8:6.8.9.9-7ubuntu5.16+esm8 libmagickcore-6.q16-dev - 8:6.8.9.9-7ubuntu5.16+esm8 libmagickcore-dev - 8:6.8.9.9-7ubuntu5.16+esm8 libmagickwand-6-headers - 8:6.8.9.9-7ubuntu5.16+esm8 libmagickwand-6.q16-2 - 8:6.8.9.9-7ubuntu5.16+esm8 libmagickwand-6.q16-dev - 8:6.8.9.9-7ubuntu5.16+esm8 libmagickwand-dev - 8:6.8.9.9-7ubuntu5.16+esm8 perlmagick - 8:6.8.9.9-7ubuntu5.16+esm8 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-29599 CVE-2021-20224 CVE-2021-20241 CVE-2021-20243 CVE-2021-20244 CVE-2021-20246 CVE-2021-20309 CVE-2021-20312 CVE-2021-20313 CVE-2021-3610 CVE-2021-39212 CVE-2022-28463 CVE-2022-32545 CVE-2022-32546 CVE-2022-32547 CVE-2023-1289 CVE-2023-1906 CVE-2023-3195 CVE-2023-34151 CVE-2023-3428 Ubuntu 16.04 LTS David Korczynski and Adam Korczynski discovered that containerd incorrectly processed certain images with large files. An attacker could possibly use this issue to cause containerd to crash, resulting in a denial of service. (CVE-2023-25153) It was discovered that containerd incorrectly set up supplementary groups inside a container. An attacker with direct access to the container could possibly use this issue to obtain sensitive information or execute code with higher privileges. (CVE-2023-25173) Update Instructions: Run `sudo pro fix USN-6202-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: containerd - 1.2.6-0ubuntu1~16.04.6+esm4 golang-github-docker-containerd-dev - 1.2.6-0ubuntu1~16.04.6+esm4 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-25153 CVE-2023-25173 Ubuntu 16.04 LTS It was discovered that Gorilla WebSocket incorrectly handled decoding WebSocket frames. An attacker could possibly use this issue to cause a crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6208-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: golang-websocket-dev - 0.0~git20150811.0.b6ab76f-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-27813 Ubuntu 16.04 LTS Claudio Bozzato discovered that Gerbv incorrectly handled certain Gerber files. An attacker could possibly use this issue to crash Gerbv (resulting in a denial of service), or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-40391, CVE-2021-40394) Claudio Bozzato discovered that Gerbv incorrectly handled certain Gerber files. An attacker could possibly use this issue to disclose information, crash Gerbv (resulting in a denial of service), or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-40393) Claudio Bozzato discovered that Gerbv incorrectly handled certain Gerber files. An attacker could possibly use this issue to disclose information. (CVE-2021-40400, CVE-2021-40403) Claudio Bozzato discovered that Gerbv incorrectly handled certain Gerber files. An attacker could possibly use this issue to disclose information, crash Gerbv (resulting in a denial of service), or execute arbitrary code. (CVE-2021-40401) Update Instructions: Run `sudo pro fix USN-6209-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gerbv - 2.6.0-1ubuntu0.16.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-40391 CVE-2021-40393 CVE-2021-40394 CVE-2021-40400 CVE-2021-40401 CVE-2021-40403 Ubuntu 16.04 LTS It was discovered that Doorkeeper incorrectly performed authorization checks for public clients that have been previous approved. An attacker could potentially exploit these in order to impersonate another user and obtain sensitive information. Update Instructions: Run `sudo pro fix USN-6210-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby-doorkeeper - 2.2.1-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2023-34246 Ubuntu 16.04 LTS It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.10 and Ubuntu 20.04 LTS. (CVE-2023-28755) It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. This issue exists because of an incomplete fix for CVE-2023-28755. (CVE-2023-36617) Update Instructions: Run `sudo pro fix USN-6219-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libruby2.3 - 2.3.1-2~ubuntu16.04.16+esm8 ruby2.3 - 2.3.1-2~ubuntu16.04.16+esm8 ruby2.3-dev - 2.3.1-2~ubuntu16.04.16+esm8 ruby2.3-doc - 2.3.1-2~ubuntu16.04.16+esm8 ruby2.3-tcltk - 2.3.1-2~ubuntu16.04.16+esm8 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-28755 CVE-2023-36617 Ubuntu 16.04 LTS It was discovered that a race condition existed in the overlay file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-20321) It was discovered that the virtual terminal (vt) device implementation in the Linux kernel contained a race condition in its ioctl handling that led to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information. (CVE-2021-3753) It was discovered that the ext4 file system implementation in the Linux kernel contained a use-after-free vulnerability. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service (system crash). (CVE-2022-1184) Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan and Ariel Sabba discovered that some Intel processors with Enhanced Indirect Branch Restricted Speculation (eIBRS) did not properly handle RET instructions after a VM exits. A local attacker could potentially use this to expose sensitive information. (CVE-2022-26373) Johannes Wikner and Kaveh Razavi discovered that for some Intel x86-64 processors, the Linux kernel's protections against speculative branch target injection attacks were insufficient in some circumstances. A local attacker could possibly use this to expose sensitive information. (CVE-2022-29901) It was discovered that the ST NCI NFC driver did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2023-1990) It was discovered that the btrfs file system implementation in the Linux kernel did not properly handle error conditions in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-3111) Update Instructions: Run `sudo pro fix USN-6221-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.4.0-1121-kvm - 4.4.0-1121.131 linux-cloud-tools-4.4.0-1121-kvm - 4.4.0-1121.131 linux-headers-4.4.0-1121-kvm - 4.4.0-1121.131 linux-image-4.4.0-1121-kvm - 4.4.0-1121.131 linux-kvm-cloud-tools-4.4.0-1121 - 4.4.0-1121.131 linux-kvm-headers-4.4.0-1121 - 4.4.0-1121.131 linux-kvm-tools-4.4.0-1121 - 4.4.0-1121.131 linux-modules-4.4.0-1121-kvm - 4.4.0-1121.131 linux-tools-4.4.0-1121-kvm - 4.4.0-1121.131 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-cloud-tools-4.4.0-1158 - 4.4.0-1158.173 linux-aws-headers-4.4.0-1158 - 4.4.0-1158.173 linux-aws-tools-4.4.0-1158 - 4.4.0-1158.173 linux-buildinfo-4.4.0-1158-aws - 4.4.0-1158.173 linux-cloud-tools-4.4.0-1158-aws - 4.4.0-1158.173 linux-headers-4.4.0-1158-aws - 4.4.0-1158.173 linux-image-4.4.0-1158-aws - 4.4.0-1158.173 linux-modules-4.4.0-1158-aws - 4.4.0-1158.173 linux-modules-extra-4.4.0-1158-aws - 4.4.0-1158.173 linux-tools-4.4.0-1158-aws - 4.4.0-1158.173 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.4.0-242-generic - 4.4.0-242.276 linux-buildinfo-4.4.0-242-lowlatency - 4.4.0-242.276 linux-cloud-tools-4.4.0-242 - 4.4.0-242.276 linux-cloud-tools-4.4.0-242-generic - 4.4.0-242.276 linux-cloud-tools-4.4.0-242-lowlatency - 4.4.0-242.276 linux-cloud-tools-common - 4.4.0-242.276 linux-doc - 4.4.0-242.276 linux-headers-4.4.0-242 - 4.4.0-242.276 linux-headers-4.4.0-242-generic - 4.4.0-242.276 linux-headers-4.4.0-242-lowlatency - 4.4.0-242.276 linux-image-4.4.0-242-generic - 4.4.0-242.276 linux-image-4.4.0-242-lowlatency - 4.4.0-242.276 linux-image-unsigned-4.4.0-242-generic - 4.4.0-242.276 linux-image-unsigned-4.4.0-242-lowlatency - 4.4.0-242.276 linux-libc-dev - 4.4.0-242.276 linux-modules-4.4.0-242-generic - 4.4.0-242.276 linux-modules-4.4.0-242-lowlatency - 4.4.0-242.276 linux-modules-extra-4.4.0-242-generic - 4.4.0-242.276 linux-source-4.4.0 - 4.4.0-242.276 linux-tools-4.4.0-242 - 4.4.0-242.276 linux-tools-4.4.0-242-generic - 4.4.0-242.276 linux-tools-4.4.0-242-lowlatency - 4.4.0-242.276 linux-tools-common - 4.4.0-242.276 linux-tools-host - 4.4.0-242.276 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-kvm - 4.4.0.1121.118 linux-image-kvm - 4.4.0.1121.118 linux-kvm - 4.4.0.1121.118 linux-tools-kvm - 4.4.0.1121.118 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 4.4.0.1158.162 linux-headers-aws - 4.4.0.1158.162 linux-image-aws - 4.4.0.1158.162 linux-modules-extra-aws - 4.4.0.1158.162 linux-tools-aws - 4.4.0.1158.162 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic - 4.4.0.242.248 linux-cloud-tools-generic-lts-utopic - 4.4.0.242.248 linux-cloud-tools-generic-lts-vivid - 4.4.0.242.248 linux-cloud-tools-generic-lts-wily - 4.4.0.242.248 linux-cloud-tools-generic-lts-xenial - 4.4.0.242.248 linux-cloud-tools-lowlatency - 4.4.0.242.248 linux-cloud-tools-lowlatency-lts-utopic - 4.4.0.242.248 linux-cloud-tools-lowlatency-lts-vivid - 4.4.0.242.248 linux-cloud-tools-lowlatency-lts-wily - 4.4.0.242.248 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.242.248 linux-cloud-tools-virtual - 4.4.0.242.248 linux-cloud-tools-virtual-lts-utopic - 4.4.0.242.248 linux-cloud-tools-virtual-lts-vivid - 4.4.0.242.248 linux-cloud-tools-virtual-lts-wily - 4.4.0.242.248 linux-cloud-tools-virtual-lts-xenial - 4.4.0.242.248 linux-crashdump - 4.4.0.242.248 linux-generic - 4.4.0.242.248 linux-generic-lts-utopic - 4.4.0.242.248 linux-generic-lts-vivid - 4.4.0.242.248 linux-generic-lts-wily - 4.4.0.242.248 linux-generic-lts-xenial - 4.4.0.242.248 linux-headers-generic - 4.4.0.242.248 linux-headers-generic-lts-utopic - 4.4.0.242.248 linux-headers-generic-lts-vivid - 4.4.0.242.248 linux-headers-generic-lts-wily - 4.4.0.242.248 linux-headers-generic-lts-xenial - 4.4.0.242.248 linux-headers-lowlatency - 4.4.0.242.248 linux-headers-lowlatency-lts-utopic - 4.4.0.242.248 linux-headers-lowlatency-lts-vivid - 4.4.0.242.248 linux-headers-lowlatency-lts-wily - 4.4.0.242.248 linux-headers-lowlatency-lts-xenial - 4.4.0.242.248 linux-headers-virtual - 4.4.0.242.248 linux-headers-virtual-lts-utopic - 4.4.0.242.248 linux-headers-virtual-lts-vivid - 4.4.0.242.248 linux-headers-virtual-lts-wily - 4.4.0.242.248 linux-headers-virtual-lts-xenial - 4.4.0.242.248 linux-hwe-generic-trusty - 4.4.0.242.248 linux-hwe-virtual-trusty - 4.4.0.242.248 linux-image-extra-virtual - 4.4.0.242.248 linux-image-extra-virtual-lts-utopic - 4.4.0.242.248 linux-image-extra-virtual-lts-vivid - 4.4.0.242.248 linux-image-extra-virtual-lts-wily - 4.4.0.242.248 linux-image-extra-virtual-lts-xenial - 4.4.0.242.248 linux-image-generic - 4.4.0.242.248 linux-image-generic-lts-utopic - 4.4.0.242.248 linux-image-generic-lts-vivid - 4.4.0.242.248 linux-image-generic-lts-wily - 4.4.0.242.248 linux-image-generic-lts-xenial - 4.4.0.242.248 linux-image-hwe-generic-trusty - 4.4.0.242.248 linux-image-hwe-virtual-trusty - 4.4.0.242.248 linux-image-lowlatency - 4.4.0.242.248 linux-image-lowlatency-lts-utopic - 4.4.0.242.248 linux-image-lowlatency-lts-vivid - 4.4.0.242.248 linux-image-lowlatency-lts-wily - 4.4.0.242.248 linux-image-lowlatency-lts-xenial - 4.4.0.242.248 linux-image-virtual - 4.4.0.242.248 linux-image-virtual-lts-utopic - 4.4.0.242.248 linux-image-virtual-lts-vivid - 4.4.0.242.248 linux-image-virtual-lts-wily - 4.4.0.242.248 linux-image-virtual-lts-xenial - 4.4.0.242.248 linux-lowlatency - 4.4.0.242.248 linux-lowlatency-lts-utopic - 4.4.0.242.248 linux-lowlatency-lts-vivid - 4.4.0.242.248 linux-lowlatency-lts-wily - 4.4.0.242.248 linux-lowlatency-lts-xenial - 4.4.0.242.248 linux-signed-generic - 4.4.0.242.248 linux-signed-generic-lts-utopic - 4.4.0.242.248 linux-signed-generic-lts-vivid - 4.4.0.242.248 linux-signed-generic-lts-wily - 4.4.0.242.248 linux-signed-generic-lts-xenial - 4.4.0.242.248 linux-signed-image-generic - 4.4.0.242.248 linux-signed-image-generic-lts-utopic - 4.4.0.242.248 linux-signed-image-generic-lts-vivid - 4.4.0.242.248 linux-signed-image-generic-lts-wily - 4.4.0.242.248 linux-signed-image-generic-lts-xenial - 4.4.0.242.248 linux-signed-image-lowlatency - 4.4.0.242.248 linux-signed-image-lowlatency-lts-wily - 4.4.0.242.248 linux-signed-image-lowlatency-lts-xenial - 4.4.0.242.248 linux-signed-lowlatency - 4.4.0.242.248 linux-signed-lowlatency-lts-wily - 4.4.0.242.248 linux-signed-lowlatency-lts-xenial - 4.4.0.242.248 linux-source - 4.4.0.242.248 linux-tools-generic - 4.4.0.242.248 linux-tools-generic-lts-utopic - 4.4.0.242.248 linux-tools-generic-lts-vivid - 4.4.0.242.248 linux-tools-generic-lts-wily - 4.4.0.242.248 linux-tools-generic-lts-xenial - 4.4.0.242.248 linux-tools-lowlatency - 4.4.0.242.248 linux-tools-lowlatency-lts-utopic - 4.4.0.242.248 linux-tools-lowlatency-lts-vivid - 4.4.0.242.248 linux-tools-lowlatency-lts-wily - 4.4.0.242.248 linux-tools-lowlatency-lts-xenial - 4.4.0.242.248 linux-tools-lts-utopic - 4.4.0.242.248 linux-tools-virtual - 4.4.0.242.248 linux-tools-virtual-lts-utopic - 4.4.0.242.248 linux-tools-virtual-lts-vivid - 4.4.0.242.248 linux-tools-virtual-lts-wily - 4.4.0.242.248 linux-tools-virtual-lts-xenial - 4.4.0.242.248 linux-virtual - 4.4.0.242.248 linux-virtual-lts-utopic - 4.4.0.242.248 linux-virtual-lts-vivid - 4.4.0.242.248 linux-virtual-lts-wily - 4.4.0.242.248 linux-virtual-lts-xenial - 4.4.0.242.248 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-20321 CVE-2021-3753 CVE-2022-1184 CVE-2022-26373 CVE-2022-29901 CVE-2023-1990 CVE-2023-3111 Ubuntu 16.04 LTS It was discovered that Knot Resolver did not correctly handle certain client options. A remote attacker could send requests to malicous domains and cause a denial of service. Update Instructions: Run `sudo pro fix USN-6225-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: knot-resolver - 1.0.0~beta3-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-40188 Ubuntu 16.04 LTS It was discovered that LibTIFF was not properly handling variables used to perform memory management operations when processing an image through tiffcrop, which could lead to a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2023-25433, CVE-2023-26965) It was discovered that LibTIFF was not properly processing numerical values when dealing with little-endian input data, which could lead to the execution of an invalid operation. An attacker could possibly use this issue to cause a denial of service (CVE-2023-26966) It was discovered that LibTIFF was not properly performing bounds checks when closing a previously opened TIFF file, which could lead to a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-3316) Update Instructions: Run `sudo pro fix USN-6229-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-doc - 4.0.6-1ubuntu0.8+esm11 libtiff-opengl - 4.0.6-1ubuntu0.8+esm11 libtiff-tools - 4.0.6-1ubuntu0.8+esm11 libtiff5 - 4.0.6-1ubuntu0.8+esm11 libtiff5-dev - 4.0.6-1ubuntu0.8+esm11 libtiffxx5 - 4.0.6-1ubuntu0.8+esm11 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-25433 CVE-2023-26965 CVE-2023-26966 CVE-2023-3316 Ubuntu 16.04 LTS Alexander Lakhin discovered that PostgreSQL incorrectly handled certain CREATE privileges. An authenticated user could possibly use this issue to execute arbitrary code as the bootstrap supervisor. Update Instructions: Run `sudo pro fix USN-6230-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libecpg-compat3 - 9.5.25-0ubuntu0.16.04.1+esm4 libecpg-dev - 9.5.25-0ubuntu0.16.04.1+esm4 libecpg6 - 9.5.25-0ubuntu0.16.04.1+esm4 libpgtypes3 - 9.5.25-0ubuntu0.16.04.1+esm4 libpq-dev - 9.5.25-0ubuntu0.16.04.1+esm4 libpq5 - 9.5.25-0ubuntu0.16.04.1+esm4 postgresql-9.5 - 9.5.25-0ubuntu0.16.04.1+esm4 postgresql-client-9.5 - 9.5.25-0ubuntu0.16.04.1+esm4 postgresql-contrib-9.5 - 9.5.25-0ubuntu0.16.04.1+esm4 postgresql-doc-9.5 - 9.5.25-0ubuntu0.16.04.1+esm4 postgresql-plperl-9.5 - 9.5.25-0ubuntu0.16.04.1+esm4 postgresql-plpython-9.5 - 9.5.25-0ubuntu0.16.04.1+esm4 postgresql-plpython3-9.5 - 9.5.25-0ubuntu0.16.04.1+esm4 postgresql-pltcl-9.5 - 9.5.25-0ubuntu0.16.04.1+esm4 postgresql-server-dev-9.5 - 9.5.25-0ubuntu0.16.04.1+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-2454 Ubuntu 16.04 LTS It was discovered that wkhtmltopdf was not properly enforcing the same-origin policy when processing certain HTML files. If a user or automated system using wkhtmltopdf were tricked into processing a specially crafted HTML file, an attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-6232-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: wkhtmltopdf - 0.12.2.4-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-21365 Ubuntu 16.04 LTS It was discovered that YAJL was not properly performing bounds checks when decoding a string with escape sequences. If a user or automated system using YAJL were tricked into processing specially crafted input, an attacker could possibly use this issue to cause a denial of service (application abort). (CVE-2017-16516) It was discovered that YAJL was not properly handling memory allocation when dealing with large inputs, which could lead to heap memory corruption. If a user or automated system using YAJL were tricked into running a specially crafted large input, an attacker could possibly use this issue to cause a denial of service. (CVE-2022-24795) It was discovered that memory leaks existed in one of the YAJL parsing functions. An attacker could possibly use this issue to cause a denial of service (memory exhaustion). (CVE-2023-33460) Update Instructions: Run `sudo pro fix USN-6233-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libyajl-dev - 2.1.0-2ubuntu0.16.04.1~esm1 libyajl-doc - 2.1.0-2ubuntu0.16.04.1~esm1 libyajl2 - 2.1.0-2ubuntu0.16.04.1~esm1 yajl-tools - 2.1.0-2ubuntu0.16.04.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-16516 CVE-2022-24795 CVE-2023-33460 Ubuntu 16.04 LTS It was discovered that ConnMan could be made to write out of bounds. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-26675, CVE-2021-33833) It was discovered that ConnMan could be made to leak sensitive information via the gdhcp component. A remote attacker could possibly use this issue to obtain information for further exploitation. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-26676) It was discovered that ConnMan could be made to read out of bounds. A remote attacker could possibly use this issue to case ConnMan to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-23096, CVE-2022-23097) It was discovered that ConnMan could be made to run into an infinite loop. A remote attacker could possibly use this issue to cause ConnMan to consume resources and to stop operating, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-23098) It was discovered that ConnMan could be made to write out of bounds via the gweb component. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-32292) It was discovered that ConnMan did not properly manage memory under certain circumstances. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-32293) It was discovered that ConnMan could be made to write out of bounds via the gdhcp component. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-28488) Update Instructions: Run `sudo pro fix USN-6236-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: connman - 1.21-1.2+deb8u1ubuntu0.1~esm1 connman-dev - 1.21-1.2+deb8u1ubuntu0.1~esm1 connman-doc - 1.21-1.2+deb8u1ubuntu0.1~esm1 connman-vpn - 1.21-1.2+deb8u1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-26675 CVE-2021-26676 CVE-2021-33833 CVE-2022-23096 CVE-2022-23097 CVE-2022-23098 CVE-2022-32292 CVE-2022-32293 CVE-2023-28488 Ubuntu 16.04 LTS USN-6237-1 fixed several vulnerabilities in curl. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: Hiroki Kurosawa discovered that curl incorrectly handled validating certain certificate wildcards. A remote attacker could possibly use this issue to spoof certain website certificates using IDN hosts. (CVE-2023-28321) Hiroki Kurosawa discovered that curl incorrectly handled callbacks when certain options are set by applications. This could cause applications using curl to misbehave, resulting in information disclosure, or a denial of service. (CVE-2023-28322) It was discovered that curl incorrectly handled saving cookies to files. A local attacker could possibly use this issue to create or overwrite files. This issue only affected Ubuntu 22.10, and Ubuntu 23.04. (CVE-2023-32001) Update Instructions: Run `sudo pro fix USN-6237-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: curl - 7.47.0-1ubuntu2.19+esm9 libcurl3 - 7.47.0-1ubuntu2.19+esm9 libcurl3-gnutls - 7.47.0-1ubuntu2.19+esm9 libcurl3-nss - 7.47.0-1ubuntu2.19+esm9 libcurl4-doc - 7.47.0-1ubuntu2.19+esm9 libcurl4-gnutls-dev - 7.47.0-1ubuntu2.19+esm9 libcurl4-nss-dev - 7.47.0-1ubuntu2.19+esm9 libcurl4-openssl-dev - 7.47.0-1ubuntu2.19+esm9 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-28321 CVE-2023-28322 Ubuntu 16.04 LTS It was discovered that ECDSA Util did not properly verify certain signature values. An attacker could possibly use this issue to bypass signature verification. Update Instructions: Run `sudo pro fix USN-6239-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ecdsautils - 0.3.2+git20151018-2ubuntu0.16.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-24884 Ubuntu 16.04 LTS USN-6242-1 fixed a vulnerability in OpenSSH. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: It was discovered that OpenSSH incorrectly handled loading certain PKCS#11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the user's system and execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6242-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssh-client - 1:7.2p2-4ubuntu2.10+esm3 openssh-client-ssh1 - 1:7.2p2-4ubuntu2.10+esm3 openssh-server - 1:7.2p2-4ubuntu2.10+esm3 openssh-sftp-server - 1:7.2p2-4ubuntu2.10+esm3 ssh - 1:7.2p2-4ubuntu2.10+esm3 ssh-askpass-gnome - 1:7.2p2-4ubuntu2.10+esm3 ssh-krb5 - 1:7.2p2-4ubuntu2.10+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-38408 Ubuntu 16.04 LTS It was discovered that Graphite-Web incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform server-side request forgery and obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2017-18638) It was discovered that Graphite-Web incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform cross site scripting and obtain sensitive information. (CVE-2022-4728, CVE-2022-4729, CVE-2022-4730) Update Instructions: Run `sudo pro fix USN-6243-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: graphite-web - 0.9.15+debian-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-18638 CVE-2022-4728 CVE-2022-4729 CVE-2022-4730 Ubuntu 16.04 LTS Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. Update Instructions: Run `sudo pro fix USN-6244-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: amd64-microcode - 3.20191021.1+really3.20180524.1~ubuntu0.16.04.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-20593 Ubuntu 16.04 LTS It was discovered that the ext4 file system implementation in the Linux kernel contained a use-after-free vulnerability. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service (system crash). (CVE-2022-1184) It was discovered that the sound subsystem in the Linux kernel contained a race condition in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3303) It was discovered that a race condition existed in the btrfs file system implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-1611) It was discovered that the Xircom PCMCIA network device driver in the Linux kernel did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2023-1670) It was discovered that a race condition existed in the Xen transport layer implementation for the 9P file system protocol in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (guest crash) or expose sensitive information (guest kernel memory). (CVE-2023-1859) It was discovered that the ST NCI NFC driver did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2023-1990) It was discovered that the XFS file system implementation in the Linux kernel did not properly perform metadata validation when mounting certain images. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service (system crash). (CVE-2023-2124) It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3090) It was discovered that the btrfs file system implementation in the Linux kernel did not properly handle error conditions in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-3111) It was discovered that the Ricoh R5C592 MemoryStick card reader driver in the Linux kernel contained a race condition during module unload, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3141) It was discovered that the kernel->user space relay implementation in the Linux kernel did not properly perform certain buffer calculations, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2023-3268) It was discovered that the netfilter subsystem in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3390) Tanguy Dubroca discovered that the netfilter subsystem in the Linux kernel did not properly handle certain pointer data type, leading to an out-of- bounds write vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-35001) Update Instructions: Run `sudo pro fix USN-6252-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1122-oracle - 4.15.0-1122.133~16.04.1 linux-headers-4.15.0-1122-oracle - 4.15.0-1122.133~16.04.1 linux-image-4.15.0-1122-oracle - 4.15.0-1122.133~16.04.1 linux-image-unsigned-4.15.0-1122-oracle - 4.15.0-1122.133~16.04.1 linux-modules-4.15.0-1122-oracle - 4.15.0-1122.133~16.04.1 linux-modules-extra-4.15.0-1122-oracle - 4.15.0-1122.133~16.04.1 linux-oracle-headers-4.15.0-1122 - 4.15.0-1122.133~16.04.1 linux-oracle-tools-4.15.0-1122 - 4.15.0-1122.133~16.04.1 linux-tools-4.15.0-1122-oracle - 4.15.0-1122.133~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-1153-gcp - 4.15.0-1153.170~16.04.1 linux-gcp-headers-4.15.0-1153 - 4.15.0-1153.170~16.04.1 linux-gcp-tools-4.15.0-1153 - 4.15.0-1153.170~16.04.1 linux-headers-4.15.0-1153-gcp - 4.15.0-1153.170~16.04.1 linux-image-4.15.0-1153-gcp - 4.15.0-1153.170~16.04.1 linux-image-unsigned-4.15.0-1153-gcp - 4.15.0-1153.170~16.04.1 linux-modules-4.15.0-1153-gcp - 4.15.0-1153.170~16.04.1 linux-modules-extra-4.15.0-1153-gcp - 4.15.0-1153.170~16.04.1 linux-tools-4.15.0-1153-gcp - 4.15.0-1153.170~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-headers-4.15.0-1159 - 4.15.0-1159.172~16.04.1 linux-aws-hwe-cloud-tools-4.15.0-1159 - 4.15.0-1159.172~16.04.1 linux-aws-hwe-tools-4.15.0-1159 - 4.15.0-1159.172~16.04.1 linux-buildinfo-4.15.0-1159-aws - 4.15.0-1159.172~16.04.1 linux-cloud-tools-4.15.0-1159-aws - 4.15.0-1159.172~16.04.1 linux-headers-4.15.0-1159-aws - 4.15.0-1159.172~16.04.1 linux-image-4.15.0-1159-aws - 4.15.0-1159.172~16.04.1 linux-image-unsigned-4.15.0-1159-aws - 4.15.0-1159.172~16.04.1 linux-modules-4.15.0-1159-aws - 4.15.0-1159.172~16.04.1 linux-modules-extra-4.15.0-1159-aws - 4.15.0-1159.172~16.04.1 linux-tools-4.15.0-1159-aws - 4.15.0-1159.172~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-cloud-tools-4.15.0-1168 - 4.15.0-1168.183~16.04.1 linux-azure-headers-4.15.0-1168 - 4.15.0-1168.183~16.04.1 linux-azure-tools-4.15.0-1168 - 4.15.0-1168.183~16.04.1 linux-buildinfo-4.15.0-1168-azure - 4.15.0-1168.183~16.04.1 linux-cloud-tools-4.15.0-1168-azure - 4.15.0-1168.183~16.04.1 linux-headers-4.15.0-1168-azure - 4.15.0-1168.183~16.04.1 linux-image-4.15.0-1168-azure - 4.15.0-1168.183~16.04.1 linux-image-unsigned-4.15.0-1168-azure - 4.15.0-1168.183~16.04.1 linux-modules-4.15.0-1168-azure - 4.15.0-1168.183~16.04.1 linux-modules-extra-4.15.0-1168-azure - 4.15.0-1168.183~16.04.1 linux-tools-4.15.0-1168-azure - 4.15.0-1168.183~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-214-generic - 4.15.0-214.225~16.04.1 linux-buildinfo-4.15.0-214-lowlatency - 4.15.0-214.225~16.04.1 linux-cloud-tools-4.15.0-214-generic - 4.15.0-214.225~16.04.1 linux-cloud-tools-4.15.0-214-lowlatency - 4.15.0-214.225~16.04.1 linux-headers-4.15.0-214 - 4.15.0-214.225~16.04.1 linux-headers-4.15.0-214-generic - 4.15.0-214.225~16.04.1 linux-headers-4.15.0-214-lowlatency - 4.15.0-214.225~16.04.1 linux-hwe-cloud-tools-4.15.0-214 - 4.15.0-214.225~16.04.1 linux-hwe-tools-4.15.0-214 - 4.15.0-214.225~16.04.1 linux-image-4.15.0-214-generic - 4.15.0-214.225~16.04.1 linux-image-4.15.0-214-lowlatency - 4.15.0-214.225~16.04.1 linux-image-unsigned-4.15.0-214-generic - 4.15.0-214.225~16.04.1 linux-image-unsigned-4.15.0-214-lowlatency - 4.15.0-214.225~16.04.1 linux-modules-4.15.0-214-generic - 4.15.0-214.225~16.04.1 linux-modules-4.15.0-214-lowlatency - 4.15.0-214.225~16.04.1 linux-modules-extra-4.15.0-214-generic - 4.15.0-214.225~16.04.1 linux-source-4.15.0 - 4.15.0-214.225~16.04.1 linux-tools-4.15.0-214-generic - 4.15.0-214.225~16.04.1 linux-tools-4.15.0-214-lowlatency - 4.15.0-214.225~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 4.15.0.1122.103 linux-image-oracle - 4.15.0.1122.103 linux-oracle - 4.15.0.1122.103 linux-signed-image-oracle - 4.15.0.1122.103 linux-signed-oracle - 4.15.0.1122.103 linux-tools-oracle - 4.15.0.1122.103 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp - 4.15.0.1153.143 linux-gke - 4.15.0.1153.143 linux-headers-gcp - 4.15.0.1153.143 linux-headers-gke - 4.15.0.1153.143 linux-image-gcp - 4.15.0.1153.143 linux-image-gke - 4.15.0.1153.143 linux-modules-extra-gcp - 4.15.0.1153.143 linux-modules-extra-gke - 4.15.0.1153.143 linux-tools-gcp - 4.15.0.1153.143 linux-tools-gke - 4.15.0.1153.143 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-edge - 4.15.0.1159.142 linux-aws-hwe - 4.15.0.1159.142 linux-headers-aws-hwe - 4.15.0.1159.142 linux-image-aws-hwe - 4.15.0.1159.142 linux-modules-extra-aws-hwe - 4.15.0.1159.142 linux-tools-aws-hwe - 4.15.0.1159.142 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 4.15.0.1168.152 linux-azure-edge - 4.15.0.1168.152 linux-cloud-tools-azure - 4.15.0.1168.152 linux-cloud-tools-azure-edge - 4.15.0.1168.152 linux-headers-azure - 4.15.0.1168.152 linux-headers-azure-edge - 4.15.0.1168.152 linux-image-azure - 4.15.0.1168.152 linux-image-azure-edge - 4.15.0.1168.152 linux-modules-extra-azure - 4.15.0.1168.152 linux-modules-extra-azure-edge - 4.15.0.1168.152 linux-signed-azure - 4.15.0.1168.152 linux-signed-azure-edge - 4.15.0.1168.152 linux-signed-image-azure - 4.15.0.1168.152 linux-signed-image-azure-edge - 4.15.0.1168.152 linux-tools-azure - 4.15.0.1168.152 linux-tools-azure-edge - 4.15.0.1168.152 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-hwe-16.04 - 4.15.0.214.199 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.214.199 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.214.199 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.214.199 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.214.199 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.214.199 linux-generic-hwe-16.04 - 4.15.0.214.199 linux-generic-hwe-16.04-edge - 4.15.0.214.199 linux-headers-generic-hwe-16.04 - 4.15.0.214.199 linux-headers-generic-hwe-16.04-edge - 4.15.0.214.199 linux-headers-lowlatency-hwe-16.04 - 4.15.0.214.199 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.214.199 linux-headers-oem - 4.15.0.214.199 linux-headers-virtual-hwe-16.04 - 4.15.0.214.199 linux-headers-virtual-hwe-16.04-edge - 4.15.0.214.199 linux-image-extra-virtual-hwe-16.04 - 4.15.0.214.199 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.214.199 linux-image-generic-hwe-16.04 - 4.15.0.214.199 linux-image-generic-hwe-16.04-edge - 4.15.0.214.199 linux-image-lowlatency-hwe-16.04 - 4.15.0.214.199 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.214.199 linux-image-oem - 4.15.0.214.199 linux-image-virtual-hwe-16.04 - 4.15.0.214.199 linux-image-virtual-hwe-16.04-edge - 4.15.0.214.199 linux-lowlatency-hwe-16.04 - 4.15.0.214.199 linux-lowlatency-hwe-16.04-edge - 4.15.0.214.199 linux-oem - 4.15.0.214.199 linux-signed-generic-hwe-16.04 - 4.15.0.214.199 linux-signed-generic-hwe-16.04-edge - 4.15.0.214.199 linux-signed-image-generic-hwe-16.04 - 4.15.0.214.199 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.214.199 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.214.199 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.214.199 linux-signed-image-oem - 4.15.0.214.199 linux-signed-lowlatency-hwe-16.04 - 4.15.0.214.199 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.214.199 linux-signed-oem - 4.15.0.214.199 linux-tools-generic-hwe-16.04 - 4.15.0.214.199 linux-tools-generic-hwe-16.04-edge - 4.15.0.214.199 linux-tools-lowlatency-hwe-16.04 - 4.15.0.214.199 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.214.199 linux-tools-oem - 4.15.0.214.199 linux-tools-virtual-hwe-16.04 - 4.15.0.214.199 linux-tools-virtual-hwe-16.04-edge - 4.15.0.214.199 linux-virtual-hwe-16.04 - 4.15.0.214.199 linux-virtual-hwe-16.04-edge - 4.15.0.214.199 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-1184 CVE-2022-3303 CVE-2023-1611 CVE-2023-1670 CVE-2023-1859 CVE-2023-1990 CVE-2023-2124 CVE-2023-3090 CVE-2023-3111 CVE-2023-3141 CVE-2023-3268 CVE-2023-3390 CVE-2023-35001 Ubuntu 16.04 LTS Jordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the do_prlimit() function in the Linux kernel did not properly handle speculative execution barriers. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-0458) It was discovered that a race condition existed in the btrfs file system implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-1611) It was discovered that the XFS file system implementation in the Linux kernel did not properly perform metadata validation when mounting certain images. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service (system crash). (CVE-2023-2124) It was discovered that a use-after-free vulnerability existed in the iSCSI TCP implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-2162) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle extra inode size for extended attributes, leading to a use-after-free vulnerability. A privileged attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-2513) It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3090) It was discovered that the Ricoh R5C592 MemoryStick card reader driver in the Linux kernel contained a race condition during module unload, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3141) It was discovered that a use-after-free vulnerability existed in the IEEE 1394 (Firewire) implementation in the Linux kernel. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3159) Sanan Hasanov discovered that the framebuffer console driver in the Linux kernel did not properly perform checks for font dimension limits. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-3161) It was discovered that the kernel->user space relay implementation in the Linux kernel did not properly perform certain buffer calculations, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2023-3268) It was discovered that the netfilter subsystem in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3390) Tanguy Dubroca discovered that the netfilter subsystem in the Linux kernel did not properly handle certain pointer data type, leading to an out-of- bounds write vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-35001) Update Instructions: Run `sudo pro fix USN-6254-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.4.0-1122-kvm - 4.4.0-1122.132 linux-cloud-tools-4.4.0-1122-kvm - 4.4.0-1122.132 linux-headers-4.4.0-1122-kvm - 4.4.0-1122.132 linux-image-4.4.0-1122-kvm - 4.4.0-1122.132 linux-kvm-cloud-tools-4.4.0-1122 - 4.4.0-1122.132 linux-kvm-headers-4.4.0-1122 - 4.4.0-1122.132 linux-kvm-tools-4.4.0-1122 - 4.4.0-1122.132 linux-modules-4.4.0-1122-kvm - 4.4.0-1122.132 linux-tools-4.4.0-1122-kvm - 4.4.0-1122.132 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-cloud-tools-4.4.0-1159 - 4.4.0-1159.174 linux-aws-headers-4.4.0-1159 - 4.4.0-1159.174 linux-aws-tools-4.4.0-1159 - 4.4.0-1159.174 linux-buildinfo-4.4.0-1159-aws - 4.4.0-1159.174 linux-cloud-tools-4.4.0-1159-aws - 4.4.0-1159.174 linux-headers-4.4.0-1159-aws - 4.4.0-1159.174 linux-image-4.4.0-1159-aws - 4.4.0-1159.174 linux-modules-4.4.0-1159-aws - 4.4.0-1159.174 linux-modules-extra-4.4.0-1159-aws - 4.4.0-1159.174 linux-tools-4.4.0-1159-aws - 4.4.0-1159.174 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.4.0-243-generic - 4.4.0-243.277 linux-buildinfo-4.4.0-243-lowlatency - 4.4.0-243.277 linux-cloud-tools-4.4.0-243 - 4.4.0-243.277 linux-cloud-tools-4.4.0-243-generic - 4.4.0-243.277 linux-cloud-tools-4.4.0-243-lowlatency - 4.4.0-243.277 linux-cloud-tools-common - 4.4.0-243.277 linux-doc - 4.4.0-243.277 linux-headers-4.4.0-243 - 4.4.0-243.277 linux-headers-4.4.0-243-generic - 4.4.0-243.277 linux-headers-4.4.0-243-lowlatency - 4.4.0-243.277 linux-image-4.4.0-243-generic - 4.4.0-243.277 linux-image-4.4.0-243-lowlatency - 4.4.0-243.277 linux-image-unsigned-4.4.0-243-generic - 4.4.0-243.277 linux-image-unsigned-4.4.0-243-lowlatency - 4.4.0-243.277 linux-libc-dev - 4.4.0-243.277 linux-modules-4.4.0-243-generic - 4.4.0-243.277 linux-modules-4.4.0-243-lowlatency - 4.4.0-243.277 linux-modules-extra-4.4.0-243-generic - 4.4.0-243.277 linux-source-4.4.0 - 4.4.0-243.277 linux-tools-4.4.0-243 - 4.4.0-243.277 linux-tools-4.4.0-243-generic - 4.4.0-243.277 linux-tools-4.4.0-243-lowlatency - 4.4.0-243.277 linux-tools-common - 4.4.0-243.277 linux-tools-host - 4.4.0-243.277 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-kvm - 4.4.0.1122.119 linux-image-kvm - 4.4.0.1122.119 linux-kvm - 4.4.0.1122.119 linux-tools-kvm - 4.4.0.1122.119 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 4.4.0.1159.163 linux-headers-aws - 4.4.0.1159.163 linux-image-aws - 4.4.0.1159.163 linux-modules-extra-aws - 4.4.0.1159.163 linux-tools-aws - 4.4.0.1159.163 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic - 4.4.0.243.249 linux-cloud-tools-generic-lts-utopic - 4.4.0.243.249 linux-cloud-tools-generic-lts-vivid - 4.4.0.243.249 linux-cloud-tools-generic-lts-wily - 4.4.0.243.249 linux-cloud-tools-generic-lts-xenial - 4.4.0.243.249 linux-cloud-tools-lowlatency - 4.4.0.243.249 linux-cloud-tools-lowlatency-lts-utopic - 4.4.0.243.249 linux-cloud-tools-lowlatency-lts-vivid - 4.4.0.243.249 linux-cloud-tools-lowlatency-lts-wily - 4.4.0.243.249 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.243.249 linux-cloud-tools-virtual - 4.4.0.243.249 linux-cloud-tools-virtual-lts-utopic - 4.4.0.243.249 linux-cloud-tools-virtual-lts-vivid - 4.4.0.243.249 linux-cloud-tools-virtual-lts-wily - 4.4.0.243.249 linux-cloud-tools-virtual-lts-xenial - 4.4.0.243.249 linux-crashdump - 4.4.0.243.249 linux-generic - 4.4.0.243.249 linux-generic-lts-utopic - 4.4.0.243.249 linux-generic-lts-vivid - 4.4.0.243.249 linux-generic-lts-wily - 4.4.0.243.249 linux-generic-lts-xenial - 4.4.0.243.249 linux-headers-generic - 4.4.0.243.249 linux-headers-generic-lts-utopic - 4.4.0.243.249 linux-headers-generic-lts-vivid - 4.4.0.243.249 linux-headers-generic-lts-wily - 4.4.0.243.249 linux-headers-generic-lts-xenial - 4.4.0.243.249 linux-headers-lowlatency - 4.4.0.243.249 linux-headers-lowlatency-lts-utopic - 4.4.0.243.249 linux-headers-lowlatency-lts-vivid - 4.4.0.243.249 linux-headers-lowlatency-lts-wily - 4.4.0.243.249 linux-headers-lowlatency-lts-xenial - 4.4.0.243.249 linux-headers-virtual - 4.4.0.243.249 linux-headers-virtual-lts-utopic - 4.4.0.243.249 linux-headers-virtual-lts-vivid - 4.4.0.243.249 linux-headers-virtual-lts-wily - 4.4.0.243.249 linux-headers-virtual-lts-xenial - 4.4.0.243.249 linux-hwe-generic-trusty - 4.4.0.243.249 linux-hwe-virtual-trusty - 4.4.0.243.249 linux-image-extra-virtual - 4.4.0.243.249 linux-image-extra-virtual-lts-utopic - 4.4.0.243.249 linux-image-extra-virtual-lts-vivid - 4.4.0.243.249 linux-image-extra-virtual-lts-wily - 4.4.0.243.249 linux-image-extra-virtual-lts-xenial - 4.4.0.243.249 linux-image-generic - 4.4.0.243.249 linux-image-generic-lts-utopic - 4.4.0.243.249 linux-image-generic-lts-vivid - 4.4.0.243.249 linux-image-generic-lts-wily - 4.4.0.243.249 linux-image-generic-lts-xenial - 4.4.0.243.249 linux-image-hwe-generic-trusty - 4.4.0.243.249 linux-image-hwe-virtual-trusty - 4.4.0.243.249 linux-image-lowlatency - 4.4.0.243.249 linux-image-lowlatency-lts-utopic - 4.4.0.243.249 linux-image-lowlatency-lts-vivid - 4.4.0.243.249 linux-image-lowlatency-lts-wily - 4.4.0.243.249 linux-image-lowlatency-lts-xenial - 4.4.0.243.249 linux-image-virtual - 4.4.0.243.249 linux-image-virtual-lts-utopic - 4.4.0.243.249 linux-image-virtual-lts-vivid - 4.4.0.243.249 linux-image-virtual-lts-wily - 4.4.0.243.249 linux-image-virtual-lts-xenial - 4.4.0.243.249 linux-lowlatency - 4.4.0.243.249 linux-lowlatency-lts-utopic - 4.4.0.243.249 linux-lowlatency-lts-vivid - 4.4.0.243.249 linux-lowlatency-lts-wily - 4.4.0.243.249 linux-lowlatency-lts-xenial - 4.4.0.243.249 linux-signed-generic - 4.4.0.243.249 linux-signed-generic-lts-utopic - 4.4.0.243.249 linux-signed-generic-lts-vivid - 4.4.0.243.249 linux-signed-generic-lts-wily - 4.4.0.243.249 linux-signed-generic-lts-xenial - 4.4.0.243.249 linux-signed-image-generic - 4.4.0.243.249 linux-signed-image-generic-lts-utopic - 4.4.0.243.249 linux-signed-image-generic-lts-vivid - 4.4.0.243.249 linux-signed-image-generic-lts-wily - 4.4.0.243.249 linux-signed-image-generic-lts-xenial - 4.4.0.243.249 linux-signed-image-lowlatency - 4.4.0.243.249 linux-signed-image-lowlatency-lts-wily - 4.4.0.243.249 linux-signed-image-lowlatency-lts-xenial - 4.4.0.243.249 linux-signed-lowlatency - 4.4.0.243.249 linux-signed-lowlatency-lts-wily - 4.4.0.243.249 linux-signed-lowlatency-lts-xenial - 4.4.0.243.249 linux-source - 4.4.0.243.249 linux-tools-generic - 4.4.0.243.249 linux-tools-generic-lts-utopic - 4.4.0.243.249 linux-tools-generic-lts-vivid - 4.4.0.243.249 linux-tools-generic-lts-wily - 4.4.0.243.249 linux-tools-generic-lts-xenial - 4.4.0.243.249 linux-tools-lowlatency - 4.4.0.243.249 linux-tools-lowlatency-lts-utopic - 4.4.0.243.249 linux-tools-lowlatency-lts-vivid - 4.4.0.243.249 linux-tools-lowlatency-lts-wily - 4.4.0.243.249 linux-tools-lowlatency-lts-xenial - 4.4.0.243.249 linux-tools-lts-utopic - 4.4.0.243.249 linux-tools-virtual - 4.4.0.243.249 linux-tools-virtual-lts-utopic - 4.4.0.243.249 linux-tools-virtual-lts-vivid - 4.4.0.243.249 linux-tools-virtual-lts-wily - 4.4.0.243.249 linux-tools-virtual-lts-xenial - 4.4.0.243.249 linux-virtual - 4.4.0.243.249 linux-virtual-lts-utopic - 4.4.0.243.249 linux-virtual-lts-vivid - 4.4.0.243.249 linux-virtual-lts-wily - 4.4.0.243.249 linux-virtual-lts-xenial - 4.4.0.243.249 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-0458 CVE-2023-1611 CVE-2023-2124 CVE-2023-2162 CVE-2023-2513 CVE-2023-3090 CVE-2023-3141 CVE-2023-3159 CVE-2023-3161 CVE-2023-3268 CVE-2023-3390 CVE-2023-35001 Ubuntu 16.04 LTS It was discovered that Open VM Tools incorrectly handled certain authentication requests. A fully compromised ESXi host can force Open VM Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. (CVE-2023-20867) Update Instructions: Run `sudo pro fix USN-6257-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: open-vm-tools - 2:10.2.0-3~ubuntu0.16.04.1+esm2 open-vm-tools-desktop - 2:10.2.0-3~ubuntu0.16.04.1+esm2 open-vm-tools-dev - 2:10.2.0-3~ubuntu0.16.04.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-20867 Ubuntu 16.04 LTS Jos Wetzels, Stanislav Dashevskyi, and Amine Amri discovered that Open-iSCSI incorrectly handled certain checksums for IP packets. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-13987) Jos Wetzels, Stanislav Dashevskyi, Amine Amri discovered that Open-iSCSI incorrectly handled certain parsing TCP MSS options. An attacker could possibly use this issue to cause a crash or cause unexpected behavior. (CVE-2020-13988) Amine Amri and Stanislav Dashevskyi discovered that Open-iSCSI incorrectly handled certain TCP data. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-17437) Update Instructions: Run `sudo pro fix USN-6259-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: open-iscsi - 2.0.873+git0.3b4b4500-14ubuntu3.7+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2020-13987 CVE-2020-13988 CVE-2020-17437 Ubuntu 16.04 LTS It was discovered that Wireshark did not properly handle certain NFS packages when certain configuration options were enabled. An attacker could possibly use this issue to cause Wireshark to crash, resulting in a denial of service. (CVE-2020-13164) It was discovered that Wireshark did not properly handle certain GVCP packages. An attacker could possibly use this issue to cause Wireshark to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-15466) It was discovered that Wireshark did not properly handle certain Kafka packages. An attacker could possibly use this issue to cause Wireshark to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-17498) It was discovered that Wireshark did not properly handle certain TCP packages containing an invalid 0xFFFF checksum. An attacker could possibly use this issue to cause Wireshark to crash, resulting in a denial of service. (CVE-2020-25862) It was discovered that Wireshark did not properly handle certain MIME packages containing invalid parts. An attacker could possibly use this issue to cause Wireshark to crash, resulting in a denial of service. (CVE-2020-25863) Update Instructions: Run `sudo pro fix USN-6262-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libwireshark-data - 2.6.10-1~ubuntu16.04.0+esm1 libwireshark-dev - 2.6.10-1~ubuntu16.04.0+esm1 libwireshark11 - 2.6.10-1~ubuntu16.04.0+esm1 libwiretap-dev - 2.6.10-1~ubuntu16.04.0+esm1 libwiretap8 - 2.6.10-1~ubuntu16.04.0+esm1 libwscodecs2 - 2.6.10-1~ubuntu16.04.0+esm1 libwsutil-dev - 2.6.10-1~ubuntu16.04.0+esm1 libwsutil9 - 2.6.10-1~ubuntu16.04.0+esm1 tshark - 2.6.10-1~ubuntu16.04.0+esm1 wireshark - 2.6.10-1~ubuntu16.04.0+esm1 wireshark-common - 2.6.10-1~ubuntu16.04.0+esm1 wireshark-dev - 2.6.10-1~ubuntu16.04.0+esm1 wireshark-doc - 2.6.10-1~ubuntu16.04.0+esm1 wireshark-gtk - 2.6.10-1~ubuntu16.04.0+esm1 wireshark-qt - 2.6.10-1~ubuntu16.04.0+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-13164 CVE-2020-15466 CVE-2020-17498 CVE-2020-25862 CVE-2020-25863 Ubuntu 16.04 LTS Motoyasu Saburi discovered that OpenJDK incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17. (CVE-2023-22006) Eirik Bjørsnøs discovered that OpenJDK incorrectly handled certain ZIP archives. An attacker could possibly use this issue to cause a denial of service. This issue only affected OpenJDK 11 and OpenJDK 17. (CVE-2023-22036) David Stancu discovered that OpenJDK had a flaw in the AES cipher implementation. An attacker could possibly use this issue to obtain sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17. (CVE-2023-22041) Zhiqiang Zang discovered that OpenJDK incorrectly handled array accesses when using the binary '%' operator. An attacker could possibly use this issue to obtain sensitive information. This issue only affected OpenJDK 17. (CVE-2023-22044) Zhiqiang Zang discovered that OpenJDK incorrectly handled array accesses. An attacker could possibly use this issue to obtain sensitive information. (CVE-2023-22045) It was discovered that OpenJDK incorrectly sanitized URIs strings. An attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2023-22049) It was discovered that OpenJDK incorrectly handled certain glyphs. An attacker could possibly use this issue to cause a denial of service. This issue only affected OpenJDK 11 and OpenJDK 17. (CVE-2023-25193) Update Instructions: Run `sudo pro fix USN-6263-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-8-demo - 8u382-ga-1~16.04.1 openjdk-8-doc - 8u382-ga-1~16.04.1 openjdk-8-jdk - 8u382-ga-1~16.04.1 openjdk-8-jdk-headless - 8u382-ga-1~16.04.1 openjdk-8-jre - 8u382-ga-1~16.04.1 openjdk-8-jre-headless - 8u382-ga-1~16.04.1 openjdk-8-jre-jamvm - 8u382-ga-1~16.04.1 openjdk-8-jre-zero - 8u382-ga-1~16.04.1 openjdk-8-source - 8u382-ga-1~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-22006 CVE-2023-22036 CVE-2023-22041 CVE-2023-22044 CVE-2023-22045 CVE-2023-22049 CVE-2023-25193 Ubuntu 16.04 LTS It was discovered that RabbitMQ incorrectly handled certain signed-in user credentials. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-6265-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rabbitmq-server - 3.5.7-1ubuntu0.16.04.4+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2017-4966 Ubuntu 16.04 LTS It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2182) It was discovered that Vim incorrectly handled memory when deleting buffers in diff mode. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-2208) It was discovered that Vim incorrectly handled memory access. An attacker could possibly use this issue to cause the corruption of sensitive information, a crash, or arbitrary code execution. This issue only affected Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-2210) It was discovered that Vim incorrectly handled memory when using nested :source. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2231) It was discovered that Vim did not properly perform bounds checks when processing a menu item with the only modifier. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-2257) It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. (CVE-2022-2264, CVE-2022-2284, CVE-2022-2289) It was discovered that Vim did not properly perform bounds checks when going over the end of the typahead. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-2285) It was discovered that Vim did not properly perform bounds checks when reading the provided string. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-2286) It was discovered that Vim incorrectly handled memory when adding words with a control character to the internal spell word list. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-2287) Update Instructions: Run `sudo pro fix USN-6270-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim - 2:7.4.1689-3ubuntu1.5+esm19 vim-athena - 2:7.4.1689-3ubuntu1.5+esm19 vim-athena-py2 - 2:7.4.1689-3ubuntu1.5+esm19 vim-common - 2:7.4.1689-3ubuntu1.5+esm19 vim-doc - 2:7.4.1689-3ubuntu1.5+esm19 vim-gnome - 2:7.4.1689-3ubuntu1.5+esm19 vim-gnome-py2 - 2:7.4.1689-3ubuntu1.5+esm19 vim-gtk - 2:7.4.1689-3ubuntu1.5+esm19 vim-gtk-py2 - 2:7.4.1689-3ubuntu1.5+esm19 vim-gtk3 - 2:7.4.1689-3ubuntu1.5+esm19 vim-gtk3-py2 - 2:7.4.1689-3ubuntu1.5+esm19 vim-gui-common - 2:7.4.1689-3ubuntu1.5+esm19 vim-nox - 2:7.4.1689-3ubuntu1.5+esm19 vim-nox-py2 - 2:7.4.1689-3ubuntu1.5+esm19 vim-runtime - 2:7.4.1689-3ubuntu1.5+esm19 vim-tiny - 2:7.4.1689-3ubuntu1.5+esm19 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-2182 CVE-2022-2208 CVE-2022-2210 CVE-2022-2231 CVE-2022-2257 CVE-2022-2264 CVE-2022-2284 CVE-2022-2285 CVE-2022-2286 CVE-2022-2287 CVE-2022-2289 Ubuntu 16.04 LTS Xiang Li discovered that MaraDNS incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. (CVE-2022-30256) Huascar Tejeda discovered that MaraDNS incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-31137) Update Instructions: Run `sudo pro fix USN-6271-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: duende - 2.0.13-1ubuntu0.1~esm1 maradns - 2.0.13-1ubuntu0.1~esm1 maradns-deadwood - 2.0.13-1ubuntu0.1~esm1 maradns-docs - 2.0.13-1ubuntu0.1~esm1 maradns-zoneserver - 2.0.13-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-30256 CVE-2023-31137 Ubuntu 16.04 LTS Jurien de Jong discovered that XMLTooling did not properly handle certain KeyInfo element content within an XML signature. An attacker could possibly use this issue to achieve server-side request forgery. Update Instructions: Run `sudo pro fix USN-6274-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxmltooling-dev - 1.5.6-2ubuntu0.3+esm1 libxmltooling-doc - 1.5.6-2ubuntu0.3+esm1 libxmltooling6v5 - 1.5.6-2ubuntu0.3+esm1 xmltooling-schemas - 1.5.6-2ubuntu0.3+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-36661 Ubuntu 16.04 LTS Addison Crump discovered that Cargo incorrectly set file permissions on UNIX-like systems when extracting crate archives. If the crate would contain files writable by any user, a local attacker could possibly use this issue to execute code as another user. Update Instructions: Run `sudo pro fix USN-6275-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cargo - 0.47.0-1~exp1ubuntu1~16.04.1+esm1 cargo-doc - 0.47.0-1~exp1ubuntu1~16.04.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-38497 Ubuntu 16.04 LTS It was discovered that unixODBC incorrectly handled certain unicode to ansi copies. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6276-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libodbc1 - 2.3.1-4.1ubuntu0.1~esm1 odbcinst - 2.3.1-4.1ubuntu0.1~esm1 odbcinst1debian2 - 2.3.1-4.1ubuntu0.1~esm1 unixodbc - 2.3.1-4.1ubuntu0.1~esm1 unixodbc-dev - 2.3.1-4.1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2018-7409 Ubuntu 16.04 LTS It was discovered that Dompdf was not properly validating untrusted input when processing HTML content under certain circumstances. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2014-5011, CVE-2014-5012, CVE-2014-5013) It was discovered that Dompdf was not properly validating processed HTML content that referenced PHAR files, which could result in the deserialization of untrusted data. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-3838) It was discovered that Dompdf was not properly validating processed HTML content that referenced both a remote base and a local file, which could result in the bypass of a chroot check. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-2400) Update Instructions: Run `sudo pro fix USN-6277-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php-dompdf - 0.6.1+dfsg-2ubuntu1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2014-5011 CVE-2014-5012 CVE-2014-5013 CVE-2021-3838 CVE-2022-2400 Ubuntu 16.04 LTS It was discovered that OpenSSH has an observable discrepancy leading to an information leak in the algorithm negotiation. This update mitigates the issue by tweaking the client hostkey preference ordering algorithm to prefer the default ordering if the user has a key that matches the best-preference default algorithm. Update Instructions: Run `sudo pro fix USN-6279-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssh-client - 1:7.2p2-4ubuntu2.10+esm4 openssh-client-ssh1 - 1:7.2p2-4ubuntu2.10+esm4 openssh-server - 1:7.2p2-4ubuntu2.10+esm4 openssh-sftp-server - 1:7.2p2-4ubuntu2.10+esm4 ssh - 1:7.2p2-4ubuntu2.10+esm4 ssh-askpass-gnome - 1:7.2p2-4ubuntu2.10+esm4 ssh-krb5 - 1:7.2p2-4ubuntu2.10+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/2030275 Ubuntu 16.04 LTS It was discovered that PyPDF2 incorrectly handled PDF files with certain markers. If a user or automated system were tricked into processing a specially crafted file, an attacker could possibly use this issue to consume system resources, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6280-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-pypdf2 - 1.25.1-1ubuntu0.1~esm2 python3-pypdf2 - 1.25.1-1ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-36810 Ubuntu 16.04 LTS Alvaro Munoz discovered that Velocity Engine incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6281-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: velocity - 1.7-4ubuntu0.1~esm1 velocity-doc - 1.7-4ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-13936 Ubuntu 16.04 LTS Jackson Henry discovered that Velocity Tools incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6282-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvelocity-tools-java - 2.0-4ubuntu0.1~esm1 libvelocity-tools-java-doc - 2.0-4ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-13959 Ubuntu 16.04 LTS Daniel Moghimi discovered that some Intel(R) Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. (CVE-2022-40982) It was discovered that some Intel(R) Xeon(R) Processors did not properly restrict error injection for Intel(R) SGX or Intel(R) TDX. A local privileged user could use this to further escalate their privileges. (CVE-2022-41804) It was discovered that some 3rd Generation Intel(R) Xeon(R) Scalable processors did not properly restrict access in some situations. A local privileged attacker could use this to obtain sensitive information. (CVE-2023-23908) Update Instructions: Run `sudo pro fix USN-6286-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20230808.0ubuntu0.16.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-40982 CVE-2022-41804 CVE-2023-23908 Ubuntu 16.04 LTS Simon Ferquel discovered that the Go yaml package incorrectly handled certain YAML documents. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause the system to crash, resulting in a denial of service. (CVE-2021-4235) It was discovered that the Go yaml package incorrectly handled certain large YAML documents. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause the system to crash, resulting in a denial of service. (CVE-2022-3064) Update Instructions: Run `sudo pro fix USN-6287-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: golang-yaml.v2-dev - 0.0+git20160301.0.a83829b-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-4235 CVE-2022-3064 Ubuntu 16.04 LTS USN-6288-1 fixed a vulnerability in MySQL. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.7.43 in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-43.html https://www.oracle.com/security-alerts/cpujul2023.html Update Instructions: Run `sudo pro fix USN-6288-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmysqlclient-dev - 5.7.43-0ubuntu0.16.04.1+esm1 libmysqlclient20 - 5.7.43-0ubuntu0.16.04.1+esm1 libmysqld-dev - 5.7.43-0ubuntu0.16.04.1+esm1 mysql-client - 5.7.43-0ubuntu0.16.04.1+esm1 mysql-client-5.7 - 5.7.43-0ubuntu0.16.04.1+esm1 mysql-client-core-5.7 - 5.7.43-0ubuntu0.16.04.1+esm1 mysql-common - 5.7.43-0ubuntu0.16.04.1+esm1 mysql-server - 5.7.43-0ubuntu0.16.04.1+esm1 mysql-server-5.7 - 5.7.43-0ubuntu0.16.04.1+esm1 mysql-server-core-5.7 - 5.7.43-0ubuntu0.16.04.1+esm1 mysql-source-5.7 - 5.7.43-0ubuntu0.16.04.1+esm1 mysql-testsuite - 5.7.43-0ubuntu0.16.04.1+esm1 mysql-testsuite-5.7 - 5.7.43-0ubuntu0.16.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-22015 CVE-2023-22026 CVE-2023-22053 Ubuntu 16.04 LTS It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files with the tiffcrop utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-48281) It was discovered that LibTIFF incorrectly handled certain image files. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04. (CVE-2023-2731) It was discovered that LibTIFF incorrectly handled certain image files with the tiffcp utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcp to crash, resulting in a denial of service. (CVE-2023-2908) It was discovered that LibTIFF incorrectly handled certain file paths. If a user were tricked into specifying certain output paths, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-3316) It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2023-3618) It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. (CVE-2023-25433, CVE-2023-26966) It was discovered that LibTIFF did not properly managed memory when processing certain malformed image files with the tiffcrop utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. (CVE-2023-26965) It was discovered that LibTIFF contained an arithmetic overflow. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause a denial of service. (CVE-2023-38288, CVE-2023-38289) Update Instructions: Run `sudo pro fix USN-6290-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-doc - 4.0.6-1ubuntu0.8+esm12 libtiff-opengl - 4.0.6-1ubuntu0.8+esm12 libtiff-tools - 4.0.6-1ubuntu0.8+esm12 libtiff5 - 4.0.6-1ubuntu0.8+esm12 libtiff5-dev - 4.0.6-1ubuntu0.8+esm12 libtiffxx5 - 4.0.6-1ubuntu0.8+esm12 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-48281 CVE-2023-25433 CVE-2023-26965 CVE-2023-26966 CVE-2023-2731 CVE-2023-2908 CVE-2023-3316 CVE-2023-3618 CVE-2023-38288 CVE-2023-38289 Ubuntu 16.04 LTS Hanno Bock discovered that GStreamer incorrecly handled certain datetime strings. An attacker could possibly use this issue to cause a denial of service or expose sensitive information. Update Instructions: Run `sudo pro fix USN-6291-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-gstreamer-1.0 - 1.8.3-1~ubuntu0.1+esm1 gstreamer1.0-doc - 1.8.3-1~ubuntu0.1+esm1 gstreamer1.0-tools - 1.8.3-1~ubuntu0.1+esm1 libgstreamer1.0-0 - 1.8.3-1~ubuntu0.1+esm1 libgstreamer1.0-dev - 1.8.3-1~ubuntu0.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2017-5838 Ubuntu 16.04 LTS It was discovered that Ghostscript incorrectly handled outputting certain PDF files. A local attacker could potentially use this issue to cause a crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6297-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.16.04.14+esm6 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.16.04.14+esm6 ghostscript-x - 9.26~dfsg+0-0ubuntu0.16.04.14+esm6 libgs-dev - 9.26~dfsg+0-0ubuntu0.16.04.14+esm6 libgs9 - 9.26~dfsg+0-0ubuntu0.16.04.14+esm6 libgs9-common - 9.26~dfsg+0-0ubuntu0.16.04.14+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-38559 Ubuntu 16.04 LTS Liu Zhu discovered that ZZIPlib incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2018-7727) YiMing Liu discovered that ZZIPlib incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2020-18442) Update Instructions: Run `sudo pro fix USN-6298-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libzzip-0-13 - 0.13.62-3ubuntu0.16.04.2+esm1 libzzip-dev - 0.13.62-3ubuntu0.16.04.2+esm1 zziplib-bin - 0.13.62-3ubuntu0.16.04.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2018-7727 CVE-2020-18442 Ubuntu 16.04 LTS It was discovered that poppler incorrectly handled certain malformed PDF files. If a user or an automated system were tricked into opening a specially crafted PDF file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2020-36023, CVE-2020-36024) Update Instructions: Run `sudo pro fix USN-6299-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-poppler-0.18 - 0.41.0-0ubuntu1.16+esm3 libpoppler-cpp-dev - 0.41.0-0ubuntu1.16+esm3 libpoppler-cpp0 - 0.41.0-0ubuntu1.16+esm3 libpoppler-dev - 0.41.0-0ubuntu1.16+esm3 libpoppler-glib-dev - 0.41.0-0ubuntu1.16+esm3 libpoppler-glib-doc - 0.41.0-0ubuntu1.16+esm3 libpoppler-glib8 - 0.41.0-0ubuntu1.16+esm3 libpoppler-private-dev - 0.41.0-0ubuntu1.16+esm3 libpoppler-qt4-4 - 0.41.0-0ubuntu1.16+esm3 libpoppler-qt4-dev - 0.41.0-0ubuntu1.16+esm3 libpoppler-qt5-1 - 0.41.0-0ubuntu1.16+esm3 libpoppler-qt5-dev - 0.41.0-0ubuntu1.16+esm3 libpoppler58 - 0.41.0-0ubuntu1.16+esm3 poppler-utils - 0.41.0-0ubuntu1.16+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-36023 CVE-2020-36024 Ubuntu 16.04 LTS USN-6303-1 fixed a vulnerability in ClamAV. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: It was discovered that ClamAV incorrectly handled parsing HFS+ files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6303-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: clamav - 0.103.9+dfsg-0ubuntu0.16.04.1+esm1 clamav-base - 0.103.9+dfsg-0ubuntu0.16.04.1+esm1 clamav-daemon - 0.103.9+dfsg-0ubuntu0.16.04.1+esm1 clamav-docs - 0.103.9+dfsg-0ubuntu0.16.04.1+esm1 clamav-freshclam - 0.103.9+dfsg-0ubuntu0.16.04.1+esm1 clamav-milter - 0.103.9+dfsg-0ubuntu0.16.04.1+esm1 clamav-testfiles - 0.103.9+dfsg-0ubuntu0.16.04.1+esm1 clamdscan - 0.103.9+dfsg-0ubuntu0.16.04.1+esm1 libclamav-dev - 0.103.9+dfsg-0ubuntu0.16.04.1+esm1 libclamav9 - 0.103.9+dfsg-0ubuntu0.16.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-20197 Ubuntu 16.04 LTS USN-6305-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that PHP incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information. (CVE-2023-3823) It was discovered that PHP incorrectly handled certain PHAR files. An attacker could possibly use this issue to cause a crash, expose sensitive information or execute arbitrary code. (CVE-2023-3824) Update Instructions: Run `sudo pro fix USN-6305-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-php7.0 - 7.0.33-0ubuntu0.16.04.16+esm8 libphp7.0-embed - 7.0.33-0ubuntu0.16.04.16+esm8 php7.0 - 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-bcmath - 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-bz2 - 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-cgi - 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-cli - 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-common - 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-curl - 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-dba - 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-dev - 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-enchant - 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-fpm - 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-gd - 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-gmp - 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-imap - 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-interbase - 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-intl - 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-json - 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-ldap - 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-mbstring - 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-mcrypt - 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-mysql - 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-odbc - 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-opcache - 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-pgsql - 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-phpdbg - 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-pspell - 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-readline - 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-recode - 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-snmp - 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-soap - 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-sqlite3 - 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-sybase - 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-tidy - 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-xml - 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-xmlrpc - 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-xsl - 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-zip - 7.0.33-0ubuntu0.16.04.16+esm8 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-3823 CVE-2023-3824 https://launchpad.net/bugs/2054511 Ubuntu 16.04 LTS Zheng Zhang discovered that the device-mapper implementation in the Linux kernel did not properly handle locking during table_clear() operations. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2023-2269) It was discovered that a use-after-free vulnerability existed in the HFS+ file system implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-2985) It was discovered that the DVB Core driver in the Linux kernel did not properly handle locking events in certain situations. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2023-31084) It was discovered that the virtual terminal driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2023-3567) It was discovered that the Quick Fair Queueing network scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3611) It was discovered that the network packet classifier with netfilter/firewall marks implementation in the Linux kernel did not properly handle reference counting, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3776) Update Instructions: Run `sudo pro fix USN-6309-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-aws-cloud-tools-4.4.0-1160 - 4.4.0-1160.175 linux-aws-headers-4.4.0-1160 - 4.4.0-1160.175 linux-aws-tools-4.4.0-1160 - 4.4.0-1160.175 linux-buildinfo-4.4.0-1160-aws - 4.4.0-1160.175 linux-cloud-tools-4.4.0-1160-aws - 4.4.0-1160.175 linux-headers-4.4.0-1160-aws - 4.4.0-1160.175 linux-image-4.4.0-1160-aws - 4.4.0-1160.175 linux-modules-4.4.0-1160-aws - 4.4.0-1160.175 linux-modules-extra-4.4.0-1160-aws - 4.4.0-1160.175 linux-tools-4.4.0-1160-aws - 4.4.0-1160.175 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.4.0-244-generic - 4.4.0-244.278 linux-buildinfo-4.4.0-244-lowlatency - 4.4.0-244.278 linux-cloud-tools-4.4.0-244 - 4.4.0-244.278 linux-cloud-tools-4.4.0-244-generic - 4.4.0-244.278 linux-cloud-tools-4.4.0-244-lowlatency - 4.4.0-244.278 linux-cloud-tools-common - 4.4.0-244.278 linux-doc - 4.4.0-244.278 linux-headers-4.4.0-244 - 4.4.0-244.278 linux-headers-4.4.0-244-generic - 4.4.0-244.278 linux-headers-4.4.0-244-lowlatency - 4.4.0-244.278 linux-image-4.4.0-244-generic - 4.4.0-244.278 linux-image-4.4.0-244-lowlatency - 4.4.0-244.278 linux-image-unsigned-4.4.0-244-generic - 4.4.0-244.278 linux-image-unsigned-4.4.0-244-lowlatency - 4.4.0-244.278 linux-libc-dev - 4.4.0-244.278 linux-modules-4.4.0-244-generic - 4.4.0-244.278 linux-modules-4.4.0-244-lowlatency - 4.4.0-244.278 linux-modules-extra-4.4.0-244-generic - 4.4.0-244.278 linux-source-4.4.0 - 4.4.0-244.278 linux-tools-4.4.0-244 - 4.4.0-244.278 linux-tools-4.4.0-244-generic - 4.4.0-244.278 linux-tools-4.4.0-244-lowlatency - 4.4.0-244.278 linux-tools-common - 4.4.0-244.278 linux-tools-host - 4.4.0-244.278 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 4.4.0.1160.164 linux-headers-aws - 4.4.0.1160.164 linux-image-aws - 4.4.0.1160.164 linux-modules-extra-aws - 4.4.0.1160.164 linux-tools-aws - 4.4.0.1160.164 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic - 4.4.0.244.250 linux-cloud-tools-generic-lts-utopic - 4.4.0.244.250 linux-cloud-tools-generic-lts-vivid - 4.4.0.244.250 linux-cloud-tools-generic-lts-wily - 4.4.0.244.250 linux-cloud-tools-generic-lts-xenial - 4.4.0.244.250 linux-cloud-tools-lowlatency - 4.4.0.244.250 linux-cloud-tools-lowlatency-lts-utopic - 4.4.0.244.250 linux-cloud-tools-lowlatency-lts-vivid - 4.4.0.244.250 linux-cloud-tools-lowlatency-lts-wily - 4.4.0.244.250 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.244.250 linux-cloud-tools-virtual - 4.4.0.244.250 linux-cloud-tools-virtual-lts-utopic - 4.4.0.244.250 linux-cloud-tools-virtual-lts-vivid - 4.4.0.244.250 linux-cloud-tools-virtual-lts-wily - 4.4.0.244.250 linux-cloud-tools-virtual-lts-xenial - 4.4.0.244.250 linux-crashdump - 4.4.0.244.250 linux-generic - 4.4.0.244.250 linux-generic-lts-utopic - 4.4.0.244.250 linux-generic-lts-vivid - 4.4.0.244.250 linux-generic-lts-wily - 4.4.0.244.250 linux-generic-lts-xenial - 4.4.0.244.250 linux-headers-generic - 4.4.0.244.250 linux-headers-generic-lts-utopic - 4.4.0.244.250 linux-headers-generic-lts-vivid - 4.4.0.244.250 linux-headers-generic-lts-wily - 4.4.0.244.250 linux-headers-generic-lts-xenial - 4.4.0.244.250 linux-headers-lowlatency - 4.4.0.244.250 linux-headers-lowlatency-lts-utopic - 4.4.0.244.250 linux-headers-lowlatency-lts-vivid - 4.4.0.244.250 linux-headers-lowlatency-lts-wily - 4.4.0.244.250 linux-headers-lowlatency-lts-xenial - 4.4.0.244.250 linux-headers-virtual - 4.4.0.244.250 linux-headers-virtual-lts-utopic - 4.4.0.244.250 linux-headers-virtual-lts-vivid - 4.4.0.244.250 linux-headers-virtual-lts-wily - 4.4.0.244.250 linux-headers-virtual-lts-xenial - 4.4.0.244.250 linux-hwe-generic-trusty - 4.4.0.244.250 linux-hwe-virtual-trusty - 4.4.0.244.250 linux-image-extra-virtual - 4.4.0.244.250 linux-image-extra-virtual-lts-utopic - 4.4.0.244.250 linux-image-extra-virtual-lts-vivid - 4.4.0.244.250 linux-image-extra-virtual-lts-wily - 4.4.0.244.250 linux-image-extra-virtual-lts-xenial - 4.4.0.244.250 linux-image-generic - 4.4.0.244.250 linux-image-generic-lts-utopic - 4.4.0.244.250 linux-image-generic-lts-vivid - 4.4.0.244.250 linux-image-generic-lts-wily - 4.4.0.244.250 linux-image-generic-lts-xenial - 4.4.0.244.250 linux-image-hwe-generic-trusty - 4.4.0.244.250 linux-image-hwe-virtual-trusty - 4.4.0.244.250 linux-image-lowlatency - 4.4.0.244.250 linux-image-lowlatency-lts-utopic - 4.4.0.244.250 linux-image-lowlatency-lts-vivid - 4.4.0.244.250 linux-image-lowlatency-lts-wily - 4.4.0.244.250 linux-image-lowlatency-lts-xenial - 4.4.0.244.250 linux-image-virtual - 4.4.0.244.250 linux-image-virtual-lts-utopic - 4.4.0.244.250 linux-image-virtual-lts-vivid - 4.4.0.244.250 linux-image-virtual-lts-wily - 4.4.0.244.250 linux-image-virtual-lts-xenial - 4.4.0.244.250 linux-lowlatency - 4.4.0.244.250 linux-lowlatency-lts-utopic - 4.4.0.244.250 linux-lowlatency-lts-vivid - 4.4.0.244.250 linux-lowlatency-lts-wily - 4.4.0.244.250 linux-lowlatency-lts-xenial - 4.4.0.244.250 linux-signed-generic - 4.4.0.244.250 linux-signed-generic-lts-utopic - 4.4.0.244.250 linux-signed-generic-lts-vivid - 4.4.0.244.250 linux-signed-generic-lts-wily - 4.4.0.244.250 linux-signed-generic-lts-xenial - 4.4.0.244.250 linux-signed-image-generic - 4.4.0.244.250 linux-signed-image-generic-lts-utopic - 4.4.0.244.250 linux-signed-image-generic-lts-vivid - 4.4.0.244.250 linux-signed-image-generic-lts-wily - 4.4.0.244.250 linux-signed-image-generic-lts-xenial - 4.4.0.244.250 linux-signed-image-lowlatency - 4.4.0.244.250 linux-signed-image-lowlatency-lts-wily - 4.4.0.244.250 linux-signed-image-lowlatency-lts-xenial - 4.4.0.244.250 linux-signed-lowlatency - 4.4.0.244.250 linux-signed-lowlatency-lts-wily - 4.4.0.244.250 linux-signed-lowlatency-lts-xenial - 4.4.0.244.250 linux-source - 4.4.0.244.250 linux-tools-generic - 4.4.0.244.250 linux-tools-generic-lts-utopic - 4.4.0.244.250 linux-tools-generic-lts-vivid - 4.4.0.244.250 linux-tools-generic-lts-wily - 4.4.0.244.250 linux-tools-generic-lts-xenial - 4.4.0.244.250 linux-tools-lowlatency - 4.4.0.244.250 linux-tools-lowlatency-lts-utopic - 4.4.0.244.250 linux-tools-lowlatency-lts-vivid - 4.4.0.244.250 linux-tools-lowlatency-lts-wily - 4.4.0.244.250 linux-tools-lowlatency-lts-xenial - 4.4.0.244.250 linux-tools-lts-utopic - 4.4.0.244.250 linux-tools-virtual - 4.4.0.244.250 linux-tools-virtual-lts-utopic - 4.4.0.244.250 linux-tools-virtual-lts-vivid - 4.4.0.244.250 linux-tools-virtual-lts-wily - 4.4.0.244.250 linux-tools-virtual-lts-xenial - 4.4.0.244.250 linux-virtual - 4.4.0.244.250 linux-virtual-lts-utopic - 4.4.0.244.250 linux-virtual-lts-vivid - 4.4.0.244.250 linux-virtual-lts-wily - 4.4.0.244.250 linux-virtual-lts-xenial - 4.4.0.244.250 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-2269 CVE-2023-2985 CVE-2023-31084 CVE-2023-3567 CVE-2023-3611 CVE-2023-3776 Ubuntu 16.04 LTS It was discovered that FAAD2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2021-32272, CVE-2021-32273, CVE-2021-32274, CVE-2021-32277, CVE-2021-32278, CVE-2023-38857, CVE-2023-38858) It was discovered that FAAD2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2021-32276) Update Instructions: Run `sudo pro fix USN-6313-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: faad - 2.8.0~cvs20150510-1ubuntu0.1+esm1 libfaad-dev - 2.8.0~cvs20150510-1ubuntu0.1+esm1 libfaad2 - 2.8.0~cvs20150510-1ubuntu0.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-32272 CVE-2021-32273 CVE-2021-32274 CVE-2021-32276 CVE-2021-32277 CVE-2021-32278 CVE-2023-38857 CVE-2023-38858 Ubuntu 16.04 LTS Daniël Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorised memory reads via a speculative side-channel attack. A local attacker could use this to expose sensitive information, including kernel memory. Update Instructions: Run `sudo pro fix USN-6319-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: amd64-microcode - 3.20191021.1+really3.20180524.1~ubuntu0.16.04.2+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-20569 Ubuntu 16.04 LTS It was discovered that elfutils incorrectly handled certain malformed files. If a user or automated system were tricked into processing a specially crafted file, elfutils could be made to crash or consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2018-16062, CVE-2018-16403, CVE-2018-18310, CVE-2018-18520, CVE-2018-18521, CVE-2019-7149, CVE-2019-7150, CVE-2019-7665) It was discovered that elfutils incorrectly handled bounds checks in certain functions when processing malformed files. If a user or automated system were tricked into processing a specially crafted file, elfutils could be made to crash or consume resources, resulting in a denial of service. (CVE-2020-21047, CVE-2021-33294) Update Instructions: Run `sudo pro fix USN-6322-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: elfutils - 0.165-3ubuntu1.2+esm1 libasm-dev - 0.165-3ubuntu1.2+esm1 libasm1 - 0.165-3ubuntu1.2+esm1 libdw-dev - 0.165-3ubuntu1.2+esm1 libdw1 - 0.165-3ubuntu1.2+esm1 libelf-dev - 0.165-3ubuntu1.2+esm1 libelf1 - 0.165-3ubuntu1.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-16062 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7149 CVE-2019-7150 CVE-2019-7665 CVE-2020-21047 CVE-2021-33294 Ubuntu 16.04 LTS It was discovered that GitPython did not block insecure options from user inputs in the clone command. An attacker could possibly use this issue to execute arbitrary commands on the host. Update Instructions: Run `sudo pro fix USN-6326-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-git - 1.0.1+git137-gc8b8379-2.1ubuntu0.1~esm2 python-git-doc - 1.0.1+git137-gc8b8379-2.1ubuntu0.1~esm2 python3-git - 1.0.1+git137-gc8b8379-2.1ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-40267 Ubuntu 16.04 LTS Zheng Zhang discovered that the device-mapper implementation in the Linux kernel did not properly handle locking during table_clear() operations. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2023-2269) It was discovered that a use-after-free vulnerability existed in the HFS+ file system implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-2985) It was discovered that the DVB Core driver in the Linux kernel did not properly handle locking events in certain situations. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2023-31084) It was discovered that the virtual terminal driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2023-3567) It was discovered that the Quick Fair Queueing network scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3611) It was discovered that the network packet classifier with netfilter/firewall marks implementation in the Linux kernel did not properly handle reference counting, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3776) Update Instructions: Run `sudo pro fix USN-6327-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.4.0-1123-kvm - 4.4.0-1123.133 linux-cloud-tools-4.4.0-1123-kvm - 4.4.0-1123.133 linux-headers-4.4.0-1123-kvm - 4.4.0-1123.133 linux-image-4.4.0-1123-kvm - 4.4.0-1123.133 linux-kvm-cloud-tools-4.4.0-1123 - 4.4.0-1123.133 linux-kvm-headers-4.4.0-1123 - 4.4.0-1123.133 linux-kvm-tools-4.4.0-1123 - 4.4.0-1123.133 linux-modules-4.4.0-1123-kvm - 4.4.0-1123.133 linux-tools-4.4.0-1123-kvm - 4.4.0-1123.133 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-kvm - 4.4.0.1123.120 linux-image-kvm - 4.4.0.1123.120 linux-kvm - 4.4.0.1123.120 linux-tools-kvm - 4.4.0.1123.120 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-2269 CVE-2023-2985 CVE-2023-31084 CVE-2023-3567 CVE-2023-3611 CVE-2023-3776 Ubuntu 16.04 LTS Peter Wang discovered that atftp did not properly manage certain inputs. A remote attacker could send a specially crafted tftp request to the server to cause a crash. (CVE-2020-6097) Andreas B. Mundt discovered that atftp did not properly manage certain inputs. A remote attacker could send a specially crafted tftp request to the server to cause a crash. (CVE-2021-41054) Johannes Krupp discovered that atftp did not properly manage certain inputs. A remote attacker could send a specially crafted tftp request to the server and make the server to disclose /etc/group data. (CVE-2021-46671) Update Instructions: Run `sudo pro fix USN-6334-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: atftp - 0.7.git20120829-3.1~0.16.04.1+esm1 atftpd - 0.7.git20120829-3.1~0.16.04.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-6097 CVE-2021-41054 CVE-2021-46671 Ubuntu 16.04 LTS It was discovered that BusyBox incorrectly handled certain malformed gzip archives. If a user or automated system were tricked into processing a specially crafted gzip archive, a remote attacker could use this issue to cause BusyBox to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2021-28831) It was discovered that BusyBox did not properly validate user input when performing certain arithmetic operations. If a user or automated system were tricked into processing a specially crafted file, an attacker could possibly use this issue to cause BusyBox to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2022-48174) Update Instructions: Run `sudo pro fix USN-6335-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: busybox - 1:1.22.0-15ubuntu1.4+esm2 busybox-initramfs - 1:1.22.0-15ubuntu1.4+esm2 busybox-static - 1:1.22.0-15ubuntu1.4+esm2 busybox-syslogd - 1:1.22.0-15ubuntu1.4+esm2 udhcpc - 1:1.22.0-15ubuntu1.4+esm2 udhcpd - 1:1.22.0-15ubuntu1.4+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2021-28831 CVE-2022-48174 Ubuntu 16.04 LTS It was discovered that Docker Registry incorrectly handled certain crafted input, A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-11468) It was discovered that Docker Registry incorrectly handled certain crafted input. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-2253) Update Instructions: Run `sudo pro fix USN-6336-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: docker-registry - 2.3.0~ds1-1ubuntu0.1~esm1 golang-github-docker-distribution-dev - 2.3.0~ds1-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-11468 CVE-2023-2253 Ubuntu 16.04 LTS Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. (CVE-2023-20593) Zheng Zhang discovered that the device-mapper implementation in the Linux kernel did not properly handle locking during table_clear() operations. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2023-2269) It was discovered that a use-after-free vulnerability existed in the HFS+ file system implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-2985) It was discovered that the DVB Core driver in the Linux kernel did not properly handle locking events in certain situations. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2023-31084) It was discovered that the Quick Fair Queueing network scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3611) It was discovered that the network packet classifier with netfilter/firewall marks implementation in the Linux kernel did not properly handle reference counting, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3776) Update Instructions: Run `sudo pro fix USN-6342-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1123-oracle - 4.15.0-1123.134~16.04.1 linux-headers-4.15.0-1123-oracle - 4.15.0-1123.134~16.04.1 linux-image-4.15.0-1123-oracle - 4.15.0-1123.134~16.04.1 linux-image-unsigned-4.15.0-1123-oracle - 4.15.0-1123.134~16.04.1 linux-modules-4.15.0-1123-oracle - 4.15.0-1123.134~16.04.1 linux-modules-extra-4.15.0-1123-oracle - 4.15.0-1123.134~16.04.1 linux-oracle-headers-4.15.0-1123 - 4.15.0-1123.134~16.04.1 linux-oracle-tools-4.15.0-1123 - 4.15.0-1123.134~16.04.1 linux-tools-4.15.0-1123-oracle - 4.15.0-1123.134~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-1154-gcp - 4.15.0-1154.171~16.04.1 linux-gcp-headers-4.15.0-1154 - 4.15.0-1154.171~16.04.1 linux-gcp-tools-4.15.0-1154 - 4.15.0-1154.171~16.04.1 linux-headers-4.15.0-1154-gcp - 4.15.0-1154.171~16.04.1 linux-image-4.15.0-1154-gcp - 4.15.0-1154.171~16.04.1 linux-image-unsigned-4.15.0-1154-gcp - 4.15.0-1154.171~16.04.1 linux-modules-4.15.0-1154-gcp - 4.15.0-1154.171~16.04.1 linux-modules-extra-4.15.0-1154-gcp - 4.15.0-1154.171~16.04.1 linux-tools-4.15.0-1154-gcp - 4.15.0-1154.171~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-headers-4.15.0-1160 - 4.15.0-1160.173~16.04.1 linux-aws-hwe-cloud-tools-4.15.0-1160 - 4.15.0-1160.173~16.04.1 linux-aws-hwe-tools-4.15.0-1160 - 4.15.0-1160.173~16.04.1 linux-buildinfo-4.15.0-1160-aws - 4.15.0-1160.173~16.04.1 linux-cloud-tools-4.15.0-1160-aws - 4.15.0-1160.173~16.04.1 linux-headers-4.15.0-1160-aws - 4.15.0-1160.173~16.04.1 linux-image-4.15.0-1160-aws - 4.15.0-1160.173~16.04.1 linux-image-unsigned-4.15.0-1160-aws - 4.15.0-1160.173~16.04.1 linux-modules-4.15.0-1160-aws - 4.15.0-1160.173~16.04.1 linux-modules-extra-4.15.0-1160-aws - 4.15.0-1160.173~16.04.1 linux-tools-4.15.0-1160-aws - 4.15.0-1160.173~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-216-generic - 4.15.0-216.227~16.04.1 linux-buildinfo-4.15.0-216-lowlatency - 4.15.0-216.227~16.04.1 linux-cloud-tools-4.15.0-216-generic - 4.15.0-216.227~16.04.1 linux-cloud-tools-4.15.0-216-lowlatency - 4.15.0-216.227~16.04.1 linux-headers-4.15.0-216 - 4.15.0-216.227~16.04.1 linux-headers-4.15.0-216-generic - 4.15.0-216.227~16.04.1 linux-headers-4.15.0-216-lowlatency - 4.15.0-216.227~16.04.1 linux-hwe-cloud-tools-4.15.0-216 - 4.15.0-216.227~16.04.1 linux-hwe-tools-4.15.0-216 - 4.15.0-216.227~16.04.1 linux-image-4.15.0-216-generic - 4.15.0-216.227~16.04.1 linux-image-4.15.0-216-lowlatency - 4.15.0-216.227~16.04.1 linux-image-unsigned-4.15.0-216-generic - 4.15.0-216.227~16.04.1 linux-image-unsigned-4.15.0-216-lowlatency - 4.15.0-216.227~16.04.1 linux-modules-4.15.0-216-generic - 4.15.0-216.227~16.04.1 linux-modules-4.15.0-216-lowlatency - 4.15.0-216.227~16.04.1 linux-modules-extra-4.15.0-216-generic - 4.15.0-216.227~16.04.1 linux-source-4.15.0 - 4.15.0-216.227~16.04.1 linux-tools-4.15.0-216-generic - 4.15.0-216.227~16.04.1 linux-tools-4.15.0-216-lowlatency - 4.15.0-216.227~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 4.15.0.1123.104 linux-image-oracle - 4.15.0.1123.104 linux-oracle - 4.15.0.1123.104 linux-signed-image-oracle - 4.15.0.1123.104 linux-signed-oracle - 4.15.0.1123.104 linux-tools-oracle - 4.15.0.1123.104 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp - 4.15.0.1154.144 linux-gke - 4.15.0.1154.144 linux-headers-gcp - 4.15.0.1154.144 linux-headers-gke - 4.15.0.1154.144 linux-image-gcp - 4.15.0.1154.144 linux-image-gke - 4.15.0.1154.144 linux-modules-extra-gcp - 4.15.0.1154.144 linux-modules-extra-gke - 4.15.0.1154.144 linux-tools-gcp - 4.15.0.1154.144 linux-tools-gke - 4.15.0.1154.144 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-edge - 4.15.0.1160.143 linux-aws-hwe - 4.15.0.1160.143 linux-headers-aws-hwe - 4.15.0.1160.143 linux-image-aws-hwe - 4.15.0.1160.143 linux-modules-extra-aws-hwe - 4.15.0.1160.143 linux-tools-aws-hwe - 4.15.0.1160.143 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-hwe-16.04 - 4.15.0.216.200~16.04.1 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.216.200~16.04.1 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.216.200~16.04.1 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.216.200~16.04.1 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.216.200~16.04.1 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.216.200~16.04.1 linux-generic-hwe-16.04 - 4.15.0.216.200~16.04.1 linux-generic-hwe-16.04-edge - 4.15.0.216.200~16.04.1 linux-headers-generic-hwe-16.04 - 4.15.0.216.200~16.04.1 linux-headers-generic-hwe-16.04-edge - 4.15.0.216.200~16.04.1 linux-headers-lowlatency-hwe-16.04 - 4.15.0.216.200~16.04.1 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.216.200~16.04.1 linux-headers-oem - 4.15.0.216.200~16.04.1 linux-headers-virtual-hwe-16.04 - 4.15.0.216.200~16.04.1 linux-headers-virtual-hwe-16.04-edge - 4.15.0.216.200~16.04.1 linux-image-extra-virtual-hwe-16.04 - 4.15.0.216.200~16.04.1 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.216.200~16.04.1 linux-image-generic-hwe-16.04 - 4.15.0.216.200~16.04.1 linux-image-generic-hwe-16.04-edge - 4.15.0.216.200~16.04.1 linux-image-lowlatency-hwe-16.04 - 4.15.0.216.200~16.04.1 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.216.200~16.04.1 linux-image-oem - 4.15.0.216.200~16.04.1 linux-image-virtual-hwe-16.04 - 4.15.0.216.200~16.04.1 linux-image-virtual-hwe-16.04-edge - 4.15.0.216.200~16.04.1 linux-lowlatency-hwe-16.04 - 4.15.0.216.200~16.04.1 linux-lowlatency-hwe-16.04-edge - 4.15.0.216.200~16.04.1 linux-oem - 4.15.0.216.200~16.04.1 linux-signed-generic-hwe-16.04 - 4.15.0.216.200~16.04.1 linux-signed-generic-hwe-16.04-edge - 4.15.0.216.200~16.04.1 linux-signed-image-generic-hwe-16.04 - 4.15.0.216.200~16.04.1 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.216.200~16.04.1 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.216.200~16.04.1 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.216.200~16.04.1 linux-signed-image-oem - 4.15.0.216.200~16.04.1 linux-signed-lowlatency-hwe-16.04 - 4.15.0.216.200~16.04.1 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.216.200~16.04.1 linux-signed-oem - 4.15.0.216.200~16.04.1 linux-tools-generic-hwe-16.04 - 4.15.0.216.200~16.04.1 linux-tools-generic-hwe-16.04-edge - 4.15.0.216.200~16.04.1 linux-tools-lowlatency-hwe-16.04 - 4.15.0.216.200~16.04.1 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.216.200~16.04.1 linux-tools-oem - 4.15.0.216.200~16.04.1 linux-tools-virtual-hwe-16.04 - 4.15.0.216.200~16.04.1 linux-tools-virtual-hwe-16.04-edge - 4.15.0.216.200~16.04.1 linux-virtual-hwe-16.04 - 4.15.0.216.200~16.04.1 linux-virtual-hwe-16.04-edge - 4.15.0.216.200~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-20593 CVE-2023-2269 CVE-2023-2985 CVE-2023-31084 CVE-2023-3611 CVE-2023-3776 Ubuntu 16.04 LTS Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. (CVE-2023-20593) Zheng Zhang discovered that the device-mapper implementation in the Linux kernel did not properly handle locking during table_clear() operations. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2023-2269) It was discovered that a use-after-free vulnerability existed in the HFS+ file system implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-2985) It was discovered that the DVB Core driver in the Linux kernel did not properly handle locking events in certain situations. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2023-31084) It was discovered that the Quick Fair Queueing network scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3611) It was discovered that the network packet classifier with netfilter/firewall marks implementation in the Linux kernel did not properly handle reference counting, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3776) Update Instructions: Run `sudo pro fix USN-6342-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-azure-cloud-tools-4.15.0-1169 - 4.15.0-1169.184~16.04.1 linux-azure-headers-4.15.0-1169 - 4.15.0-1169.184~16.04.1 linux-azure-tools-4.15.0-1169 - 4.15.0-1169.184~16.04.1 linux-buildinfo-4.15.0-1169-azure - 4.15.0-1169.184~16.04.1 linux-cloud-tools-4.15.0-1169-azure - 4.15.0-1169.184~16.04.1 linux-headers-4.15.0-1169-azure - 4.15.0-1169.184~16.04.1 linux-image-4.15.0-1169-azure - 4.15.0-1169.184~16.04.1 linux-image-unsigned-4.15.0-1169-azure - 4.15.0-1169.184~16.04.1 linux-modules-4.15.0-1169-azure - 4.15.0-1169.184~16.04.1 linux-modules-extra-4.15.0-1169-azure - 4.15.0-1169.184~16.04.1 linux-tools-4.15.0-1169-azure - 4.15.0-1169.184~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 4.15.0.1169.153 linux-azure-edge - 4.15.0.1169.153 linux-cloud-tools-azure - 4.15.0.1169.153 linux-cloud-tools-azure-edge - 4.15.0.1169.153 linux-headers-azure - 4.15.0.1169.153 linux-headers-azure-edge - 4.15.0.1169.153 linux-image-azure - 4.15.0.1169.153 linux-image-azure-edge - 4.15.0.1169.153 linux-modules-extra-azure - 4.15.0.1169.153 linux-modules-extra-azure-edge - 4.15.0.1169.153 linux-signed-azure - 4.15.0.1169.153 linux-signed-azure-edge - 4.15.0.1169.153 linux-signed-image-azure - 4.15.0.1169.153 linux-signed-image-azure-edge - 4.15.0.1169.153 linux-tools-azure - 4.15.0.1169.153 linux-tools-azure-edge - 4.15.0.1169.153 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-20593 CVE-2023-2269 CVE-2023-2985 CVE-2023-31084 CVE-2023-3611 CVE-2023-3776 Ubuntu 16.04 LTS It was discovered that SoX incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, an attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6345-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsox-dev - 14.4.1-5+deb8u4ubuntu0.1+esm3 libsox-fmt-all - 14.4.1-5+deb8u4ubuntu0.1+esm3 libsox-fmt-alsa - 14.4.1-5+deb8u4ubuntu0.1+esm3 libsox-fmt-ao - 14.4.1-5+deb8u4ubuntu0.1+esm3 libsox-fmt-base - 14.4.1-5+deb8u4ubuntu0.1+esm3 libsox-fmt-mp3 - 14.4.1-5+deb8u4ubuntu0.1+esm3 libsox-fmt-oss - 14.4.1-5+deb8u4ubuntu0.1+esm3 libsox-fmt-pulse - 14.4.1-5+deb8u4ubuntu0.1+esm3 libsox2 - 14.4.1-5+deb8u4ubuntu0.1+esm3 sox - 14.4.1-5+deb8u4ubuntu0.1+esm3 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-32627 Ubuntu 16.04 LTS Wooseok Kang discovered that PLIB did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted TGA file, an attacker could possibly use this issue to cause applications using PLIB to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6353-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libplib-dev - 1.8.5-7ubuntu0.1~esm1 libplib1 - 1.8.5-7ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-38714 Ubuntu 16.04 LTS It was discovered that Python did not properly handle XML entity declarations in plist files. An attacker could possibly use this vulnerability to perform an XML External Entity (XXE) injection, resulting in a denial of service or information disclosure. Update Instructions: Run `sudo pro fix USN-6354-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: idle-python2.7 - 2.7.12-1ubuntu0~16.04.18+esm6 libpython2.7 - 2.7.12-1ubuntu0~16.04.18+esm6 libpython2.7-dev - 2.7.12-1ubuntu0~16.04.18+esm6 libpython2.7-minimal - 2.7.12-1ubuntu0~16.04.18+esm6 libpython2.7-stdlib - 2.7.12-1ubuntu0~16.04.18+esm6 libpython2.7-testsuite - 2.7.12-1ubuntu0~16.04.18+esm6 python2.7 - 2.7.12-1ubuntu0~16.04.18+esm6 python2.7-dev - 2.7.12-1ubuntu0~16.04.18+esm6 python2.7-doc - 2.7.12-1ubuntu0~16.04.18+esm6 python2.7-examples - 2.7.12-1ubuntu0~16.04.18+esm6 python2.7-minimal - 2.7.12-1ubuntu0~16.04.18+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro idle-python3.5 - 3.5.2-2ubuntu0~16.04.13+esm9 libpython3.5 - 3.5.2-2ubuntu0~16.04.13+esm9 libpython3.5-dev - 3.5.2-2ubuntu0~16.04.13+esm9 libpython3.5-minimal - 3.5.2-2ubuntu0~16.04.13+esm9 libpython3.5-stdlib - 3.5.2-2ubuntu0~16.04.13+esm9 libpython3.5-testsuite - 3.5.2-2ubuntu0~16.04.13+esm9 python3.5 - 3.5.2-2ubuntu0~16.04.13+esm9 python3.5-dev - 3.5.2-2ubuntu0~16.04.13+esm9 python3.5-doc - 3.5.2-2ubuntu0~16.04.13+esm9 python3.5-examples - 3.5.2-2ubuntu0~16.04.13+esm9 python3.5-minimal - 3.5.2-2ubuntu0~16.04.13+esm9 python3.5-venv - 3.5.2-2ubuntu0~16.04.13+esm9 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-48565 Ubuntu 16.04 LTS Jianjun Chen, Vern Paxson and Jian Jiang discovered that OpenDMARC incorrectly handled certain inputs. If a user or an automated system were tricked into receiving crafted inputs, an attacker could possibly use this to falsify the domain of an e-mails origin. (CVE-2020-12272) Patrik Lantz discovered that OpenDMARC incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2020-12460) Update Instructions: Run `sudo pro fix USN-6356-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libopendmarc-dev - 1.3.1+dfsg-3ubuntu0.1~esm1 libopendmarc2 - 1.3.1+dfsg-3ubuntu0.1~esm1 opendmarc - 1.3.1+dfsg-3ubuntu0.1~esm1 rddmarc - 1.3.1+dfsg-3ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-12272 CVE-2020-12460 Ubuntu 16.04 LTS It was discovered that RedCloth incorrectly handled certain inputs during html sanitisation. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6358-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby-redcloth - 4.2.9-5ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-31606 Ubuntu 16.04 LTS USN-6360-1 fixed a vulnerability in FLAC. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: It was discovered that FLAC incorrectly handled encoding certain files. A remote attacker could use this issue to cause FLAC to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6360-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: flac - 1.3.1-4ubuntu0.1~esm2 libflac++-dev - 1.3.1-4ubuntu0.1~esm2 libflac++6v5 - 1.3.1-4ubuntu0.1~esm2 libflac-dev - 1.3.1-4ubuntu0.1~esm2 libflac-doc - 1.3.1-4ubuntu0.1~esm2 libflac8 - 1.3.1-4ubuntu0.1~esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-22219 Ubuntu 16.04 LTS USN-6361-1 fixed a vulnerability in CUPS. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that CUPS incorrectly authenticated certain remote requests. A remote attacker could possibly use this issue to obtain recently printed documents. Update Instructions: Run `sudo pro fix USN-6361-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cups - 2.1.3-4ubuntu0.11+esm5 cups-bsd - 2.1.3-4ubuntu0.11+esm5 cups-client - 2.1.3-4ubuntu0.11+esm5 cups-common - 2.1.3-4ubuntu0.11+esm5 cups-core-drivers - 2.1.3-4ubuntu0.11+esm5 cups-daemon - 2.1.3-4ubuntu0.11+esm5 cups-ipp-utils - 2.1.3-4ubuntu0.11+esm5 cups-ppdc - 2.1.3-4ubuntu0.11+esm5 cups-server-common - 2.1.3-4ubuntu0.11+esm5 libcups2 - 2.1.3-4ubuntu0.11+esm5 libcups2-dev - 2.1.3-4ubuntu0.11+esm5 libcupscgi1 - 2.1.3-4ubuntu0.11+esm5 libcupscgi1-dev - 2.1.3-4ubuntu0.11+esm5 libcupsimage2 - 2.1.3-4ubuntu0.11+esm5 libcupsimage2-dev - 2.1.3-4ubuntu0.11+esm5 libcupsmime1 - 2.1.3-4ubuntu0.11+esm5 libcupsmime1-dev - 2.1.3-4ubuntu0.11+esm5 libcupsppdc1 - 2.1.3-4ubuntu0.11+esm5 libcupsppdc1-dev - 2.1.3-4ubuntu0.11+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-32360 Ubuntu 16.04 LTS It was discovered that Ghostscript incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-21710) It was discovered that Ghostscript incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2020-21890) Update Instructions: Run `sudo pro fix USN-6364-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.16.04.14+esm7 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.16.04.14+esm7 ghostscript-x - 9.26~dfsg+0-0ubuntu0.16.04.14+esm7 libgs-dev - 9.26~dfsg+0-0ubuntu0.16.04.14+esm7 libgs9 - 9.26~dfsg+0-0ubuntu0.16.04.14+esm7 libgs9-common - 9.26~dfsg+0-0ubuntu0.16.04.14+esm7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-21710 CVE-2020-21890 Ubuntu 16.04 LTS USN-6365-1 fixed a vulnerability in Open VM Tools. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker could possibly use this issue to bypass SAML token signature verification and perform VMware Tools Guest Operations. Update Instructions: Run `sudo pro fix USN-6365-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: open-vm-tools - 2:10.2.0-3~ubuntu0.16.04.1+esm3 open-vm-tools-desktop - 2:10.2.0-3~ubuntu0.16.04.1+esm3 open-vm-tools-dev - 2:10.2.0-3~ubuntu0.16.04.1+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-20900 Ubuntu 16.04 LTS It was discovered that PostgreSQL incorrectly handled certain extension script substitutions. An attacker having database-level CREATE privileges can use this issue to execute arbitrary code as the bootstrap superuser. Update Instructions: Run `sudo pro fix USN-6366-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libecpg-compat3 - 9.5.25-0ubuntu0.16.04.1+esm5 libecpg-dev - 9.5.25-0ubuntu0.16.04.1+esm5 libecpg6 - 9.5.25-0ubuntu0.16.04.1+esm5 libpgtypes3 - 9.5.25-0ubuntu0.16.04.1+esm5 libpq-dev - 9.5.25-0ubuntu0.16.04.1+esm5 libpq5 - 9.5.25-0ubuntu0.16.04.1+esm5 postgresql-9.5 - 9.5.25-0ubuntu0.16.04.1+esm5 postgresql-client-9.5 - 9.5.25-0ubuntu0.16.04.1+esm5 postgresql-contrib-9.5 - 9.5.25-0ubuntu0.16.04.1+esm5 postgresql-doc-9.5 - 9.5.25-0ubuntu0.16.04.1+esm5 postgresql-plperl-9.5 - 9.5.25-0ubuntu0.16.04.1+esm5 postgresql-plpython-9.5 - 9.5.25-0ubuntu0.16.04.1+esm5 postgresql-plpython3-9.5 - 9.5.25-0ubuntu0.16.04.1+esm5 postgresql-pltcl-9.5 - 9.5.25-0ubuntu0.16.04.1+esm5 postgresql-server-dev-9.5 - 9.5.25-0ubuntu0.16.04.1+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-39417 Ubuntu 16.04 LTS It was discovered that ModSecurity incorrectly handled certain nested JSON objects. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-42717) It was discovered that ModSecurity incorrectly handled certain HTTP multipart requests. A remote attacker could possibly use this issue to bypass ModSecurity restrictions. (CVE-2022-48279) It was discovered that ModSecurity incorrectly handled certain file uploads. A remote attacker could possibly use this issue to cause a buffer overflow and a firewall failure. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-24021) Update Instructions: Run `sudo pro fix USN-6370-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-security2 - 2.9.0-1ubuntu0.1~esm1 libapache2-modsecurity - 2.9.0-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-42717 CVE-2022-48279 CVE-2023-24021 Ubuntu 16.04 LTS It was discovered that libssh2 incorrectly handled memory access. An attacker could possibly use this issue to cause a crash. Update Instructions: Run `sudo pro fix USN-6371-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssh2-1 - 1.5.0-2ubuntu0.1+esm2 libssh2-1-dev - 1.5.0-2ubuntu0.1+esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-22218 Ubuntu 16.04 LTS It was discovered that DBus incorrectly handled certain invalid messages. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6372-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dbus - 1.10.6-1ubuntu3.6+esm3 dbus-1-doc - 1.10.6-1ubuntu3.6+esm3 dbus-tests - 1.10.6-1ubuntu3.6+esm3 dbus-user-session - 1.10.6-1ubuntu3.6+esm3 dbus-x11 - 1.10.6-1ubuntu3.6+esm3 libdbus-1-3 - 1.10.6-1ubuntu3.6+esm3 libdbus-1-dev - 1.10.6-1ubuntu3.6+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-34969 Ubuntu 16.04 LTS It was discovered that gawk could be made to read out of bounds when processing certain inputs. If a user or an automated system were tricked into opening a specially crafted input, an attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6373-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gawk - 1:4.1.3+dfsg-0.1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-4156 Ubuntu 16.04 LTS It was discovered that Mutt incorrectly handled certain email header contents. If a user were tricked into opening a specially crafted message, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-4874, CVE-2023-4875) Update Instructions: Run `sudo pro fix USN-6374-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mutt - 1.5.24-1ubuntu0.6+esm3 mutt-patched - 1.5.24-1ubuntu0.6+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-4874 CVE-2023-4875 Ubuntu 16.04 LTS Rogier Schouten discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-15604) Ethan Rubinson discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-15605) Alyssa Wilk discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-15606) Tobias Niessen discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-8174) It was discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2020-8265, CVE-2020-8287) Update Instructions: Run `sudo pro fix USN-6380-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nodejs - 4.2.6~dfsg-1ubuntu4.2+esm2 nodejs-dev - 4.2.6~dfsg-1ubuntu4.2+esm2 nodejs-legacy - 4.2.6~dfsg-1ubuntu4.2+esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-15604 CVE-2019-15605 CVE-2019-15606 CVE-2020-8174 CVE-2020-8265 CVE-2020-8287 Ubuntu 16.04 LTS It was discovered that a memory leak existed in certain GNU binutils modules. An attacker could possibly use this issue to cause a denial of service (memory exhaustion). (CVE-2020-19724, CVE-2020-21490) It was discovered that GNU binutils was not properly performing bounds checks in several functions, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute arbitrary code. (CVE-2020-19726, CVE-2021-46174, CVE-2022-45703) It was discovered that GNU binutils was not properly initializing heap memory when processing certain print instructions. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-35342) It was discovered that GNU binutils was not properly handling the logic behind certain memory management related operations, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-44840) It was discovered that GNU binutils was not properly handling the logic behind certain memory management related operations, which could lead to an invalid memory access. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-47695) Update Instructions: Run `sudo pro fix USN-6381-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: binutils - 2.26.1-1ubuntu1~16.04.8+esm7 binutils-aarch64-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm7 binutils-alpha-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm7 binutils-arm-linux-gnueabi - 2.26.1-1ubuntu1~16.04.8+esm7 binutils-arm-linux-gnueabihf - 2.26.1-1ubuntu1~16.04.8+esm7 binutils-dev - 2.26.1-1ubuntu1~16.04.8+esm7 binutils-doc - 2.26.1-1ubuntu1~16.04.8+esm7 binutils-hppa-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm7 binutils-hppa64-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm7 binutils-m68k-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm7 binutils-mips-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm7 binutils-mips64-linux-gnuabi64 - 2.26.1-1ubuntu1~16.04.8+esm7 binutils-mips64el-linux-gnuabi64 - 2.26.1-1ubuntu1~16.04.8+esm7 binutils-mipsel-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm7 binutils-multiarch - 2.26.1-1ubuntu1~16.04.8+esm7 binutils-multiarch-dev - 2.26.1-1ubuntu1~16.04.8+esm7 binutils-powerpc-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm7 binutils-powerpc-linux-gnuspe - 2.26.1-1ubuntu1~16.04.8+esm7 binutils-powerpc64-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm7 binutils-powerpc64le-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm7 binutils-s390x-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm7 binutils-sh4-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm7 binutils-source - 2.26.1-1ubuntu1~16.04.8+esm7 binutils-sparc64-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-19724 CVE-2020-19726 CVE-2020-21490 CVE-2020-35342 CVE-2021-46174 CVE-2022-44840 CVE-2022-45703 CVE-2022-47695 Ubuntu 16.04 LTS It was discovered that Memcached incorrectly handled certain multi-packet uploads in UDP. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6382-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: memcached - 1.4.25-2ubuntu1.5+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-48571 Ubuntu 16.04 LTS Daniel Moghimi discovered that some Intel(R) Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. (CVE-2022-40982) Yang Lan discovered that the GFS2 file system implementation in the Linux kernel could attempt to dereference a null pointer in some situations. An attacker could use this to construct a malicious GFS2 image that, when mounted and operated on, could cause a denial of service (system crash). (CVE-2023-3212) It was discovered that the NET/ROM protocol implementation in the Linux kernel contained a race condition in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32269) It was discovered that the NFC implementation in the Linux kernel contained a use-after-free vulnerability when performing peer-to-peer communication in certain conditions. A privileged attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2023-3863) It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-40283) It was discovered that some network classifier implementations in the Linux kernel contained use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4128) It was discovered that the JFS file system implementation in the Linux kernel did not properly validate memory allocations in certain situations, leading to a null pointer dereference vulnerability. An attacker could use this to construct a malicious JFS image that, when mounted, could cause a denial of service (system crash). (CVE-2023-4385) It was discovered that the VMware VMXNET3 ethernet driver in the Linux kernel contained a use-after-free vulnerability in certain situations. A local attacker in a guest VM could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4387) It was discovered that the VMware VMXNET3 ethernet driver in the Linux kernel did not properly handle errors in certain situations, leading to a null pointer dereference vulnerability. A local attacker in a guest VM could use this to cause a denial of service (system crash). (CVE-2023-4459) Update Instructions: Run `sudo pro fix USN-6388-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.4.0-1124-kvm - 4.4.0-1124.134 linux-cloud-tools-4.4.0-1124-kvm - 4.4.0-1124.134 linux-headers-4.4.0-1124-kvm - 4.4.0-1124.134 linux-image-4.4.0-1124-kvm - 4.4.0-1124.134 linux-kvm-cloud-tools-4.4.0-1124 - 4.4.0-1124.134 linux-kvm-headers-4.4.0-1124 - 4.4.0-1124.134 linux-kvm-tools-4.4.0-1124 - 4.4.0-1124.134 linux-modules-4.4.0-1124-kvm - 4.4.0-1124.134 linux-tools-4.4.0-1124-kvm - 4.4.0-1124.134 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-cloud-tools-4.4.0-1161 - 4.4.0-1161.176 linux-aws-headers-4.4.0-1161 - 4.4.0-1161.176 linux-aws-tools-4.4.0-1161 - 4.4.0-1161.176 linux-buildinfo-4.4.0-1161-aws - 4.4.0-1161.176 linux-cloud-tools-4.4.0-1161-aws - 4.4.0-1161.176 linux-headers-4.4.0-1161-aws - 4.4.0-1161.176 linux-image-4.4.0-1161-aws - 4.4.0-1161.176 linux-modules-4.4.0-1161-aws - 4.4.0-1161.176 linux-modules-extra-4.4.0-1161-aws - 4.4.0-1161.176 linux-tools-4.4.0-1161-aws - 4.4.0-1161.176 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.4.0-245-generic - 4.4.0-245.279 linux-buildinfo-4.4.0-245-lowlatency - 4.4.0-245.279 linux-cloud-tools-4.4.0-245 - 4.4.0-245.279 linux-cloud-tools-4.4.0-245-generic - 4.4.0-245.279 linux-cloud-tools-4.4.0-245-lowlatency - 4.4.0-245.279 linux-cloud-tools-common - 4.4.0-245.279 linux-doc - 4.4.0-245.279 linux-headers-4.4.0-245 - 4.4.0-245.279 linux-headers-4.4.0-245-generic - 4.4.0-245.279 linux-headers-4.4.0-245-lowlatency - 4.4.0-245.279 linux-image-4.4.0-245-generic - 4.4.0-245.279 linux-image-4.4.0-245-lowlatency - 4.4.0-245.279 linux-image-unsigned-4.4.0-245-generic - 4.4.0-245.279 linux-image-unsigned-4.4.0-245-lowlatency - 4.4.0-245.279 linux-libc-dev - 4.4.0-245.279 linux-modules-4.4.0-245-generic - 4.4.0-245.279 linux-modules-4.4.0-245-lowlatency - 4.4.0-245.279 linux-modules-extra-4.4.0-245-generic - 4.4.0-245.279 linux-source-4.4.0 - 4.4.0-245.279 linux-tools-4.4.0-245 - 4.4.0-245.279 linux-tools-4.4.0-245-generic - 4.4.0-245.279 linux-tools-4.4.0-245-lowlatency - 4.4.0-245.279 linux-tools-common - 4.4.0-245.279 linux-tools-host - 4.4.0-245.279 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-kvm - 4.4.0.1124.121 linux-image-kvm - 4.4.0.1124.121 linux-kvm - 4.4.0.1124.121 linux-tools-kvm - 4.4.0.1124.121 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 4.4.0.1161.165 linux-headers-aws - 4.4.0.1161.165 linux-image-aws - 4.4.0.1161.165 linux-modules-extra-aws - 4.4.0.1161.165 linux-tools-aws - 4.4.0.1161.165 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic - 4.4.0.245.251 linux-cloud-tools-generic-lts-utopic - 4.4.0.245.251 linux-cloud-tools-generic-lts-vivid - 4.4.0.245.251 linux-cloud-tools-generic-lts-wily - 4.4.0.245.251 linux-cloud-tools-generic-lts-xenial - 4.4.0.245.251 linux-cloud-tools-lowlatency - 4.4.0.245.251 linux-cloud-tools-lowlatency-lts-utopic - 4.4.0.245.251 linux-cloud-tools-lowlatency-lts-vivid - 4.4.0.245.251 linux-cloud-tools-lowlatency-lts-wily - 4.4.0.245.251 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.245.251 linux-cloud-tools-virtual - 4.4.0.245.251 linux-cloud-tools-virtual-lts-utopic - 4.4.0.245.251 linux-cloud-tools-virtual-lts-vivid - 4.4.0.245.251 linux-cloud-tools-virtual-lts-wily - 4.4.0.245.251 linux-cloud-tools-virtual-lts-xenial - 4.4.0.245.251 linux-crashdump - 4.4.0.245.251 linux-generic - 4.4.0.245.251 linux-generic-lts-utopic - 4.4.0.245.251 linux-generic-lts-vivid - 4.4.0.245.251 linux-generic-lts-wily - 4.4.0.245.251 linux-generic-lts-xenial - 4.4.0.245.251 linux-headers-generic - 4.4.0.245.251 linux-headers-generic-lts-utopic - 4.4.0.245.251 linux-headers-generic-lts-vivid - 4.4.0.245.251 linux-headers-generic-lts-wily - 4.4.0.245.251 linux-headers-generic-lts-xenial - 4.4.0.245.251 linux-headers-lowlatency - 4.4.0.245.251 linux-headers-lowlatency-lts-utopic - 4.4.0.245.251 linux-headers-lowlatency-lts-vivid - 4.4.0.245.251 linux-headers-lowlatency-lts-wily - 4.4.0.245.251 linux-headers-lowlatency-lts-xenial - 4.4.0.245.251 linux-headers-virtual - 4.4.0.245.251 linux-headers-virtual-lts-utopic - 4.4.0.245.251 linux-headers-virtual-lts-vivid - 4.4.0.245.251 linux-headers-virtual-lts-wily - 4.4.0.245.251 linux-headers-virtual-lts-xenial - 4.4.0.245.251 linux-hwe-generic-trusty - 4.4.0.245.251 linux-hwe-virtual-trusty - 4.4.0.245.251 linux-image-extra-virtual - 4.4.0.245.251 linux-image-extra-virtual-lts-utopic - 4.4.0.245.251 linux-image-extra-virtual-lts-vivid - 4.4.0.245.251 linux-image-extra-virtual-lts-wily - 4.4.0.245.251 linux-image-extra-virtual-lts-xenial - 4.4.0.245.251 linux-image-generic - 4.4.0.245.251 linux-image-generic-lts-utopic - 4.4.0.245.251 linux-image-generic-lts-vivid - 4.4.0.245.251 linux-image-generic-lts-wily - 4.4.0.245.251 linux-image-generic-lts-xenial - 4.4.0.245.251 linux-image-hwe-generic-trusty - 4.4.0.245.251 linux-image-hwe-virtual-trusty - 4.4.0.245.251 linux-image-lowlatency - 4.4.0.245.251 linux-image-lowlatency-lts-utopic - 4.4.0.245.251 linux-image-lowlatency-lts-vivid - 4.4.0.245.251 linux-image-lowlatency-lts-wily - 4.4.0.245.251 linux-image-lowlatency-lts-xenial - 4.4.0.245.251 linux-image-virtual - 4.4.0.245.251 linux-image-virtual-lts-utopic - 4.4.0.245.251 linux-image-virtual-lts-vivid - 4.4.0.245.251 linux-image-virtual-lts-wily - 4.4.0.245.251 linux-image-virtual-lts-xenial - 4.4.0.245.251 linux-lowlatency - 4.4.0.245.251 linux-lowlatency-lts-utopic - 4.4.0.245.251 linux-lowlatency-lts-vivid - 4.4.0.245.251 linux-lowlatency-lts-wily - 4.4.0.245.251 linux-lowlatency-lts-xenial - 4.4.0.245.251 linux-signed-generic - 4.4.0.245.251 linux-signed-generic-lts-utopic - 4.4.0.245.251 linux-signed-generic-lts-vivid - 4.4.0.245.251 linux-signed-generic-lts-wily - 4.4.0.245.251 linux-signed-generic-lts-xenial - 4.4.0.245.251 linux-signed-image-generic - 4.4.0.245.251 linux-signed-image-generic-lts-utopic - 4.4.0.245.251 linux-signed-image-generic-lts-vivid - 4.4.0.245.251 linux-signed-image-generic-lts-wily - 4.4.0.245.251 linux-signed-image-generic-lts-xenial - 4.4.0.245.251 linux-signed-image-lowlatency - 4.4.0.245.251 linux-signed-image-lowlatency-lts-wily - 4.4.0.245.251 linux-signed-image-lowlatency-lts-xenial - 4.4.0.245.251 linux-signed-lowlatency - 4.4.0.245.251 linux-signed-lowlatency-lts-wily - 4.4.0.245.251 linux-signed-lowlatency-lts-xenial - 4.4.0.245.251 linux-source - 4.4.0.245.251 linux-tools-generic - 4.4.0.245.251 linux-tools-generic-lts-utopic - 4.4.0.245.251 linux-tools-generic-lts-vivid - 4.4.0.245.251 linux-tools-generic-lts-wily - 4.4.0.245.251 linux-tools-generic-lts-xenial - 4.4.0.245.251 linux-tools-lowlatency - 4.4.0.245.251 linux-tools-lowlatency-lts-utopic - 4.4.0.245.251 linux-tools-lowlatency-lts-vivid - 4.4.0.245.251 linux-tools-lowlatency-lts-wily - 4.4.0.245.251 linux-tools-lowlatency-lts-xenial - 4.4.0.245.251 linux-tools-lts-utopic - 4.4.0.245.251 linux-tools-virtual - 4.4.0.245.251 linux-tools-virtual-lts-utopic - 4.4.0.245.251 linux-tools-virtual-lts-vivid - 4.4.0.245.251 linux-tools-virtual-lts-wily - 4.4.0.245.251 linux-tools-virtual-lts-xenial - 4.4.0.245.251 linux-virtual - 4.4.0.245.251 linux-virtual-lts-utopic - 4.4.0.245.251 linux-virtual-lts-vivid - 4.4.0.245.251 linux-virtual-lts-wily - 4.4.0.245.251 linux-virtual-lts-xenial - 4.4.0.245.251 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-40982 CVE-2023-3212 CVE-2023-32269 CVE-2023-3863 CVE-2023-40283 CVE-2023-4385 CVE-2023-4387 CVE-2023-4459 Ubuntu 16.04 LTS USN-6391-1 fixed a vulnerability in CUPS. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that CUPS incorrectly parsed certain Postscript objects. If a user or automated system were tricked into printing a specially crafted document, a remote attacker could use this issue to cause CUPS to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6391-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cups - 2.1.3-4ubuntu0.11+esm4 cups-bsd - 2.1.3-4ubuntu0.11+esm4 cups-client - 2.1.3-4ubuntu0.11+esm4 cups-common - 2.1.3-4ubuntu0.11+esm4 cups-core-drivers - 2.1.3-4ubuntu0.11+esm4 cups-daemon - 2.1.3-4ubuntu0.11+esm4 cups-ipp-utils - 2.1.3-4ubuntu0.11+esm4 cups-ppdc - 2.1.3-4ubuntu0.11+esm4 cups-server-common - 2.1.3-4ubuntu0.11+esm4 libcups2 - 2.1.3-4ubuntu0.11+esm4 libcups2-dev - 2.1.3-4ubuntu0.11+esm4 libcupscgi1 - 2.1.3-4ubuntu0.11+esm4 libcupscgi1-dev - 2.1.3-4ubuntu0.11+esm4 libcupsimage2 - 2.1.3-4ubuntu0.11+esm4 libcupsimage2-dev - 2.1.3-4ubuntu0.11+esm4 libcupsmime1 - 2.1.3-4ubuntu0.11+esm4 libcupsmime1-dev - 2.1.3-4ubuntu0.11+esm4 libcupsppdc1 - 2.1.3-4ubuntu0.11+esm4 libcupsppdc1-dev - 2.1.3-4ubuntu0.11+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-4504 Ubuntu 16.04 LTS It was discovered that ImageMagick did not properly handle memory when processing the -help option. An attacker could potentially use this issue to cause a crash. Update Instructions: Run `sudo pro fix USN-6393-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick - 8:6.8.9.9-7ubuntu5.16+esm9 imagemagick-6.q16 - 8:6.8.9.9-7ubuntu5.16+esm9 imagemagick-common - 8:6.8.9.9-7ubuntu5.16+esm9 imagemagick-doc - 8:6.8.9.9-7ubuntu5.16+esm9 libimage-magick-perl - 8:6.8.9.9-7ubuntu5.16+esm9 libimage-magick-q16-perl - 8:6.8.9.9-7ubuntu5.16+esm9 libmagick++-6-headers - 8:6.8.9.9-7ubuntu5.16+esm9 libmagick++-6.q16-5v5 - 8:6.8.9.9-7ubuntu5.16+esm9 libmagick++-6.q16-dev - 8:6.8.9.9-7ubuntu5.16+esm9 libmagick++-dev - 8:6.8.9.9-7ubuntu5.16+esm9 libmagickcore-6-arch-config - 8:6.8.9.9-7ubuntu5.16+esm9 libmagickcore-6-headers - 8:6.8.9.9-7ubuntu5.16+esm9 libmagickcore-6.q16-2 - 8:6.8.9.9-7ubuntu5.16+esm9 libmagickcore-6.q16-2-extra - 8:6.8.9.9-7ubuntu5.16+esm9 libmagickcore-6.q16-dev - 8:6.8.9.9-7ubuntu5.16+esm9 libmagickcore-dev - 8:6.8.9.9-7ubuntu5.16+esm9 libmagickwand-6-headers - 8:6.8.9.9-7ubuntu5.16+esm9 libmagickwand-6.q16-2 - 8:6.8.9.9-7ubuntu5.16+esm9 libmagickwand-6.q16-dev - 8:6.8.9.9-7ubuntu5.16+esm9 libmagickwand-dev - 8:6.8.9.9-7ubuntu5.16+esm9 perlmagick - 8:6.8.9.9-7ubuntu5.16+esm9 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2022-48541 Ubuntu 16.04 LTS It was discovered that Python incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code or cause a crash. Update Instructions: Run `sudo pro fix USN-6394-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: idle-python3.5 - 3.5.2-2ubuntu0~16.04.13+esm10 libpython3.5 - 3.5.2-2ubuntu0~16.04.13+esm10 libpython3.5-dev - 3.5.2-2ubuntu0~16.04.13+esm10 libpython3.5-minimal - 3.5.2-2ubuntu0~16.04.13+esm10 libpython3.5-stdlib - 3.5.2-2ubuntu0~16.04.13+esm10 libpython3.5-testsuite - 3.5.2-2ubuntu0~16.04.13+esm10 python3.5 - 3.5.2-2ubuntu0~16.04.13+esm10 python3.5-dev - 3.5.2-2ubuntu0~16.04.13+esm10 python3.5-doc - 3.5.2-2ubuntu0~16.04.13+esm10 python3.5-examples - 3.5.2-2ubuntu0~16.04.13+esm10 python3.5-minimal - 3.5.2-2ubuntu0~16.04.13+esm10 python3.5-venv - 3.5.2-2ubuntu0~16.04.13+esm10 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-48560 Ubuntu 16.04 LTS USN-6394-1 fixed a vulnerability in Python. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that Python incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code or cause a crash. Update Instructions: Run `sudo pro fix USN-6394-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: idle-python2.7 - 2.7.12-1ubuntu0~16.04.18+esm8 libpython2.7 - 2.7.12-1ubuntu0~16.04.18+esm8 libpython2.7-dev - 2.7.12-1ubuntu0~16.04.18+esm8 libpython2.7-minimal - 2.7.12-1ubuntu0~16.04.18+esm8 libpython2.7-stdlib - 2.7.12-1ubuntu0~16.04.18+esm8 libpython2.7-testsuite - 2.7.12-1ubuntu0~16.04.18+esm8 python2.7 - 2.7.12-1ubuntu0~16.04.18+esm8 python2.7-dev - 2.7.12-1ubuntu0~16.04.18+esm8 python2.7-doc - 2.7.12-1ubuntu0~16.04.18+esm8 python2.7-examples - 2.7.12-1ubuntu0~16.04.18+esm8 python2.7-minimal - 2.7.12-1ubuntu0~16.04.18+esm8 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-48560 Ubuntu 16.04 LTS It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. (CVE-2022-27672) Daniel Moghimi discovered that some Intel(R) Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. (CVE-2022-40982) Yang Lan discovered that the GFS2 file system implementation in the Linux kernel could attempt to dereference a null pointer in some situations. An attacker could use this to construct a malicious GFS2 image that, when mounted and operated on, could cause a denial of service (system crash). (CVE-2023-3212) It was discovered that the NFC implementation in the Linux kernel contained a use-after-free vulnerability when performing peer-to-peer communication in certain conditions. A privileged attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2023-3863) It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-40283) It was discovered that some network classifier implementations in the Linux kernel contained use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4128) Update Instructions: Run `sudo pro fix USN-6396-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1124-oracle - 4.15.0-1124.135~16.04.1 linux-headers-4.15.0-1124-oracle - 4.15.0-1124.135~16.04.1 linux-image-4.15.0-1124-oracle - 4.15.0-1124.135~16.04.1 linux-image-unsigned-4.15.0-1124-oracle - 4.15.0-1124.135~16.04.1 linux-modules-4.15.0-1124-oracle - 4.15.0-1124.135~16.04.1 linux-modules-extra-4.15.0-1124-oracle - 4.15.0-1124.135~16.04.1 linux-oracle-headers-4.15.0-1124 - 4.15.0-1124.135~16.04.1 linux-oracle-tools-4.15.0-1124 - 4.15.0-1124.135~16.04.1 linux-tools-4.15.0-1124-oracle - 4.15.0-1124.135~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-1155-gcp - 4.15.0-1155.172~16.04.1 linux-gcp-headers-4.15.0-1155 - 4.15.0-1155.172~16.04.1 linux-gcp-tools-4.15.0-1155 - 4.15.0-1155.172~16.04.1 linux-headers-4.15.0-1155-gcp - 4.15.0-1155.172~16.04.1 linux-image-4.15.0-1155-gcp - 4.15.0-1155.172~16.04.1 linux-image-unsigned-4.15.0-1155-gcp - 4.15.0-1155.172~16.04.1 linux-modules-4.15.0-1155-gcp - 4.15.0-1155.172~16.04.1 linux-modules-extra-4.15.0-1155-gcp - 4.15.0-1155.172~16.04.1 linux-tools-4.15.0-1155-gcp - 4.15.0-1155.172~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-headers-4.15.0-1161 - 4.15.0-1161.174~16.04.1 linux-aws-hwe-cloud-tools-4.15.0-1161 - 4.15.0-1161.174~16.04.1 linux-aws-hwe-tools-4.15.0-1161 - 4.15.0-1161.174~16.04.1 linux-buildinfo-4.15.0-1161-aws - 4.15.0-1161.174~16.04.1 linux-cloud-tools-4.15.0-1161-aws - 4.15.0-1161.174~16.04.1 linux-headers-4.15.0-1161-aws - 4.15.0-1161.174~16.04.1 linux-image-4.15.0-1161-aws - 4.15.0-1161.174~16.04.1 linux-image-unsigned-4.15.0-1161-aws - 4.15.0-1161.174~16.04.1 linux-modules-4.15.0-1161-aws - 4.15.0-1161.174~16.04.1 linux-modules-extra-4.15.0-1161-aws - 4.15.0-1161.174~16.04.1 linux-tools-4.15.0-1161-aws - 4.15.0-1161.174~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-cloud-tools-4.15.0-1170 - 4.15.0-1170.185~16.04.1 linux-azure-headers-4.15.0-1170 - 4.15.0-1170.185~16.04.1 linux-azure-tools-4.15.0-1170 - 4.15.0-1170.185~16.04.1 linux-buildinfo-4.15.0-1170-azure - 4.15.0-1170.185~16.04.1 linux-cloud-tools-4.15.0-1170-azure - 4.15.0-1170.185~16.04.1 linux-headers-4.15.0-1170-azure - 4.15.0-1170.185~16.04.1 linux-image-4.15.0-1170-azure - 4.15.0-1170.185~16.04.1 linux-image-unsigned-4.15.0-1170-azure - 4.15.0-1170.185~16.04.1 linux-modules-4.15.0-1170-azure - 4.15.0-1170.185~16.04.1 linux-modules-extra-4.15.0-1170-azure - 4.15.0-1170.185~16.04.1 linux-tools-4.15.0-1170-azure - 4.15.0-1170.185~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-218-generic - 4.15.0-218.229~16.04.1 linux-buildinfo-4.15.0-218-lowlatency - 4.15.0-218.229~16.04.1 linux-cloud-tools-4.15.0-218-generic - 4.15.0-218.229~16.04.1 linux-cloud-tools-4.15.0-218-lowlatency - 4.15.0-218.229~16.04.1 linux-headers-4.15.0-218 - 4.15.0-218.229~16.04.1 linux-headers-4.15.0-218-generic - 4.15.0-218.229~16.04.1 linux-headers-4.15.0-218-lowlatency - 4.15.0-218.229~16.04.1 linux-hwe-cloud-tools-4.15.0-218 - 4.15.0-218.229~16.04.1 linux-hwe-tools-4.15.0-218 - 4.15.0-218.229~16.04.1 linux-image-4.15.0-218-generic - 4.15.0-218.229~16.04.1 linux-image-4.15.0-218-lowlatency - 4.15.0-218.229~16.04.1 linux-image-unsigned-4.15.0-218-generic - 4.15.0-218.229~16.04.1 linux-image-unsigned-4.15.0-218-lowlatency - 4.15.0-218.229~16.04.1 linux-modules-4.15.0-218-generic - 4.15.0-218.229~16.04.1 linux-modules-4.15.0-218-lowlatency - 4.15.0-218.229~16.04.1 linux-modules-extra-4.15.0-218-generic - 4.15.0-218.229~16.04.1 linux-source-4.15.0 - 4.15.0-218.229~16.04.1 linux-tools-4.15.0-218-generic - 4.15.0-218.229~16.04.1 linux-tools-4.15.0-218-lowlatency - 4.15.0-218.229~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 4.15.0.1124.105 linux-image-oracle - 4.15.0.1124.105 linux-oracle - 4.15.0.1124.105 linux-signed-image-oracle - 4.15.0.1124.105 linux-signed-oracle - 4.15.0.1124.105 linux-tools-oracle - 4.15.0.1124.105 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp - 4.15.0.1155.145 linux-gke - 4.15.0.1155.145 linux-headers-gcp - 4.15.0.1155.145 linux-headers-gke - 4.15.0.1155.145 linux-image-gcp - 4.15.0.1155.145 linux-image-gke - 4.15.0.1155.145 linux-modules-extra-gcp - 4.15.0.1155.145 linux-modules-extra-gke - 4.15.0.1155.145 linux-tools-gcp - 4.15.0.1155.145 linux-tools-gke - 4.15.0.1155.145 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-edge - 4.15.0.1161.144 linux-aws-hwe - 4.15.0.1161.144 linux-headers-aws-hwe - 4.15.0.1161.144 linux-image-aws-hwe - 4.15.0.1161.144 linux-modules-extra-aws-hwe - 4.15.0.1161.144 linux-tools-aws-hwe - 4.15.0.1161.144 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 4.15.0.1170.154 linux-azure-edge - 4.15.0.1170.154 linux-cloud-tools-azure - 4.15.0.1170.154 linux-cloud-tools-azure-edge - 4.15.0.1170.154 linux-headers-azure - 4.15.0.1170.154 linux-headers-azure-edge - 4.15.0.1170.154 linux-image-azure - 4.15.0.1170.154 linux-image-azure-edge - 4.15.0.1170.154 linux-modules-extra-azure - 4.15.0.1170.154 linux-modules-extra-azure-edge - 4.15.0.1170.154 linux-signed-azure - 4.15.0.1170.154 linux-signed-azure-edge - 4.15.0.1170.154 linux-signed-image-azure - 4.15.0.1170.154 linux-signed-image-azure-edge - 4.15.0.1170.154 linux-tools-azure - 4.15.0.1170.154 linux-tools-azure-edge - 4.15.0.1170.154 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-hwe-16.04 - 4.15.0.218.2 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.218.2 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.218.2 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.218.2 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.218.2 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.218.2 linux-generic-hwe-16.04 - 4.15.0.218.2 linux-generic-hwe-16.04-edge - 4.15.0.218.2 linux-headers-generic-hwe-16.04 - 4.15.0.218.2 linux-headers-generic-hwe-16.04-edge - 4.15.0.218.2 linux-headers-lowlatency-hwe-16.04 - 4.15.0.218.2 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.218.2 linux-headers-oem - 4.15.0.218.2 linux-headers-virtual-hwe-16.04 - 4.15.0.218.2 linux-headers-virtual-hwe-16.04-edge - 4.15.0.218.2 linux-image-extra-virtual-hwe-16.04 - 4.15.0.218.2 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.218.2 linux-image-generic-hwe-16.04 - 4.15.0.218.2 linux-image-generic-hwe-16.04-edge - 4.15.0.218.2 linux-image-lowlatency-hwe-16.04 - 4.15.0.218.2 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.218.2 linux-image-oem - 4.15.0.218.2 linux-image-virtual-hwe-16.04 - 4.15.0.218.2 linux-image-virtual-hwe-16.04-edge - 4.15.0.218.2 linux-lowlatency-hwe-16.04 - 4.15.0.218.2 linux-lowlatency-hwe-16.04-edge - 4.15.0.218.2 linux-oem - 4.15.0.218.2 linux-signed-generic-hwe-16.04 - 4.15.0.218.2 linux-signed-generic-hwe-16.04-edge - 4.15.0.218.2 linux-signed-image-generic-hwe-16.04 - 4.15.0.218.2 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.218.2 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.218.2 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.218.2 linux-signed-image-oem - 4.15.0.218.2 linux-signed-lowlatency-hwe-16.04 - 4.15.0.218.2 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.218.2 linux-signed-oem - 4.15.0.218.2 linux-tools-generic-hwe-16.04 - 4.15.0.218.2 linux-tools-generic-hwe-16.04-edge - 4.15.0.218.2 linux-tools-lowlatency-hwe-16.04 - 4.15.0.218.2 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.218.2 linux-tools-oem - 4.15.0.218.2 linux-tools-virtual-hwe-16.04 - 4.15.0.218.2 linux-tools-virtual-hwe-16.04-edge - 4.15.0.218.2 linux-virtual-hwe-16.04 - 4.15.0.218.2 linux-virtual-hwe-16.04-edge - 4.15.0.218.2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-27672 CVE-2022-40982 CVE-2023-3212 CVE-2023-3863 CVE-2023-40283 Ubuntu 16.04 LTS It was discovered that ReadyMedia was vulnerable to DNS rebinding attacks. A remote attacker could possibly use this issue to trick the local DLNA server to leak information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-26505) It was discovered that ReadyMedia incorrectly handled certain HTTP requests using chunked transport encoding. A remote attacker could possibly use this issue to cause buffer overflows, resulting in out-of-bounds reads and writes. (CVE-2023-33476) Update Instructions: Run `sudo pro fix USN-6398-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: minidlna - 1.1.5+dfsg-2ubuntu0.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-26505 CVE-2023-33476 Ubuntu 16.04 LTS It was discovered that Python did not properly provide constant-time processing for a crypto operation. An attacker could possibly use this issue to perform a timing attack and recover sensitive information. Update Instructions: Run `sudo pro fix USN-6400-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: idle-python2.7 - 2.7.12-1ubuntu0~16.04.18+esm7 libpython2.7 - 2.7.12-1ubuntu0~16.04.18+esm7 libpython2.7-dev - 2.7.12-1ubuntu0~16.04.18+esm7 libpython2.7-minimal - 2.7.12-1ubuntu0~16.04.18+esm7 libpython2.7-stdlib - 2.7.12-1ubuntu0~16.04.18+esm7 libpython2.7-testsuite - 2.7.12-1ubuntu0~16.04.18+esm7 python2.7 - 2.7.12-1ubuntu0~16.04.18+esm7 python2.7-dev - 2.7.12-1ubuntu0~16.04.18+esm7 python2.7-doc - 2.7.12-1ubuntu0~16.04.18+esm7 python2.7-examples - 2.7.12-1ubuntu0~16.04.18+esm7 python2.7-minimal - 2.7.12-1ubuntu0~16.04.18+esm7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro idle-python3.5 - 3.5.2-2ubuntu0~16.04.13+esm11 libpython3.5 - 3.5.2-2ubuntu0~16.04.13+esm11 libpython3.5-dev - 3.5.2-2ubuntu0~16.04.13+esm11 libpython3.5-minimal - 3.5.2-2ubuntu0~16.04.13+esm11 libpython3.5-stdlib - 3.5.2-2ubuntu0~16.04.13+esm11 libpython3.5-testsuite - 3.5.2-2ubuntu0~16.04.13+esm11 python3.5 - 3.5.2-2ubuntu0~16.04.13+esm11 python3.5-dev - 3.5.2-2ubuntu0~16.04.13+esm11 python3.5-doc - 3.5.2-2ubuntu0~16.04.13+esm11 python3.5-examples - 3.5.2-2ubuntu0~16.04.13+esm11 python3.5-minimal - 3.5.2-2ubuntu0~16.04.13+esm11 python3.5-venv - 3.5.2-2ubuntu0~16.04.13+esm11 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-48566 Ubuntu 16.04 LTS It was discovered that LibTomMath incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code and cause a denial of service (DoS). Update Instructions: Run `sudo pro fix USN-6402-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtommath-dev - 0.42.0-1.2ubuntu0.1~esm1 libtommath-docs - 0.42.0-1.2ubuntu0.1~esm1 libtommath0 - 0.42.0-1.2ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-36328 Ubuntu 16.04 LTS USN-6403-1 fixed several vulnerabilities in libvpx. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: It was discovered that libvpx did not properly handle certain malformed media files. If an application using libvpx opened a specially crafted file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6403-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvpx-dev - 1.5.0-2ubuntu1.1+esm2 libvpx-doc - 1.5.0-2ubuntu1.1+esm2 libvpx3 - 1.5.0-2ubuntu1.1+esm2 vpx-tools - 1.5.0-2ubuntu1.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-44488 CVE-2023-5217 Ubuntu 16.04 LTS USN-6407-1 fixed several vulnerabilities in libx11. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Gregory James Duck discovered that libx11 incorrectly handled certain keyboard symbols. If a user were tricked into connecting to a malicious X server, a remote attacker could use this issue to cause libx11 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-43785) Yair Mizrahi discovered that libx11 incorrectly handled certain malformed XPM image files. If a user were tricked into opening a specially crafted XPM image file, a remote attacker could possibly use this issue to consume memory, leading to a denial of service. (CVE-2023-43786) Yair Mizrahi discovered that libx11 incorrectly handled certain malformed XPM image files. If a user were tricked into opening a specially crafted XPM image file, a remote attacker could use this issue to cause libx11 to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2023-43787) Update Instructions: Run `sudo pro fix USN-6407-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libx11-6 - 2:1.6.3-1ubuntu2.2+esm4 libx11-data - 2:1.6.3-1ubuntu2.2+esm4 libx11-dev - 2:1.6.3-1ubuntu2.2+esm4 libx11-doc - 2:1.6.3-1ubuntu2.2+esm4 libx11-xcb-dev - 2:1.6.3-1ubuntu2.2+esm4 libx11-xcb1 - 2:1.6.3-1ubuntu2.2+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-43785 CVE-2023-43786 CVE-2023-43787 Ubuntu 16.04 LTS USN-6408-1 fixed several vulnerabilities in libXpm. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Yair Mizrahi discovered that libXpm incorrectly handled certain malformed XPM image files. If a user were tricked into opening a specially crafted XPM image file, a remote attacker could possibly use this issue to consume memory, leading to a denial of service. (CVE-2023-43786) Yair Mizrahi discovered that libXpm incorrectly handled certain malformed XPM image files. If a user were tricked into opening a specially crafted XPM image file, a remote attacker could use this issue to cause libXpm to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2023-43787) Alan Coopersmith discovered that libXpm incorrectly handled certain malformed XPM image files. If a user were tricked into opening a specially crafted XPM image file, a remote attacker could possibly use this issue to cause libXpm to crash, leading to a denial of service. (CVE-2023-43788, CVE-2023-43789) Update Instructions: Run `sudo pro fix USN-6408-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxpm-dev - 1:3.5.11-1ubuntu0.16.04.1+esm2 libxpm4 - 1:3.5.11-1ubuntu0.16.04.1+esm2 xpmutils - 1:3.5.11-1ubuntu0.16.04.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-43786 CVE-2023-43787 CVE-2023-43788 CVE-2023-43789 Ubuntu 16.04 LTS It was discovered that Exim incorrectly handled certain challenge requests. A remote attacker could possibly use this issue to perform out-of-bounds reads, resulting in information leakage. (CVE-2023-42114) It was discovered that Exim incorrectly handled validation of user-supplied data. A remote attacker could possibly use this issue to perform out-of-bounds writes, resulting in arbitrary code execution. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.04. (CVE-2023-42115) It was discovered that Exim incorrectly handled certain challenge requests. A remote attacker could possibly use this issue to perform out-of-bounds writes, resulting in arbitrary code execution. (CVE-2023-42116) Update Instructions: Run `sudo pro fix USN-6411-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exim4 - 4.86.2-2ubuntu2.6+esm4 exim4-base - 4.86.2-2ubuntu2.6+esm4 exim4-config - 4.86.2-2ubuntu2.6+esm4 exim4-daemon-heavy - 4.86.2-2ubuntu2.6+esm4 exim4-daemon-light - 4.86.2-2ubuntu2.6+esm4 exim4-dev - 4.86.2-2ubuntu2.6+esm4 eximon4 - 4.86.2-2ubuntu2.6+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-42114 CVE-2023-42115 CVE-2023-42116 Ubuntu 16.04 LTS It was discovered that GNU binutils was not properly performing checks when dealing with memory allocation operations, which could lead to excessive memory consumption. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2017-17122, CVE-2017-8421) It was discovered that GNU binutils was not properly performing bounds checks when processing debug sections with objdump, which could lead to an overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2018-20671, CVE-2018-6543) It was discovered that GNU binutils contained a reachable assertion, which could lead to an intentional assertion failure when processing certain crafted DWARF files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2022-35205) It was discovered that GNU binutils incorrectly handled memory management operations in several of its functions, which could lead to excessive memory consumption due to memory leaks. An attacker could possibly use these issues to cause a denial of service. (CVE-2022-47007, CVE-2022-47008, CVE-2022-47010, CVE-2022-47011) It was discovered that GNU binutils was not properly performing bounds checks when dealing with memory allocation operations, which could lead to excessive memory consumption. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-48063) Update Instructions: Run `sudo pro fix USN-6413-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: binutils - 2.26.1-1ubuntu1~16.04.8+esm9 binutils-aarch64-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm9 binutils-alpha-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm9 binutils-arm-linux-gnueabi - 2.26.1-1ubuntu1~16.04.8+esm9 binutils-arm-linux-gnueabihf - 2.26.1-1ubuntu1~16.04.8+esm9 binutils-dev - 2.26.1-1ubuntu1~16.04.8+esm9 binutils-doc - 2.26.1-1ubuntu1~16.04.8+esm9 binutils-hppa-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm9 binutils-hppa64-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm9 binutils-m68k-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm9 binutils-mips-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm9 binutils-mips64-linux-gnuabi64 - 2.26.1-1ubuntu1~16.04.8+esm9 binutils-mips64el-linux-gnuabi64 - 2.26.1-1ubuntu1~16.04.8+esm9 binutils-mipsel-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm9 binutils-multiarch - 2.26.1-1ubuntu1~16.04.8+esm9 binutils-multiarch-dev - 2.26.1-1ubuntu1~16.04.8+esm9 binutils-powerpc-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm9 binutils-powerpc-linux-gnuspe - 2.26.1-1ubuntu1~16.04.8+esm9 binutils-powerpc64-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm9 binutils-powerpc64le-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm9 binutils-s390x-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm9 binutils-sh4-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm9 binutils-source - 2.26.1-1ubuntu1~16.04.8+esm9 binutils-sparc64-linux-gnu - 2.26.1-1ubuntu1~16.04.8+esm9 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-17122 CVE-2017-8421 CVE-2018-20671 CVE-2018-6543 CVE-2022-35205 CVE-2022-47007 CVE-2022-47008 CVE-2022-47010 CVE-2022-47011 CVE-2022-48063 Ubuntu 16.04 LTS Hong Phat Ly discovered that jQuery UI did not properly manage parameters from untrusted sources, which could lead to arbitrary web script or HTML code injection. A remote attacker could possibly use this issue to perform a cross-site scripting (XSS) attack. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-7103) Esben Sparre Andreasen discovered that jQuery UI did not properly handle values from untrusted sources in the Datepicker widget. A remote attacker could possibly use this issue to perform a cross-site scripting (XSS) attack and execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-41182, CVE-2021-41183) It was discovered that jQuery UI did not properly validate values from untrusted sources. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-41184) It was discovered that the jQuery UI checkboxradio widget did not properly decode certain values from HTML entities. An attacker could possibly use this issue to perform a cross-site scripting (XSS) attack and cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2022-31160) Update Instructions: Run `sudo pro fix USN-6419-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjs-jquery-ui - 1.10.1+dfsg-1ubuntu0.16.04.1~esm1 libjs-jquery-ui-docs - 1.10.1+dfsg-1ubuntu0.16.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2016-7103 CVE-2021-41182 CVE-2021-41183 CVE-2021-41184 CVE-2022-31160 Ubuntu 16.04 LTS It was discovered that Bind incorrectly handled certain control channel messages. A remote attacker with access to the control channel could possibly use this issue to cause Bind to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6421-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bind9 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 bind9-doc - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 bind9-host - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 bind9utils - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 dnsutils - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 host - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 libbind-dev - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 libbind-export-dev - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 libbind9-140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 libdns-export162 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 libdns162 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 libirs-export141 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 libirs141 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 libisc-export160 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 libisc160 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 libisccc-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 libisccc-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 libisccc140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 libisccfg-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 libisccfg140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 liblwres141 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 lwresd - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-3341 Ubuntu 16.04 LTS It was discovered that LibTIFF could be made to read out of bounds when processing certain malformed image files with the tiffcrop utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6428-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-doc - 4.0.6-1ubuntu0.8+esm13 libtiff-opengl - 4.0.6-1ubuntu0.8+esm13 libtiff-tools - 4.0.6-1ubuntu0.8+esm13 libtiff5 - 4.0.6-1ubuntu0.8+esm13 libtiff5-dev - 4.0.6-1ubuntu0.8+esm13 libtiffxx5 - 4.0.6-1ubuntu0.8+esm13 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-1916 Ubuntu 16.04 LTS USN-6429-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that curl incorrectly handled cookies when an application duplicated certain handles. A local attacker could possibly create a cookie file and inject arbitrary cookies into subsequent connections. (CVE-2023-38546) Update Instructions: Run `sudo pro fix USN-6429-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: curl - 7.47.0-1ubuntu2.19+esm10 libcurl3 - 7.47.0-1ubuntu2.19+esm10 libcurl3-gnutls - 7.47.0-1ubuntu2.19+esm10 libcurl3-nss - 7.47.0-1ubuntu2.19+esm10 libcurl4-doc - 7.47.0-1ubuntu2.19+esm10 libcurl4-gnutls-dev - 7.47.0-1ubuntu2.19+esm10 libcurl4-nss-dev - 7.47.0-1ubuntu2.19+esm10 libcurl4-openssl-dev - 7.47.0-1ubuntu2.19+esm10 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-38546 Ubuntu 16.04 LTS It was discovered that FFmpeg did not properly handle certain inputs in vf_lagfun.c, resulting in a buffer overflow vulnerability. An attacker could possibly use this issue to cause a denial of service via application crash. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-22024) It was discovered that FFmpeg incorrectly managed memory in avienc.c, resulting in a memory leak. An attacker could possibly use this issue to cause a denial of service via application crash. (CVE-2020-22039) It was discovered that FFmpeg incorrectly handled certain files due to a memory leak in frame.c. An attacker could possibly use this issue to cause a denial of service via application crash. This issue affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-22040) It was discovered that FFmpeg incorrectly handled certain files due to a memory leak in fifo.c. An attacker could possibly use this issue to cause a denial of service via application crash. (CVE-2020-22043) It was discovered that FFmpeg incorrectly handled certain files due to a memory leak in vf_tile.c. If a user or automated system were tricked into processing a specially crafted MOV file, an attacker could possibly use this issue to cause a denial of service. (CVE-2020-22051) It was discovered that FFmpeg incorrectly handled certain MOV files in timecode.c, leading to an integer overflow. An attacker could possibly use this issue to cause a denial of service using a crafted MOV file. This issue only affected Ubuntu 16.04 LTS. (CVE-2021-28429) Update Instructions: Run `sudo pro fix USN-6430-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ffmpeg - 7:2.8.17-0ubuntu0.1+esm6 ffmpeg-doc - 7:2.8.17-0ubuntu0.1+esm6 libav-tools - 7:2.8.17-0ubuntu0.1+esm6 libavcodec-dev - 7:2.8.17-0ubuntu0.1+esm6 libavcodec-extra - 7:2.8.17-0ubuntu0.1+esm6 libavcodec-ffmpeg-extra56 - 7:2.8.17-0ubuntu0.1+esm6 libavcodec-ffmpeg56 - 7:2.8.17-0ubuntu0.1+esm6 libavdevice-dev - 7:2.8.17-0ubuntu0.1+esm6 libavdevice-ffmpeg56 - 7:2.8.17-0ubuntu0.1+esm6 libavfilter-dev - 7:2.8.17-0ubuntu0.1+esm6 libavfilter-ffmpeg5 - 7:2.8.17-0ubuntu0.1+esm6 libavformat-dev - 7:2.8.17-0ubuntu0.1+esm6 libavformat-ffmpeg56 - 7:2.8.17-0ubuntu0.1+esm6 libavresample-dev - 7:2.8.17-0ubuntu0.1+esm6 libavresample-ffmpeg2 - 7:2.8.17-0ubuntu0.1+esm6 libavutil-dev - 7:2.8.17-0ubuntu0.1+esm6 libavutil-ffmpeg54 - 7:2.8.17-0ubuntu0.1+esm6 libpostproc-dev - 7:2.8.17-0ubuntu0.1+esm6 libpostproc-ffmpeg53 - 7:2.8.17-0ubuntu0.1+esm6 libswresample-dev - 7:2.8.17-0ubuntu0.1+esm6 libswresample-ffmpeg1 - 7:2.8.17-0ubuntu0.1+esm6 libswscale-dev - 7:2.8.17-0ubuntu0.1+esm6 libswscale-ffmpeg3 - 7:2.8.17-0ubuntu0.1+esm6 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-22024 CVE-2020-22039 CVE-2020-22040 CVE-2020-22043 CVE-2020-22051 CVE-2021-28429 Ubuntu 16.04 LTS It was discovered that iperf3 did not properly manage certain inputs, which could lead to a crash. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-38403) Jorge Sancho Larraz discovered that iperf3 did not properly manage certain inputs, which could cause the server process to stop responding, waiting for input on the control connection. A remote attacker could possibly use this issue to cause a denial of service. (LP: #2038654) Update Instructions: Run `sudo pro fix USN-6431-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: iperf3 - 3.0.11-1ubuntu0.1~esm2 libiperf-dev - 3.0.11-1ubuntu0.1~esm2 libiperf0 - 3.0.11-1ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-38403 https://launchpad.net/bugs/2038654 Ubuntu 16.04 LTS It was discovered that the Quagga BGP daemon did not properly check the attribute length in NRLI. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-41358) It was discovered that the Quagga BGP daemon did not properly manage memory when reading initial bytes of ORF header. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-41360) Update Instructions: Run `sudo pro fix USN-6432-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: quagga - 0.99.24.1-2ubuntu1.4+esm1 quagga-doc - 0.99.24.1-2ubuntu1.4+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-41358 CVE-2023-41360 Ubuntu 16.04 LTS It was discovered that OpenSSL incorrectly handled excessively large Diffie-Hellman parameters. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-3446) Bernd Edlinger discovered that OpenSSL incorrectly handled excessively large Diffie-Hellman parameters. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-3817) Update Instructions: Run `sudo pro fix USN-6435-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl-dev - 1.0.2g-1ubuntu4.20+esm10 libssl-doc - 1.0.2g-1ubuntu4.20+esm10 libssl1.0.0 - 1.0.2g-1ubuntu4.20+esm10 openssl - 1.0.2g-1ubuntu4.20+esm10 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-3446 CVE-2023-3817 Ubuntu 16.04 LTS Ziqiang Gu discovered that VIPS could be made to dereference a NULL pointer. If a user or automated system were tricked into processing a specially crafted input image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-7998) It was discovered that VIPS did not properly handle uninitialized memory locations when processing corrupted input image data. An attacker could possibly use this issue to generate output images that expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-6976) It was discovered that VIPS did not properly manage memory due to an uninitialized variable. If a user or automated system were tricked into processing a specially crafted output file, an attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-20739) It was discovered that VIPS could be made to divide by zero in multiple funcions. If a user or automated system were tricked into processing a specially crafted image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2021-27847) It was discovered that VIPS did not properly handle certain input files that contained malformed UTF-8 characters. If a user or automated system were tricked into processing a specially crafted SVG image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-40032) Update Instructions: Run `sudo pro fix USN-6437-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-vips-8.0 - 8.2.2-1ubuntu0.1~esm1 libvips-dev - 8.2.2-1ubuntu0.1~esm1 libvips-doc - 8.2.2-1ubuntu0.1~esm1 libvips-tools - 8.2.2-1ubuntu0.1~esm1 libvips42 - 8.2.2-1ubuntu0.1~esm1 python-vipscc - 8.2.2-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-7998 CVE-2019-6976 CVE-2020-20739 CVE-2021-27847 CVE-2023-40032 Ubuntu 16.04 LTS It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service (excessive CPU consumption). (CVE-2023-1206) Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-31083) Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service (host system crash) or possibly execute arbitrary code. (CVE-2023-34319) Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel contained a null pointer dereference vulnerability in some situations. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-3772) Kyle Zeng discovered that the networking stack implementation in the Linux kernel did not properly validate skb object size in certain conditions. An attacker could use this cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-42752) Kyle Zeng discovered that the netfiler subsystem in the Linux kernel did not properly calculate array offsets, leading to a out-of-bounds write vulnerability. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-42753) Kyle Zeng discovered that the IPv4 Resource Reservation Protocol (RSVP) classifier implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash). Please note that kernel packet classifier support for RSVP has been removed to resolve this vulnerability. (CVE-2023-42755) Bing-Jhong Billy Jheng discovered that the Unix domain socket implementation in the Linux kernel contained a race condition in certain situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4622) Budimir Markovic discovered that the qdisc implementation in the Linux kernel did not properly validate inner classes, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4623) Alex Birnberg discovered that the netfilter subsystem in the Linux kernel did not properly validate register length, leading to an out-of- bounds write vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-4881) It was discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel did not properly handle network packets in certain conditions, leading to a use after free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4921) Update Instructions: Run `sudo pro fix USN-6439-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.4.0-1125-kvm - 4.4.0-1125.135 linux-cloud-tools-4.4.0-1125-kvm - 4.4.0-1125.135 linux-headers-4.4.0-1125-kvm - 4.4.0-1125.135 linux-image-4.4.0-1125-kvm - 4.4.0-1125.135 linux-kvm-cloud-tools-4.4.0-1125 - 4.4.0-1125.135 linux-kvm-headers-4.4.0-1125 - 4.4.0-1125.135 linux-kvm-tools-4.4.0-1125 - 4.4.0-1125.135 linux-modules-4.4.0-1125-kvm - 4.4.0-1125.135 linux-tools-4.4.0-1125-kvm - 4.4.0-1125.135 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-cloud-tools-4.4.0-1162 - 4.4.0-1162.177 linux-aws-headers-4.4.0-1162 - 4.4.0-1162.177 linux-aws-tools-4.4.0-1162 - 4.4.0-1162.177 linux-buildinfo-4.4.0-1162-aws - 4.4.0-1162.177 linux-cloud-tools-4.4.0-1162-aws - 4.4.0-1162.177 linux-headers-4.4.0-1162-aws - 4.4.0-1162.177 linux-image-4.4.0-1162-aws - 4.4.0-1162.177 linux-modules-4.4.0-1162-aws - 4.4.0-1162.177 linux-modules-extra-4.4.0-1162-aws - 4.4.0-1162.177 linux-tools-4.4.0-1162-aws - 4.4.0-1162.177 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.4.0-246-generic - 4.4.0-246.280 linux-buildinfo-4.4.0-246-lowlatency - 4.4.0-246.280 linux-cloud-tools-4.4.0-246 - 4.4.0-246.280 linux-cloud-tools-4.4.0-246-generic - 4.4.0-246.280 linux-cloud-tools-4.4.0-246-lowlatency - 4.4.0-246.280 linux-cloud-tools-common - 4.4.0-246.280 linux-doc - 4.4.0-246.280 linux-headers-4.4.0-246 - 4.4.0-246.280 linux-headers-4.4.0-246-generic - 4.4.0-246.280 linux-headers-4.4.0-246-lowlatency - 4.4.0-246.280 linux-image-4.4.0-246-generic - 4.4.0-246.280 linux-image-4.4.0-246-lowlatency - 4.4.0-246.280 linux-image-unsigned-4.4.0-246-generic - 4.4.0-246.280 linux-image-unsigned-4.4.0-246-lowlatency - 4.4.0-246.280 linux-libc-dev - 4.4.0-246.280 linux-modules-4.4.0-246-generic - 4.4.0-246.280 linux-modules-4.4.0-246-lowlatency - 4.4.0-246.280 linux-modules-extra-4.4.0-246-generic - 4.4.0-246.280 linux-source-4.4.0 - 4.4.0-246.280 linux-tools-4.4.0-246 - 4.4.0-246.280 linux-tools-4.4.0-246-generic - 4.4.0-246.280 linux-tools-4.4.0-246-lowlatency - 4.4.0-246.280 linux-tools-common - 4.4.0-246.280 linux-tools-host - 4.4.0-246.280 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-kvm - 4.4.0.1125.122 linux-image-kvm - 4.4.0.1125.122 linux-kvm - 4.4.0.1125.122 linux-tools-kvm - 4.4.0.1125.122 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 4.4.0.1162.166 linux-headers-aws - 4.4.0.1162.166 linux-image-aws - 4.4.0.1162.166 linux-modules-extra-aws - 4.4.0.1162.166 linux-tools-aws - 4.4.0.1162.166 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic - 4.4.0.246.252 linux-cloud-tools-generic-lts-utopic - 4.4.0.246.252 linux-cloud-tools-generic-lts-vivid - 4.4.0.246.252 linux-cloud-tools-generic-lts-wily - 4.4.0.246.252 linux-cloud-tools-generic-lts-xenial - 4.4.0.246.252 linux-cloud-tools-lowlatency - 4.4.0.246.252 linux-cloud-tools-lowlatency-lts-utopic - 4.4.0.246.252 linux-cloud-tools-lowlatency-lts-vivid - 4.4.0.246.252 linux-cloud-tools-lowlatency-lts-wily - 4.4.0.246.252 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.246.252 linux-cloud-tools-virtual - 4.4.0.246.252 linux-cloud-tools-virtual-lts-utopic - 4.4.0.246.252 linux-cloud-tools-virtual-lts-vivid - 4.4.0.246.252 linux-cloud-tools-virtual-lts-wily - 4.4.0.246.252 linux-cloud-tools-virtual-lts-xenial - 4.4.0.246.252 linux-crashdump - 4.4.0.246.252 linux-generic - 4.4.0.246.252 linux-generic-lts-utopic - 4.4.0.246.252 linux-generic-lts-vivid - 4.4.0.246.252 linux-generic-lts-wily - 4.4.0.246.252 linux-generic-lts-xenial - 4.4.0.246.252 linux-headers-generic - 4.4.0.246.252 linux-headers-generic-lts-utopic - 4.4.0.246.252 linux-headers-generic-lts-vivid - 4.4.0.246.252 linux-headers-generic-lts-wily - 4.4.0.246.252 linux-headers-generic-lts-xenial - 4.4.0.246.252 linux-headers-lowlatency - 4.4.0.246.252 linux-headers-lowlatency-lts-utopic - 4.4.0.246.252 linux-headers-lowlatency-lts-vivid - 4.4.0.246.252 linux-headers-lowlatency-lts-wily - 4.4.0.246.252 linux-headers-lowlatency-lts-xenial - 4.4.0.246.252 linux-headers-virtual - 4.4.0.246.252 linux-headers-virtual-lts-utopic - 4.4.0.246.252 linux-headers-virtual-lts-vivid - 4.4.0.246.252 linux-headers-virtual-lts-wily - 4.4.0.246.252 linux-headers-virtual-lts-xenial - 4.4.0.246.252 linux-hwe-generic-trusty - 4.4.0.246.252 linux-hwe-virtual-trusty - 4.4.0.246.252 linux-image-extra-virtual - 4.4.0.246.252 linux-image-extra-virtual-lts-utopic - 4.4.0.246.252 linux-image-extra-virtual-lts-vivid - 4.4.0.246.252 linux-image-extra-virtual-lts-wily - 4.4.0.246.252 linux-image-extra-virtual-lts-xenial - 4.4.0.246.252 linux-image-generic - 4.4.0.246.252 linux-image-generic-lts-utopic - 4.4.0.246.252 linux-image-generic-lts-vivid - 4.4.0.246.252 linux-image-generic-lts-wily - 4.4.0.246.252 linux-image-generic-lts-xenial - 4.4.0.246.252 linux-image-hwe-generic-trusty - 4.4.0.246.252 linux-image-hwe-virtual-trusty - 4.4.0.246.252 linux-image-lowlatency - 4.4.0.246.252 linux-image-lowlatency-lts-utopic - 4.4.0.246.252 linux-image-lowlatency-lts-vivid - 4.4.0.246.252 linux-image-lowlatency-lts-wily - 4.4.0.246.252 linux-image-lowlatency-lts-xenial - 4.4.0.246.252 linux-image-virtual - 4.4.0.246.252 linux-image-virtual-lts-utopic - 4.4.0.246.252 linux-image-virtual-lts-vivid - 4.4.0.246.252 linux-image-virtual-lts-wily - 4.4.0.246.252 linux-image-virtual-lts-xenial - 4.4.0.246.252 linux-lowlatency - 4.4.0.246.252 linux-lowlatency-lts-utopic - 4.4.0.246.252 linux-lowlatency-lts-vivid - 4.4.0.246.252 linux-lowlatency-lts-wily - 4.4.0.246.252 linux-lowlatency-lts-xenial - 4.4.0.246.252 linux-signed-generic - 4.4.0.246.252 linux-signed-generic-lts-utopic - 4.4.0.246.252 linux-signed-generic-lts-vivid - 4.4.0.246.252 linux-signed-generic-lts-wily - 4.4.0.246.252 linux-signed-generic-lts-xenial - 4.4.0.246.252 linux-signed-image-generic - 4.4.0.246.252 linux-signed-image-generic-lts-utopic - 4.4.0.246.252 linux-signed-image-generic-lts-vivid - 4.4.0.246.252 linux-signed-image-generic-lts-wily - 4.4.0.246.252 linux-signed-image-generic-lts-xenial - 4.4.0.246.252 linux-signed-image-lowlatency - 4.4.0.246.252 linux-signed-image-lowlatency-lts-wily - 4.4.0.246.252 linux-signed-image-lowlatency-lts-xenial - 4.4.0.246.252 linux-signed-lowlatency - 4.4.0.246.252 linux-signed-lowlatency-lts-wily - 4.4.0.246.252 linux-signed-lowlatency-lts-xenial - 4.4.0.246.252 linux-source - 4.4.0.246.252 linux-tools-generic - 4.4.0.246.252 linux-tools-generic-lts-utopic - 4.4.0.246.252 linux-tools-generic-lts-vivid - 4.4.0.246.252 linux-tools-generic-lts-wily - 4.4.0.246.252 linux-tools-generic-lts-xenial - 4.4.0.246.252 linux-tools-lowlatency - 4.4.0.246.252 linux-tools-lowlatency-lts-utopic - 4.4.0.246.252 linux-tools-lowlatency-lts-vivid - 4.4.0.246.252 linux-tools-lowlatency-lts-wily - 4.4.0.246.252 linux-tools-lowlatency-lts-xenial - 4.4.0.246.252 linux-tools-lts-utopic - 4.4.0.246.252 linux-tools-virtual - 4.4.0.246.252 linux-tools-virtual-lts-utopic - 4.4.0.246.252 linux-tools-virtual-lts-vivid - 4.4.0.246.252 linux-tools-virtual-lts-wily - 4.4.0.246.252 linux-tools-virtual-lts-xenial - 4.4.0.246.252 linux-virtual - 4.4.0.246.252 linux-virtual-lts-utopic - 4.4.0.246.252 linux-virtual-lts-vivid - 4.4.0.246.252 linux-virtual-lts-wily - 4.4.0.246.252 linux-virtual-lts-xenial - 4.4.0.246.252 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-1206 CVE-2023-31083 CVE-2023-34319 CVE-2023-3772 CVE-2023-42752 CVE-2023-42753 CVE-2023-42755 CVE-2023-4622 CVE-2023-4623 CVE-2023-4921 Ubuntu 16.04 LTS Seth Jenkins discovered that the Linux kernel did not properly perform address randomization for a per-cpu memory management structure. A local attacker could use this to expose sensitive information (kernel memory) or in conjunction with another kernel vulnerability. (CVE-2023-0597) It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service (excessive CPU consumption). (CVE-2023-1206) Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-31083) Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service (host system crash) or possibly execute arbitrary code. (CVE-2023-34319) Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel contained a null pointer dereference vulnerability in some situations. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-3772) Kyle Zeng discovered that the networking stack implementation in the Linux kernel did not properly validate skb object size in certain conditions. An attacker could use this cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-42752) Kyle Zeng discovered that the netfiler subsystem in the Linux kernel did not properly calculate array offsets, leading to a out-of-bounds write vulnerability. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-42753) Kyle Zeng discovered that the IPv4 Resource Reservation Protocol (RSVP) classifier implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash). Please note that kernel packet classifier support for RSVP has been removed to resolve this vulnerability. (CVE-2023-42755) Bing-Jhong Billy Jheng discovered that the Unix domain socket implementation in the Linux kernel contained a race condition in certain situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4622) Budimir Markovic discovered that the qdisc implementation in the Linux kernel did not properly validate inner classes, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4623) Alex Birnberg discovered that the netfilter subsystem in the Linux kernel did not properly validate register length, leading to an out-of- bounds write vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-4881) It was discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel did not properly handle network packets in certain conditions, leading to a use after free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4921) Update Instructions: Run `sudo pro fix USN-6440-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1125-oracle - 4.15.0-1125.136~16.04.1 linux-headers-4.15.0-1125-oracle - 4.15.0-1125.136~16.04.1 linux-image-4.15.0-1125-oracle - 4.15.0-1125.136~16.04.1 linux-image-unsigned-4.15.0-1125-oracle - 4.15.0-1125.136~16.04.1 linux-modules-4.15.0-1125-oracle - 4.15.0-1125.136~16.04.1 linux-modules-extra-4.15.0-1125-oracle - 4.15.0-1125.136~16.04.1 linux-oracle-headers-4.15.0-1125 - 4.15.0-1125.136~16.04.1 linux-oracle-tools-4.15.0-1125 - 4.15.0-1125.136~16.04.1 linux-tools-4.15.0-1125-oracle - 4.15.0-1125.136~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-1156-gcp - 4.15.0-1156.173~16.04.1 linux-gcp-headers-4.15.0-1156 - 4.15.0-1156.173~16.04.1 linux-gcp-tools-4.15.0-1156 - 4.15.0-1156.173~16.04.1 linux-headers-4.15.0-1156-gcp - 4.15.0-1156.173~16.04.1 linux-image-4.15.0-1156-gcp - 4.15.0-1156.173~16.04.1 linux-image-unsigned-4.15.0-1156-gcp - 4.15.0-1156.173~16.04.1 linux-modules-4.15.0-1156-gcp - 4.15.0-1156.173~16.04.1 linux-modules-extra-4.15.0-1156-gcp - 4.15.0-1156.173~16.04.1 linux-tools-4.15.0-1156-gcp - 4.15.0-1156.173~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-cloud-tools-4.15.0-1171 - 4.15.0-1171.186~16.04.1 linux-azure-headers-4.15.0-1171 - 4.15.0-1171.186~16.04.1 linux-azure-tools-4.15.0-1171 - 4.15.0-1171.186~16.04.1 linux-buildinfo-4.15.0-1171-azure - 4.15.0-1171.186~16.04.1 linux-cloud-tools-4.15.0-1171-azure - 4.15.0-1171.186~16.04.1 linux-headers-4.15.0-1171-azure - 4.15.0-1171.186~16.04.1 linux-image-4.15.0-1171-azure - 4.15.0-1171.186~16.04.1 linux-image-unsigned-4.15.0-1171-azure - 4.15.0-1171.186~16.04.1 linux-modules-4.15.0-1171-azure - 4.15.0-1171.186~16.04.1 linux-modules-extra-4.15.0-1171-azure - 4.15.0-1171.186~16.04.1 linux-tools-4.15.0-1171-azure - 4.15.0-1171.186~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-219-generic - 4.15.0-219.230~16.04.1 linux-buildinfo-4.15.0-219-lowlatency - 4.15.0-219.230~16.04.1 linux-cloud-tools-4.15.0-219-generic - 4.15.0-219.230~16.04.1 linux-cloud-tools-4.15.0-219-lowlatency - 4.15.0-219.230~16.04.1 linux-headers-4.15.0-219 - 4.15.0-219.230~16.04.1 linux-headers-4.15.0-219-generic - 4.15.0-219.230~16.04.1 linux-headers-4.15.0-219-lowlatency - 4.15.0-219.230~16.04.1 linux-hwe-cloud-tools-4.15.0-219 - 4.15.0-219.230~16.04.1 linux-hwe-tools-4.15.0-219 - 4.15.0-219.230~16.04.1 linux-image-4.15.0-219-generic - 4.15.0-219.230~16.04.1 linux-image-4.15.0-219-lowlatency - 4.15.0-219.230~16.04.1 linux-image-unsigned-4.15.0-219-generic - 4.15.0-219.230~16.04.1 linux-image-unsigned-4.15.0-219-lowlatency - 4.15.0-219.230~16.04.1 linux-modules-4.15.0-219-generic - 4.15.0-219.230~16.04.1 linux-modules-4.15.0-219-lowlatency - 4.15.0-219.230~16.04.1 linux-modules-extra-4.15.0-219-generic - 4.15.0-219.230~16.04.1 linux-source-4.15.0 - 4.15.0-219.230~16.04.1 linux-tools-4.15.0-219-generic - 4.15.0-219.230~16.04.1 linux-tools-4.15.0-219-lowlatency - 4.15.0-219.230~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 4.15.0.1125.106 linux-image-oracle - 4.15.0.1125.106 linux-oracle - 4.15.0.1125.106 linux-signed-image-oracle - 4.15.0.1125.106 linux-signed-oracle - 4.15.0.1125.106 linux-tools-oracle - 4.15.0.1125.106 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp - 4.15.0.1156.146 linux-gke - 4.15.0.1156.146 linux-headers-gcp - 4.15.0.1156.146 linux-headers-gke - 4.15.0.1156.146 linux-image-gcp - 4.15.0.1156.146 linux-image-gke - 4.15.0.1156.146 linux-modules-extra-gcp - 4.15.0.1156.146 linux-modules-extra-gke - 4.15.0.1156.146 linux-tools-gcp - 4.15.0.1156.146 linux-tools-gke - 4.15.0.1156.146 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 4.15.0.1171.155 linux-azure-edge - 4.15.0.1171.155 linux-cloud-tools-azure - 4.15.0.1171.155 linux-cloud-tools-azure-edge - 4.15.0.1171.155 linux-headers-azure - 4.15.0.1171.155 linux-headers-azure-edge - 4.15.0.1171.155 linux-image-azure - 4.15.0.1171.155 linux-image-azure-edge - 4.15.0.1171.155 linux-modules-extra-azure - 4.15.0.1171.155 linux-modules-extra-azure-edge - 4.15.0.1171.155 linux-signed-azure - 4.15.0.1171.155 linux-signed-azure-edge - 4.15.0.1171.155 linux-signed-image-azure - 4.15.0.1171.155 linux-signed-image-azure-edge - 4.15.0.1171.155 linux-tools-azure - 4.15.0.1171.155 linux-tools-azure-edge - 4.15.0.1171.155 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-hwe-16.04 - 4.15.0.219.3 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.219.3 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.219.3 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.219.3 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.219.3 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.219.3 linux-generic-hwe-16.04 - 4.15.0.219.3 linux-generic-hwe-16.04-edge - 4.15.0.219.3 linux-headers-generic-hwe-16.04 - 4.15.0.219.3 linux-headers-generic-hwe-16.04-edge - 4.15.0.219.3 linux-headers-lowlatency-hwe-16.04 - 4.15.0.219.3 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.219.3 linux-headers-oem - 4.15.0.219.3 linux-headers-virtual-hwe-16.04 - 4.15.0.219.3 linux-headers-virtual-hwe-16.04-edge - 4.15.0.219.3 linux-image-extra-virtual-hwe-16.04 - 4.15.0.219.3 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.219.3 linux-image-generic-hwe-16.04 - 4.15.0.219.3 linux-image-generic-hwe-16.04-edge - 4.15.0.219.3 linux-image-lowlatency-hwe-16.04 - 4.15.0.219.3 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.219.3 linux-image-oem - 4.15.0.219.3 linux-image-virtual-hwe-16.04 - 4.15.0.219.3 linux-image-virtual-hwe-16.04-edge - 4.15.0.219.3 linux-lowlatency-hwe-16.04 - 4.15.0.219.3 linux-lowlatency-hwe-16.04-edge - 4.15.0.219.3 linux-oem - 4.15.0.219.3 linux-signed-generic-hwe-16.04 - 4.15.0.219.3 linux-signed-generic-hwe-16.04-edge - 4.15.0.219.3 linux-signed-image-generic-hwe-16.04 - 4.15.0.219.3 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.219.3 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.219.3 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.219.3 linux-signed-image-oem - 4.15.0.219.3 linux-signed-lowlatency-hwe-16.04 - 4.15.0.219.3 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.219.3 linux-signed-oem - 4.15.0.219.3 linux-tools-generic-hwe-16.04 - 4.15.0.219.3 linux-tools-generic-hwe-16.04-edge - 4.15.0.219.3 linux-tools-lowlatency-hwe-16.04 - 4.15.0.219.3 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.219.3 linux-tools-oem - 4.15.0.219.3 linux-tools-virtual-hwe-16.04 - 4.15.0.219.3 linux-tools-virtual-hwe-16.04-edge - 4.15.0.219.3 linux-virtual-hwe-16.04 - 4.15.0.219.3 linux-virtual-hwe-16.04-edge - 4.15.0.219.3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-0597 CVE-2023-1206 CVE-2023-31083 CVE-2023-34319 CVE-2023-3772 CVE-2023-42752 CVE-2023-42753 CVE-2023-42755 CVE-2023-4622 CVE-2023-4623 CVE-2023-4921 Ubuntu 16.04 LTS Seth Jenkins discovered that the Linux kernel did not properly perform address randomization for a per-cpu memory management structure. A local attacker could use this to expose sensitive information (kernel memory) or in conjunction with another kernel vulnerability. (CVE-2023-0597) It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service (excessive CPU consumption). (CVE-2023-1206) Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-31083) Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service (host system crash) or possibly execute arbitrary code. (CVE-2023-34319) Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel contained a null pointer dereference vulnerability in some situations. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-3772) Kyle Zeng discovered that the networking stack implementation in the Linux kernel did not properly validate skb object size in certain conditions. An attacker could use this cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-42752) Kyle Zeng discovered that the netfiler subsystem in the Linux kernel did not properly calculate array offsets, leading to a out-of-bounds write vulnerability. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-42753) Kyle Zeng discovered that the IPv4 Resource Reservation Protocol (RSVP) classifier implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash). Please note that kernel packet classifier support for RSVP has been removed to resolve this vulnerability. (CVE-2023-42755) Bing-Jhong Billy Jheng discovered that the Unix domain socket implementation in the Linux kernel contained a race condition in certain situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4622) Budimir Markovic discovered that the qdisc implementation in the Linux kernel did not properly validate inner classes, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4623) Alex Birnberg discovered that the netfilter subsystem in the Linux kernel did not properly validate register length, leading to an out-of- bounds write vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-4881) It was discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel did not properly handle network packets in certain conditions, leading to a use after free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4921) Update Instructions: Run `sudo pro fix USN-6440-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-aws-headers-4.15.0-1162 - 4.15.0-1162.175~16.04.1 linux-aws-hwe-cloud-tools-4.15.0-1162 - 4.15.0-1162.175~16.04.1 linux-aws-hwe-tools-4.15.0-1162 - 4.15.0-1162.175~16.04.1 linux-buildinfo-4.15.0-1162-aws - 4.15.0-1162.175~16.04.1 linux-cloud-tools-4.15.0-1162-aws - 4.15.0-1162.175~16.04.1 linux-headers-4.15.0-1162-aws - 4.15.0-1162.175~16.04.1 linux-image-4.15.0-1162-aws - 4.15.0-1162.175~16.04.1 linux-image-unsigned-4.15.0-1162-aws - 4.15.0-1162.175~16.04.1 linux-modules-4.15.0-1162-aws - 4.15.0-1162.175~16.04.1 linux-modules-extra-4.15.0-1162-aws - 4.15.0-1162.175~16.04.1 linux-tools-4.15.0-1162-aws - 4.15.0-1162.175~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-edge - 4.15.0.1162.145 linux-aws-hwe - 4.15.0.1162.145 linux-headers-aws-hwe - 4.15.0.1162.145 linux-image-aws-hwe - 4.15.0.1162.145 linux-modules-extra-aws-hwe - 4.15.0.1162.145 linux-tools-aws-hwe - 4.15.0.1162.145 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-0597 CVE-2023-1206 CVE-2023-31083 CVE-2023-34319 CVE-2023-3772 CVE-2023-42752 CVE-2023-42753 CVE-2023-42755 CVE-2023-4622 CVE-2023-4623 CVE-2023-4921 Ubuntu 16.04 LTS Xu Biang discovered that Sofia-SIP did not properly manage memory when handling STUN packets. An attacker could use this issue to cause Sofia-SIP to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6448-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsofia-sip-ua-dev - 1.12.11+20110422.1-2.1+deb10u3ubuntu0.16.04.1~esm2 libsofia-sip-ua-glib-dev - 1.12.11+20110422.1-2.1+deb10u3ubuntu0.16.04.1~esm2 libsofia-sip-ua-glib3 - 1.12.11+20110422.1-2.1+deb10u3ubuntu0.16.04.1~esm2 libsofia-sip-ua0 - 1.12.11+20110422.1-2.1+deb10u3ubuntu0.16.04.1~esm2 sofia-sip-bin - 1.12.11+20110422.1-2.1+deb10u3ubuntu0.16.04.1~esm2 sofia-sip-doc - 1.12.11+20110422.1-2.1+deb10u3ubuntu0.16.04.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-32307 Ubuntu 16.04 LTS It was discovered that ncurses could be made to read out of bounds. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6451-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lib32ncurses5 - 6.0+20160213-1ubuntu1+esm4 lib32ncurses5-dev - 6.0+20160213-1ubuntu1+esm4 lib32ncursesw5 - 6.0+20160213-1ubuntu1+esm4 lib32ncursesw5-dev - 6.0+20160213-1ubuntu1+esm4 lib32tinfo-dev - 6.0+20160213-1ubuntu1+esm4 lib32tinfo5 - 6.0+20160213-1ubuntu1+esm4 lib64ncurses5 - 6.0+20160213-1ubuntu1+esm4 lib64ncurses5-dev - 6.0+20160213-1ubuntu1+esm4 lib64tinfo5 - 6.0+20160213-1ubuntu1+esm4 libncurses5 - 6.0+20160213-1ubuntu1+esm4 libncurses5-dev - 6.0+20160213-1ubuntu1+esm4 libncursesw5 - 6.0+20160213-1ubuntu1+esm4 libncursesw5-dev - 6.0+20160213-1ubuntu1+esm4 libtinfo-dev - 6.0+20160213-1ubuntu1+esm4 libtinfo5 - 6.0+20160213-1ubuntu1+esm4 libx32ncurses5 - 6.0+20160213-1ubuntu1+esm4 libx32ncurses5-dev - 6.0+20160213-1ubuntu1+esm4 libx32ncursesw5 - 6.0+20160213-1ubuntu1+esm4 libx32ncursesw5-dev - 6.0+20160213-1ubuntu1+esm4 libx32tinfo-dev - 6.0+20160213-1ubuntu1+esm4 libx32tinfo5 - 6.0+20160213-1ubuntu1+esm4 ncurses-base - 6.0+20160213-1ubuntu1+esm4 ncurses-bin - 6.0+20160213-1ubuntu1+esm4 ncurses-doc - 6.0+20160213-1ubuntu1+esm4 ncurses-examples - 6.0+20160213-1ubuntu1+esm4 ncurses-term - 6.0+20160213-1ubuntu1+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-19189 Ubuntu 16.04 LTS It was discovered that Vim could be made to divide by zero. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04. (CVE-2023-3896) It was discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2023-4733, CVE-2023-4750) It was discovered that Vim contained an arithmetic overflow. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-4734) It was discovered that Vim could be made to write out of bounds. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2023-4735, CVE-2023-5344) It was discovered that Vim could be made to write out of bounds. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 23.04 and Ubuntu 23.10. (CVE-2023-4738) It was discovered that Vim could be made to write out of bounds. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. (CVE-2023-4751) It was discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-4752, CVE-2023-5535) It was discovered that Vim could be made to write out of bounds. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-4781) It was discovered that Vim could be made to dereference invalid memory. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-5441) Update Instructions: Run `sudo pro fix USN-6452-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim - 2:7.4.1689-3ubuntu1.5+esm20 vim-athena - 2:7.4.1689-3ubuntu1.5+esm20 vim-athena-py2 - 2:7.4.1689-3ubuntu1.5+esm20 vim-common - 2:7.4.1689-3ubuntu1.5+esm20 vim-doc - 2:7.4.1689-3ubuntu1.5+esm20 vim-gnome - 2:7.4.1689-3ubuntu1.5+esm20 vim-gnome-py2 - 2:7.4.1689-3ubuntu1.5+esm20 vim-gtk - 2:7.4.1689-3ubuntu1.5+esm20 vim-gtk-py2 - 2:7.4.1689-3ubuntu1.5+esm20 vim-gtk3 - 2:7.4.1689-3ubuntu1.5+esm20 vim-gtk3-py2 - 2:7.4.1689-3ubuntu1.5+esm20 vim-gui-common - 2:7.4.1689-3ubuntu1.5+esm20 vim-nox - 2:7.4.1689-3ubuntu1.5+esm20 vim-nox-py2 - 2:7.4.1689-3ubuntu1.5+esm20 vim-runtime - 2:7.4.1689-3ubuntu1.5+esm20 vim-tiny - 2:7.4.1689-3ubuntu1.5+esm20 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-3896 CVE-2023-4733 CVE-2023-4734 CVE-2023-4735 CVE-2023-4738 CVE-2023-4750 CVE-2023-4751 CVE-2023-4752 CVE-2023-4781 CVE-2023-5344 CVE-2023-5441 CVE-2023-5535 Ubuntu 16.04 LTS USN-6453-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled prepending values to certain properties. An attacker could possibly use this issue to cause the X Server to crash, execute arbitrary code, or escalate privileges. (CVE-2023-5367) Sri discovered that the X.Org X Server incorrectly handled detroying windows in certain legacy multi-screen setups. An attacker could possibly use this issue to cause the X Server to crash, execute arbitrary code, or escalate privileges. (CVE-2023-5380) Update Instructions: Run `sudo pro fix USN-6453-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xdmx - 2:1.18.4-0ubuntu0.12+esm6 xdmx-tools - 2:1.18.4-0ubuntu0.12+esm6 xmir - 2:1.18.4-0ubuntu0.12+esm6 xnest - 2:1.18.4-0ubuntu0.12+esm6 xorg-server-source - 2:1.18.4-0ubuntu0.12+esm6 xserver-common - 2:1.18.4-0ubuntu0.12+esm6 xserver-xephyr - 2:1.18.4-0ubuntu0.12+esm6 xserver-xorg-core - 2:1.18.4-0ubuntu0.12+esm6 xserver-xorg-dev - 2:1.18.4-0ubuntu0.12+esm6 xserver-xorg-legacy - 2:1.18.4-0ubuntu0.12+esm6 xserver-xorg-xmir - 2:1.18.4-0ubuntu0.12+esm6 xvfb - 2:1.18.4-0ubuntu0.12+esm6 xwayland - 2:1.18.4-0ubuntu0.12+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-5367 CVE-2023-5380 Ubuntu 16.04 LTS It was discovered that Exim incorrectly handled validation of user-supplied data, which could lead to memory corruption. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2023-42117) It was discovered that Exim incorrectly handled validation of user-supplied data, which could lead to an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. (CVE-2023-42119) Update Instructions: Run `sudo pro fix USN-6455-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exim4 - 4.86.2-2ubuntu2.6+esm5 exim4-base - 4.86.2-2ubuntu2.6+esm5 exim4-config - 4.86.2-2ubuntu2.6+esm5 exim4-daemon-heavy - 4.86.2-2ubuntu2.6+esm5 exim4-daemon-light - 4.86.2-2ubuntu2.6+esm5 exim4-dev - 4.86.2-2ubuntu2.6+esm5 eximon4 - 4.86.2-2ubuntu2.6+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-42117 CVE-2023-42119 Ubuntu 16.04 LTS USN-6463-1 fixed vulnerabilities in Open VM Tools. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker with Guest Operations privileges could possibly use this issue to elevate their privileges. (CVE-2023-34058) Matthias Gerstner discovered that Open VM Tools incorrectly handled file descriptors when dropping privileges. A local attacker could possibly use this issue to hijack /dev/uinput and simulate user inputs. (CVE-2023-34059) Update Instructions: Run `sudo pro fix USN-6463-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: open-vm-tools - 2:10.2.0-3~ubuntu0.16.04.1+esm4 open-vm-tools-desktop - 2:10.2.0-3~ubuntu0.16.04.1+esm4 open-vm-tools-dev - 2:10.2.0-3~ubuntu0.16.04.1+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-34058 CVE-2023-34059 Ubuntu 16.04 LTS Robert Morris discovered that Kerberos did not properly handle memory access when processing RPC data through kadmind, which could lead to the freeing of uninitialized memory. An authenticated remote attacker could possibly use this issue to cause kadmind to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6467-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: krb5-admin-server - 1.13.2+dfsg-5ubuntu2.2+esm4 krb5-doc - 1.13.2+dfsg-5ubuntu2.2+esm4 krb5-gss-samples - 1.13.2+dfsg-5ubuntu2.2+esm4 krb5-k5tls - 1.13.2+dfsg-5ubuntu2.2+esm4 krb5-kdc - 1.13.2+dfsg-5ubuntu2.2+esm4 krb5-kdc-ldap - 1.13.2+dfsg-5ubuntu2.2+esm4 krb5-locales - 1.13.2+dfsg-5ubuntu2.2+esm4 krb5-multidev - 1.13.2+dfsg-5ubuntu2.2+esm4 krb5-otp - 1.13.2+dfsg-5ubuntu2.2+esm4 krb5-pkinit - 1.13.2+dfsg-5ubuntu2.2+esm4 krb5-user - 1.13.2+dfsg-5ubuntu2.2+esm4 libgssapi-krb5-2 - 1.13.2+dfsg-5ubuntu2.2+esm4 libgssrpc4 - 1.13.2+dfsg-5ubuntu2.2+esm4 libk5crypto3 - 1.13.2+dfsg-5ubuntu2.2+esm4 libkadm5clnt-mit9 - 1.13.2+dfsg-5ubuntu2.2+esm4 libkadm5srv-mit9 - 1.13.2+dfsg-5ubuntu2.2+esm4 libkdb5-8 - 1.13.2+dfsg-5ubuntu2.2+esm4 libkrad-dev - 1.13.2+dfsg-5ubuntu2.2+esm4 libkrad0 - 1.13.2+dfsg-5ubuntu2.2+esm4 libkrb5-3 - 1.13.2+dfsg-5ubuntu2.2+esm4 libkrb5-dev - 1.13.2+dfsg-5ubuntu2.2+esm4 libkrb5support0 - 1.13.2+dfsg-5ubuntu2.2+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-36054 Ubuntu 16.04 LTS Ashley Newson discovered that xrdp incorrectly handled memory when processing certain incoming connections. An attacker could possibly use this issue to cause a denial of service or arbitrary code execution. Update Instructions: Run `sudo pro fix USN-6469-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xrdp - 0.6.1-2ubuntu0.3+esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-4044 Ubuntu 16.04 LTS It was discovered that Axis incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2023-40743) Update Instructions: Run `sudo pro fix USN-6470-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libaxis-java - 1.4-24ubuntu0.1~esm1 libaxis-java-doc - 1.4-24ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-40743 Ubuntu 16.04 LTS It was discovered that libsndfile contained multiple arithmetic overflows. If a user or automated system were tricked into processing a specially crafted audio file, an attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6471-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsndfile1 - 1.0.25-10ubuntu0.16.04.3+esm3 libsndfile1-dev - 1.0.25-10ubuntu0.16.04.3+esm3 sndfile-programs - 1.0.25-10ubuntu0.16.04.3+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-33065 Ubuntu 16.04 LTS It was discovered that GNU Scientific Library incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6472-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gsl-bin - 2.1+dfsg-2ubuntu0.1~esm1 libgsl-dev - 2.1+dfsg-2ubuntu0.1~esm1 libgsl2 - 2.1+dfsg-2ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-35357 Ubuntu 16.04 LTS It was discovered that urllib3 didn't strip HTTP Authorization header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-25091) It was discovered that urllib3 didn't strip HTTP Cookie header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2023-43804) It was discovered that urllib3 didn't strip HTTP body on status code 303 redirects under certain circumstances. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2023-45803) Update Instructions: Run `sudo pro fix USN-6473-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-urllib3 - 1.13.1-2ubuntu0.16.04.4+esm1 python3-urllib3 - 1.13.1-2ubuntu0.16.04.4+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-25091 CVE-2023-43804 CVE-2023-45803 Ubuntu 16.04 LTS USN-6473-1 fixed vulnerabilities in urllib3. This update provides the corresponding updates for the urllib3 module bundled into pip. Original advisory details: It was discovered that urllib3 didn't strip HTTP Authorization header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-25091) It was discovered that urllib3 didn't strip HTTP Cookie header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2023-43804) It was discovered that urllib3 didn't strip HTTP body on status code 303 redirects under certain circumstances. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2023-45803) Update Instructions: Run `sudo pro fix USN-6473-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-pip - 8.1.1-2ubuntu0.6+esm6 python-pip-whl - 8.1.1-2ubuntu0.6+esm6 python3-pip - 8.1.1-2ubuntu0.6+esm6 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-25091 CVE-2023-43804 CVE-2023-45803 Ubuntu 16.04 LTS It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds reads. An attacker could possibly use this issue to crash the program or extract sensitive information. (CVE-2022-23479, CVE-2022-23481, CVE-2022-23483, CVE-2023-42822) It was discovered that xrdp improperly handled session establishment errors. An attacker could potentially use this issue to bypass the OS-level session restrictions by PAM. (CVE-2023-40184) It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds writes. An attacker could possibly use this issue to cause memory corruption or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23468) It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds reads. An attacker could possibly use this issue to crash the program or extract sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23480, CVE-2022-23482, CVE-2022-23484) It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds reads. An attacker could possibly use this issue to crash the program or extract sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23477, CVE-2022-23493) It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds writes. An attacker could possibly use this issue to cause memory corruption or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23478) It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds reads. An attacker could possibly use this issue to crash the program or extract sensitive information. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-23613) Update Instructions: Run `sudo pro fix USN-6474-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xrdp - 0.6.1-2ubuntu0.3+esm3 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-23468 CVE-2022-23477 CVE-2022-23478 CVE-2022-23479 CVE-2022-23480 CVE-2022-23481 CVE-2022-23482 CVE-2022-23483 CVE-2022-23484 CVE-2022-23493 CVE-2022-23613 CVE-2023-40184 CVE-2023-42822 Ubuntu 16.04 LTS It was discovered that Cobbler did not properly handle user input, which could result in an absolute path traversal. An attacker could possibly use this issue to read arbitrary files. (CVE-2014-3225) It was discovered that Cobbler did not properly handle user input, which could result in command injection. An attacker could possibly use this issue to execute arbitrary code with high privileges. (CVE-2017-1000469, CVE-2021-45082) It was discovered that Cobbler did not properly hide private functions in a class. A remote attacker could possibly use this issue to gain high privileges and upload files to an arbitrary location. (CVE-2018-10931, CVE-2018-1000225, CVE-2018-1000226) Nicolas Chatelain discovered that Cobbler did not properly handle user input, which could result in log poisoning. A remote attacker could possibly use this issue to bypass authorization, write in an arbitrary file, or execute arbitrary code. (CVE-2021-40323, CVE-2021-40324, CVE-2021-40325) It was discovered that Cobbler did not properly handle file permissions during package install or update operations. An attacker could possibly use this issue to perform a privilege escalation attack. (CVE-2021-45083) It was discovered that Cobbler did not properly process credentials for expired accounts. An attacker could possibly use this issue to login to the platform with an expired account or password. (CVE-2022-0860) Update Instructions: Run `sudo pro fix USN-6475-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cobbler - 2.4.1-0ubuntu2+esm1 cobbler-common - 2.4.1-0ubuntu2+esm1 cobbler-web - 2.4.1-0ubuntu2+esm1 koan - 2.4.1-0ubuntu2+esm1 python-cobbler - 2.4.1-0ubuntu2+esm1 python-koan - 2.4.1-0ubuntu2+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2014-3225 CVE-2017-1000469 CVE-2018-1000225 CVE-2018-1000226 CVE-2018-10931 CVE-2021-40323 CVE-2021-40324 CVE-2021-40325 CVE-2021-45082 CVE-2021-45083 CVE-2022-0860 Ubuntu 16.04 LTS It was discovered that the procps-ng ps tool incorrectly handled memory. An attacker could possibly use this issue to cause procps-ng to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6477-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libprocps4 - 2:3.3.10-4ubuntu2.5+esm1 libprocps4-dev - 2:3.3.10-4ubuntu2.5+esm1 procps - 2:3.3.10-4ubuntu2.5+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-4016 Ubuntu 16.04 LTS It was discovered that Traceroute did not properly parse command line arguments. An attacker could possibly use this issue to execute arbitrary commands. Update Instructions: Run `sudo pro fix USN-6478-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: traceroute - 1:2.0.21-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-46316 Ubuntu 16.04 LTS Benoit Morgan, Paul Grosen, Thais Moreira Hamasaki, Ke Sun, Alyssa Milburn, Hisham Shafi, Nir Shlomovich, Tavis Ormandy, Daniel Moghimi, Josh Eads, Salman Qazi, Alexandra Sandulescu, Andy Nguyen, Eduardo Vela, Doug Kwan, and Kostik Shtoyk discovered that some Intel(R) Processors did not properly handle certain sequences of processor instructions. A local attacker could possibly use this to cause a core hang (resulting in a denial of service), gain access to sensitive information or possibly escalate their privileges. Update Instructions: Run `sudo pro fix USN-6485-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20231114.0ubuntu0.16.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-23583 Ubuntu 16.04 LTS Evgeny Vereshchagin discovered that Avahi contained several reachable assertions, which could lead to intentional assertion failures when specially crafted user input was given. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-38469, CVE-2023-38470, CVE-2023-38471, CVE-2023-38472, CVE-2023-38473) Update Instructions: Run `sudo pro fix USN-6487-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: avahi-autoipd - 0.6.32~rc+dfsg-1ubuntu2.3+esm3 avahi-daemon - 0.6.32~rc+dfsg-1ubuntu2.3+esm3 avahi-discover - 0.6.32~rc+dfsg-1ubuntu2.3+esm3 avahi-dnsconfd - 0.6.32~rc+dfsg-1ubuntu2.3+esm3 avahi-ui-utils - 0.6.32~rc+dfsg-1ubuntu2.3+esm3 avahi-utils - 0.6.32~rc+dfsg-1ubuntu2.3+esm3 libavahi-client-dev - 0.6.32~rc+dfsg-1ubuntu2.3+esm3 libavahi-client3 - 0.6.32~rc+dfsg-1ubuntu2.3+esm3 libavahi-common-data - 0.6.32~rc+dfsg-1ubuntu2.3+esm3 libavahi-common-dev - 0.6.32~rc+dfsg-1ubuntu2.3+esm3 libavahi-common3 - 0.6.32~rc+dfsg-1ubuntu2.3+esm3 libavahi-compat-libdnssd-dev - 0.6.32~rc+dfsg-1ubuntu2.3+esm3 libavahi-compat-libdnssd1 - 0.6.32~rc+dfsg-1ubuntu2.3+esm3 libavahi-core-dev - 0.6.32~rc+dfsg-1ubuntu2.3+esm3 libavahi-core7 - 0.6.32~rc+dfsg-1ubuntu2.3+esm3 libavahi-glib-dev - 0.6.32~rc+dfsg-1ubuntu2.3+esm3 libavahi-glib1 - 0.6.32~rc+dfsg-1ubuntu2.3+esm3 libavahi-gobject-dev - 0.6.32~rc+dfsg-1ubuntu2.3+esm3 libavahi-gobject0 - 0.6.32~rc+dfsg-1ubuntu2.3+esm3 libavahi-qt4-1 - 0.6.32~rc+dfsg-1ubuntu2.3+esm3 libavahi-qt4-dev - 0.6.32~rc+dfsg-1ubuntu2.3+esm3 libavahi-ui-dev - 0.6.32~rc+dfsg-1ubuntu2.3+esm3 libavahi-ui-gtk3-0 - 0.6.32~rc+dfsg-1ubuntu2.3+esm3 libavahi-ui-gtk3-dev - 0.6.32~rc+dfsg-1ubuntu2.3+esm3 libavahi-ui0 - 0.6.32~rc+dfsg-1ubuntu2.3+esm3 python-avahi - 0.6.32~rc+dfsg-1ubuntu2.3+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-38469 CVE-2023-38470 CVE-2023-38471 CVE-2023-38472 CVE-2023-38473 Ubuntu 16.04 LTS USN-6488-1 fixed a vulnerability in strongSwan. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Florian Picca discovered that strongSwan incorrectly handled certain DH public values. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6488-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: charon-cmd - 5.3.5-1ubuntu3.8+esm4 libcharon-extra-plugins - 5.3.5-1ubuntu3.8+esm4 libstrongswan - 5.3.5-1ubuntu3.8+esm4 libstrongswan-extra-plugins - 5.3.5-1ubuntu3.8+esm4 libstrongswan-standard-plugins - 5.3.5-1ubuntu3.8+esm4 strongswan - 5.3.5-1ubuntu3.8+esm4 strongswan-charon - 5.3.5-1ubuntu3.8+esm4 strongswan-ike - 5.3.5-1ubuntu3.8+esm4 strongswan-ikev1 - 5.3.5-1ubuntu3.8+esm4 strongswan-ikev2 - 5.3.5-1ubuntu3.8+esm4 strongswan-libcharon - 5.3.5-1ubuntu3.8+esm4 strongswan-nm - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-af-alg - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-agent - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-attr-sql - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-certexpire - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-coupling - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-curl - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-dhcp - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-dnscert - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-dnskey - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-duplicheck - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-eap-aka - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-eap-aka-3gpp2 - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-eap-dynamic - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-eap-gtc - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-eap-md5 - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-eap-mschapv2 - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-eap-peap - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-eap-radius - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-eap-sim - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-eap-sim-file - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-eap-sim-pcsc - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-eap-simaka-pseudonym - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-eap-simaka-reauth - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-eap-simaka-sql - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-eap-tls - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-eap-tnc - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-eap-ttls - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-error-notify - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-farp - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-fips-prf - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-gcrypt - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-gmp - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-ipseckey - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-kernel-libipsec - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-ldap - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-led - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-load-tester - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-lookip - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-mysql - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-ntru - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-openssl - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-pgp - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-pkcs11 - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-pubkey - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-radattr - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-soup - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-sql - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-sqlite - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-sshkey - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-systime-fix - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-unbound - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-unity - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-whitelist - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-xauth-eap - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-xauth-generic - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-xauth-noauth - 5.3.5-1ubuntu3.8+esm4 strongswan-plugin-xauth-pam - 5.3.5-1ubuntu3.8+esm4 strongswan-starter - 5.3.5-1ubuntu3.8+esm4 strongswan-tnc-base - 5.3.5-1ubuntu3.8+esm4 strongswan-tnc-client - 5.3.5-1ubuntu3.8+esm4 strongswan-tnc-ifmap - 5.3.5-1ubuntu3.8+esm4 strongswan-tnc-pdp - 5.3.5-1ubuntu3.8+esm4 strongswan-tnc-server - 5.3.5-1ubuntu3.8+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-41913 Ubuntu 16.04 LTS USN-6493-1 fixed a vulnerability in hibagent. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: On Ubuntu 18.04 LTS and Ubuntu 16.04 LTS, the hibagent package has been updated to add IMDSv2 support, as IMDSv1 uses an insecure protocol and is no longer recommended. In addition, on all releases, hibagent has been updated to do nothing if ODH is configured. Update Instructions: Run `sudo pro fix USN-6493-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: hibagent - 1.0.1-0ubuntu1~16.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/2043739 Ubuntu 16.04 LTS Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-31085) Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2023-39189) Sunjoo Park discovered that the netfilter subsystem in the Linux kernel did not properly validate u32 packets content, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39192) Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate SCTP data, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39193) Lucas Leong discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel did not properly handle state filters, leading to an out- of-bounds read vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39194) Kyle Zeng discovered that the IPv4 implementation in the Linux kernel did not properly handle socket buffers (skb) when performing IP routing in certain circumstances, leading to a null pointer dereference vulnerability. A privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-42754) It was discovered that the USB ENE card reader driver in the Linux kernel did not properly allocate enough memory when processing the storage device boot blocks. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-45862) Manfred Rudigier discovered that the Intel(R) PCI-Express Gigabit (igb) Ethernet driver in the Linux kernel did not properly validate received frames that are larger than the set MTU size, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-45871) Budimir Markovic discovered that the perf subsystem in the Linux kernel did not properly handle event groups, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-5717) Update Instructions: Run `sudo pro fix USN-6494-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1126-oracle - 4.15.0-1126.137~16.04.1 linux-headers-4.15.0-1126-oracle - 4.15.0-1126.137~16.04.1 linux-image-4.15.0-1126-oracle - 4.15.0-1126.137~16.04.1 linux-image-unsigned-4.15.0-1126-oracle - 4.15.0-1126.137~16.04.1 linux-modules-4.15.0-1126-oracle - 4.15.0-1126.137~16.04.1 linux-modules-extra-4.15.0-1126-oracle - 4.15.0-1126.137~16.04.1 linux-oracle-headers-4.15.0-1126 - 4.15.0-1126.137~16.04.1 linux-oracle-tools-4.15.0-1126 - 4.15.0-1126.137~16.04.1 linux-tools-4.15.0-1126-oracle - 4.15.0-1126.137~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-headers-4.15.0-1163 - 4.15.0-1163.176~16.04.1 linux-aws-hwe-cloud-tools-4.15.0-1163 - 4.15.0-1163.176~16.04.1 linux-aws-hwe-tools-4.15.0-1163 - 4.15.0-1163.176~16.04.1 linux-buildinfo-4.15.0-1163-aws - 4.15.0-1163.176~16.04.1 linux-cloud-tools-4.15.0-1163-aws - 4.15.0-1163.176~16.04.1 linux-headers-4.15.0-1163-aws - 4.15.0-1163.176~16.04.1 linux-image-4.15.0-1163-aws - 4.15.0-1163.176~16.04.1 linux-image-unsigned-4.15.0-1163-aws - 4.15.0-1163.176~16.04.1 linux-modules-4.15.0-1163-aws - 4.15.0-1163.176~16.04.1 linux-modules-extra-4.15.0-1163-aws - 4.15.0-1163.176~16.04.1 linux-tools-4.15.0-1163-aws - 4.15.0-1163.176~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-220-generic - 4.15.0-220.231~16.04.1 linux-buildinfo-4.15.0-220-lowlatency - 4.15.0-220.231~16.04.1 linux-cloud-tools-4.15.0-220-generic - 4.15.0-220.231~16.04.1 linux-cloud-tools-4.15.0-220-lowlatency - 4.15.0-220.231~16.04.1 linux-headers-4.15.0-220 - 4.15.0-220.231~16.04.1 linux-headers-4.15.0-220-generic - 4.15.0-220.231~16.04.1 linux-headers-4.15.0-220-lowlatency - 4.15.0-220.231~16.04.1 linux-hwe-cloud-tools-4.15.0-220 - 4.15.0-220.231~16.04.1 linux-hwe-tools-4.15.0-220 - 4.15.0-220.231~16.04.1 linux-image-4.15.0-220-generic - 4.15.0-220.231~16.04.1 linux-image-4.15.0-220-lowlatency - 4.15.0-220.231~16.04.1 linux-image-unsigned-4.15.0-220-generic - 4.15.0-220.231~16.04.1 linux-image-unsigned-4.15.0-220-lowlatency - 4.15.0-220.231~16.04.1 linux-modules-4.15.0-220-generic - 4.15.0-220.231~16.04.1 linux-modules-4.15.0-220-lowlatency - 4.15.0-220.231~16.04.1 linux-modules-extra-4.15.0-220-generic - 4.15.0-220.231~16.04.1 linux-source-4.15.0 - 4.15.0-220.231~16.04.1 linux-tools-4.15.0-220-generic - 4.15.0-220.231~16.04.1 linux-tools-4.15.0-220-lowlatency - 4.15.0-220.231~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 4.15.0.1126.107 linux-image-oracle - 4.15.0.1126.107 linux-oracle - 4.15.0.1126.107 linux-signed-image-oracle - 4.15.0.1126.107 linux-signed-oracle - 4.15.0.1126.107 linux-tools-oracle - 4.15.0.1126.107 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-edge - 4.15.0.1163.146 linux-aws-hwe - 4.15.0.1163.146 linux-headers-aws-hwe - 4.15.0.1163.146 linux-image-aws-hwe - 4.15.0.1163.146 linux-modules-extra-aws-hwe - 4.15.0.1163.146 linux-tools-aws-hwe - 4.15.0.1163.146 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-hwe-16.04 - 4.15.0.220.4 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.220.4 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.220.4 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.220.4 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.220.4 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.220.4 linux-generic-hwe-16.04 - 4.15.0.220.4 linux-generic-hwe-16.04-edge - 4.15.0.220.4 linux-headers-generic-hwe-16.04 - 4.15.0.220.4 linux-headers-generic-hwe-16.04-edge - 4.15.0.220.4 linux-headers-lowlatency-hwe-16.04 - 4.15.0.220.4 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.220.4 linux-headers-oem - 4.15.0.220.4 linux-headers-virtual-hwe-16.04 - 4.15.0.220.4 linux-headers-virtual-hwe-16.04-edge - 4.15.0.220.4 linux-image-extra-virtual-hwe-16.04 - 4.15.0.220.4 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.220.4 linux-image-generic-hwe-16.04 - 4.15.0.220.4 linux-image-generic-hwe-16.04-edge - 4.15.0.220.4 linux-image-lowlatency-hwe-16.04 - 4.15.0.220.4 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.220.4 linux-image-oem - 4.15.0.220.4 linux-image-virtual-hwe-16.04 - 4.15.0.220.4 linux-image-virtual-hwe-16.04-edge - 4.15.0.220.4 linux-lowlatency-hwe-16.04 - 4.15.0.220.4 linux-lowlatency-hwe-16.04-edge - 4.15.0.220.4 linux-oem - 4.15.0.220.4 linux-signed-generic-hwe-16.04 - 4.15.0.220.4 linux-signed-generic-hwe-16.04-edge - 4.15.0.220.4 linux-signed-image-generic-hwe-16.04 - 4.15.0.220.4 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.220.4 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.220.4 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.220.4 linux-signed-image-oem - 4.15.0.220.4 linux-signed-lowlatency-hwe-16.04 - 4.15.0.220.4 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.220.4 linux-signed-oem - 4.15.0.220.4 linux-tools-generic-hwe-16.04 - 4.15.0.220.4 linux-tools-generic-hwe-16.04-edge - 4.15.0.220.4 linux-tools-lowlatency-hwe-16.04 - 4.15.0.220.4 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.220.4 linux-tools-oem - 4.15.0.220.4 linux-tools-virtual-hwe-16.04 - 4.15.0.220.4 linux-tools-virtual-hwe-16.04-edge - 4.15.0.220.4 linux-virtual-hwe-16.04 - 4.15.0.220.4 linux-virtual-hwe-16.04-edge - 4.15.0.220.4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-31085 CVE-2023-39189 CVE-2023-39192 CVE-2023-39193 CVE-2023-39194 CVE-2023-42754 CVE-2023-45862 CVE-2023-45871 CVE-2023-5717 Ubuntu 16.04 LTS Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-31085) Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2023-39189) Sunjoo Park discovered that the netfilter subsystem in the Linux kernel did not properly validate u32 packets content, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39192) Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate SCTP data, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39193) Lucas Leong discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel did not properly handle state filters, leading to an out- of-bounds read vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39194) Kyle Zeng discovered that the IPv4 implementation in the Linux kernel did not properly handle socket buffers (skb) when performing IP routing in certain circumstances, leading to a null pointer dereference vulnerability. A privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-42754) It was discovered that the USB ENE card reader driver in the Linux kernel did not properly allocate enough memory when processing the storage device boot blocks. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-45862) Manfred Rudigier discovered that the Intel(R) PCI-Express Gigabit (igb) Ethernet driver in the Linux kernel did not properly validate received frames that are larger than the set MTU size, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-45871) Budimir Markovic discovered that the perf subsystem in the Linux kernel did not properly handle event groups, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-5717) Update Instructions: Run `sudo pro fix USN-6494-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1157-gcp - 4.15.0-1157.174~16.04.1 linux-gcp-headers-4.15.0-1157 - 4.15.0-1157.174~16.04.1 linux-gcp-tools-4.15.0-1157 - 4.15.0-1157.174~16.04.1 linux-headers-4.15.0-1157-gcp - 4.15.0-1157.174~16.04.1 linux-image-4.15.0-1157-gcp - 4.15.0-1157.174~16.04.1 linux-image-unsigned-4.15.0-1157-gcp - 4.15.0-1157.174~16.04.1 linux-modules-4.15.0-1157-gcp - 4.15.0-1157.174~16.04.1 linux-modules-extra-4.15.0-1157-gcp - 4.15.0-1157.174~16.04.1 linux-tools-4.15.0-1157-gcp - 4.15.0-1157.174~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-cloud-tools-4.15.0-1172 - 4.15.0-1172.187~16.04.1 linux-azure-headers-4.15.0-1172 - 4.15.0-1172.187~16.04.1 linux-azure-tools-4.15.0-1172 - 4.15.0-1172.187~16.04.1 linux-buildinfo-4.15.0-1172-azure - 4.15.0-1172.187~16.04.1 linux-cloud-tools-4.15.0-1172-azure - 4.15.0-1172.187~16.04.1 linux-headers-4.15.0-1172-azure - 4.15.0-1172.187~16.04.1 linux-image-4.15.0-1172-azure - 4.15.0-1172.187~16.04.1 linux-image-unsigned-4.15.0-1172-azure - 4.15.0-1172.187~16.04.1 linux-modules-4.15.0-1172-azure - 4.15.0-1172.187~16.04.1 linux-modules-extra-4.15.0-1172-azure - 4.15.0-1172.187~16.04.1 linux-tools-4.15.0-1172-azure - 4.15.0-1172.187~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp - 4.15.0.1157.147 linux-gke - 4.15.0.1157.147 linux-headers-gcp - 4.15.0.1157.147 linux-headers-gke - 4.15.0.1157.147 linux-image-gcp - 4.15.0.1157.147 linux-image-gke - 4.15.0.1157.147 linux-modules-extra-gcp - 4.15.0.1157.147 linux-modules-extra-gke - 4.15.0.1157.147 linux-tools-gcp - 4.15.0.1157.147 linux-tools-gke - 4.15.0.1157.147 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 4.15.0.1172.156 linux-azure-edge - 4.15.0.1172.156 linux-cloud-tools-azure - 4.15.0.1172.156 linux-cloud-tools-azure-edge - 4.15.0.1172.156 linux-headers-azure - 4.15.0.1172.156 linux-headers-azure-edge - 4.15.0.1172.156 linux-image-azure - 4.15.0.1172.156 linux-image-azure-edge - 4.15.0.1172.156 linux-modules-extra-azure - 4.15.0.1172.156 linux-modules-extra-azure-edge - 4.15.0.1172.156 linux-signed-azure - 4.15.0.1172.156 linux-signed-azure-edge - 4.15.0.1172.156 linux-signed-image-azure - 4.15.0.1172.156 linux-signed-image-azure-edge - 4.15.0.1172.156 linux-tools-azure - 4.15.0.1172.156 linux-tools-azure-edge - 4.15.0.1172.156 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-31085 CVE-2023-39189 CVE-2023-39192 CVE-2023-39193 CVE-2023-39194 CVE-2023-42754 CVE-2023-45862 CVE-2023-45871 CVE-2023-5717 Ubuntu 16.04 LTS USN-6500-1 fixed several vulnerabilities in Squid. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Joshua Rogers discovered that Squid incorrectly handled the Gopher protocol. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Gopher support has been disabled in this update. (CVE-2023-46728) Joshua Rogers discovered that Squid incorrectly handled HTTP Digest Authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2023-46847) Update Instructions: Run `sudo pro fix USN-6500-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squid - 3.5.12-1ubuntu7.16+esm2 squid3 - 3.5.12-1ubuntu7.16+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-46728 CVE-2023-46847 Ubuntu 16.04 LTS It was discovered that poppler incorrectly handled certain malformed PDF files. If a user or an automated system were tricked into opening a specially crafted PDF file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-23804) It was discovered that poppler incorrectly handled certain malformed PDF files. If a user or an automated system were tricked into opening a specially crafted PDF file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2022-37050, CVE-2022-37051, CVE-2022-37052, CVE-2022-38349) Update Instructions: Run `sudo pro fix USN-6508-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-poppler-0.18 - 0.41.0-0ubuntu1.16+esm4 libpoppler-cpp-dev - 0.41.0-0ubuntu1.16+esm4 libpoppler-cpp0 - 0.41.0-0ubuntu1.16+esm4 libpoppler-dev - 0.41.0-0ubuntu1.16+esm4 libpoppler-glib-dev - 0.41.0-0ubuntu1.16+esm4 libpoppler-glib-doc - 0.41.0-0ubuntu1.16+esm4 libpoppler-glib8 - 0.41.0-0ubuntu1.16+esm4 libpoppler-private-dev - 0.41.0-0ubuntu1.16+esm4 libpoppler-qt4-4 - 0.41.0-0ubuntu1.16+esm4 libpoppler-qt4-dev - 0.41.0-0ubuntu1.16+esm4 libpoppler-qt5-1 - 0.41.0-0ubuntu1.16+esm4 libpoppler-qt5-dev - 0.41.0-0ubuntu1.16+esm4 libpoppler58 - 0.41.0-0ubuntu1.16+esm4 poppler-utils - 0.41.0-0ubuntu1.16+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-23804 CVE-2022-37050 CVE-2022-37051 CVE-2022-37052 CVE-2022-38349 Ubuntu 16.04 LTS David Shoon discovered that the Apache HTTP Server mod_macro module incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6510-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2 - 2.4.18-2ubuntu3.17+esm11 apache2-bin - 2.4.18-2ubuntu3.17+esm11 apache2-data - 2.4.18-2ubuntu3.17+esm11 apache2-dev - 2.4.18-2ubuntu3.17+esm11 apache2-doc - 2.4.18-2ubuntu3.17+esm11 apache2-suexec-custom - 2.4.18-2ubuntu3.17+esm11 apache2-suexec-pristine - 2.4.18-2ubuntu3.17+esm11 apache2-utils - 2.4.18-2ubuntu3.17+esm11 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-31122 Ubuntu 16.04 LTS It was discovered that LibTIFF could be made to run into an infinite loop. If a user or an automated system were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause a denial of service. (CVE-2022-40090) It was discovered that LibTIFF could be made leak memory. If a user or an automated system were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause a denial of service. (CVE-2023-3576) Update Instructions: Run `sudo pro fix USN-6512-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-doc - 4.0.6-1ubuntu0.8+esm14 libtiff-opengl - 4.0.6-1ubuntu0.8+esm14 libtiff-tools - 4.0.6-1ubuntu0.8+esm14 libtiff5 - 4.0.6-1ubuntu0.8+esm14 libtiff5-dev - 4.0.6-1ubuntu0.8+esm14 libtiffxx5 - 4.0.6-1ubuntu0.8+esm14 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-40090 CVE-2023-3576 Ubuntu 16.04 LTS It was discovered that Python incorrectly handled certain plist files. If a user or an automated system were tricked into processing a specially crafted plist file, an attacker could possibly use this issue to consume resources, resulting in a denial of service. (CVE-2022-48564) It was discovered that Python instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake. An attacker could possibly use this issue to cause applications to treat unauthenticated received data before TLS handshake as authenticated data after TLS handshake. (CVE-2023-40217) Update Instructions: Run `sudo pro fix USN-6513-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: idle-python2.7 - 2.7.12-1ubuntu0~16.04.18+esm9 libpython2.7 - 2.7.12-1ubuntu0~16.04.18+esm9 libpython2.7-dev - 2.7.12-1ubuntu0~16.04.18+esm9 libpython2.7-minimal - 2.7.12-1ubuntu0~16.04.18+esm9 libpython2.7-stdlib - 2.7.12-1ubuntu0~16.04.18+esm9 libpython2.7-testsuite - 2.7.12-1ubuntu0~16.04.18+esm9 python2.7 - 2.7.12-1ubuntu0~16.04.18+esm9 python2.7-dev - 2.7.12-1ubuntu0~16.04.18+esm9 python2.7-doc - 2.7.12-1ubuntu0~16.04.18+esm9 python2.7-examples - 2.7.12-1ubuntu0~16.04.18+esm9 python2.7-minimal - 2.7.12-1ubuntu0~16.04.18+esm9 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro idle-python3.5 - 3.5.2-2ubuntu0~16.04.13+esm12 libpython3.5 - 3.5.2-2ubuntu0~16.04.13+esm12 libpython3.5-dev - 3.5.2-2ubuntu0~16.04.13+esm12 libpython3.5-minimal - 3.5.2-2ubuntu0~16.04.13+esm12 libpython3.5-stdlib - 3.5.2-2ubuntu0~16.04.13+esm12 libpython3.5-testsuite - 3.5.2-2ubuntu0~16.04.13+esm12 python3.5 - 3.5.2-2ubuntu0~16.04.13+esm12 python3.5-dev - 3.5.2-2ubuntu0~16.04.13+esm12 python3.5-doc - 3.5.2-2ubuntu0~16.04.13+esm12 python3.5-examples - 3.5.2-2ubuntu0~16.04.13+esm12 python3.5-minimal - 3.5.2-2ubuntu0~16.04.13+esm12 python3.5-venv - 3.5.2-2ubuntu0~16.04.13+esm12 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-48564 CVE-2023-40217 Ubuntu 16.04 LTS Luis Rocha discovered that AFFLIB incorrectly handled certain input files. If a user or automated system were tricked into processing a specially crafted AFF image file, a remote attacker could possibly use this issue to cause a denial of service via application crash. (CVE-2018-8050) Update Instructions: Run `sudo pro fix USN-6518-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: afflib-tools - 3.7.7-3ubuntu0.1~esm1 libafflib-dev - 3.7.7-3ubuntu0.1~esm1 libafflib0v5 - 3.7.7-3ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-8050 Ubuntu 16.04 LTS USN-6519-1 added IMDSv2 support to EC2 hibagent. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: The EC2 hibagent package has been updated to add IMDSv2 support, as IMDSv1 uses an insecure protocol and is no longer recommended. Update Instructions: Run `sudo pro fix USN-6519-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ec2-hibinit-agent - 1.0.0-0ubuntu4~16.04.4+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/1941785 Ubuntu 16.04 LTS It was discovered that the HotSpot VM implementation in OpenJDK did not properly validate bytecode blocks in certain situations. An attacker could possibly use this to cause a denial of service. (CVE-2022-40433) Carter Kozak discovered that OpenJDK, when compiling with AVX-512 instruction support enabled, could produce code that resulted in memory corruption in certain situations. An attacker targeting applications built in this way could possibly use this to cause a denial of service or execute arbitrary code. In Ubuntu, OpenJDK defaults to not using AVX-512 instructions. (CVE-2023-22025) It was discovered that the CORBA implementation in OpenJDK did not properly perform deserialization of IOR string objects. An attacker could possibly use this to bypass Java sandbox restrictions. (CVE-2023-22067) It was discovered that OpenJDK did not properly perform PKIX certification path validation in certain situations. An attacker could use this to cause a denial of service. (CVE-2023-22081) Update Instructions: Run `sudo pro fix USN-6528-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-8-demo - 8u392-ga-1~16.04 openjdk-8-doc - 8u392-ga-1~16.04 openjdk-8-jdk - 8u392-ga-1~16.04 openjdk-8-jdk-headless - 8u392-ga-1~16.04 openjdk-8-jre - 8u392-ga-1~16.04 openjdk-8-jre-headless - 8u392-ga-1~16.04 openjdk-8-jre-jamvm - 8u392-ga-1~16.04 openjdk-8-jre-zero - 8u392-ga-1~16.04 openjdk-8-source - 8u392-ga-1~16.04 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-22025 CVE-2023-22067 CVE-2023-22081 Ubuntu 16.04 LTS Seiya Nakata and Yudai Fujiwara discovered that Redis incorrectly handled certain specially crafted Lua scripts. An attacker could possibly use this issue to cause heap corruption and execute arbitrary code. (CVE-2022-24834) SeungHyun Lee discovered that Redis incorrectly handled specially crafted commands. An attacker could possibly use this issue to trigger an integer overflow, which might cause Redis to allocate impossible amounts of memory, resulting in a denial of service via an application crash. (CVE-2022-35977) Tom Levy discovered that Redis incorrectly handled crafted string matching patterns. An attacker could possibly use this issue to cause Redis to hang, resulting in a denial of service. (CVE-2022-36021) Yupeng Yang discovered that Redis incorrectly handled specially crafted commands. An attacker could possibly use this issue to trigger an integer overflow, resulting in a denial of service via an application crash. (CVE-2023-25155) It was discovered that Redis incorrectly handled a specially crafted command. An attacker could possibly use this issue to create an invalid hash field, which could potentially cause Redis to crash on future access. (CVE-2023-28856) Alexander Aleksandrovič Klimov discovered that Redis incorrectly listened to a Unix socket before setting proper permissions. A local attacker could possibly use this issue to connect, bypassing intended permissions. (CVE-2023-45145) Update Instructions: Run `sudo pro fix USN-6531-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: redis-sentinel - 2:3.0.6-1ubuntu0.4+esm2 redis-server - 2:3.0.6-1ubuntu0.4+esm2 redis-tools - 2:3.0.6-1ubuntu0.4+esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-24834 CVE-2022-35977 CVE-2022-36021 CVE-2023-25155 CVE-2023-28856 CVE-2023-45145 Ubuntu 16.04 LTS Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. (CVE-2023-20593) Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-31085) Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2023-39189) Sunjoo Park discovered that the netfilter subsystem in the Linux kernel did not properly validate u32 packets content, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39192) Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate SCTP data, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39193) Lucas Leong discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel did not properly handle state filters, leading to an out- of-bounds read vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39194) Kyle Zeng discovered that the IPv4 implementation in the Linux kernel did not properly handle socket buffers (skb) when performing IP routing in certain circumstances, leading to a null pointer dereference vulnerability. A privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-42754) It was discovered that the USB ENE card reader driver in the Linux kernel did not properly allocate enough memory when processing the storage device boot blocks. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-45862) Manfred Rudigier discovered that the Intel(R) PCI-Express Gigabit (igb) Ethernet driver in the Linux kernel did not properly validate received frames that are larger than the set MTU size, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-45871) Budimir Markovic discovered that the perf subsystem in the Linux kernel did not properly handle event groups, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-5717) Update Instructions: Run `sudo pro fix USN-6532-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.4.0-1126-kvm - 4.4.0-1126.136 linux-cloud-tools-4.4.0-1126-kvm - 4.4.0-1126.136 linux-headers-4.4.0-1126-kvm - 4.4.0-1126.136 linux-image-4.4.0-1126-kvm - 4.4.0-1126.136 linux-kvm-cloud-tools-4.4.0-1126 - 4.4.0-1126.136 linux-kvm-headers-4.4.0-1126 - 4.4.0-1126.136 linux-kvm-tools-4.4.0-1126 - 4.4.0-1126.136 linux-modules-4.4.0-1126-kvm - 4.4.0-1126.136 linux-tools-4.4.0-1126-kvm - 4.4.0-1126.136 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-cloud-tools-4.4.0-1163 - 4.4.0-1163.178 linux-aws-headers-4.4.0-1163 - 4.4.0-1163.178 linux-aws-tools-4.4.0-1163 - 4.4.0-1163.178 linux-buildinfo-4.4.0-1163-aws - 4.4.0-1163.178 linux-cloud-tools-4.4.0-1163-aws - 4.4.0-1163.178 linux-headers-4.4.0-1163-aws - 4.4.0-1163.178 linux-image-4.4.0-1163-aws - 4.4.0-1163.178 linux-modules-4.4.0-1163-aws - 4.4.0-1163.178 linux-modules-extra-4.4.0-1163-aws - 4.4.0-1163.178 linux-tools-4.4.0-1163-aws - 4.4.0-1163.178 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.4.0-248-generic - 4.4.0-248.282 linux-buildinfo-4.4.0-248-lowlatency - 4.4.0-248.282 linux-cloud-tools-4.4.0-248 - 4.4.0-248.282 linux-cloud-tools-4.4.0-248-generic - 4.4.0-248.282 linux-cloud-tools-4.4.0-248-lowlatency - 4.4.0-248.282 linux-cloud-tools-common - 4.4.0-248.282 linux-doc - 4.4.0-248.282 linux-headers-4.4.0-248 - 4.4.0-248.282 linux-headers-4.4.0-248-generic - 4.4.0-248.282 linux-headers-4.4.0-248-lowlatency - 4.4.0-248.282 linux-image-4.4.0-248-generic - 4.4.0-248.282 linux-image-4.4.0-248-lowlatency - 4.4.0-248.282 linux-image-unsigned-4.4.0-248-generic - 4.4.0-248.282 linux-image-unsigned-4.4.0-248-lowlatency - 4.4.0-248.282 linux-libc-dev - 4.4.0-248.282 linux-modules-4.4.0-248-generic - 4.4.0-248.282 linux-modules-4.4.0-248-lowlatency - 4.4.0-248.282 linux-modules-extra-4.4.0-248-generic - 4.4.0-248.282 linux-source-4.4.0 - 4.4.0-248.282 linux-tools-4.4.0-248 - 4.4.0-248.282 linux-tools-4.4.0-248-generic - 4.4.0-248.282 linux-tools-4.4.0-248-lowlatency - 4.4.0-248.282 linux-tools-common - 4.4.0-248.282 linux-tools-host - 4.4.0-248.282 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-kvm - 4.4.0.1126.123 linux-image-kvm - 4.4.0.1126.123 linux-kvm - 4.4.0.1126.123 linux-tools-kvm - 4.4.0.1126.123 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 4.4.0.1163.167 linux-headers-aws - 4.4.0.1163.167 linux-image-aws - 4.4.0.1163.167 linux-modules-extra-aws - 4.4.0.1163.167 linux-tools-aws - 4.4.0.1163.167 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic - 4.4.0.248.254 linux-cloud-tools-generic-lts-utopic - 4.4.0.248.254 linux-cloud-tools-generic-lts-vivid - 4.4.0.248.254 linux-cloud-tools-generic-lts-wily - 4.4.0.248.254 linux-cloud-tools-generic-lts-xenial - 4.4.0.248.254 linux-cloud-tools-lowlatency - 4.4.0.248.254 linux-cloud-tools-lowlatency-lts-utopic - 4.4.0.248.254 linux-cloud-tools-lowlatency-lts-vivid - 4.4.0.248.254 linux-cloud-tools-lowlatency-lts-wily - 4.4.0.248.254 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.248.254 linux-cloud-tools-virtual - 4.4.0.248.254 linux-cloud-tools-virtual-lts-utopic - 4.4.0.248.254 linux-cloud-tools-virtual-lts-vivid - 4.4.0.248.254 linux-cloud-tools-virtual-lts-wily - 4.4.0.248.254 linux-cloud-tools-virtual-lts-xenial - 4.4.0.248.254 linux-crashdump - 4.4.0.248.254 linux-generic - 4.4.0.248.254 linux-generic-lts-utopic - 4.4.0.248.254 linux-generic-lts-vivid - 4.4.0.248.254 linux-generic-lts-wily - 4.4.0.248.254 linux-generic-lts-xenial - 4.4.0.248.254 linux-headers-generic - 4.4.0.248.254 linux-headers-generic-lts-utopic - 4.4.0.248.254 linux-headers-generic-lts-vivid - 4.4.0.248.254 linux-headers-generic-lts-wily - 4.4.0.248.254 linux-headers-generic-lts-xenial - 4.4.0.248.254 linux-headers-lowlatency - 4.4.0.248.254 linux-headers-lowlatency-lts-utopic - 4.4.0.248.254 linux-headers-lowlatency-lts-vivid - 4.4.0.248.254 linux-headers-lowlatency-lts-wily - 4.4.0.248.254 linux-headers-lowlatency-lts-xenial - 4.4.0.248.254 linux-headers-virtual - 4.4.0.248.254 linux-headers-virtual-lts-utopic - 4.4.0.248.254 linux-headers-virtual-lts-vivid - 4.4.0.248.254 linux-headers-virtual-lts-wily - 4.4.0.248.254 linux-headers-virtual-lts-xenial - 4.4.0.248.254 linux-hwe-generic-trusty - 4.4.0.248.254 linux-hwe-virtual-trusty - 4.4.0.248.254 linux-image-extra-virtual - 4.4.0.248.254 linux-image-extra-virtual-lts-utopic - 4.4.0.248.254 linux-image-extra-virtual-lts-vivid - 4.4.0.248.254 linux-image-extra-virtual-lts-wily - 4.4.0.248.254 linux-image-extra-virtual-lts-xenial - 4.4.0.248.254 linux-image-generic - 4.4.0.248.254 linux-image-generic-lts-utopic - 4.4.0.248.254 linux-image-generic-lts-vivid - 4.4.0.248.254 linux-image-generic-lts-wily - 4.4.0.248.254 linux-image-generic-lts-xenial - 4.4.0.248.254 linux-image-hwe-generic-trusty - 4.4.0.248.254 linux-image-hwe-virtual-trusty - 4.4.0.248.254 linux-image-lowlatency - 4.4.0.248.254 linux-image-lowlatency-lts-utopic - 4.4.0.248.254 linux-image-lowlatency-lts-vivid - 4.4.0.248.254 linux-image-lowlatency-lts-wily - 4.4.0.248.254 linux-image-lowlatency-lts-xenial - 4.4.0.248.254 linux-image-virtual - 4.4.0.248.254 linux-image-virtual-lts-utopic - 4.4.0.248.254 linux-image-virtual-lts-vivid - 4.4.0.248.254 linux-image-virtual-lts-wily - 4.4.0.248.254 linux-image-virtual-lts-xenial - 4.4.0.248.254 linux-lowlatency - 4.4.0.248.254 linux-lowlatency-lts-utopic - 4.4.0.248.254 linux-lowlatency-lts-vivid - 4.4.0.248.254 linux-lowlatency-lts-wily - 4.4.0.248.254 linux-lowlatency-lts-xenial - 4.4.0.248.254 linux-signed-generic - 4.4.0.248.254 linux-signed-generic-lts-utopic - 4.4.0.248.254 linux-signed-generic-lts-vivid - 4.4.0.248.254 linux-signed-generic-lts-wily - 4.4.0.248.254 linux-signed-generic-lts-xenial - 4.4.0.248.254 linux-signed-image-generic - 4.4.0.248.254 linux-signed-image-generic-lts-utopic - 4.4.0.248.254 linux-signed-image-generic-lts-vivid - 4.4.0.248.254 linux-signed-image-generic-lts-wily - 4.4.0.248.254 linux-signed-image-generic-lts-xenial - 4.4.0.248.254 linux-signed-image-lowlatency - 4.4.0.248.254 linux-signed-image-lowlatency-lts-wily - 4.4.0.248.254 linux-signed-image-lowlatency-lts-xenial - 4.4.0.248.254 linux-signed-lowlatency - 4.4.0.248.254 linux-signed-lowlatency-lts-wily - 4.4.0.248.254 linux-signed-lowlatency-lts-xenial - 4.4.0.248.254 linux-source - 4.4.0.248.254 linux-tools-generic - 4.4.0.248.254 linux-tools-generic-lts-utopic - 4.4.0.248.254 linux-tools-generic-lts-vivid - 4.4.0.248.254 linux-tools-generic-lts-wily - 4.4.0.248.254 linux-tools-generic-lts-xenial - 4.4.0.248.254 linux-tools-lowlatency - 4.4.0.248.254 linux-tools-lowlatency-lts-utopic - 4.4.0.248.254 linux-tools-lowlatency-lts-vivid - 4.4.0.248.254 linux-tools-lowlatency-lts-wily - 4.4.0.248.254 linux-tools-lowlatency-lts-xenial - 4.4.0.248.254 linux-tools-lts-utopic - 4.4.0.248.254 linux-tools-virtual - 4.4.0.248.254 linux-tools-virtual-lts-utopic - 4.4.0.248.254 linux-tools-virtual-lts-vivid - 4.4.0.248.254 linux-tools-virtual-lts-wily - 4.4.0.248.254 linux-tools-virtual-lts-xenial - 4.4.0.248.254 linux-virtual - 4.4.0.248.254 linux-virtual-lts-utopic - 4.4.0.248.254 linux-virtual-lts-vivid - 4.4.0.248.254 linux-virtual-lts-wily - 4.4.0.248.254 linux-virtual-lts-xenial - 4.4.0.248.254 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-20593 CVE-2023-31085 CVE-2023-39189 CVE-2023-39192 CVE-2023-39193 CVE-2023-39194 CVE-2023-42754 CVE-2023-45862 CVE-2023-45871 CVE-2023-5717 Ubuntu 16.04 LTS It was discovered that BlueZ did not properly restrict non-bonded devices from injecting HID events into the input subsystem. This could allow a physically proximate attacker to inject keystrokes and execute arbitrary commands whilst the device is discoverable. Update Instructions: Run `sudo pro fix USN-6540-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bluetooth - 5.37-0ubuntu5.3+esm3 bluez - 5.37-0ubuntu5.3+esm3 bluez-cups - 5.37-0ubuntu5.3+esm3 bluez-hcidump - 5.37-0ubuntu5.3+esm3 bluez-obexd - 5.37-0ubuntu5.3+esm3 bluez-tests - 5.37-0ubuntu5.3+esm3 libbluetooth-dev - 5.37-0ubuntu5.3+esm3 libbluetooth3 - 5.37-0ubuntu5.3+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-45866 Ubuntu 16.04 LTS It was discovered that the GNU C Library was not properly handling certain memory operations. An attacker could possibly use this issue to cause a denial of service (application crash). (CVE-2023-4806, CVE-2023-4813) It was discovered that the GNU C library was not properly implementing a fix for CVE-2023-4806 in certain cases, which could lead to a memory leak. An attacker could possibly use this issue to cause a denial of service (application crash). This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.04. (CVE-2023-5156) Update Instructions: Run `sudo pro fix USN-6541-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: glibc-doc - 2.23-0ubuntu11.3+esm5 glibc-source - 2.23-0ubuntu11.3+esm5 libc-bin - 2.23-0ubuntu11.3+esm5 libc-dev-bin - 2.23-0ubuntu11.3+esm5 libc6 - 2.23-0ubuntu11.3+esm5 libc6-amd64 - 2.23-0ubuntu11.3+esm5 libc6-armel - 2.23-0ubuntu11.3+esm5 libc6-dev - 2.23-0ubuntu11.3+esm5 libc6-dev-amd64 - 2.23-0ubuntu11.3+esm5 libc6-dev-armel - 2.23-0ubuntu11.3+esm5 libc6-dev-i386 - 2.23-0ubuntu11.3+esm5 libc6-dev-s390 - 2.23-0ubuntu11.3+esm5 libc6-dev-x32 - 2.23-0ubuntu11.3+esm5 libc6-i386 - 2.23-0ubuntu11.3+esm5 libc6-pic - 2.23-0ubuntu11.3+esm5 libc6-s390 - 2.23-0ubuntu11.3+esm5 libc6-x32 - 2.23-0ubuntu11.3+esm5 locales - 2.23-0ubuntu11.3+esm5 locales-all - 2.23-0ubuntu11.3+esm5 multiarch-support - 2.23-0ubuntu11.3+esm5 nscd - 2.23-0ubuntu11.3+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-4806 CVE-2023-4813 CVE-2023-5156 Ubuntu 16.04 LTS Wang Zhong discovered that TinyXML incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6542-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtinyxml-dev - 2.6.2-3ubuntu0.1~esm1 libtinyxml-doc - 2.6.2-3ubuntu0.1~esm1 libtinyxml2.6.2v5 - 2.6.2-3ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-42260 Ubuntu 16.04 LTS It was discovered that tar incorrectly handled extended attributes in PAX archives. An attacker could use this issue to cause tar to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6543-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tar - 1.28-2.1ubuntu0.2+esm3 tar-scripts - 1.28-2.1ubuntu0.2+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-39804 Ubuntu 16.04 LTS USN-6555-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled XKB button actions. An attacker could possibly use this issue to cause the X Server to crash, execute arbitrary code, or escalate privileges. (CVE-2023-6377) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the RRChangeOutputProperty and RRChangeProviderProperty APIs. An attacker could possibly use this issue to cause the X Server to crash, or obtain sensitive information. (CVE-2023-6478) Update Instructions: Run `sudo pro fix USN-6555-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xdmx - 2:1.18.4-0ubuntu0.12+esm8 xdmx-tools - 2:1.18.4-0ubuntu0.12+esm8 xmir - 2:1.18.4-0ubuntu0.12+esm8 xnest - 2:1.18.4-0ubuntu0.12+esm8 xorg-server-source - 2:1.18.4-0ubuntu0.12+esm8 xserver-common - 2:1.18.4-0ubuntu0.12+esm8 xserver-xephyr - 2:1.18.4-0ubuntu0.12+esm8 xserver-xorg-core - 2:1.18.4-0ubuntu0.12+esm8 xserver-xorg-dev - 2:1.18.4-0ubuntu0.12+esm8 xserver-xorg-legacy - 2:1.18.4-0ubuntu0.12+esm8 xserver-xorg-xmir - 2:1.18.4-0ubuntu0.12+esm8 xvfb - 2:1.18.4-0ubuntu0.12+esm8 xwayland - 2:1.18.4-0ubuntu0.12+esm8 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-6377 CVE-2023-6478 Ubuntu 16.04 LTS It was discovered that Vim could be made to dereference invalid memory. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1725) It was discovered that Vim could be made to recurse infinitely. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1771) It was discovered that Vim could be made to write out of bounds with a put command. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-1886) It was discovered that Vim could be made to write out of bounds. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1897, CVE-2022-2000) It was discovered that Vim did not properly manage memory in the spell command. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2042) It was discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2023-46246, CVE-2023-48231) It was discovered that Vim could be made to divide by zero. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04 and Ubuntu 23.10. (CVE-2023-48232) It was discovered that Vim contained multiple arithmetic overflows. An attacker could possibly use these issues to cause a denial of service. (CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237) It was discovered that Vim did not properly manage memory in the substitute command. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-48706) Update Instructions: Run `sudo pro fix USN-6557-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim - 2:7.4.1689-3ubuntu1.5+esm22 vim-athena - 2:7.4.1689-3ubuntu1.5+esm22 vim-athena-py2 - 2:7.4.1689-3ubuntu1.5+esm22 vim-common - 2:7.4.1689-3ubuntu1.5+esm22 vim-doc - 2:7.4.1689-3ubuntu1.5+esm22 vim-gnome - 2:7.4.1689-3ubuntu1.5+esm22 vim-gnome-py2 - 2:7.4.1689-3ubuntu1.5+esm22 vim-gtk - 2:7.4.1689-3ubuntu1.5+esm22 vim-gtk-py2 - 2:7.4.1689-3ubuntu1.5+esm22 vim-gtk3 - 2:7.4.1689-3ubuntu1.5+esm22 vim-gtk3-py2 - 2:7.4.1689-3ubuntu1.5+esm22 vim-gui-common - 2:7.4.1689-3ubuntu1.5+esm22 vim-nox - 2:7.4.1689-3ubuntu1.5+esm22 vim-nox-py2 - 2:7.4.1689-3ubuntu1.5+esm22 vim-runtime - 2:7.4.1689-3ubuntu1.5+esm22 vim-tiny - 2:7.4.1689-3ubuntu1.5+esm22 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-1725 CVE-2022-1771 CVE-2022-1886 CVE-2022-1897 CVE-2022-2000 CVE-2022-2042 CVE-2023-46246 CVE-2023-48231 CVE-2023-48232 CVE-2023-48233 CVE-2023-48234 CVE-2023-48235 CVE-2023-48236 CVE-2023-48237 CVE-2023-48706 Ubuntu 16.04 LTS It was discovered that audiofile could be made to dereference invalid memory. If a user or an automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-13440) It was discovered that audiofile could be made to write out of bounds. If a user or an automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-17095) It was discovered that audiofile could be made to dereference invalid memory. If a user or an automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. (CVE-2019-13147) It was discovered that audiofile could be made to leak memory. If a user or an automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to obtain sensitive information. (CVE-2022-24599) Update Instructions: Run `sudo pro fix USN-6558-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: audiofile-tools - 0.3.6-2ubuntu0.16.04.1+esm1 libaudiofile-dev - 0.3.6-2ubuntu0.16.04.1+esm1 libaudiofile1 - 0.3.6-2ubuntu0.16.04.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-13440 CVE-2018-17095 CVE-2019-13147 CVE-2022-24599 Ubuntu 16.04 LTS It was discovered that ZooKeeper incorrectly handled authorization for the getACL() command. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2019-0201) Damien Diederen discovered that ZooKeeper incorrectly handled authorization if SASL Quorum Peer authentication is enabled. An attacker could possibly use this issue to bypass ZooKeeper's authorization system. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.04 and Ubuntu 23.10. (CVE-2023-44981) Update Instructions: Run `sudo pro fix USN-6559-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libzookeeper-java - 3.4.8-1ubuntu0.1~esm2 libzookeeper-java-doc - 3.4.8-1ubuntu0.1~esm2 libzookeeper-mt-dev - 3.4.8-1ubuntu0.1~esm2 libzookeeper-mt2 - 3.4.8-1ubuntu0.1~esm2 libzookeeper-st-dev - 3.4.8-1ubuntu0.1~esm2 libzookeeper-st2 - 3.4.8-1ubuntu0.1~esm2 libzookeeper2 - 3.4.8-1ubuntu0.1~esm2 python-zookeeper - 3.4.8-1ubuntu0.1~esm2 zookeeper - 3.4.8-1ubuntu0.1~esm2 zookeeper-bin - 3.4.8-1ubuntu0.1~esm2 zookeeperd - 3.4.8-1ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-0201 CVE-2023-44981 Ubuntu 16.04 LTS USN-6560-1 fixed several vulnerabilities in OpenSSH. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being downgraded. This issue is known as the Terrapin attack. This update adds protocol extensions to mitigate this issue. (CVE-2023-48795) It was discovered that OpenSSH incorrectly handled user names or host names with shell metacharacters. An attacker could possibly use this issue to perform OS command injection. This only affected Ubuntu 18.04 LTS. (CVE-2023-51385) Update Instructions: Run `sudo pro fix USN-6560-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssh-client - 1:7.2p2-4ubuntu2.10+esm5 openssh-client-ssh1 - 1:7.2p2-4ubuntu2.10+esm5 openssh-server - 1:7.2p2-4ubuntu2.10+esm5 openssh-sftp-server - 1:7.2p2-4ubuntu2.10+esm5 ssh - 1:7.2p2-4ubuntu2.10+esm5 ssh-askpass-gnome - 1:7.2p2-4ubuntu2.10+esm5 ssh-krb5 - 1:7.2p2-4ubuntu2.10+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-48795 CVE-2023-51385 Ubuntu 16.04 LTS Pedro Gallegos discovered that PostgreSQL incorrectly handled modifying certain SQL array values. A remote attacker could use this issue to obtain sensitive information, or possibly execute arbitrary code. (CVE-2023-5869) Hemanth Sandrana and Mahendrakar Srinivasarao discovered that PostgreSQL allowed the pg_signal_backend role to signal certain superuser processes, contrary to expectations. (CVE-2023-5870) Update Instructions: Run `sudo pro fix USN-6570-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libecpg-compat3 - 9.5.25-0ubuntu0.16.04.1+esm6 libecpg-dev - 9.5.25-0ubuntu0.16.04.1+esm6 libecpg6 - 9.5.25-0ubuntu0.16.04.1+esm6 libpgtypes3 - 9.5.25-0ubuntu0.16.04.1+esm6 libpq-dev - 9.5.25-0ubuntu0.16.04.1+esm6 libpq5 - 9.5.25-0ubuntu0.16.04.1+esm6 postgresql-9.5 - 9.5.25-0ubuntu0.16.04.1+esm6 postgresql-client-9.5 - 9.5.25-0ubuntu0.16.04.1+esm6 postgresql-contrib-9.5 - 9.5.25-0ubuntu0.16.04.1+esm6 postgresql-doc-9.5 - 9.5.25-0ubuntu0.16.04.1+esm6 postgresql-plperl-9.5 - 9.5.25-0ubuntu0.16.04.1+esm6 postgresql-plpython-9.5 - 9.5.25-0ubuntu0.16.04.1+esm6 postgresql-plpython3-9.5 - 9.5.25-0ubuntu0.16.04.1+esm6 postgresql-pltcl-9.5 - 9.5.25-0ubuntu0.16.04.1+esm6 postgresql-server-dev-9.5 - 9.5.25-0ubuntu0.16.04.1+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-5869 CVE-2023-5870 Ubuntu 16.04 LTS Youssef Rebahi-Gilbert discovered that Monit did not properly process credentials for disabled accounts. An attacker could possibly use this issue to login to the platform with an expired account and a valid password. Update Instructions: Run `sudo pro fix USN-6571-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: monit - 1:5.16-2ubuntu0.2+esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-26563 Ubuntu 16.04 LTS Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-20588) It was discovered that a race condition existed in the Linux kernel when performing operations with kernel objects, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2023-45863) Update Instructions: Run `sudo pro fix USN-6577-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-aws-cloud-tools-4.4.0-1164 - 4.4.0-1164.179 linux-aws-headers-4.4.0-1164 - 4.4.0-1164.179 linux-aws-tools-4.4.0-1164 - 4.4.0-1164.179 linux-buildinfo-4.4.0-1164-aws - 4.4.0-1164.179 linux-cloud-tools-4.4.0-1164-aws - 4.4.0-1164.179 linux-headers-4.4.0-1164-aws - 4.4.0-1164.179 linux-image-4.4.0-1164-aws - 4.4.0-1164.179 linux-modules-4.4.0-1164-aws - 4.4.0-1164.179 linux-modules-extra-4.4.0-1164-aws - 4.4.0-1164.179 linux-tools-4.4.0-1164-aws - 4.4.0-1164.179 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 4.4.0.1164.168 linux-headers-aws - 4.4.0.1164.168 linux-image-aws - 4.4.0.1164.168 linux-modules-extra-aws - 4.4.0.1164.168 linux-tools-aws - 4.4.0.1164.168 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-20588 CVE-2023-45863 Ubuntu 16.04 LTS It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could trigger a use-after-free error. If a user or automated system were tricked into processing a specially crafted XML document, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6579-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxerces-c-dev - 3.1.3+debian-1ubuntu0.1~esm2 libxerces-c-doc - 3.1.3+debian-1ubuntu0.1~esm2 libxerces-c-samples - 3.1.3+debian-1ubuntu0.1~esm2 libxerces-c3.1 - 3.1.3+debian-1ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-1311 Ubuntu 16.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.7.44 in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-44.html https://www.oracle.com/security-alerts/cpuoct2023.html Update Instructions: Run `sudo pro fix USN-6583-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmysqlclient-dev - 5.7.44-0ubuntu0.16.04.1+esm1 libmysqlclient20 - 5.7.44-0ubuntu0.16.04.1+esm1 libmysqld-dev - 5.7.44-0ubuntu0.16.04.1+esm1 mysql-client - 5.7.44-0ubuntu0.16.04.1+esm1 mysql-client-5.7 - 5.7.44-0ubuntu0.16.04.1+esm1 mysql-client-core-5.7 - 5.7.44-0ubuntu0.16.04.1+esm1 mysql-common - 5.7.44-0ubuntu0.16.04.1+esm1 mysql-server - 5.7.44-0ubuntu0.16.04.1+esm1 mysql-server-5.7 - 5.7.44-0ubuntu0.16.04.1+esm1 mysql-server-core-5.7 - 5.7.44-0ubuntu0.16.04.1+esm1 mysql-source-5.7 - 5.7.44-0ubuntu0.16.04.1+esm1 mysql-testsuite - 5.7.44-0ubuntu0.16.04.1+esm1 mysql-testsuite-5.7 - 5.7.44-0ubuntu0.16.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-22028 CVE-2023-22084 Ubuntu 16.04 LTS Philipp Jeitner and Haya Shulman discovered that Libspf2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2021-20314) It was discovered that Libspf2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-33912, CVE-2021-33913) Update Instructions: Run `sudo pro fix USN-6584-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmail-spf-xs-perl - 1.2.10-6ubuntu0.1~esm1 libspf2-2 - 1.2.10-6ubuntu0.1~esm1 libspf2-dev - 1.2.10-6ubuntu0.1~esm1 spfquery - 1.2.10-6ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-20314 CVE-2021-33912 CVE-2021-33913 Ubuntu 16.04 LTS USN-6584-1 fixed several vulnerabilities in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update provides the corresponding updates for CVE-2021-33912 and CVE-2021-33913 in Ubuntu 16.04 LTS. We apologize for the inconvenience. Original advisory details: Philipp Jeitner and Haya Shulman discovered that Libspf2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2021-20314) It was discovered that Libspf2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-33912, CVE-2021-33913) Update Instructions: Run `sudo pro fix USN-6584-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmail-spf-xs-perl - 1.2.10-6ubuntu0.1~esm2 libspf2-2 - 1.2.10-6ubuntu0.1~esm2 libspf2-dev - 1.2.10-6ubuntu0.1~esm2 spfquery - 1.2.10-6ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-33912 CVE-2021-33913 Ubuntu 16.04 LTS It was discovered that FreeImage incorrectly handled certain memory operations. If a user were tricked into opening a crafted TIFF file, a remote attacker could use this issue to cause a heap buffer overflow, resulting in a denial of service attack. This issue only affected Ubuntu 16.04 LTS and Ubuntu 20.04 LTS. (CVE-2019-12211) It was discovered that FreeImage incorrectly processed images under certain circumstances. If a user were tricked into opening a crafted TIFF file, a remote attacker could possibly use this issue to cause a stack exhaustion condition, resulting in a denial of service attack. This issue only affected Ubuntu 16.04 LTS and Ubuntu 20.04 LTS. (CVE-2019-12213) It was discovered that FreeImage incorrectly processed certain images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2020-21427, CVE-2020-21428) It was discovered that FreeImage incorrectly processed certain images. If a user or automated system were tricked into opening a specially crafted PFM file, an attacker could possibly use this issue to cause a denial of service. (CVE-2020-22524) Update Instructions: Run `sudo pro fix USN-6586-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfreeimage-dev - 3.17.0+ds1-2ubuntu0.1+esm1 libfreeimage3 - 3.17.0+ds1-2ubuntu0.1+esm1 libfreeimageplus-dev - 3.17.0+ds1-2ubuntu0.1+esm1 libfreeimageplus-doc - 3.17.0+ds1-2ubuntu0.1+esm1 libfreeimageplus3 - 3.17.0+ds1-2ubuntu0.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-12211 CVE-2019-12213 CVE-2020-21427 CVE-2020-21428 CVE-2020-22524 Ubuntu 16.04 LTS USN-6587-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An attacker could possibly use this issue to cause the X Server to crash, obtain sensitive information, or execute arbitrary code. (CVE-2023-6816) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled reattaching to a different master device. An attacker could use this issue to cause the X Server to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2024-0229) Olivier Fourdan and Donn Seeley discovered that the X.Org X Server incorrectly labeled GLX PBuffers when used with SELinux. An attacker could use this issue to cause the X Server to crash, leading to a denial of service. (CVE-2024-0408) Olivier Fourdan discovered that the X.Org X Server incorrectly handled the curser code when used with SELinux. An attacker could use this issue to cause the X Server to crash, leading to a denial of service. (CVE-2024-0409) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the XISendDeviceHierarchyEvent API. An attacker could possibly use this issue to cause the X Server to crash, or execute arbitrary code. (CVE-2024-21885) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled devices being disabled. An attacker could possibly use this issue to cause the X Server to crash, or execute arbitrary code. (CVE-2024-21886) Update Instructions: Run `sudo pro fix USN-6587-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xdmx - 2:1.18.4-0ubuntu0.12+esm9 xdmx-tools - 2:1.18.4-0ubuntu0.12+esm9 xmir - 2:1.18.4-0ubuntu0.12+esm9 xnest - 2:1.18.4-0ubuntu0.12+esm9 xorg-server-source - 2:1.18.4-0ubuntu0.12+esm9 xserver-common - 2:1.18.4-0ubuntu0.12+esm9 xserver-xephyr - 2:1.18.4-0ubuntu0.12+esm9 xserver-xorg-core - 2:1.18.4-0ubuntu0.12+esm9 xserver-xorg-dev - 2:1.18.4-0ubuntu0.12+esm9 xserver-xorg-legacy - 2:1.18.4-0ubuntu0.12+esm9 xserver-xorg-xmir - 2:1.18.4-0ubuntu0.12+esm9 xvfb - 2:1.18.4-0ubuntu0.12+esm9 xwayland - 2:1.18.4-0ubuntu0.12+esm9 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-6816 CVE-2024-0229 CVE-2024-0408 CVE-2024-0409 CVE-2024-21885 CVE-2024-21886 Ubuntu 16.04 LTS USN-6587-1 fixed vulnerabilities in X.Org X Server. The fix was incomplete resulting in a possible regression. This update fixes the problem. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An attacker could possibly use this issue to cause the X Server to crash, obtain sensitive information, or execute arbitrary code. (CVE-2023-6816) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled reattaching to a different master device. An attacker could use this issue to cause the X Server to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2024-0229) Olivier Fourdan and Donn Seeley discovered that the X.Org X Server incorrectly labeled GLX PBuffers when used with SELinux. An attacker could use this issue to cause the X Server to crash, leading to a denial of service. (CVE-2024-0408) Olivier Fourdan discovered that the X.Org X Server incorrectly handled the curser code when used with SELinux. An attacker could use this issue to cause the X Server to crash, leading to a denial of service. (CVE-2024-0409) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the XISendDeviceHierarchyEvent API. An attacker could possibly use this issue to cause the X Server to crash, or execute arbitrary code. (CVE-2024-21885) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled devices being disabled. An attacker could possibly use this issue to cause the X Server to crash, or execute arbitrary code. (CVE-2024-21886) Update Instructions: Run `sudo pro fix USN-6587-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xdmx - 2:1.18.4-0ubuntu0.12+esm10 xdmx-tools - 2:1.18.4-0ubuntu0.12+esm10 xmir - 2:1.18.4-0ubuntu0.12+esm10 xnest - 2:1.18.4-0ubuntu0.12+esm10 xorg-server-source - 2:1.18.4-0ubuntu0.12+esm10 xserver-common - 2:1.18.4-0ubuntu0.12+esm10 xserver-xephyr - 2:1.18.4-0ubuntu0.12+esm10 xserver-xorg-core - 2:1.18.4-0ubuntu0.12+esm10 xserver-xorg-dev - 2:1.18.4-0ubuntu0.12+esm10 xserver-xorg-legacy - 2:1.18.4-0ubuntu0.12+esm10 xserver-xorg-xmir - 2:1.18.4-0ubuntu0.12+esm10 xvfb - 2:1.18.4-0ubuntu0.12+esm10 xwayland - 2:1.18.4-0ubuntu0.12+esm10 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/2051536 Ubuntu 16.04 LTS USN-6588-1 fixed a vulnerability in PAM. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: Matthias Gerstner discovered that the PAM pam_namespace module incorrectly handled special files when performing directory checks. A local attacker could possibly use this issue to cause PAM to stop responding, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6588-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpam-cracklib - 1.1.8-3.2ubuntu2.3+esm5 libpam-doc - 1.1.8-3.2ubuntu2.3+esm5 libpam-modules - 1.1.8-3.2ubuntu2.3+esm5 libpam-modules-bin - 1.1.8-3.2ubuntu2.3+esm5 libpam-runtime - 1.1.8-3.2ubuntu2.3+esm5 libpam0g - 1.1.8-3.2ubuntu2.3+esm5 libpam0g-dev - 1.1.8-3.2ubuntu2.3+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2024-22365 Ubuntu 16.04 LTS It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could trigger a use-after-free error. If a user or automated system were tricked into processing a specially crafted XML document, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2018-1311) It was discovered that Xerces-C++ was not properly performing bounds checks when processing XML Schema Definition files, which could lead to an out-of-bounds access via an HTTP request. If a user or automated system were tricked into processing a specially crafted XSD file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-37536) Update Instructions: Run `sudo pro fix USN-6590-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxerces-c-dev - 3.1.3+debian-1ubuntu0.1~esm3 libxerces-c-doc - 3.1.3+debian-1ubuntu0.1~esm3 libxerces-c-samples - 3.1.3+debian-1ubuntu0.1~esm3 libxerces-c3.1 - 3.1.3+debian-1ubuntu0.1~esm3 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-1311 CVE-2023-37536 Ubuntu 16.04 LTS Timo Longin discovered that Postfix incorrectly handled certain email line endings. A remote attacker could possibly use this issue to bypass an email authentication mechanism, allowing domain spoofing and potential spamming. Please note that certain configuration changes are required to address this issue. They are not enabled by default for backward compatibility. Information can be found at https://www.postfix.org/smtp-smuggling.html. Update Instructions: Run `sudo pro fix USN-6591-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postfix - 3.1.0-3ubuntu0.4+esm2 postfix-cdb - 3.1.0-3ubuntu0.4+esm2 postfix-dev - 3.1.0-3ubuntu0.4+esm2 postfix-doc - 3.1.0-3ubuntu0.4+esm2 postfix-ldap - 3.1.0-3ubuntu0.4+esm2 postfix-mysql - 3.1.0-3ubuntu0.4+esm2 postfix-pcre - 3.1.0-3ubuntu0.4+esm2 postfix-pgsql - 3.1.0-3ubuntu0.4+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-51764 https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/2049337 Ubuntu 16.04 LTS USN-6591-1 fixed vulnerabilities in Postfix. A fix with less risk of regression has been made available since the last update. This update updates the fix and aligns with the latest configuration guidelines regarding this vulnerability. We apologize for the inconvenience. Original advisory details: Timo Longin discovered that Postfix incorrectly handled certain email line endings. A remote attacker could possibly use this issue to bypass an email authentication mechanism, allowing domain spoofing and potential spamming. Please note that certain configuration changes are required to address this issue. They are not enabled by default for backward compatibility. Information can be found at https://www.postfix.org/smtp-smuggling.html. Update Instructions: Run `sudo pro fix USN-6591-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postfix - 3.1.0-3ubuntu0.4+esm3 postfix-cdb - 3.1.0-3ubuntu0.4+esm3 postfix-dev - 3.1.0-3ubuntu0.4+esm3 postfix-doc - 3.1.0-3ubuntu0.4+esm3 postfix-ldap - 3.1.0-3ubuntu0.4+esm3 postfix-mysql - 3.1.0-3ubuntu0.4+esm3 postfix-pcre - 3.1.0-3ubuntu0.4+esm3 postfix-pgsql - 3.1.0-3ubuntu0.4+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-51764 https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/2049337 https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/2050834 Ubuntu 16.04 LTS USN-6592-1 fixed vulnerabilities in libssh. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that libssh incorrectly handled the ProxyCommand and the ProxyJump features. A remote attacker could possibly use this issue to inject malicious code into the command of the features mentioned through the hostname parameter. (CVE-2023-6004) It was discovered that libssh incorrectly handled return codes when performing message digest operations. A remote attacker could possibly use this issue to cause libssh to crash, obtain sensitive information, or execute arbitrary code. (CVE-2023-6918) Update Instructions: Run `sudo pro fix USN-6592-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssh-4 - 0.6.3-4.3ubuntu0.6+esm1 libssh-dev - 0.6.3-4.3ubuntu0.6+esm1 libssh-doc - 0.6.3-4.3ubuntu0.6+esm1 libssh-gcrypt-4 - 0.6.3-4.3ubuntu0.6+esm1 libssh-gcrypt-dev - 0.6.3-4.3ubuntu0.6+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-6004 CVE-2023-6918 Ubuntu 16.04 LTS It was discovered that Apache::Session::LDAP incorrectly handled invalid X.509 certificates. If a user or an automated system were tricked into opening a specially crafted invalid X.509 certificate, a remote attacker could possibly use this issue to perform spoofing and obtain sensitive information. Update Instructions: Run `sudo pro fix USN-6596-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache-session-ldap-perl - 0.4-1ubuntu0.16.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-36658 Ubuntu 16.04 LTS Yeting Li discovered that Jinja incorrectly handled certain regex. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2020-28493) It was discovered that Jinja incorrectly handled certain HTML passed with xmlatter filter. An attacker could inject arbitrary HTML attributes keys and values potentially leading to XSS. (CVE-2024-22195) Update Instructions: Run `sudo pro fix USN-6599-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-jinja2 - 2.8-1ubuntu0.1+esm2 python-jinja2-doc - 2.8-1ubuntu0.1+esm2 python3-jinja2 - 2.8-1ubuntu0.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-28493 CVE-2024-22195 Ubuntu 16.04 LTS Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-20588) It was discovered that a race condition existed in the Linux kernel when performing operations with kernel objects, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2023-45863) It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-6606) Budimir Markovic, Lucas De Marchi, and Pengfei Xu discovered that the perf subsystem in the Linux kernel did not properly validate all event sizes when attaching new events, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-6931) It was discovered that the IGMP protocol implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-6932) Update Instructions: Run `sudo pro fix USN-6602-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.4.0-1128-kvm - 4.4.0-1128.138 linux-cloud-tools-4.4.0-1128-kvm - 4.4.0-1128.138 linux-headers-4.4.0-1128-kvm - 4.4.0-1128.138 linux-image-4.4.0-1128-kvm - 4.4.0-1128.138 linux-kvm-cloud-tools-4.4.0-1128 - 4.4.0-1128.138 linux-kvm-headers-4.4.0-1128 - 4.4.0-1128.138 linux-kvm-tools-4.4.0-1128 - 4.4.0-1128.138 linux-modules-4.4.0-1128-kvm - 4.4.0-1128.138 linux-tools-4.4.0-1128-kvm - 4.4.0-1128.138 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.4.0-250-generic - 4.4.0-250.284 linux-buildinfo-4.4.0-250-lowlatency - 4.4.0-250.284 linux-cloud-tools-4.4.0-250 - 4.4.0-250.284 linux-cloud-tools-4.4.0-250-generic - 4.4.0-250.284 linux-cloud-tools-4.4.0-250-lowlatency - 4.4.0-250.284 linux-cloud-tools-common - 4.4.0-250.284 linux-doc - 4.4.0-250.284 linux-headers-4.4.0-250 - 4.4.0-250.284 linux-headers-4.4.0-250-generic - 4.4.0-250.284 linux-headers-4.4.0-250-lowlatency - 4.4.0-250.284 linux-image-4.4.0-250-generic - 4.4.0-250.284 linux-image-4.4.0-250-lowlatency - 4.4.0-250.284 linux-image-unsigned-4.4.0-250-generic - 4.4.0-250.284 linux-image-unsigned-4.4.0-250-lowlatency - 4.4.0-250.284 linux-libc-dev - 4.4.0-250.284 linux-modules-4.4.0-250-generic - 4.4.0-250.284 linux-modules-4.4.0-250-lowlatency - 4.4.0-250.284 linux-modules-extra-4.4.0-250-generic - 4.4.0-250.284 linux-source-4.4.0 - 4.4.0-250.284 linux-tools-4.4.0-250 - 4.4.0-250.284 linux-tools-4.4.0-250-generic - 4.4.0-250.284 linux-tools-4.4.0-250-lowlatency - 4.4.0-250.284 linux-tools-common - 4.4.0-250.284 linux-tools-host - 4.4.0-250.284 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-kvm - 4.4.0.1128.125 linux-image-kvm - 4.4.0.1128.125 linux-kvm - 4.4.0.1128.125 linux-tools-kvm - 4.4.0.1128.125 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic - 4.4.0.250.256 linux-cloud-tools-generic-lts-utopic - 4.4.0.250.256 linux-cloud-tools-generic-lts-vivid - 4.4.0.250.256 linux-cloud-tools-generic-lts-wily - 4.4.0.250.256 linux-cloud-tools-generic-lts-xenial - 4.4.0.250.256 linux-cloud-tools-lowlatency - 4.4.0.250.256 linux-cloud-tools-lowlatency-lts-utopic - 4.4.0.250.256 linux-cloud-tools-lowlatency-lts-vivid - 4.4.0.250.256 linux-cloud-tools-lowlatency-lts-wily - 4.4.0.250.256 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.250.256 linux-cloud-tools-virtual - 4.4.0.250.256 linux-cloud-tools-virtual-lts-utopic - 4.4.0.250.256 linux-cloud-tools-virtual-lts-vivid - 4.4.0.250.256 linux-cloud-tools-virtual-lts-wily - 4.4.0.250.256 linux-cloud-tools-virtual-lts-xenial - 4.4.0.250.256 linux-crashdump - 4.4.0.250.256 linux-generic - 4.4.0.250.256 linux-generic-lts-utopic - 4.4.0.250.256 linux-generic-lts-vivid - 4.4.0.250.256 linux-generic-lts-wily - 4.4.0.250.256 linux-generic-lts-xenial - 4.4.0.250.256 linux-headers-generic - 4.4.0.250.256 linux-headers-generic-lts-utopic - 4.4.0.250.256 linux-headers-generic-lts-vivid - 4.4.0.250.256 linux-headers-generic-lts-wily - 4.4.0.250.256 linux-headers-generic-lts-xenial - 4.4.0.250.256 linux-headers-lowlatency - 4.4.0.250.256 linux-headers-lowlatency-lts-utopic - 4.4.0.250.256 linux-headers-lowlatency-lts-vivid - 4.4.0.250.256 linux-headers-lowlatency-lts-wily - 4.4.0.250.256 linux-headers-lowlatency-lts-xenial - 4.4.0.250.256 linux-headers-virtual - 4.4.0.250.256 linux-headers-virtual-lts-utopic - 4.4.0.250.256 linux-headers-virtual-lts-vivid - 4.4.0.250.256 linux-headers-virtual-lts-wily - 4.4.0.250.256 linux-headers-virtual-lts-xenial - 4.4.0.250.256 linux-hwe-generic-trusty - 4.4.0.250.256 linux-hwe-virtual-trusty - 4.4.0.250.256 linux-image-extra-virtual - 4.4.0.250.256 linux-image-extra-virtual-lts-utopic - 4.4.0.250.256 linux-image-extra-virtual-lts-vivid - 4.4.0.250.256 linux-image-extra-virtual-lts-wily - 4.4.0.250.256 linux-image-extra-virtual-lts-xenial - 4.4.0.250.256 linux-image-generic - 4.4.0.250.256 linux-image-generic-lts-utopic - 4.4.0.250.256 linux-image-generic-lts-vivid - 4.4.0.250.256 linux-image-generic-lts-wily - 4.4.0.250.256 linux-image-generic-lts-xenial - 4.4.0.250.256 linux-image-hwe-generic-trusty - 4.4.0.250.256 linux-image-hwe-virtual-trusty - 4.4.0.250.256 linux-image-lowlatency - 4.4.0.250.256 linux-image-lowlatency-lts-utopic - 4.4.0.250.256 linux-image-lowlatency-lts-vivid - 4.4.0.250.256 linux-image-lowlatency-lts-wily - 4.4.0.250.256 linux-image-lowlatency-lts-xenial - 4.4.0.250.256 linux-image-virtual - 4.4.0.250.256 linux-image-virtual-lts-utopic - 4.4.0.250.256 linux-image-virtual-lts-vivid - 4.4.0.250.256 linux-image-virtual-lts-wily - 4.4.0.250.256 linux-image-virtual-lts-xenial - 4.4.0.250.256 linux-lowlatency - 4.4.0.250.256 linux-lowlatency-lts-utopic - 4.4.0.250.256 linux-lowlatency-lts-vivid - 4.4.0.250.256 linux-lowlatency-lts-wily - 4.4.0.250.256 linux-lowlatency-lts-xenial - 4.4.0.250.256 linux-signed-generic - 4.4.0.250.256 linux-signed-generic-lts-utopic - 4.4.0.250.256 linux-signed-generic-lts-vivid - 4.4.0.250.256 linux-signed-generic-lts-wily - 4.4.0.250.256 linux-signed-generic-lts-xenial - 4.4.0.250.256 linux-signed-image-generic - 4.4.0.250.256 linux-signed-image-generic-lts-utopic - 4.4.0.250.256 linux-signed-image-generic-lts-vivid - 4.4.0.250.256 linux-signed-image-generic-lts-wily - 4.4.0.250.256 linux-signed-image-generic-lts-xenial - 4.4.0.250.256 linux-signed-image-lowlatency - 4.4.0.250.256 linux-signed-image-lowlatency-lts-wily - 4.4.0.250.256 linux-signed-image-lowlatency-lts-xenial - 4.4.0.250.256 linux-signed-lowlatency - 4.4.0.250.256 linux-signed-lowlatency-lts-wily - 4.4.0.250.256 linux-signed-lowlatency-lts-xenial - 4.4.0.250.256 linux-source - 4.4.0.250.256 linux-tools-generic - 4.4.0.250.256 linux-tools-generic-lts-utopic - 4.4.0.250.256 linux-tools-generic-lts-vivid - 4.4.0.250.256 linux-tools-generic-lts-wily - 4.4.0.250.256 linux-tools-generic-lts-xenial - 4.4.0.250.256 linux-tools-lowlatency - 4.4.0.250.256 linux-tools-lowlatency-lts-utopic - 4.4.0.250.256 linux-tools-lowlatency-lts-vivid - 4.4.0.250.256 linux-tools-lowlatency-lts-wily - 4.4.0.250.256 linux-tools-lowlatency-lts-xenial - 4.4.0.250.256 linux-tools-lts-utopic - 4.4.0.250.256 linux-tools-virtual - 4.4.0.250.256 linux-tools-virtual-lts-utopic - 4.4.0.250.256 linux-tools-virtual-lts-vivid - 4.4.0.250.256 linux-tools-virtual-lts-wily - 4.4.0.250.256 linux-tools-virtual-lts-xenial - 4.4.0.250.256 linux-virtual - 4.4.0.250.256 linux-virtual-lts-utopic - 4.4.0.250.256 linux-virtual-lts-vivid - 4.4.0.250.256 linux-virtual-lts-wily - 4.4.0.250.256 linux-virtual-lts-xenial - 4.4.0.250.256 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-20588 CVE-2023-45863 CVE-2023-6606 CVE-2023-6931 CVE-2023-6932 Ubuntu 16.04 LTS It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-6606) Budimir Markovic, Lucas De Marchi, and Pengfei Xu discovered that the perf subsystem in the Linux kernel did not properly validate all event sizes when attaching new events, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-6931) It was discovered that the IGMP protocol implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-6932) Update Instructions: Run `sudo pro fix USN-6603-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-aws-cloud-tools-4.4.0-1165 - 4.4.0-1165.180 linux-aws-headers-4.4.0-1165 - 4.4.0-1165.180 linux-aws-tools-4.4.0-1165 - 4.4.0-1165.180 linux-buildinfo-4.4.0-1165-aws - 4.4.0-1165.180 linux-cloud-tools-4.4.0-1165-aws - 4.4.0-1165.180 linux-headers-4.4.0-1165-aws - 4.4.0-1165.180 linux-image-4.4.0-1165-aws - 4.4.0-1165.180 linux-modules-4.4.0-1165-aws - 4.4.0-1165.180 linux-modules-extra-4.4.0-1165-aws - 4.4.0-1165.180 linux-tools-4.4.0-1165-aws - 4.4.0-1165.180 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 4.4.0.1165.169 linux-headers-aws - 4.4.0.1165.169 linux-image-aws - 4.4.0.1165.169 linux-modules-extra-aws - 4.4.0.1165.169 linux-tools-aws - 4.4.0.1165.169 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-6606 CVE-2023-6931 CVE-2023-6932 Ubuntu 16.04 LTS It was discovered that the ASUS HID driver in the Linux kernel did not properly handle device removal, leading to a use-after-free vulnerability. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (system crash). (CVE-2023-1079) Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-20588) It was discovered that a race condition existed in the Linux kernel when performing operations with kernel objects, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2023-45863) It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-6606) Budimir Markovic, Lucas De Marchi, and Pengfei Xu discovered that the perf subsystem in the Linux kernel did not properly validate all event sizes when attaching new events, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-6931) It was discovered that the IGMP protocol implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-6932) Update Instructions: Run `sudo pro fix USN-6604-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1127-oracle - 4.15.0-1127.138~16.04.1 linux-headers-4.15.0-1127-oracle - 4.15.0-1127.138~16.04.1 linux-image-4.15.0-1127-oracle - 4.15.0-1127.138~16.04.1 linux-image-unsigned-4.15.0-1127-oracle - 4.15.0-1127.138~16.04.1 linux-modules-4.15.0-1127-oracle - 4.15.0-1127.138~16.04.1 linux-modules-extra-4.15.0-1127-oracle - 4.15.0-1127.138~16.04.1 linux-oracle-headers-4.15.0-1127 - 4.15.0-1127.138~16.04.1 linux-oracle-tools-4.15.0-1127 - 4.15.0-1127.138~16.04.1 linux-tools-4.15.0-1127-oracle - 4.15.0-1127.138~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-1158-gcp - 4.15.0-1158.175~16.04.1 linux-gcp-headers-4.15.0-1158 - 4.15.0-1158.175~16.04.1 linux-gcp-tools-4.15.0-1158 - 4.15.0-1158.175~16.04.1 linux-headers-4.15.0-1158-gcp - 4.15.0-1158.175~16.04.1 linux-image-4.15.0-1158-gcp - 4.15.0-1158.175~16.04.1 linux-image-unsigned-4.15.0-1158-gcp - 4.15.0-1158.175~16.04.1 linux-modules-4.15.0-1158-gcp - 4.15.0-1158.175~16.04.1 linux-modules-extra-4.15.0-1158-gcp - 4.15.0-1158.175~16.04.1 linux-tools-4.15.0-1158-gcp - 4.15.0-1158.175~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-headers-4.15.0-1164 - 4.15.0-1164.177~16.04.1 linux-aws-hwe-cloud-tools-4.15.0-1164 - 4.15.0-1164.177~16.04.1 linux-aws-hwe-tools-4.15.0-1164 - 4.15.0-1164.177~16.04.1 linux-buildinfo-4.15.0-1164-aws - 4.15.0-1164.177~16.04.1 linux-cloud-tools-4.15.0-1164-aws - 4.15.0-1164.177~16.04.1 linux-headers-4.15.0-1164-aws - 4.15.0-1164.177~16.04.1 linux-image-4.15.0-1164-aws - 4.15.0-1164.177~16.04.1 linux-image-unsigned-4.15.0-1164-aws - 4.15.0-1164.177~16.04.1 linux-modules-4.15.0-1164-aws - 4.15.0-1164.177~16.04.1 linux-modules-extra-4.15.0-1164-aws - 4.15.0-1164.177~16.04.1 linux-tools-4.15.0-1164-aws - 4.15.0-1164.177~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-221-generic - 4.15.0-221.232~16.04.1 linux-buildinfo-4.15.0-221-lowlatency - 4.15.0-221.232~16.04.1 linux-cloud-tools-4.15.0-221-generic - 4.15.0-221.232~16.04.1 linux-cloud-tools-4.15.0-221-lowlatency - 4.15.0-221.232~16.04.1 linux-headers-4.15.0-221 - 4.15.0-221.232~16.04.1 linux-headers-4.15.0-221-generic - 4.15.0-221.232~16.04.1 linux-headers-4.15.0-221-lowlatency - 4.15.0-221.232~16.04.1 linux-hwe-cloud-tools-4.15.0-221 - 4.15.0-221.232~16.04.1 linux-hwe-tools-4.15.0-221 - 4.15.0-221.232~16.04.1 linux-image-4.15.0-221-generic - 4.15.0-221.232~16.04.1 linux-image-4.15.0-221-lowlatency - 4.15.0-221.232~16.04.1 linux-image-unsigned-4.15.0-221-generic - 4.15.0-221.232~16.04.1 linux-image-unsigned-4.15.0-221-lowlatency - 4.15.0-221.232~16.04.1 linux-modules-4.15.0-221-generic - 4.15.0-221.232~16.04.1 linux-modules-4.15.0-221-lowlatency - 4.15.0-221.232~16.04.1 linux-modules-extra-4.15.0-221-generic - 4.15.0-221.232~16.04.1 linux-source-4.15.0 - 4.15.0-221.232~16.04.1 linux-tools-4.15.0-221-generic - 4.15.0-221.232~16.04.1 linux-tools-4.15.0-221-lowlatency - 4.15.0-221.232~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 4.15.0.1127.108 linux-image-oracle - 4.15.0.1127.108 linux-oracle - 4.15.0.1127.108 linux-signed-image-oracle - 4.15.0.1127.108 linux-signed-oracle - 4.15.0.1127.108 linux-tools-oracle - 4.15.0.1127.108 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp - 4.15.0.1158.148 linux-gke - 4.15.0.1158.148 linux-headers-gcp - 4.15.0.1158.148 linux-headers-gke - 4.15.0.1158.148 linux-image-gcp - 4.15.0.1158.148 linux-image-gke - 4.15.0.1158.148 linux-modules-extra-gcp - 4.15.0.1158.148 linux-modules-extra-gke - 4.15.0.1158.148 linux-tools-gcp - 4.15.0.1158.148 linux-tools-gke - 4.15.0.1158.148 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-edge - 4.15.0.1164.147 linux-aws-hwe - 4.15.0.1164.147 linux-headers-aws-hwe - 4.15.0.1164.147 linux-image-aws-hwe - 4.15.0.1164.147 linux-modules-extra-aws-hwe - 4.15.0.1164.147 linux-tools-aws-hwe - 4.15.0.1164.147 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-hwe-16.04 - 4.15.0.221.5 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.221.5 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.221.5 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.221.5 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.221.5 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.221.5 linux-generic-hwe-16.04 - 4.15.0.221.5 linux-generic-hwe-16.04-edge - 4.15.0.221.5 linux-headers-generic-hwe-16.04 - 4.15.0.221.5 linux-headers-generic-hwe-16.04-edge - 4.15.0.221.5 linux-headers-lowlatency-hwe-16.04 - 4.15.0.221.5 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.221.5 linux-headers-oem - 4.15.0.221.5 linux-headers-virtual-hwe-16.04 - 4.15.0.221.5 linux-headers-virtual-hwe-16.04-edge - 4.15.0.221.5 linux-image-extra-virtual-hwe-16.04 - 4.15.0.221.5 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.221.5 linux-image-generic-hwe-16.04 - 4.15.0.221.5 linux-image-generic-hwe-16.04-edge - 4.15.0.221.5 linux-image-lowlatency-hwe-16.04 - 4.15.0.221.5 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.221.5 linux-image-oem - 4.15.0.221.5 linux-image-virtual-hwe-16.04 - 4.15.0.221.5 linux-image-virtual-hwe-16.04-edge - 4.15.0.221.5 linux-lowlatency-hwe-16.04 - 4.15.0.221.5 linux-lowlatency-hwe-16.04-edge - 4.15.0.221.5 linux-oem - 4.15.0.221.5 linux-signed-generic-hwe-16.04 - 4.15.0.221.5 linux-signed-generic-hwe-16.04-edge - 4.15.0.221.5 linux-signed-image-generic-hwe-16.04 - 4.15.0.221.5 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.221.5 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.221.5 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.221.5 linux-signed-image-oem - 4.15.0.221.5 linux-signed-lowlatency-hwe-16.04 - 4.15.0.221.5 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.221.5 linux-signed-oem - 4.15.0.221.5 linux-tools-generic-hwe-16.04 - 4.15.0.221.5 linux-tools-generic-hwe-16.04-edge - 4.15.0.221.5 linux-tools-lowlatency-hwe-16.04 - 4.15.0.221.5 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.221.5 linux-tools-oem - 4.15.0.221.5 linux-tools-virtual-hwe-16.04 - 4.15.0.221.5 linux-tools-virtual-hwe-16.04-edge - 4.15.0.221.5 linux-virtual-hwe-16.04 - 4.15.0.221.5 linux-virtual-hwe-16.04-edge - 4.15.0.221.5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-1079 CVE-2023-20588 CVE-2023-45863 CVE-2023-6606 CVE-2023-6931 CVE-2023-6932 Ubuntu 16.04 LTS It was discovered that the ASUS HID driver in the Linux kernel did not properly handle device removal, leading to a use-after-free vulnerability. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (system crash). (CVE-2023-1079) Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-20588) It was discovered that a race condition existed in the Linux kernel when performing operations with kernel objects, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2023-45863) It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-6606) Budimir Markovic, Lucas De Marchi, and Pengfei Xu discovered that the perf subsystem in the Linux kernel did not properly validate all event sizes when attaching new events, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-6931) It was discovered that the IGMP protocol implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-6932) Update Instructions: Run `sudo pro fix USN-6604-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-azure-cloud-tools-4.15.0-1173 - 4.15.0-1173.188~16.04.1 linux-azure-headers-4.15.0-1173 - 4.15.0-1173.188~16.04.1 linux-azure-tools-4.15.0-1173 - 4.15.0-1173.188~16.04.1 linux-buildinfo-4.15.0-1173-azure - 4.15.0-1173.188~16.04.1 linux-cloud-tools-4.15.0-1173-azure - 4.15.0-1173.188~16.04.1 linux-headers-4.15.0-1173-azure - 4.15.0-1173.188~16.04.1 linux-image-4.15.0-1173-azure - 4.15.0-1173.188~16.04.1 linux-image-unsigned-4.15.0-1173-azure - 4.15.0-1173.188~16.04.1 linux-modules-4.15.0-1173-azure - 4.15.0-1173.188~16.04.1 linux-modules-extra-4.15.0-1173-azure - 4.15.0-1173.188~16.04.1 linux-tools-4.15.0-1173-azure - 4.15.0-1173.188~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 4.15.0.1173.157 linux-azure-edge - 4.15.0.1173.157 linux-cloud-tools-azure - 4.15.0.1173.157 linux-cloud-tools-azure-edge - 4.15.0.1173.157 linux-headers-azure - 4.15.0.1173.157 linux-headers-azure-edge - 4.15.0.1173.157 linux-image-azure - 4.15.0.1173.157 linux-image-azure-edge - 4.15.0.1173.157 linux-modules-extra-azure - 4.15.0.1173.157 linux-modules-extra-azure-edge - 4.15.0.1173.157 linux-signed-azure - 4.15.0.1173.157 linux-signed-azure-edge - 4.15.0.1173.157 linux-signed-image-azure - 4.15.0.1173.157 linux-signed-image-azure-edge - 4.15.0.1173.157 linux-tools-azure - 4.15.0.1173.157 linux-tools-azure-edge - 4.15.0.1173.157 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-1079 CVE-2023-20588 CVE-2023-45863 CVE-2023-6606 CVE-2023-6931 CVE-2023-6932 Ubuntu 16.04 LTS It was discovered that Exim incorrectly handled certain requests. A remote attacker could possibly use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. Update Instructions: Run `sudo pro fix USN-6611-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exim4 - 4.86.2-2ubuntu2.6+esm6 exim4-base - 4.86.2-2ubuntu2.6+esm6 exim4-config - 4.86.2-2ubuntu2.6+esm6 exim4-daemon-heavy - 4.86.2-2ubuntu2.6+esm6 exim4-daemon-light - 4.86.2-2ubuntu2.6+esm6 exim4-dev - 4.86.2-2ubuntu2.6+esm6 eximon4 - 4.86.2-2ubuntu2.6+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-51766 Ubuntu 16.04 LTS It was discovered that TinyXML incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted XML file, a remote attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6612-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtinyxml-dev - 2.6.2-3ubuntu0.1~esm2 libtinyxml-doc - 2.6.2-3ubuntu0.1~esm2 libtinyxml2.6.2v5 - 2.6.2-3ubuntu0.1~esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-34194 Ubuntu 16.04 LTS Lucas Henry discovered that Ceph incorrectly handled specially crafted POST requests. An uprivileged user could use this to bypass Ceph's authorization checks and upload a file to any bucket. Update Instructions: Run `sudo pro fix USN-6613-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ceph - 10.2.11-0ubuntu0.16.04.3+esm1 ceph-common - 10.2.11-0ubuntu0.16.04.3+esm1 ceph-fs-common - 10.2.11-0ubuntu0.16.04.3+esm1 ceph-fuse - 10.2.11-0ubuntu0.16.04.3+esm1 ceph-mds - 10.2.11-0ubuntu0.16.04.3+esm1 ceph-resource-agents - 10.2.11-0ubuntu0.16.04.3+esm1 ceph-test - 10.2.11-0ubuntu0.16.04.3+esm1 libcephfs-dev - 10.2.11-0ubuntu0.16.04.3+esm1 libcephfs-java - 10.2.11-0ubuntu0.16.04.3+esm1 libcephfs-jni - 10.2.11-0ubuntu0.16.04.3+esm1 libcephfs1 - 10.2.11-0ubuntu0.16.04.3+esm1 librados-dev - 10.2.11-0ubuntu0.16.04.3+esm1 librados2 - 10.2.11-0ubuntu0.16.04.3+esm1 libradosstriper-dev - 10.2.11-0ubuntu0.16.04.3+esm1 libradosstriper1 - 10.2.11-0ubuntu0.16.04.3+esm1 librbd-dev - 10.2.11-0ubuntu0.16.04.3+esm1 librbd1 - 10.2.11-0ubuntu0.16.04.3+esm1 librgw-dev - 10.2.11-0ubuntu0.16.04.3+esm1 librgw2 - 10.2.11-0ubuntu0.16.04.3+esm1 python-ceph - 10.2.11-0ubuntu0.16.04.3+esm1 python-cephfs - 10.2.11-0ubuntu0.16.04.3+esm1 python-rados - 10.2.11-0ubuntu0.16.04.3+esm1 python-rbd - 10.2.11-0ubuntu0.16.04.3+esm1 radosgw - 10.2.11-0ubuntu0.16.04.3+esm1 rbd-fuse - 10.2.11-0ubuntu0.16.04.3+esm1 rbd-mirror - 10.2.11-0ubuntu0.16.04.3+esm1 rbd-nbd - 10.2.11-0ubuntu0.16.04.3+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-43040 Ubuntu 16.04 LTS It was discovered that libde265 could be made to write out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-21594) It was discovered that libde265 could be made to write out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2020-21595, CVE-2020-21596, CVE-2020-21599, CVE-2020-21600, CVE-2020-21601, CVE-2020-21602, CVE-2020-21603, CVE-2020-21604, CVE-2020-21605) It was discovered that libde265 did not properly manage memory. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-21597, CVE-2020-21598, CVE-2020-21606, CVE-2021-36408) Update Instructions: Run `sudo pro fix USN-6617-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libde265-0 - 1.0.2-2ubuntu0.16.04.1~esm1 libde265-dev - 1.0.2-2ubuntu0.16.04.1~esm1 libde265-examples - 1.0.2-2ubuntu0.16.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-21594 CVE-2020-21595 CVE-2020-21596 CVE-2020-21597 CVE-2020-21598 CVE-2020-21599 CVE-2020-21600 CVE-2020-21601 CVE-2020-21602 CVE-2020-21603 CVE-2020-21604 CVE-2020-21605 CVE-2020-21606 CVE-2021-36408 Ubuntu 16.04 LTS It was discovered that ImageMagick incorrectly handled certain values when processing BMP files. An attacker could exploit this to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6621-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick - 8:6.8.9.9-7ubuntu5.16+esm10 imagemagick-6.q16 - 8:6.8.9.9-7ubuntu5.16+esm10 imagemagick-common - 8:6.8.9.9-7ubuntu5.16+esm10 imagemagick-doc - 8:6.8.9.9-7ubuntu5.16+esm10 libimage-magick-perl - 8:6.8.9.9-7ubuntu5.16+esm10 libimage-magick-q16-perl - 8:6.8.9.9-7ubuntu5.16+esm10 libmagick++-6-headers - 8:6.8.9.9-7ubuntu5.16+esm10 libmagick++-6.q16-5v5 - 8:6.8.9.9-7ubuntu5.16+esm10 libmagick++-6.q16-dev - 8:6.8.9.9-7ubuntu5.16+esm10 libmagick++-dev - 8:6.8.9.9-7ubuntu5.16+esm10 libmagickcore-6-arch-config - 8:6.8.9.9-7ubuntu5.16+esm10 libmagickcore-6-headers - 8:6.8.9.9-7ubuntu5.16+esm10 libmagickcore-6.q16-2 - 8:6.8.9.9-7ubuntu5.16+esm10 libmagickcore-6.q16-2-extra - 8:6.8.9.9-7ubuntu5.16+esm10 libmagickcore-6.q16-dev - 8:6.8.9.9-7ubuntu5.16+esm10 libmagickcore-dev - 8:6.8.9.9-7ubuntu5.16+esm10 libmagickwand-6-headers - 8:6.8.9.9-7ubuntu5.16+esm10 libmagickwand-6.q16-2 - 8:6.8.9.9-7ubuntu5.16+esm10 libmagickwand-6.q16-dev - 8:6.8.9.9-7ubuntu5.16+esm10 libmagickwand-dev - 8:6.8.9.9-7ubuntu5.16+esm10 perlmagick - 8:6.8.9.9-7ubuntu5.16+esm10 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-5341 Ubuntu 16.04 LTS It was discovered that libde265 could be made to read out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. (CVE-2021-35452, CVE-2021-36411, CVE-2022-43238, CVE-2022-43241, CVE-2022-43242) It was discovered that libde265 did not properly manage memory. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2021-36408) It was discovered that libde265 contained a logical error. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. (CVE-2021-36409) It was discovered that libde265 could be made to write out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2021-36410, CVE-2022-43235, CVE-2022-43236, CVE-2022-43237, CVE-2022-43239, CVE-2022-43240, CVE-2022-43243, CVE-2022-43248, CVE-2022-43252, CVE-2022-43253) It was discovered that libde265 could be made to write out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-1253) Update Instructions: Run `sudo pro fix USN-6627-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libde265-0 - 1.0.2-2ubuntu0.16.04.1~esm2 libde265-dev - 1.0.2-2ubuntu0.16.04.1~esm2 libde265-examples - 1.0.2-2ubuntu0.16.04.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-35452 CVE-2021-36408 CVE-2021-36409 CVE-2021-36410 CVE-2021-36411 CVE-2022-1253 CVE-2022-43235 CVE-2022-43236 CVE-2022-43237 CVE-2022-43238 CVE-2022-43239 CVE-2022-43240 CVE-2022-43241 CVE-2022-43242 CVE-2022-43243 CVE-2022-43248 CVE-2022-43252 CVE-2022-43253 Ubuntu 16.04 LTS It was discovered that UltraJSON incorrectly handled certain input with a large amount of indentation. An attacker could possibly use this issue to crash the program, resulting in a denial of service. (CVE-2021-45958) Jake Miller discovered that UltraJSON incorrectly decoded certain characters. An attacker could possibly use this issue to cause key confusion and overwrite values in dictionaries. (CVE-2022-31116) It was discovered that UltraJSON incorrectly handled an error when reallocating a buffer for string decoding. An attacker could possibly use this issue to corrupt memory. (CVE-2022-31117) Update Instructions: Run `sudo pro fix USN-6629-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-ujson - 1.33-1ubuntu0.1~esm2 python3-ujson - 1.33-1ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-45958 CVE-2022-31116 CVE-2022-31117 Ubuntu 16.04 LTS David Benjamin discovered that OpenSSL incorrectly handled excessively long X9.42 DH keys. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, leading to a denial of service. (CVE-2023-5678) Bahaa Naamneh discovered that OpenSSL incorrectly handled certain malformed PKCS12 files. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2024-0727) Update Instructions: Run `sudo pro fix USN-6632-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl-dev - 1.0.2g-1ubuntu4.20+esm11 libssl-doc - 1.0.2g-1ubuntu4.20+esm11 libssl1.0.0 - 1.0.2g-1ubuntu4.20+esm11 openssl - 1.0.2g-1ubuntu4.20+esm11 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-5678 CVE-2024-0727 Ubuntu 16.04 LTS It was discovered that shadow was not properly sanitizing memory when running the password utility. An attacker could possibly use this issue to retrieve a password from memory, exposing sensitive information. Update Instructions: Run `sudo pro fix USN-6640-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: login - 1:4.2-3.1ubuntu5.5+esm4 passwd - 1:4.2-3.1ubuntu5.5+esm4 uidmap - 1:4.2-3.1ubuntu5.5+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-4641 Ubuntu 16.04 LTS Harry Sintonen discovered that curl incorrectly handled mixed case cookie domains. A remote attacker could possibly use this issue to set cookies that get sent to different and unrelated sites and domains. Update Instructions: Run `sudo pro fix USN-6641-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: curl - 7.47.0-1ubuntu2.19+esm11 libcurl3 - 7.47.0-1ubuntu2.19+esm11 libcurl3-gnutls - 7.47.0-1ubuntu2.19+esm11 libcurl3-nss - 7.47.0-1ubuntu2.19+esm11 libcurl4-doc - 7.47.0-1ubuntu2.19+esm11 libcurl4-gnutls-dev - 7.47.0-1ubuntu2.19+esm11 libcurl4-nss-dev - 7.47.0-1ubuntu2.19+esm11 libcurl4-openssl-dev - 7.47.0-1ubuntu2.19+esm11 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-46218 Ubuntu 16.04 LTS It was discovered that LibTIFF incorrectly handled certain files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause the application to crash, resulting in a denial of service. (CVE-2023-52356) It was discovered that LibTIFF incorrectly handled certain image files with the tiffcp utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcp to crash, resulting in a denial of service. (CVE-2023-6228) It was discovered that LibTIFF incorrectly handled certain files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause the application to consume resources, resulting in a denial of service. (CVE-2023-6277) Update Instructions: Run `sudo pro fix USN-6644-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-doc - 4.0.6-1ubuntu0.8+esm15 libtiff-opengl - 4.0.6-1ubuntu0.8+esm15 libtiff-tools - 4.0.6-1ubuntu0.8+esm15 libtiff5 - 4.0.6-1ubuntu0.8+esm15 libtiff5-dev - 4.0.6-1ubuntu0.8+esm15 libtiffxx5 - 4.0.6-1ubuntu0.8+esm15 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-52356 CVE-2023-6228 CVE-2023-6277 Ubuntu 16.04 LTS It was discovered that a race condition existed in the ATM (Asynchronous Transfer Mode) subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51780) It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51782) It was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2023-7192) Update Instructions: Run `sudo pro fix USN-6646-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.4.0-1129-kvm - 4.4.0-1129.139 linux-cloud-tools-4.4.0-1129-kvm - 4.4.0-1129.139 linux-headers-4.4.0-1129-kvm - 4.4.0-1129.139 linux-image-4.4.0-1129-kvm - 4.4.0-1129.139 linux-kvm-cloud-tools-4.4.0-1129 - 4.4.0-1129.139 linux-kvm-headers-4.4.0-1129 - 4.4.0-1129.139 linux-kvm-tools-4.4.0-1129 - 4.4.0-1129.139 linux-modules-4.4.0-1129-kvm - 4.4.0-1129.139 linux-tools-4.4.0-1129-kvm - 4.4.0-1129.139 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-cloud-tools-4.4.0-1166 - 4.4.0-1166.181 linux-aws-headers-4.4.0-1166 - 4.4.0-1166.181 linux-aws-tools-4.4.0-1166 - 4.4.0-1166.181 linux-buildinfo-4.4.0-1166-aws - 4.4.0-1166.181 linux-cloud-tools-4.4.0-1166-aws - 4.4.0-1166.181 linux-headers-4.4.0-1166-aws - 4.4.0-1166.181 linux-image-4.4.0-1166-aws - 4.4.0-1166.181 linux-modules-4.4.0-1166-aws - 4.4.0-1166.181 linux-modules-extra-4.4.0-1166-aws - 4.4.0-1166.181 linux-tools-4.4.0-1166-aws - 4.4.0-1166.181 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.4.0-251-generic - 4.4.0-251.285 linux-buildinfo-4.4.0-251-lowlatency - 4.4.0-251.285 linux-cloud-tools-4.4.0-251 - 4.4.0-251.285 linux-cloud-tools-4.4.0-251-generic - 4.4.0-251.285 linux-cloud-tools-4.4.0-251-lowlatency - 4.4.0-251.285 linux-cloud-tools-common - 4.4.0-251.285 linux-doc - 4.4.0-251.285 linux-headers-4.4.0-251 - 4.4.0-251.285 linux-headers-4.4.0-251-generic - 4.4.0-251.285 linux-headers-4.4.0-251-lowlatency - 4.4.0-251.285 linux-image-4.4.0-251-generic - 4.4.0-251.285 linux-image-4.4.0-251-lowlatency - 4.4.0-251.285 linux-image-unsigned-4.4.0-251-generic - 4.4.0-251.285 linux-image-unsigned-4.4.0-251-lowlatency - 4.4.0-251.285 linux-libc-dev - 4.4.0-251.285 linux-modules-4.4.0-251-generic - 4.4.0-251.285 linux-modules-4.4.0-251-lowlatency - 4.4.0-251.285 linux-modules-extra-4.4.0-251-generic - 4.4.0-251.285 linux-source-4.4.0 - 4.4.0-251.285 linux-tools-4.4.0-251 - 4.4.0-251.285 linux-tools-4.4.0-251-generic - 4.4.0-251.285 linux-tools-4.4.0-251-lowlatency - 4.4.0-251.285 linux-tools-common - 4.4.0-251.285 linux-tools-host - 4.4.0-251.285 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-kvm - 4.4.0.1129.126 linux-image-kvm - 4.4.0.1129.126 linux-kvm - 4.4.0.1129.126 linux-tools-kvm - 4.4.0.1129.126 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 4.4.0.1166.170 linux-headers-aws - 4.4.0.1166.170 linux-image-aws - 4.4.0.1166.170 linux-modules-extra-aws - 4.4.0.1166.170 linux-tools-aws - 4.4.0.1166.170 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic - 4.4.0.251.257 linux-cloud-tools-generic-lts-utopic - 4.4.0.251.257 linux-cloud-tools-generic-lts-vivid - 4.4.0.251.257 linux-cloud-tools-generic-lts-wily - 4.4.0.251.257 linux-cloud-tools-generic-lts-xenial - 4.4.0.251.257 linux-cloud-tools-lowlatency - 4.4.0.251.257 linux-cloud-tools-lowlatency-lts-utopic - 4.4.0.251.257 linux-cloud-tools-lowlatency-lts-vivid - 4.4.0.251.257 linux-cloud-tools-lowlatency-lts-wily - 4.4.0.251.257 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.251.257 linux-cloud-tools-virtual - 4.4.0.251.257 linux-cloud-tools-virtual-lts-utopic - 4.4.0.251.257 linux-cloud-tools-virtual-lts-vivid - 4.4.0.251.257 linux-cloud-tools-virtual-lts-wily - 4.4.0.251.257 linux-cloud-tools-virtual-lts-xenial - 4.4.0.251.257 linux-crashdump - 4.4.0.251.257 linux-generic - 4.4.0.251.257 linux-generic-lts-utopic - 4.4.0.251.257 linux-generic-lts-vivid - 4.4.0.251.257 linux-generic-lts-wily - 4.4.0.251.257 linux-generic-lts-xenial - 4.4.0.251.257 linux-headers-generic - 4.4.0.251.257 linux-headers-generic-lts-utopic - 4.4.0.251.257 linux-headers-generic-lts-vivid - 4.4.0.251.257 linux-headers-generic-lts-wily - 4.4.0.251.257 linux-headers-generic-lts-xenial - 4.4.0.251.257 linux-headers-lowlatency - 4.4.0.251.257 linux-headers-lowlatency-lts-utopic - 4.4.0.251.257 linux-headers-lowlatency-lts-vivid - 4.4.0.251.257 linux-headers-lowlatency-lts-wily - 4.4.0.251.257 linux-headers-lowlatency-lts-xenial - 4.4.0.251.257 linux-headers-virtual - 4.4.0.251.257 linux-headers-virtual-lts-utopic - 4.4.0.251.257 linux-headers-virtual-lts-vivid - 4.4.0.251.257 linux-headers-virtual-lts-wily - 4.4.0.251.257 linux-headers-virtual-lts-xenial - 4.4.0.251.257 linux-hwe-generic-trusty - 4.4.0.251.257 linux-hwe-virtual-trusty - 4.4.0.251.257 linux-image-extra-virtual - 4.4.0.251.257 linux-image-extra-virtual-lts-utopic - 4.4.0.251.257 linux-image-extra-virtual-lts-vivid - 4.4.0.251.257 linux-image-extra-virtual-lts-wily - 4.4.0.251.257 linux-image-extra-virtual-lts-xenial - 4.4.0.251.257 linux-image-generic - 4.4.0.251.257 linux-image-generic-lts-utopic - 4.4.0.251.257 linux-image-generic-lts-vivid - 4.4.0.251.257 linux-image-generic-lts-wily - 4.4.0.251.257 linux-image-generic-lts-xenial - 4.4.0.251.257 linux-image-hwe-generic-trusty - 4.4.0.251.257 linux-image-hwe-virtual-trusty - 4.4.0.251.257 linux-image-lowlatency - 4.4.0.251.257 linux-image-lowlatency-lts-utopic - 4.4.0.251.257 linux-image-lowlatency-lts-vivid - 4.4.0.251.257 linux-image-lowlatency-lts-wily - 4.4.0.251.257 linux-image-lowlatency-lts-xenial - 4.4.0.251.257 linux-image-virtual - 4.4.0.251.257 linux-image-virtual-lts-utopic - 4.4.0.251.257 linux-image-virtual-lts-vivid - 4.4.0.251.257 linux-image-virtual-lts-wily - 4.4.0.251.257 linux-image-virtual-lts-xenial - 4.4.0.251.257 linux-lowlatency - 4.4.0.251.257 linux-lowlatency-lts-utopic - 4.4.0.251.257 linux-lowlatency-lts-vivid - 4.4.0.251.257 linux-lowlatency-lts-wily - 4.4.0.251.257 linux-lowlatency-lts-xenial - 4.4.0.251.257 linux-signed-generic - 4.4.0.251.257 linux-signed-generic-lts-utopic - 4.4.0.251.257 linux-signed-generic-lts-vivid - 4.4.0.251.257 linux-signed-generic-lts-wily - 4.4.0.251.257 linux-signed-generic-lts-xenial - 4.4.0.251.257 linux-signed-image-generic - 4.4.0.251.257 linux-signed-image-generic-lts-utopic - 4.4.0.251.257 linux-signed-image-generic-lts-vivid - 4.4.0.251.257 linux-signed-image-generic-lts-wily - 4.4.0.251.257 linux-signed-image-generic-lts-xenial - 4.4.0.251.257 linux-signed-image-lowlatency - 4.4.0.251.257 linux-signed-image-lowlatency-lts-wily - 4.4.0.251.257 linux-signed-image-lowlatency-lts-xenial - 4.4.0.251.257 linux-signed-lowlatency - 4.4.0.251.257 linux-signed-lowlatency-lts-wily - 4.4.0.251.257 linux-signed-lowlatency-lts-xenial - 4.4.0.251.257 linux-source - 4.4.0.251.257 linux-tools-generic - 4.4.0.251.257 linux-tools-generic-lts-utopic - 4.4.0.251.257 linux-tools-generic-lts-vivid - 4.4.0.251.257 linux-tools-generic-lts-wily - 4.4.0.251.257 linux-tools-generic-lts-xenial - 4.4.0.251.257 linux-tools-lowlatency - 4.4.0.251.257 linux-tools-lowlatency-lts-utopic - 4.4.0.251.257 linux-tools-lowlatency-lts-vivid - 4.4.0.251.257 linux-tools-lowlatency-lts-wily - 4.4.0.251.257 linux-tools-lowlatency-lts-xenial - 4.4.0.251.257 linux-tools-lts-utopic - 4.4.0.251.257 linux-tools-virtual - 4.4.0.251.257 linux-tools-virtual-lts-utopic - 4.4.0.251.257 linux-tools-virtual-lts-vivid - 4.4.0.251.257 linux-tools-virtual-lts-wily - 4.4.0.251.257 linux-tools-virtual-lts-xenial - 4.4.0.251.257 linux-virtual - 4.4.0.251.257 linux-virtual-lts-utopic - 4.4.0.251.257 linux-virtual-lts-vivid - 4.4.0.251.257 linux-virtual-lts-wily - 4.4.0.251.257 linux-virtual-lts-xenial - 4.4.0.251.257 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-51780 CVE-2023-51782 CVE-2023-7192 Ubuntu 16.04 LTS It was discovered that a race condition existed in the ATM (Asynchronous Transfer Mode) subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51780) It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51782) It was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2023-7192) Update Instructions: Run `sudo pro fix USN-6647-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1128-oracle - 4.15.0-1128.139~16.04.1 linux-headers-4.15.0-1128-oracle - 4.15.0-1128.139~16.04.1 linux-image-4.15.0-1128-oracle - 4.15.0-1128.139~16.04.1 linux-image-unsigned-4.15.0-1128-oracle - 4.15.0-1128.139~16.04.1 linux-modules-4.15.0-1128-oracle - 4.15.0-1128.139~16.04.1 linux-modules-extra-4.15.0-1128-oracle - 4.15.0-1128.139~16.04.1 linux-oracle-headers-4.15.0-1128 - 4.15.0-1128.139~16.04.1 linux-oracle-tools-4.15.0-1128 - 4.15.0-1128.139~16.04.1 linux-tools-4.15.0-1128-oracle - 4.15.0-1128.139~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-1159-gcp - 4.15.0-1159.176~16.04.1 linux-gcp-headers-4.15.0-1159 - 4.15.0-1159.176~16.04.1 linux-gcp-tools-4.15.0-1159 - 4.15.0-1159.176~16.04.1 linux-headers-4.15.0-1159-gcp - 4.15.0-1159.176~16.04.1 linux-image-4.15.0-1159-gcp - 4.15.0-1159.176~16.04.1 linux-image-unsigned-4.15.0-1159-gcp - 4.15.0-1159.176~16.04.1 linux-modules-4.15.0-1159-gcp - 4.15.0-1159.176~16.04.1 linux-modules-extra-4.15.0-1159-gcp - 4.15.0-1159.176~16.04.1 linux-tools-4.15.0-1159-gcp - 4.15.0-1159.176~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-headers-4.15.0-1165 - 4.15.0-1165.178~16.04.1 linux-aws-hwe-cloud-tools-4.15.0-1165 - 4.15.0-1165.178~16.04.1 linux-aws-hwe-tools-4.15.0-1165 - 4.15.0-1165.178~16.04.1 linux-buildinfo-4.15.0-1165-aws - 4.15.0-1165.178~16.04.1 linux-cloud-tools-4.15.0-1165-aws - 4.15.0-1165.178~16.04.1 linux-headers-4.15.0-1165-aws - 4.15.0-1165.178~16.04.1 linux-image-4.15.0-1165-aws - 4.15.0-1165.178~16.04.1 linux-image-unsigned-4.15.0-1165-aws - 4.15.0-1165.178~16.04.1 linux-modules-4.15.0-1165-aws - 4.15.0-1165.178~16.04.1 linux-modules-extra-4.15.0-1165-aws - 4.15.0-1165.178~16.04.1 linux-tools-4.15.0-1165-aws - 4.15.0-1165.178~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-cloud-tools-4.15.0-1174 - 4.15.0-1174.189~16.04.1 linux-azure-headers-4.15.0-1174 - 4.15.0-1174.189~16.04.1 linux-azure-tools-4.15.0-1174 - 4.15.0-1174.189~16.04.1 linux-buildinfo-4.15.0-1174-azure - 4.15.0-1174.189~16.04.1 linux-cloud-tools-4.15.0-1174-azure - 4.15.0-1174.189~16.04.1 linux-headers-4.15.0-1174-azure - 4.15.0-1174.189~16.04.1 linux-image-4.15.0-1174-azure - 4.15.0-1174.189~16.04.1 linux-image-unsigned-4.15.0-1174-azure - 4.15.0-1174.189~16.04.1 linux-modules-4.15.0-1174-azure - 4.15.0-1174.189~16.04.1 linux-modules-extra-4.15.0-1174-azure - 4.15.0-1174.189~16.04.1 linux-tools-4.15.0-1174-azure - 4.15.0-1174.189~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-222-generic - 4.15.0-222.233~16.04.1 linux-buildinfo-4.15.0-222-lowlatency - 4.15.0-222.233~16.04.1 linux-cloud-tools-4.15.0-222-generic - 4.15.0-222.233~16.04.1 linux-cloud-tools-4.15.0-222-lowlatency - 4.15.0-222.233~16.04.1 linux-headers-4.15.0-222 - 4.15.0-222.233~16.04.1 linux-headers-4.15.0-222-generic - 4.15.0-222.233~16.04.1 linux-headers-4.15.0-222-lowlatency - 4.15.0-222.233~16.04.1 linux-hwe-cloud-tools-4.15.0-222 - 4.15.0-222.233~16.04.1 linux-hwe-tools-4.15.0-222 - 4.15.0-222.233~16.04.1 linux-image-4.15.0-222-generic - 4.15.0-222.233~16.04.1 linux-image-4.15.0-222-lowlatency - 4.15.0-222.233~16.04.1 linux-image-unsigned-4.15.0-222-generic - 4.15.0-222.233~16.04.1 linux-image-unsigned-4.15.0-222-lowlatency - 4.15.0-222.233~16.04.1 linux-modules-4.15.0-222-generic - 4.15.0-222.233~16.04.1 linux-modules-4.15.0-222-lowlatency - 4.15.0-222.233~16.04.1 linux-modules-extra-4.15.0-222-generic - 4.15.0-222.233~16.04.1 linux-source-4.15.0 - 4.15.0-222.233~16.04.1 linux-tools-4.15.0-222-generic - 4.15.0-222.233~16.04.1 linux-tools-4.15.0-222-lowlatency - 4.15.0-222.233~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 4.15.0.1128.109 linux-image-oracle - 4.15.0.1128.109 linux-oracle - 4.15.0.1128.109 linux-signed-image-oracle - 4.15.0.1128.109 linux-signed-oracle - 4.15.0.1128.109 linux-tools-oracle - 4.15.0.1128.109 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp - 4.15.0.1159.149 linux-gke - 4.15.0.1159.149 linux-headers-gcp - 4.15.0.1159.149 linux-headers-gke - 4.15.0.1159.149 linux-image-gcp - 4.15.0.1159.149 linux-image-gke - 4.15.0.1159.149 linux-modules-extra-gcp - 4.15.0.1159.149 linux-modules-extra-gke - 4.15.0.1159.149 linux-tools-gcp - 4.15.0.1159.149 linux-tools-gke - 4.15.0.1159.149 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-edge - 4.15.0.1165.148 linux-aws-hwe - 4.15.0.1165.148 linux-headers-aws-hwe - 4.15.0.1165.148 linux-image-aws-hwe - 4.15.0.1165.148 linux-modules-extra-aws-hwe - 4.15.0.1165.148 linux-tools-aws-hwe - 4.15.0.1165.148 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 4.15.0.1174.158 linux-azure-edge - 4.15.0.1174.158 linux-cloud-tools-azure - 4.15.0.1174.158 linux-cloud-tools-azure-edge - 4.15.0.1174.158 linux-headers-azure - 4.15.0.1174.158 linux-headers-azure-edge - 4.15.0.1174.158 linux-image-azure - 4.15.0.1174.158 linux-image-azure-edge - 4.15.0.1174.158 linux-modules-extra-azure - 4.15.0.1174.158 linux-modules-extra-azure-edge - 4.15.0.1174.158 linux-signed-azure - 4.15.0.1174.158 linux-signed-azure-edge - 4.15.0.1174.158 linux-signed-image-azure - 4.15.0.1174.158 linux-signed-image-azure-edge - 4.15.0.1174.158 linux-tools-azure - 4.15.0.1174.158 linux-tools-azure-edge - 4.15.0.1174.158 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-hwe-16.04 - 4.15.0.222.6 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.222.6 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.222.6 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.222.6 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.222.6 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.222.6 linux-generic-hwe-16.04 - 4.15.0.222.6 linux-generic-hwe-16.04-edge - 4.15.0.222.6 linux-headers-generic-hwe-16.04 - 4.15.0.222.6 linux-headers-generic-hwe-16.04-edge - 4.15.0.222.6 linux-headers-lowlatency-hwe-16.04 - 4.15.0.222.6 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.222.6 linux-headers-oem - 4.15.0.222.6 linux-headers-virtual-hwe-16.04 - 4.15.0.222.6 linux-headers-virtual-hwe-16.04-edge - 4.15.0.222.6 linux-image-extra-virtual-hwe-16.04 - 4.15.0.222.6 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.222.6 linux-image-generic-hwe-16.04 - 4.15.0.222.6 linux-image-generic-hwe-16.04-edge - 4.15.0.222.6 linux-image-lowlatency-hwe-16.04 - 4.15.0.222.6 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.222.6 linux-image-oem - 4.15.0.222.6 linux-image-virtual-hwe-16.04 - 4.15.0.222.6 linux-image-virtual-hwe-16.04-edge - 4.15.0.222.6 linux-lowlatency-hwe-16.04 - 4.15.0.222.6 linux-lowlatency-hwe-16.04-edge - 4.15.0.222.6 linux-oem - 4.15.0.222.6 linux-signed-generic-hwe-16.04 - 4.15.0.222.6 linux-signed-generic-hwe-16.04-edge - 4.15.0.222.6 linux-signed-image-generic-hwe-16.04 - 4.15.0.222.6 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.222.6 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.222.6 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.222.6 linux-signed-image-oem - 4.15.0.222.6 linux-signed-lowlatency-hwe-16.04 - 4.15.0.222.6 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.222.6 linux-signed-oem - 4.15.0.222.6 linux-tools-generic-hwe-16.04 - 4.15.0.222.6 linux-tools-generic-hwe-16.04-edge - 4.15.0.222.6 linux-tools-lowlatency-hwe-16.04 - 4.15.0.222.6 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.222.6 linux-tools-oem - 4.15.0.222.6 linux-tools-virtual-hwe-16.04 - 4.15.0.222.6 linux-tools-virtual-hwe-16.04-edge - 4.15.0.222.6 linux-virtual-hwe-16.04 - 4.15.0.222.6 linux-virtual-hwe-16.04-edge - 4.15.0.222.6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-51780 CVE-2023-51782 CVE-2023-7192 Ubuntu 16.04 LTS It was discovered that Roundcube Webmail incorrectly sanitized characters in the linkrefs text messages. An attacker could possibly use this issue to execute a cross-site scripting (XSS) attack. (CVE-2023-43770) Update Instructions: Run `sudo pro fix USN-6654-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: roundcube - 1.2~beta+dfsg.1-0ubuntu1+esm3 roundcube-core - 1.2~beta+dfsg.1-0ubuntu1+esm3 roundcube-mysql - 1.2~beta+dfsg.1-0ubuntu1+esm3 roundcube-pgsql - 1.2~beta+dfsg.1-0ubuntu1+esm3 roundcube-plugins - 1.2~beta+dfsg.1-0ubuntu1+esm3 roundcube-sqlite3 - 1.2~beta+dfsg.1-0ubuntu1+esm3 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-43770 Ubuntu 16.04 LTS USN-6656-1 fixed several vulnerabilities in PostgreSQL. This update provides the corresponding updates for Ubuntu 16.04 LTS Original advisory details: It was discovered that PostgreSQL incorrectly handled dropping privileges when handling REFRESH MATERIALIZED VIEW CONCURRENTLY commands. If a user or automatic system were tricked into running a specially crafted command, a remote attacker could possibly use this issue to execute arbitrary SQL functions. Update Instructions: Run `sudo pro fix USN-6656-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libecpg-compat3 - 9.5.25-0ubuntu0.16.04.1+esm7 libecpg-dev - 9.5.25-0ubuntu0.16.04.1+esm7 libecpg6 - 9.5.25-0ubuntu0.16.04.1+esm7 libpgtypes3 - 9.5.25-0ubuntu0.16.04.1+esm7 libpq-dev - 9.5.25-0ubuntu0.16.04.1+esm7 libpq5 - 9.5.25-0ubuntu0.16.04.1+esm7 postgresql-9.5 - 9.5.25-0ubuntu0.16.04.1+esm7 postgresql-client-9.5 - 9.5.25-0ubuntu0.16.04.1+esm7 postgresql-contrib-9.5 - 9.5.25-0ubuntu0.16.04.1+esm7 postgresql-doc-9.5 - 9.5.25-0ubuntu0.16.04.1+esm7 postgresql-plperl-9.5 - 9.5.25-0ubuntu0.16.04.1+esm7 postgresql-plpython-9.5 - 9.5.25-0ubuntu0.16.04.1+esm7 postgresql-plpython3-9.5 - 9.5.25-0ubuntu0.16.04.1+esm7 postgresql-pltcl-9.5 - 9.5.25-0ubuntu0.16.04.1+esm7 postgresql-server-dev-9.5 - 9.5.25-0ubuntu0.16.04.1+esm7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2024-0985 Ubuntu 16.04 LTS USN-6657-1 fixed several vulnerabilities in Dnsmasq. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Dnsmasq icorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue to cause Dnsmasq to consume resources, leading to a denial of service. (CVE-2023-50387) It was discovered that Dnsmasq incorrectly handled preparing an NSEC3 closest encloser proof. A remote attacker could possibly use this issue to cause Dnsmasq to consume resources, leading to a denial of service. (CVE-2023-50868) It was discovered that Dnsmasq incorrectly set the maximum EDNS.0 UDP packet size as required by DNS Flag Day 2020. This issue only affected Ubuntu 23.10. (CVE-2023-28450) Update Instructions: Run `sudo pro fix USN-6657-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsmasq - 2.90-0ubuntu0.16.04.1+esm1 dnsmasq-base - 2.90-0ubuntu0.16.04.1+esm1 dnsmasq-base-lua - 2.90-0ubuntu0.16.04.1+esm1 dnsmasq-utils - 2.90-0ubuntu0.16.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-28450 CVE-2023-50387 CVE-2023-50868 Ubuntu 16.04 LTS USN-6658-1 fixed a vulnerability in libxml2. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: It was discovered that libxml2 incorrectly handled certain XML documents. A remote attacker could possibly use this issue to cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6658-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxml2 - 2.9.3+dfsg1-1ubuntu0.7+esm6 libxml2-dev - 2.9.3+dfsg1-1ubuntu0.7+esm6 libxml2-doc - 2.9.3+dfsg1-1ubuntu0.7+esm6 libxml2-utils - 2.9.3+dfsg1-1ubuntu0.7+esm6 python-libxml2 - 2.9.3+dfsg1-1ubuntu0.7+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2024-25062 Ubuntu 16.04 LTS It was discovered that libde265 could be made to write out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-43244, CVE-2022-43249, CVE-2022-43250, CVE-2022-47665, CVE-2023-25221) It was discovered that libde265 could be made to read out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. (CVE-2022-43245) It was discovered that libde265 could be made to dereference invalid memory. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. (CVE-2023-24751, CVE-2023-24752, CVE-2023-24754, CVE-2023-24755, CVE-2023-24756, CVE-2023-24757, CVE-2023-24758) Update Instructions: Run `sudo pro fix USN-6659-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libde265-0 - 1.0.2-2ubuntu0.16.04.1~esm3 libde265-dev - 1.0.2-2ubuntu0.16.04.1~esm3 libde265-examples - 1.0.2-2ubuntu0.16.04.1~esm3 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-43244 CVE-2022-43245 CVE-2022-43249 CVE-2022-43250 CVE-2022-47665 CVE-2023-24751 CVE-2023-24752 CVE-2023-24754 CVE-2023-24755 CVE-2023-24756 CVE-2023-24757 CVE-2023-24758 CVE-2023-25221 Ubuntu 16.04 LTS USN-6663-1 provided a security update for OpenSSL. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: As a security improvement, this update prevents OpenSSL from returning an error when detecting wrong padding in PKCS#1 v1.5 RSA, to prevent its use in possible Bleichenbacher timing attacks. Update Instructions: Run `sudo pro fix USN-6663-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl-dev - 1.0.2g-1ubuntu4.20+esm12 libssl-doc - 1.0.2g-1ubuntu4.20+esm12 libssl1.0.0 - 1.0.2g-1ubuntu4.20+esm12 openssl - 1.0.2g-1ubuntu4.20+esm12 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/2054090 Ubuntu 16.04 LTS It was discovered that less incorrectly handled certain file names. An attacker could possibly use this issue to cause a crash or execute arbitrary commands. Update Instructions: Run `sudo pro fix USN-6664-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: less - 481-2.1ubuntu0.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-48624 Ubuntu 16.04 LTS USN-6673-1 provided a security update for python-cryptography. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing incorrect padding in RSA PKCS#1 v1.5. A remote attacker could possibly use this issue to expose confidential or sensitive information. (CVE-2023-50782) Update Instructions: Run `sudo pro fix USN-6673-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-cryptography - 1.2.3-1ubuntu0.3+esm1 python-cryptography-doc - 1.2.3-1ubuntu0.3+esm1 python3-cryptography - 1.2.3-1ubuntu0.3+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-50782 Ubuntu 16.04 LTS Vojtěch Vobr discovered that c-ares incorrectly handled user input from local configuration files. An attacker could possibly use this issue to cause a denial of service via application crash. Update Instructions: Run `sudo pro fix USN-6676-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc-ares-dev - 1.10.0-3ubuntu0.2+esm3 libc-ares2 - 1.10.0-3ubuntu0.2+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2024-25629 Ubuntu 16.04 LTS It was discovered that libde265 could be made to dereference invalid memory. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-27102) It was discovered that libde265 could be made to write out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2023-27103) It was discovered that libde265 could be made to write out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2023-43887, CVE-2023-47471, CVE-2023-49465, CVE-2023-49467, CVE-2023-49468) Update Instructions: Run `sudo pro fix USN-6677-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libde265-0 - 1.0.2-2ubuntu0.16.04.1~esm4 libde265-dev - 1.0.2-2ubuntu0.16.04.1~esm4 libde265-examples - 1.0.2-2ubuntu0.16.04.1~esm4 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-27102 CVE-2023-27103 CVE-2023-43887 CVE-2023-47471 CVE-2023-49465 CVE-2023-49467 CVE-2023-49468 Ubuntu 16.04 LTS It was discovered that libgit2 mishandled equivalent filenames on NTFS partitions. If a user or automated system were tricked into cloning a specially crafted repository, an attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-12278, CVE-2020-12279) It was discovered that libgit2 did not perform certificate checking by default. An attacker could possibly use this issue to perform a machine-in-the-middle attack. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2023-22742) It was discovered that libgit2 could be made to run into an infinite loop. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.10. (CVE-2024-24575) It was discovered that libgit2 did not properly manage memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2024-24577) Update Instructions: Run `sudo pro fix USN-6678-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgit2-24 - 0.24.1-2ubuntu0.2+esm2 libgit2-dev - 0.24.1-2ubuntu0.2+esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-12278 CVE-2020-12279 CVE-2023-22742 CVE-2024-24575 CVE-2024-24577 Ubuntu 16.04 LTS It was discovered that ncurses incorrectly handled certain function return values, possibly leading to segmentation fault. A local attacker could possibly use this to cause a denial of service (system crash). Update Instructions: Run `sudo pro fix USN-6684-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lib32ncurses5 - 6.0+20160213-1ubuntu1+esm5 lib32ncurses5-dev - 6.0+20160213-1ubuntu1+esm5 lib32ncursesw5 - 6.0+20160213-1ubuntu1+esm5 lib32ncursesw5-dev - 6.0+20160213-1ubuntu1+esm5 lib32tinfo-dev - 6.0+20160213-1ubuntu1+esm5 lib32tinfo5 - 6.0+20160213-1ubuntu1+esm5 lib64ncurses5 - 6.0+20160213-1ubuntu1+esm5 lib64ncurses5-dev - 6.0+20160213-1ubuntu1+esm5 lib64tinfo5 - 6.0+20160213-1ubuntu1+esm5 libncurses5 - 6.0+20160213-1ubuntu1+esm5 libncurses5-dev - 6.0+20160213-1ubuntu1+esm5 libncursesw5 - 6.0+20160213-1ubuntu1+esm5 libncursesw5-dev - 6.0+20160213-1ubuntu1+esm5 libtinfo-dev - 6.0+20160213-1ubuntu1+esm5 libtinfo5 - 6.0+20160213-1ubuntu1+esm5 libx32ncurses5 - 6.0+20160213-1ubuntu1+esm5 libx32ncurses5-dev - 6.0+20160213-1ubuntu1+esm5 libx32ncursesw5 - 6.0+20160213-1ubuntu1+esm5 libx32ncursesw5-dev - 6.0+20160213-1ubuntu1+esm5 libx32tinfo-dev - 6.0+20160213-1ubuntu1+esm5 libx32tinfo5 - 6.0+20160213-1ubuntu1+esm5 ncurses-base - 6.0+20160213-1ubuntu1+esm5 ncurses-bin - 6.0+20160213-1ubuntu1+esm5 ncurses-doc - 6.0+20160213-1ubuntu1+esm5 ncurses-examples - 6.0+20160213-1ubuntu1+esm5 ncurses-term - 6.0+20160213-1ubuntu1+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-50495 Ubuntu 16.04 LTS It was discovered that mqtt-client incorrectly handled memory while parsing malformed MQTT frames. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6685-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmqtt-client-java - 1.10-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-0222 Ubuntu 16.04 LTS It was discovered that Gson incorrectly handled deserialization of untrusted input data. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6692-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgoogle-gson-java - 2.4-1ubuntu0.1~esm1 libgoogle-gson-java-doc - 2.4-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-25647 Ubuntu 16.04 LTS Zhen Zhou discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a denial of service Update Instructions: Run `sudo pro fix USN-6698-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim - 2:7.4.1689-3ubuntu1.5+esm23 vim-athena - 2:7.4.1689-3ubuntu1.5+esm23 vim-athena-py2 - 2:7.4.1689-3ubuntu1.5+esm23 vim-common - 2:7.4.1689-3ubuntu1.5+esm23 vim-doc - 2:7.4.1689-3ubuntu1.5+esm23 vim-gnome - 2:7.4.1689-3ubuntu1.5+esm23 vim-gnome-py2 - 2:7.4.1689-3ubuntu1.5+esm23 vim-gtk - 2:7.4.1689-3ubuntu1.5+esm23 vim-gtk-py2 - 2:7.4.1689-3ubuntu1.5+esm23 vim-gtk3 - 2:7.4.1689-3ubuntu1.5+esm23 vim-gtk3-py2 - 2:7.4.1689-3ubuntu1.5+esm23 vim-gui-common - 2:7.4.1689-3ubuntu1.5+esm23 vim-nox - 2:7.4.1689-3ubuntu1.5+esm23 vim-nox-py2 - 2:7.4.1689-3ubuntu1.5+esm23 vim-runtime - 2:7.4.1689-3ubuntu1.5+esm23 vim-tiny - 2:7.4.1689-3ubuntu1.5+esm23 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2024-22667 Ubuntu 16.04 LTS It was discovered that the Layer 2 Tunneling Protocol (L2TP) implementation in the Linux kernel contained a race condition when releasing PPPoL2TP sockets in certain conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20567) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle block device modification while it is mounted. A privileged attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-34256) Eric Dumazet discovered that the netfilter subsystem in the Linux kernel did not properly handle DCCP conntrack buffers in certain situations, leading to an out-of-bounds read vulnerability. An attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2023-39197) It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51781) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle the remount operation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2024-0775) Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-1086) It was discovered that a race condition existed in the SCSI Emulex LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF and re-scanning an HBA FCF table, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-24855) Update Instructions: Run `sudo pro fix USN-6700-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.4.0-1130-kvm - 4.4.0-1130.140 linux-cloud-tools-4.4.0-1130-kvm - 4.4.0-1130.140 linux-headers-4.4.0-1130-kvm - 4.4.0-1130.140 linux-image-4.4.0-1130-kvm - 4.4.0-1130.140 linux-kvm-cloud-tools-4.4.0-1130 - 4.4.0-1130.140 linux-kvm-headers-4.4.0-1130 - 4.4.0-1130.140 linux-kvm-tools-4.4.0-1130 - 4.4.0-1130.140 linux-modules-4.4.0-1130-kvm - 4.4.0-1130.140 linux-tools-4.4.0-1130-kvm - 4.4.0-1130.140 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.4.0-252-generic - 4.4.0-252.286 linux-buildinfo-4.4.0-252-lowlatency - 4.4.0-252.286 linux-cloud-tools-4.4.0-252 - 4.4.0-252.286 linux-cloud-tools-4.4.0-252-generic - 4.4.0-252.286 linux-cloud-tools-4.4.0-252-lowlatency - 4.4.0-252.286 linux-cloud-tools-common - 4.4.0-252.286 linux-doc - 4.4.0-252.286 linux-headers-4.4.0-252 - 4.4.0-252.286 linux-headers-4.4.0-252-generic - 4.4.0-252.286 linux-headers-4.4.0-252-lowlatency - 4.4.0-252.286 linux-image-4.4.0-252-generic - 4.4.0-252.286 linux-image-4.4.0-252-lowlatency - 4.4.0-252.286 linux-image-unsigned-4.4.0-252-generic - 4.4.0-252.286 linux-image-unsigned-4.4.0-252-lowlatency - 4.4.0-252.286 linux-libc-dev - 4.4.0-252.286 linux-modules-4.4.0-252-generic - 4.4.0-252.286 linux-modules-4.4.0-252-lowlatency - 4.4.0-252.286 linux-modules-extra-4.4.0-252-generic - 4.4.0-252.286 linux-source-4.4.0 - 4.4.0-252.286 linux-tools-4.4.0-252 - 4.4.0-252.286 linux-tools-4.4.0-252-generic - 4.4.0-252.286 linux-tools-4.4.0-252-lowlatency - 4.4.0-252.286 linux-tools-common - 4.4.0-252.286 linux-tools-host - 4.4.0-252.286 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-kvm - 4.4.0.1130.127 linux-image-kvm - 4.4.0.1130.127 linux-kvm - 4.4.0.1130.127 linux-tools-kvm - 4.4.0.1130.127 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic - 4.4.0.252.258 linux-cloud-tools-generic-lts-utopic - 4.4.0.252.258 linux-cloud-tools-generic-lts-vivid - 4.4.0.252.258 linux-cloud-tools-generic-lts-wily - 4.4.0.252.258 linux-cloud-tools-generic-lts-xenial - 4.4.0.252.258 linux-cloud-tools-lowlatency - 4.4.0.252.258 linux-cloud-tools-lowlatency-lts-utopic - 4.4.0.252.258 linux-cloud-tools-lowlatency-lts-vivid - 4.4.0.252.258 linux-cloud-tools-lowlatency-lts-wily - 4.4.0.252.258 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.252.258 linux-cloud-tools-virtual - 4.4.0.252.258 linux-cloud-tools-virtual-lts-utopic - 4.4.0.252.258 linux-cloud-tools-virtual-lts-vivid - 4.4.0.252.258 linux-cloud-tools-virtual-lts-wily - 4.4.0.252.258 linux-cloud-tools-virtual-lts-xenial - 4.4.0.252.258 linux-crashdump - 4.4.0.252.258 linux-generic - 4.4.0.252.258 linux-generic-lts-utopic - 4.4.0.252.258 linux-generic-lts-vivid - 4.4.0.252.258 linux-generic-lts-wily - 4.4.0.252.258 linux-generic-lts-xenial - 4.4.0.252.258 linux-headers-generic - 4.4.0.252.258 linux-headers-generic-lts-utopic - 4.4.0.252.258 linux-headers-generic-lts-vivid - 4.4.0.252.258 linux-headers-generic-lts-wily - 4.4.0.252.258 linux-headers-generic-lts-xenial - 4.4.0.252.258 linux-headers-lowlatency - 4.4.0.252.258 linux-headers-lowlatency-lts-utopic - 4.4.0.252.258 linux-headers-lowlatency-lts-vivid - 4.4.0.252.258 linux-headers-lowlatency-lts-wily - 4.4.0.252.258 linux-headers-lowlatency-lts-xenial - 4.4.0.252.258 linux-headers-virtual - 4.4.0.252.258 linux-headers-virtual-lts-utopic - 4.4.0.252.258 linux-headers-virtual-lts-vivid - 4.4.0.252.258 linux-headers-virtual-lts-wily - 4.4.0.252.258 linux-headers-virtual-lts-xenial - 4.4.0.252.258 linux-hwe-generic-trusty - 4.4.0.252.258 linux-hwe-virtual-trusty - 4.4.0.252.258 linux-image-extra-virtual - 4.4.0.252.258 linux-image-extra-virtual-lts-utopic - 4.4.0.252.258 linux-image-extra-virtual-lts-vivid - 4.4.0.252.258 linux-image-extra-virtual-lts-wily - 4.4.0.252.258 linux-image-extra-virtual-lts-xenial - 4.4.0.252.258 linux-image-generic - 4.4.0.252.258 linux-image-generic-lts-utopic - 4.4.0.252.258 linux-image-generic-lts-vivid - 4.4.0.252.258 linux-image-generic-lts-wily - 4.4.0.252.258 linux-image-generic-lts-xenial - 4.4.0.252.258 linux-image-hwe-generic-trusty - 4.4.0.252.258 linux-image-hwe-virtual-trusty - 4.4.0.252.258 linux-image-lowlatency - 4.4.0.252.258 linux-image-lowlatency-lts-utopic - 4.4.0.252.258 linux-image-lowlatency-lts-vivid - 4.4.0.252.258 linux-image-lowlatency-lts-wily - 4.4.0.252.258 linux-image-lowlatency-lts-xenial - 4.4.0.252.258 linux-image-virtual - 4.4.0.252.258 linux-image-virtual-lts-utopic - 4.4.0.252.258 linux-image-virtual-lts-vivid - 4.4.0.252.258 linux-image-virtual-lts-wily - 4.4.0.252.258 linux-image-virtual-lts-xenial - 4.4.0.252.258 linux-lowlatency - 4.4.0.252.258 linux-lowlatency-lts-utopic - 4.4.0.252.258 linux-lowlatency-lts-vivid - 4.4.0.252.258 linux-lowlatency-lts-wily - 4.4.0.252.258 linux-lowlatency-lts-xenial - 4.4.0.252.258 linux-signed-generic - 4.4.0.252.258 linux-signed-generic-lts-utopic - 4.4.0.252.258 linux-signed-generic-lts-vivid - 4.4.0.252.258 linux-signed-generic-lts-wily - 4.4.0.252.258 linux-signed-generic-lts-xenial - 4.4.0.252.258 linux-signed-image-generic - 4.4.0.252.258 linux-signed-image-generic-lts-utopic - 4.4.0.252.258 linux-signed-image-generic-lts-vivid - 4.4.0.252.258 linux-signed-image-generic-lts-wily - 4.4.0.252.258 linux-signed-image-generic-lts-xenial - 4.4.0.252.258 linux-signed-image-lowlatency - 4.4.0.252.258 linux-signed-image-lowlatency-lts-wily - 4.4.0.252.258 linux-signed-image-lowlatency-lts-xenial - 4.4.0.252.258 linux-signed-lowlatency - 4.4.0.252.258 linux-signed-lowlatency-lts-wily - 4.4.0.252.258 linux-signed-lowlatency-lts-xenial - 4.4.0.252.258 linux-source - 4.4.0.252.258 linux-tools-generic - 4.4.0.252.258 linux-tools-generic-lts-utopic - 4.4.0.252.258 linux-tools-generic-lts-vivid - 4.4.0.252.258 linux-tools-generic-lts-wily - 4.4.0.252.258 linux-tools-generic-lts-xenial - 4.4.0.252.258 linux-tools-lowlatency - 4.4.0.252.258 linux-tools-lowlatency-lts-utopic - 4.4.0.252.258 linux-tools-lowlatency-lts-vivid - 4.4.0.252.258 linux-tools-lowlatency-lts-wily - 4.4.0.252.258 linux-tools-lowlatency-lts-xenial - 4.4.0.252.258 linux-tools-lts-utopic - 4.4.0.252.258 linux-tools-virtual - 4.4.0.252.258 linux-tools-virtual-lts-utopic - 4.4.0.252.258 linux-tools-virtual-lts-vivid - 4.4.0.252.258 linux-tools-virtual-lts-wily - 4.4.0.252.258 linux-tools-virtual-lts-xenial - 4.4.0.252.258 linux-virtual - 4.4.0.252.258 linux-virtual-lts-utopic - 4.4.0.252.258 linux-virtual-lts-vivid - 4.4.0.252.258 linux-virtual-lts-wily - 4.4.0.252.258 linux-virtual-lts-xenial - 4.4.0.252.258 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-20567 CVE-2023-34256 CVE-2023-39197 CVE-2023-51781 CVE-2024-0775 CVE-2024-1086 CVE-2024-24855 Ubuntu 16.04 LTS It was discovered that the Layer 2 Tunneling Protocol (L2TP) implementation in the Linux kernel contained a race condition when releasing PPPoL2TP sockets in certain conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20567) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle block device modification while it is mounted. A privileged attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-34256) Eric Dumazet discovered that the netfilter subsystem in the Linux kernel did not properly handle DCCP conntrack buffers in certain situations, leading to an out-of-bounds read vulnerability. An attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2023-39197) It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51781) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle the remount operation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2024-0775) Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-1086) It was discovered that a race condition existed in the SCSI Emulex LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF and re-scanning an HBA FCF table, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-24855) Update Instructions: Run `sudo pro fix USN-6700-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-aws-cloud-tools-4.4.0-1167 - 4.4.0-1167.182 linux-aws-headers-4.4.0-1167 - 4.4.0-1167.182 linux-aws-tools-4.4.0-1167 - 4.4.0-1167.182 linux-buildinfo-4.4.0-1167-aws - 4.4.0-1167.182 linux-cloud-tools-4.4.0-1167-aws - 4.4.0-1167.182 linux-headers-4.4.0-1167-aws - 4.4.0-1167.182 linux-image-4.4.0-1167-aws - 4.4.0-1167.182 linux-modules-4.4.0-1167-aws - 4.4.0-1167.182 linux-modules-extra-4.4.0-1167-aws - 4.4.0-1167.182 linux-tools-4.4.0-1167-aws - 4.4.0-1167.182 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 4.4.0.1167.171 linux-headers-aws - 4.4.0.1167.171 linux-image-aws - 4.4.0.1167.171 linux-modules-extra-aws - 4.4.0.1167.171 linux-tools-aws - 4.4.0.1167.171 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-20567 CVE-2023-34256 CVE-2023-39197 CVE-2023-51781 CVE-2024-0775 CVE-2024-1086 CVE-2024-24855 Ubuntu 16.04 LTS Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service (bluetooth communication). (CVE-2023-2002) It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-23000) It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. (CVE-2023-3006) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle block device modification while it is mounted. A privileged attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-34256) Eric Dumazet discovered that the netfilter subsystem in the Linux kernel did not properly handle DCCP conntrack buffers in certain situations, leading to an out-of-bounds read vulnerability. An attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2023-39197) It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel did not properly handle device initialization failures in certain situations, leading to a use-after-free vulnerability. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2023-4132) Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2023-46838) It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51781) Alon Zahavi discovered that the NVMe-oF/TCP subsystem of the Linux kernel did not properly handle connect command payloads in certain situations, leading to an out-of-bounds read vulnerability. A remote attacker could use this to expose sensitive information (kernel memory). (CVE-2023-6121) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle the remount operation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2024-0775) Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-1086) It was discovered that a race condition existed in the SCSI Emulex LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF and re-scanning an HBA FCF table, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-24855) Update Instructions: Run `sudo pro fix USN-6701-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-223-generic - 4.15.0-223.235~16.04.1 linux-buildinfo-4.15.0-223-lowlatency - 4.15.0-223.235~16.04.1 linux-cloud-tools-4.15.0-223-generic - 4.15.0-223.235~16.04.1 linux-cloud-tools-4.15.0-223-lowlatency - 4.15.0-223.235~16.04.1 linux-headers-4.15.0-223 - 4.15.0-223.235~16.04.1 linux-headers-4.15.0-223-generic - 4.15.0-223.235~16.04.1 linux-headers-4.15.0-223-lowlatency - 4.15.0-223.235~16.04.1 linux-hwe-cloud-tools-4.15.0-223 - 4.15.0-223.235~16.04.1 linux-hwe-tools-4.15.0-223 - 4.15.0-223.235~16.04.1 linux-image-4.15.0-223-generic - 4.15.0-223.235~16.04.1 linux-image-4.15.0-223-lowlatency - 4.15.0-223.235~16.04.1 linux-image-unsigned-4.15.0-223-generic - 4.15.0-223.235~16.04.1 linux-image-unsigned-4.15.0-223-lowlatency - 4.15.0-223.235~16.04.1 linux-modules-4.15.0-223-generic - 4.15.0-223.235~16.04.1 linux-modules-4.15.0-223-lowlatency - 4.15.0-223.235~16.04.1 linux-modules-extra-4.15.0-223-generic - 4.15.0-223.235~16.04.1 linux-source-4.15.0 - 4.15.0-223.235~16.04.1 linux-tools-4.15.0-223-generic - 4.15.0-223.235~16.04.1 linux-tools-4.15.0-223-lowlatency - 4.15.0-223.235~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-hwe-16.04 - 4.15.0.223.7 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.223.7 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.223.7 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.223.7 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.223.7 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.223.7 linux-generic-hwe-16.04 - 4.15.0.223.7 linux-generic-hwe-16.04-edge - 4.15.0.223.7 linux-headers-generic-hwe-16.04 - 4.15.0.223.7 linux-headers-generic-hwe-16.04-edge - 4.15.0.223.7 linux-headers-lowlatency-hwe-16.04 - 4.15.0.223.7 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.223.7 linux-headers-oem - 4.15.0.223.7 linux-headers-virtual-hwe-16.04 - 4.15.0.223.7 linux-headers-virtual-hwe-16.04-edge - 4.15.0.223.7 linux-image-extra-virtual-hwe-16.04 - 4.15.0.223.7 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.223.7 linux-image-generic-hwe-16.04 - 4.15.0.223.7 linux-image-generic-hwe-16.04-edge - 4.15.0.223.7 linux-image-lowlatency-hwe-16.04 - 4.15.0.223.7 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.223.7 linux-image-oem - 4.15.0.223.7 linux-image-virtual-hwe-16.04 - 4.15.0.223.7 linux-image-virtual-hwe-16.04-edge - 4.15.0.223.7 linux-lowlatency-hwe-16.04 - 4.15.0.223.7 linux-lowlatency-hwe-16.04-edge - 4.15.0.223.7 linux-oem - 4.15.0.223.7 linux-signed-generic-hwe-16.04 - 4.15.0.223.7 linux-signed-generic-hwe-16.04-edge - 4.15.0.223.7 linux-signed-image-generic-hwe-16.04 - 4.15.0.223.7 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.223.7 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.223.7 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.223.7 linux-signed-image-oem - 4.15.0.223.7 linux-signed-lowlatency-hwe-16.04 - 4.15.0.223.7 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.223.7 linux-signed-oem - 4.15.0.223.7 linux-tools-generic-hwe-16.04 - 4.15.0.223.7 linux-tools-generic-hwe-16.04-edge - 4.15.0.223.7 linux-tools-lowlatency-hwe-16.04 - 4.15.0.223.7 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.223.7 linux-tools-oem - 4.15.0.223.7 linux-tools-virtual-hwe-16.04 - 4.15.0.223.7 linux-tools-virtual-hwe-16.04-edge - 4.15.0.223.7 linux-virtual-hwe-16.04 - 4.15.0.223.7 linux-virtual-hwe-16.04-edge - 4.15.0.223.7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-2002 CVE-2023-23000 CVE-2023-3006 CVE-2023-34256 CVE-2023-39197 CVE-2023-4132 CVE-2023-46838 CVE-2023-51781 CVE-2023-6121 CVE-2024-0775 CVE-2024-1086 CVE-2024-24855 Ubuntu 16.04 LTS Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service (bluetooth communication). (CVE-2023-2002) It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-23000) It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. (CVE-2023-3006) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle block device modification while it is mounted. A privileged attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-34256) Eric Dumazet discovered that the netfilter subsystem in the Linux kernel did not properly handle DCCP conntrack buffers in certain situations, leading to an out-of-bounds read vulnerability. An attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2023-39197) It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel did not properly handle device initialization failures in certain situations, leading to a use-after-free vulnerability. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2023-4132) Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2023-46838) It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51781) Alon Zahavi discovered that the NVMe-oF/TCP subsystem of the Linux kernel did not properly handle connect command payloads in certain situations, leading to an out-of-bounds read vulnerability. A remote attacker could use this to expose sensitive information (kernel memory). (CVE-2023-6121) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle the remount operation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2024-0775) Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-1086) It was discovered that a race condition existed in the SCSI Emulex LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF and re-scanning an HBA FCF table, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-24855) Update Instructions: Run `sudo pro fix USN-6701-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1160-gcp - 4.15.0-1160.177~16.04.1 linux-gcp-headers-4.15.0-1160 - 4.15.0-1160.177~16.04.1 linux-gcp-tools-4.15.0-1160 - 4.15.0-1160.177~16.04.1 linux-headers-4.15.0-1160-gcp - 4.15.0-1160.177~16.04.1 linux-image-4.15.0-1160-gcp - 4.15.0-1160.177~16.04.1 linux-image-unsigned-4.15.0-1160-gcp - 4.15.0-1160.177~16.04.1 linux-modules-4.15.0-1160-gcp - 4.15.0-1160.177~16.04.1 linux-modules-extra-4.15.0-1160-gcp - 4.15.0-1160.177~16.04.1 linux-tools-4.15.0-1160-gcp - 4.15.0-1160.177~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp - 4.15.0.1160.150 linux-gke - 4.15.0.1160.150 linux-headers-gcp - 4.15.0.1160.150 linux-headers-gke - 4.15.0.1160.150 linux-image-gcp - 4.15.0.1160.150 linux-image-gke - 4.15.0.1160.150 linux-modules-extra-gcp - 4.15.0.1160.150 linux-modules-extra-gke - 4.15.0.1160.150 linux-tools-gcp - 4.15.0.1160.150 linux-tools-gke - 4.15.0.1160.150 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-2002 CVE-2023-23000 CVE-2023-3006 CVE-2023-34256 CVE-2023-39197 CVE-2023-4132 CVE-2023-46838 CVE-2023-51781 CVE-2023-6121 CVE-2024-0775 CVE-2024-1086 CVE-2024-24855 Ubuntu 16.04 LTS Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service (bluetooth communication). (CVE-2023-2002) It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-23000) It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. (CVE-2023-3006) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle block device modification while it is mounted. A privileged attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-34256) Eric Dumazet discovered that the netfilter subsystem in the Linux kernel did not properly handle DCCP conntrack buffers in certain situations, leading to an out-of-bounds read vulnerability. An attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2023-39197) It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel did not properly handle device initialization failures in certain situations, leading to a use-after-free vulnerability. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2023-4132) Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2023-46838) It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51781) Alon Zahavi discovered that the NVMe-oF/TCP subsystem of the Linux kernel did not properly handle connect command payloads in certain situations, leading to an out-of-bounds read vulnerability. A remote attacker could use this to expose sensitive information (kernel memory). (CVE-2023-6121) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle the remount operation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2024-0775) Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-1086) It was discovered that a race condition existed in the SCSI Emulex LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF and re-scanning an HBA FCF table, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-24855) Update Instructions: Run `sudo pro fix USN-6701-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1129-oracle - 4.15.0-1129.140~16.04.1 linux-headers-4.15.0-1129-oracle - 4.15.0-1129.140~16.04.1 linux-image-4.15.0-1129-oracle - 4.15.0-1129.140~16.04.1 linux-image-unsigned-4.15.0-1129-oracle - 4.15.0-1129.140~16.04.1 linux-modules-4.15.0-1129-oracle - 4.15.0-1129.140~16.04.1 linux-modules-extra-4.15.0-1129-oracle - 4.15.0-1129.140~16.04.1 linux-oracle-headers-4.15.0-1129 - 4.15.0-1129.140~16.04.1 linux-oracle-tools-4.15.0-1129 - 4.15.0-1129.140~16.04.1 linux-tools-4.15.0-1129-oracle - 4.15.0-1129.140~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-headers-4.15.0-1166 - 4.15.0-1166.179~16.04.1 linux-aws-hwe-cloud-tools-4.15.0-1166 - 4.15.0-1166.179~16.04.1 linux-aws-hwe-tools-4.15.0-1166 - 4.15.0-1166.179~16.04.1 linux-buildinfo-4.15.0-1166-aws - 4.15.0-1166.179~16.04.1 linux-cloud-tools-4.15.0-1166-aws - 4.15.0-1166.179~16.04.1 linux-headers-4.15.0-1166-aws - 4.15.0-1166.179~16.04.1 linux-image-4.15.0-1166-aws - 4.15.0-1166.179~16.04.1 linux-image-unsigned-4.15.0-1166-aws - 4.15.0-1166.179~16.04.1 linux-modules-4.15.0-1166-aws - 4.15.0-1166.179~16.04.1 linux-modules-extra-4.15.0-1166-aws - 4.15.0-1166.179~16.04.1 linux-tools-4.15.0-1166-aws - 4.15.0-1166.179~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-cloud-tools-4.15.0-1175 - 4.15.0-1175.190~16.04.1 linux-azure-headers-4.15.0-1175 - 4.15.0-1175.190~16.04.1 linux-azure-tools-4.15.0-1175 - 4.15.0-1175.190~16.04.1 linux-buildinfo-4.15.0-1175-azure - 4.15.0-1175.190~16.04.1 linux-cloud-tools-4.15.0-1175-azure - 4.15.0-1175.190~16.04.1 linux-headers-4.15.0-1175-azure - 4.15.0-1175.190~16.04.1 linux-image-4.15.0-1175-azure - 4.15.0-1175.190~16.04.1 linux-image-unsigned-4.15.0-1175-azure - 4.15.0-1175.190~16.04.1 linux-modules-4.15.0-1175-azure - 4.15.0-1175.190~16.04.1 linux-modules-extra-4.15.0-1175-azure - 4.15.0-1175.190~16.04.1 linux-tools-4.15.0-1175-azure - 4.15.0-1175.190~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 4.15.0.1129.110 linux-image-oracle - 4.15.0.1129.110 linux-oracle - 4.15.0.1129.110 linux-signed-image-oracle - 4.15.0.1129.110 linux-signed-oracle - 4.15.0.1129.110 linux-tools-oracle - 4.15.0.1129.110 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-edge - 4.15.0.1166.149 linux-aws-hwe - 4.15.0.1166.149 linux-headers-aws-hwe - 4.15.0.1166.149 linux-image-aws-hwe - 4.15.0.1166.149 linux-modules-extra-aws-hwe - 4.15.0.1166.149 linux-tools-aws-hwe - 4.15.0.1166.149 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 4.15.0.1175.159 linux-azure-edge - 4.15.0.1175.159 linux-cloud-tools-azure - 4.15.0.1175.159 linux-cloud-tools-azure-edge - 4.15.0.1175.159 linux-headers-azure - 4.15.0.1175.159 linux-headers-azure-edge - 4.15.0.1175.159 linux-image-azure - 4.15.0.1175.159 linux-image-azure-edge - 4.15.0.1175.159 linux-modules-extra-azure - 4.15.0.1175.159 linux-modules-extra-azure-edge - 4.15.0.1175.159 linux-signed-azure - 4.15.0.1175.159 linux-signed-azure-edge - 4.15.0.1175.159 linux-signed-image-azure - 4.15.0.1175.159 linux-signed-image-azure-edge - 4.15.0.1175.159 linux-tools-azure - 4.15.0.1175.159 linux-tools-azure-edge - 4.15.0.1175.159 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-2002 CVE-2023-23000 CVE-2023-3006 CVE-2023-34256 CVE-2023-39197 CVE-2023-4132 CVE-2023-46838 CVE-2023-51781 CVE-2023-6121 CVE-2024-0775 CVE-2024-1086 CVE-2024-24855 Ubuntu 16.04 LTS It was discovered that Graphviz incorrectly handled certain config6a files. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6708-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: graphviz - 2.38.0-12ubuntu2.1+esm2 graphviz-dev - 2.38.0-12ubuntu2.1+esm2 graphviz-doc - 2.38.0-12ubuntu2.1+esm2 libcdt5 - 2.38.0-12ubuntu2.1+esm2 libcgraph6 - 2.38.0-12ubuntu2.1+esm2 libgraphviz-dev - 2.38.0-12ubuntu2.1+esm2 libgv-guile - 2.38.0-12ubuntu2.1+esm2 libgv-lua - 2.38.0-12ubuntu2.1+esm2 libgv-perl - 2.38.0-12ubuntu2.1+esm2 libgv-python - 2.38.0-12ubuntu2.1+esm2 libgv-ruby - 2.38.0-12ubuntu2.1+esm2 libgv-tcl - 2.38.0-12ubuntu2.1+esm2 libgvc6 - 2.38.0-12ubuntu2.1+esm2 libgvc6-plugins-gtk - 2.38.0-12ubuntu2.1+esm2 libgvpr2 - 2.38.0-12ubuntu2.1+esm2 libpathplan4 - 2.38.0-12ubuntu2.1+esm2 libxdot4 - 2.38.0-12ubuntu2.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-46045 Ubuntu 16.04 LTS It was discovered that unixODBC incorrectly handled certain bytes. An attacker could use this issue to execute arbitrary code or cause a crash. Update Instructions: Run `sudo pro fix USN-6715-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libodbc1 - 2.3.1-4.1ubuntu0.1~esm2 odbcinst - 2.3.1-4.1ubuntu0.1~esm2 odbcinst1debian2 - 2.3.1-4.1ubuntu0.1~esm2 unixodbc - 2.3.1-4.1ubuntu0.1~esm2 unixodbc-dev - 2.3.1-4.1ubuntu0.1~esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2024-1013 Ubuntu 16.04 LTS USN-6718-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that curl incorrectly handled memory when limiting the amount of headers when HTTP/2 server push is allowed. A remote attacker could possibly use this issue to cause curl to consume resources, leading to a denial of service. (CVE-2024-2398) Update Instructions: Run `sudo pro fix USN-6718-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: curl - 7.47.0-1ubuntu2.19+esm12 libcurl3 - 7.47.0-1ubuntu2.19+esm12 libcurl3-gnutls - 7.47.0-1ubuntu2.19+esm12 libcurl3-nss - 7.47.0-1ubuntu2.19+esm12 libcurl4-doc - 7.47.0-1ubuntu2.19+esm12 libcurl4-gnutls-dev - 7.47.0-1ubuntu2.19+esm12 libcurl4-nss-dev - 7.47.0-1ubuntu2.19+esm12 libcurl4-openssl-dev - 7.47.0-1ubuntu2.19+esm12 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2024-2398 Ubuntu 16.04 LTS It was discovered that X.Org X Server incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information. (CVE-2024-31080, CVE-2024-31081, CVE-2024-31082) It was discovered that X.Org X Server incorrectly handled certain glyphs. An attacker could possibly use this issue to cause a crash or expose sensitive information. (CVE-2024-31083) Update Instructions: Run `sudo pro fix USN-6721-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xdmx - 2:1.18.4-0ubuntu0.12+esm12 xdmx-tools - 2:1.18.4-0ubuntu0.12+esm12 xmir - 2:1.18.4-0ubuntu0.12+esm12 xnest - 2:1.18.4-0ubuntu0.12+esm12 xorg-server-source - 2:1.18.4-0ubuntu0.12+esm12 xserver-common - 2:1.18.4-0ubuntu0.12+esm12 xserver-xephyr - 2:1.18.4-0ubuntu0.12+esm12 xserver-xorg-core - 2:1.18.4-0ubuntu0.12+esm12 xserver-xorg-dev - 2:1.18.4-0ubuntu0.12+esm12 xserver-xorg-legacy - 2:1.18.4-0ubuntu0.12+esm12 xserver-xorg-xmir - 2:1.18.4-0ubuntu0.12+esm12 xvfb - 2:1.18.4-0ubuntu0.12+esm12 xwayland - 2:1.18.4-0ubuntu0.12+esm12 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2024-31080 CVE-2024-31081 CVE-2024-31082 CVE-2024-31083 Ubuntu 16.04 LTS USN-6721-1 fixed vulnerabilities in X.Org X Server. That fix was incomplete resulting in a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that X.Org X Server incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information. (CVE-2024-31080, CVE-2024-31081, CVE-2024-31082) It was discovered that X.Org X Server incorrectly handled certain glyphs. An attacker could possibly use this issue to cause a crash or expose sensitive information. (CVE-2024-31083) Update Instructions: Run `sudo pro fix USN-6721-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xdmx - 2:1.18.4-0ubuntu0.12+esm13 xdmx-tools - 2:1.18.4-0ubuntu0.12+esm13 xmir - 2:1.18.4-0ubuntu0.12+esm13 xnest - 2:1.18.4-0ubuntu0.12+esm13 xorg-server-source - 2:1.18.4-0ubuntu0.12+esm13 xserver-common - 2:1.18.4-0ubuntu0.12+esm13 xserver-xephyr - 2:1.18.4-0ubuntu0.12+esm13 xserver-xorg-core - 2:1.18.4-0ubuntu0.12+esm13 xserver-xorg-dev - 2:1.18.4-0ubuntu0.12+esm13 xserver-xorg-legacy - 2:1.18.4-0ubuntu0.12+esm13 xserver-xorg-xmir - 2:1.18.4-0ubuntu0.12+esm13 xvfb - 2:1.18.4-0ubuntu0.12+esm13 xwayland - 2:1.18.4-0ubuntu0.12+esm13 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/2060354 Ubuntu 16.04 LTS Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Bind icorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. (CVE-2023-50387) It was discovered that Bind incorrectly handled preparing an NSEC3 closest encloser proof. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. (CVE-2023-50868) Update Instructions: Run `sudo pro fix USN-6723-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bind9 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 bind9-doc - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 bind9-host - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 bind9utils - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 dnsutils - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 host - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 libbind-dev - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 libbind-export-dev - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 libbind9-140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 libdns-export162 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 libdns162 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 libirs-export141 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 libirs141 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 libisc-export160 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 libisc160 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 libisccc-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 libisccc-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 libisccc140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 libisccfg-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 libisccfg140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 liblwres141 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 lwresd - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-50387 CVE-2023-50868 Ubuntu 16.04 LTS USN-6729-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. (CVE-2023-38709) Keran Mu and Jianjun Chen discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. (CVE-2024-24795) Bartek Nowotarski discovered that the Apache HTTP Server HTTP/2 module incorrectly handled endless continuation frames. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. This issue was addressed only in Ubuntu 18.04 LTS. (CVE-2024-27316) Update Instructions: Run `sudo pro fix USN-6729-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2 - 2.4.18-2ubuntu3.17+esm12 apache2-bin - 2.4.18-2ubuntu3.17+esm12 apache2-data - 2.4.18-2ubuntu3.17+esm12 apache2-dev - 2.4.18-2ubuntu3.17+esm12 apache2-doc - 2.4.18-2ubuntu3.17+esm12 apache2-suexec-custom - 2.4.18-2ubuntu3.17+esm12 apache2-suexec-pristine - 2.4.18-2ubuntu3.17+esm12 apache2-utils - 2.4.18-2ubuntu3.17+esm12 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-38709 CVE-2024-24795 CVE-2024-27316 Ubuntu 16.04 LTS It was discovered that Apache Maven Shared Utils did not handle double-quoted strings properly, allowing shell injection attacks. This could allow an attacker to run arbitrary code. Update Instructions: Run `sudo pro fix USN-6730-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmaven-shared-utils-java - 0.9-1ubuntu0.1~esm1 libmaven-shared-utils-java-doc - 0.9-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-29599 Ubuntu 16.04 LTS It was discovered that YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-17042) It was discovered that yard before 0.9.20 is affected by a path traversal vulnerability, allowing HTTP requests to access arbitrary files under certain conditions. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-1020001) Aviv Keller discovered that the "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. (CVE-2024-27285) Update Instructions: Run `sudo pro fix USN-6731-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: yard - 0.8.7.6+git20160220-3ubuntu0.1~esm1 yard-doc - 0.8.7.6+git20160220-3ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-17042 CVE-2019-1020001 CVE-2024-27285 Ubuntu 16.04 LTS It was discovered that Node.js incorrectly handled the use of invalid public keys while creating an x509 certificate. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.10. (CVE-2023-30588) It was discovered that Node.js incorrectly handled the use of CRLF sequences to delimit HTTP requests. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain unauthorised access. This issue only affected Ubuntu 23.10. (CVE-2023-30589) It was discovered that Node.js incorrectly described the generateKeys() function in the documentation. This inconsistency could possibly lead to security issues in applications that use these APIs. (CVE-2023-30590) Update Instructions: Run `sudo pro fix USN-6735-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nodejs - 4.2.6~dfsg-1ubuntu4.2+esm3 nodejs-dev - 4.2.6~dfsg-1ubuntu4.2+esm3 nodejs-legacy - 4.2.6~dfsg-1ubuntu4.2+esm3 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 Ubuntu 16.04 LTS It was discovered that zlib, vendored in klibc, incorrectly handled pointer arithmetic. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841) Danilo Ramos discovered that zlib, vendored in klibc, incorrectly handled memory when performing certain deflating operations. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code. (CVE-2018-25032) Evgeny Legerov discovered that zlib, vendored in klibc, incorrectly handled memory when performing certain inflate operations. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code. (CVE-2022-37434) Update Instructions: Run `sudo pro fix USN-6736-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: klibc-utils - 2.0.4-8ubuntu1.16.04.4+esm2 libklibc - 2.0.4-8ubuntu1.16.04.4+esm2 libklibc-dev - 2.0.4-8ubuntu1.16.04.4+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2016-9840 CVE-2016-9841 CVE-2018-25032 CVE-2022-37434 Ubuntu 16.04 LTS Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that LXD incorrectly handled the handshake phase and the use of sequence numbers in SSH Binary Packet Protocol (BPP). If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to bypass integrity checks. Update Instructions: Run `sudo pro fix USN-6738-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: golang-github-lxc-lxd-dev - 2.0.11-0ubuntu1~16.04.4+esm1 lxc2 - 2.0.11-0ubuntu1~16.04.4+esm1 lxd - 2.0.11-0ubuntu1~16.04.4+esm1 lxd-client - 2.0.11-0ubuntu1~16.04.4+esm1 lxd-tools - 2.0.11-0ubuntu1~16.04.4+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-48795 Ubuntu 16.04 LTS It was discovered that a race condition existed in the instruction emulator of the Linux kernel on Arm 64-bit systems. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-20422) Wei Chen discovered that a race condition existed in the TIPC protocol implementation in the Linux kernel, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-1382) Jose Oliveira and Rodrigo Branco discovered that the Spectre Variant 2 mitigations with prctl syscall were insufficient in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-1998) Daniele Antonioli discovered that the Secure Simple Pairing and Secure Connections pairing in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials. A physically proximate attacker placed between two Bluetooth devices could use this to subsequently impersonate one of the paired devices. (CVE-2023-24023) shanzhulig discovered that the DRM subsystem in the Linux kernel contained a race condition when performing certain operation while handling driver unload, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51043) It was discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51779) It was discovered that the device mapper driver in the Linux kernel did not properly validate target size during certain memory allocations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-52429, CVE-2024-23851) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Architecture specifics; - ACPI drivers; - I2C subsystem; - Media drivers; - JFS file system; - IPv4 Networking; - Open vSwitch; (CVE-2021-46966, CVE-2021-46936, CVE-2023-52451, CVE-2019-25162, CVE-2023-52445, CVE-2023-52600, CVE-2021-46990, CVE-2021-46955, CVE-2023-52603) Update Instructions: Run `sudo pro fix USN-6739-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.4.0-1131-kvm - 4.4.0-1131.141 linux-cloud-tools-4.4.0-1131-kvm - 4.4.0-1131.141 linux-headers-4.4.0-1131-kvm - 4.4.0-1131.141 linux-image-4.4.0-1131-kvm - 4.4.0-1131.141 linux-kvm-cloud-tools-4.4.0-1131 - 4.4.0-1131.141 linux-kvm-headers-4.4.0-1131 - 4.4.0-1131.141 linux-kvm-tools-4.4.0-1131 - 4.4.0-1131.141 linux-modules-4.4.0-1131-kvm - 4.4.0-1131.141 linux-tools-4.4.0-1131-kvm - 4.4.0-1131.141 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-cloud-tools-4.4.0-1168 - 4.4.0-1168.183 linux-aws-headers-4.4.0-1168 - 4.4.0-1168.183 linux-aws-tools-4.4.0-1168 - 4.4.0-1168.183 linux-buildinfo-4.4.0-1168-aws - 4.4.0-1168.183 linux-cloud-tools-4.4.0-1168-aws - 4.4.0-1168.183 linux-headers-4.4.0-1168-aws - 4.4.0-1168.183 linux-image-4.4.0-1168-aws - 4.4.0-1168.183 linux-modules-4.4.0-1168-aws - 4.4.0-1168.183 linux-modules-extra-4.4.0-1168-aws - 4.4.0-1168.183 linux-tools-4.4.0-1168-aws - 4.4.0-1168.183 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.4.0-253-generic - 4.4.0-253.287 linux-buildinfo-4.4.0-253-lowlatency - 4.4.0-253.287 linux-cloud-tools-4.4.0-253 - 4.4.0-253.287 linux-cloud-tools-4.4.0-253-generic - 4.4.0-253.287 linux-cloud-tools-4.4.0-253-lowlatency - 4.4.0-253.287 linux-cloud-tools-common - 4.4.0-253.287 linux-doc - 4.4.0-253.287 linux-headers-4.4.0-253 - 4.4.0-253.287 linux-headers-4.4.0-253-generic - 4.4.0-253.287 linux-headers-4.4.0-253-lowlatency - 4.4.0-253.287 linux-image-4.4.0-253-generic - 4.4.0-253.287 linux-image-4.4.0-253-lowlatency - 4.4.0-253.287 linux-image-unsigned-4.4.0-253-generic - 4.4.0-253.287 linux-image-unsigned-4.4.0-253-lowlatency - 4.4.0-253.287 linux-libc-dev - 4.4.0-253.287 linux-modules-4.4.0-253-generic - 4.4.0-253.287 linux-modules-4.4.0-253-lowlatency - 4.4.0-253.287 linux-modules-extra-4.4.0-253-generic - 4.4.0-253.287 linux-source-4.4.0 - 4.4.0-253.287 linux-tools-4.4.0-253 - 4.4.0-253.287 linux-tools-4.4.0-253-generic - 4.4.0-253.287 linux-tools-4.4.0-253-lowlatency - 4.4.0-253.287 linux-tools-common - 4.4.0-253.287 linux-tools-host - 4.4.0-253.287 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-kvm - 4.4.0.1131.128 linux-image-kvm - 4.4.0.1131.128 linux-kvm - 4.4.0.1131.128 linux-tools-kvm - 4.4.0.1131.128 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 4.4.0.1168.172 linux-headers-aws - 4.4.0.1168.172 linux-image-aws - 4.4.0.1168.172 linux-modules-extra-aws - 4.4.0.1168.172 linux-tools-aws - 4.4.0.1168.172 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic - 4.4.0.253.259 linux-cloud-tools-generic-lts-utopic - 4.4.0.253.259 linux-cloud-tools-generic-lts-vivid - 4.4.0.253.259 linux-cloud-tools-generic-lts-wily - 4.4.0.253.259 linux-cloud-tools-generic-lts-xenial - 4.4.0.253.259 linux-cloud-tools-lowlatency - 4.4.0.253.259 linux-cloud-tools-lowlatency-lts-utopic - 4.4.0.253.259 linux-cloud-tools-lowlatency-lts-vivid - 4.4.0.253.259 linux-cloud-tools-lowlatency-lts-wily - 4.4.0.253.259 linux-cloud-tools-lowlatency-lts-xenial - 4.4.0.253.259 linux-cloud-tools-virtual - 4.4.0.253.259 linux-cloud-tools-virtual-lts-utopic - 4.4.0.253.259 linux-cloud-tools-virtual-lts-vivid - 4.4.0.253.259 linux-cloud-tools-virtual-lts-wily - 4.4.0.253.259 linux-cloud-tools-virtual-lts-xenial - 4.4.0.253.259 linux-crashdump - 4.4.0.253.259 linux-generic - 4.4.0.253.259 linux-generic-lts-utopic - 4.4.0.253.259 linux-generic-lts-vivid - 4.4.0.253.259 linux-generic-lts-wily - 4.4.0.253.259 linux-generic-lts-xenial - 4.4.0.253.259 linux-headers-generic - 4.4.0.253.259 linux-headers-generic-lts-utopic - 4.4.0.253.259 linux-headers-generic-lts-vivid - 4.4.0.253.259 linux-headers-generic-lts-wily - 4.4.0.253.259 linux-headers-generic-lts-xenial - 4.4.0.253.259 linux-headers-lowlatency - 4.4.0.253.259 linux-headers-lowlatency-lts-utopic - 4.4.0.253.259 linux-headers-lowlatency-lts-vivid - 4.4.0.253.259 linux-headers-lowlatency-lts-wily - 4.4.0.253.259 linux-headers-lowlatency-lts-xenial - 4.4.0.253.259 linux-headers-virtual - 4.4.0.253.259 linux-headers-virtual-lts-utopic - 4.4.0.253.259 linux-headers-virtual-lts-vivid - 4.4.0.253.259 linux-headers-virtual-lts-wily - 4.4.0.253.259 linux-headers-virtual-lts-xenial - 4.4.0.253.259 linux-hwe-generic-trusty - 4.4.0.253.259 linux-hwe-virtual-trusty - 4.4.0.253.259 linux-image-extra-virtual - 4.4.0.253.259 linux-image-extra-virtual-lts-utopic - 4.4.0.253.259 linux-image-extra-virtual-lts-vivid - 4.4.0.253.259 linux-image-extra-virtual-lts-wily - 4.4.0.253.259 linux-image-extra-virtual-lts-xenial - 4.4.0.253.259 linux-image-generic - 4.4.0.253.259 linux-image-generic-lts-utopic - 4.4.0.253.259 linux-image-generic-lts-vivid - 4.4.0.253.259 linux-image-generic-lts-wily - 4.4.0.253.259 linux-image-generic-lts-xenial - 4.4.0.253.259 linux-image-hwe-generic-trusty - 4.4.0.253.259 linux-image-hwe-virtual-trusty - 4.4.0.253.259 linux-image-lowlatency - 4.4.0.253.259 linux-image-lowlatency-lts-utopic - 4.4.0.253.259 linux-image-lowlatency-lts-vivid - 4.4.0.253.259 linux-image-lowlatency-lts-wily - 4.4.0.253.259 linux-image-lowlatency-lts-xenial - 4.4.0.253.259 linux-image-virtual - 4.4.0.253.259 linux-image-virtual-lts-utopic - 4.4.0.253.259 linux-image-virtual-lts-vivid - 4.4.0.253.259 linux-image-virtual-lts-wily - 4.4.0.253.259 linux-image-virtual-lts-xenial - 4.4.0.253.259 linux-lowlatency - 4.4.0.253.259 linux-lowlatency-lts-utopic - 4.4.0.253.259 linux-lowlatency-lts-vivid - 4.4.0.253.259 linux-lowlatency-lts-wily - 4.4.0.253.259 linux-lowlatency-lts-xenial - 4.4.0.253.259 linux-signed-generic - 4.4.0.253.259 linux-signed-generic-lts-utopic - 4.4.0.253.259 linux-signed-generic-lts-vivid - 4.4.0.253.259 linux-signed-generic-lts-wily - 4.4.0.253.259 linux-signed-generic-lts-xenial - 4.4.0.253.259 linux-signed-image-generic - 4.4.0.253.259 linux-signed-image-generic-lts-utopic - 4.4.0.253.259 linux-signed-image-generic-lts-vivid - 4.4.0.253.259 linux-signed-image-generic-lts-wily - 4.4.0.253.259 linux-signed-image-generic-lts-xenial - 4.4.0.253.259 linux-signed-image-lowlatency - 4.4.0.253.259 linux-signed-image-lowlatency-lts-wily - 4.4.0.253.259 linux-signed-image-lowlatency-lts-xenial - 4.4.0.253.259 linux-signed-lowlatency - 4.4.0.253.259 linux-signed-lowlatency-lts-wily - 4.4.0.253.259 linux-signed-lowlatency-lts-xenial - 4.4.0.253.259 linux-source - 4.4.0.253.259 linux-tools-generic - 4.4.0.253.259 linux-tools-generic-lts-utopic - 4.4.0.253.259 linux-tools-generic-lts-vivid - 4.4.0.253.259 linux-tools-generic-lts-wily - 4.4.0.253.259 linux-tools-generic-lts-xenial - 4.4.0.253.259 linux-tools-lowlatency - 4.4.0.253.259 linux-tools-lowlatency-lts-utopic - 4.4.0.253.259 linux-tools-lowlatency-lts-vivid - 4.4.0.253.259 linux-tools-lowlatency-lts-wily - 4.4.0.253.259 linux-tools-lowlatency-lts-xenial - 4.4.0.253.259 linux-tools-lts-utopic - 4.4.0.253.259 linux-tools-virtual - 4.4.0.253.259 linux-tools-virtual-lts-utopic - 4.4.0.253.259 linux-tools-virtual-lts-vivid - 4.4.0.253.259 linux-tools-virtual-lts-wily - 4.4.0.253.259 linux-tools-virtual-lts-xenial - 4.4.0.253.259 linux-virtual - 4.4.0.253.259 linux-virtual-lts-utopic - 4.4.0.253.259 linux-virtual-lts-vivid - 4.4.0.253.259 linux-virtual-lts-wily - 4.4.0.253.259 linux-virtual-lts-xenial - 4.4.0.253.259 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-25162 CVE-2021-46936 CVE-2021-46955 CVE-2021-46966 CVE-2021-46990 CVE-2022-20422 CVE-2023-1382 CVE-2023-1998 CVE-2023-24023 CVE-2023-51043 CVE-2023-51779 CVE-2023-52429 CVE-2023-52445 CVE-2023-52451 CVE-2023-52600 CVE-2023-52603 CVE-2024-23851 Ubuntu 16.04 LTS Wei Chen discovered that a race condition existed in the TIPC protocol implementation in the Linux kernel, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-1382) It was discovered that the virtio network implementation in the Linux kernel did not properly handle file references in the host, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2023-1838) Jose Oliveira and Rodrigo Branco discovered that the Spectre Variant 2 mitigations with prctl syscall were insufficient in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-1998) Daniele Antonioli discovered that the Secure Simple Pairing and Secure Connections pairing in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials. A physically proximate attacker placed between two Bluetooth devices could use this to subsequently impersonate one of the paired devices. (CVE-2023-24023) shanzhulig discovered that the DRM subsystem in the Linux kernel contained a race condition when performing certain operation while handling driver unload, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51043) It was discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51779) It was discovered that the device mapper driver in the Linux kernel did not properly validate target size during certain memory allocations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-52429, CVE-2024-23851) Zhenghan Wang discovered that the generic ID allocator implementation in the Linux kernel did not properly check for null bitmap when releasing IDs. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-6915) It was discovered that the SCTP protocol implementation in the Linux kernel contained a race condition when handling lock acquisition in certain situations. A local attacker could possibly use this to cause a denial of service (kernel deadlock). (CVE-2024-0639) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Architecture specifics; - EDAC drivers; - Media drivers; - JFS file system; (CVE-2023-52603, CVE-2023-52464, CVE-2023-52600, CVE-2023-52445, CVE-2023-52451) Update Instructions: Run `sudo pro fix USN-6740-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1130-oracle - 4.15.0-1130.141~16.04.1 linux-headers-4.15.0-1130-oracle - 4.15.0-1130.141~16.04.1 linux-image-4.15.0-1130-oracle - 4.15.0-1130.141~16.04.1 linux-image-unsigned-4.15.0-1130-oracle - 4.15.0-1130.141~16.04.1 linux-modules-4.15.0-1130-oracle - 4.15.0-1130.141~16.04.1 linux-modules-extra-4.15.0-1130-oracle - 4.15.0-1130.141~16.04.1 linux-oracle-headers-4.15.0-1130 - 4.15.0-1130.141~16.04.1 linux-oracle-tools-4.15.0-1130 - 4.15.0-1130.141~16.04.1 linux-tools-4.15.0-1130-oracle - 4.15.0-1130.141~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-1161-gcp - 4.15.0-1161.178~16.04.1 linux-gcp-headers-4.15.0-1161 - 4.15.0-1161.178~16.04.1 linux-gcp-tools-4.15.0-1161 - 4.15.0-1161.178~16.04.1 linux-headers-4.15.0-1161-gcp - 4.15.0-1161.178~16.04.1 linux-image-4.15.0-1161-gcp - 4.15.0-1161.178~16.04.1 linux-image-unsigned-4.15.0-1161-gcp - 4.15.0-1161.178~16.04.1 linux-modules-4.15.0-1161-gcp - 4.15.0-1161.178~16.04.1 linux-modules-extra-4.15.0-1161-gcp - 4.15.0-1161.178~16.04.1 linux-tools-4.15.0-1161-gcp - 4.15.0-1161.178~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-headers-4.15.0-1167 - 4.15.0-1167.180~16.04.1 linux-aws-hwe-cloud-tools-4.15.0-1167 - 4.15.0-1167.180~16.04.1 linux-aws-hwe-tools-4.15.0-1167 - 4.15.0-1167.180~16.04.1 linux-buildinfo-4.15.0-1167-aws - 4.15.0-1167.180~16.04.1 linux-cloud-tools-4.15.0-1167-aws - 4.15.0-1167.180~16.04.1 linux-headers-4.15.0-1167-aws - 4.15.0-1167.180~16.04.1 linux-image-4.15.0-1167-aws - 4.15.0-1167.180~16.04.1 linux-image-unsigned-4.15.0-1167-aws - 4.15.0-1167.180~16.04.1 linux-modules-4.15.0-1167-aws - 4.15.0-1167.180~16.04.1 linux-modules-extra-4.15.0-1167-aws - 4.15.0-1167.180~16.04.1 linux-tools-4.15.0-1167-aws - 4.15.0-1167.180~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-cloud-tools-4.15.0-1176 - 4.15.0-1176.191~16.04.1 linux-azure-headers-4.15.0-1176 - 4.15.0-1176.191~16.04.1 linux-azure-tools-4.15.0-1176 - 4.15.0-1176.191~16.04.1 linux-buildinfo-4.15.0-1176-azure - 4.15.0-1176.191~16.04.1 linux-cloud-tools-4.15.0-1176-azure - 4.15.0-1176.191~16.04.1 linux-headers-4.15.0-1176-azure - 4.15.0-1176.191~16.04.1 linux-image-4.15.0-1176-azure - 4.15.0-1176.191~16.04.1 linux-image-unsigned-4.15.0-1176-azure - 4.15.0-1176.191~16.04.1 linux-modules-4.15.0-1176-azure - 4.15.0-1176.191~16.04.1 linux-modules-extra-4.15.0-1176-azure - 4.15.0-1176.191~16.04.1 linux-tools-4.15.0-1176-azure - 4.15.0-1176.191~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-224-generic - 4.15.0-224.236~16.04.1 linux-buildinfo-4.15.0-224-lowlatency - 4.15.0-224.236~16.04.1 linux-cloud-tools-4.15.0-224-generic - 4.15.0-224.236~16.04.1 linux-cloud-tools-4.15.0-224-lowlatency - 4.15.0-224.236~16.04.1 linux-headers-4.15.0-224 - 4.15.0-224.236~16.04.1 linux-headers-4.15.0-224-generic - 4.15.0-224.236~16.04.1 linux-headers-4.15.0-224-lowlatency - 4.15.0-224.236~16.04.1 linux-hwe-cloud-tools-4.15.0-224 - 4.15.0-224.236~16.04.1 linux-hwe-tools-4.15.0-224 - 4.15.0-224.236~16.04.1 linux-image-4.15.0-224-generic - 4.15.0-224.236~16.04.1 linux-image-4.15.0-224-lowlatency - 4.15.0-224.236~16.04.1 linux-image-unsigned-4.15.0-224-generic - 4.15.0-224.236~16.04.1 linux-image-unsigned-4.15.0-224-lowlatency - 4.15.0-224.236~16.04.1 linux-modules-4.15.0-224-generic - 4.15.0-224.236~16.04.1 linux-modules-4.15.0-224-lowlatency - 4.15.0-224.236~16.04.1 linux-modules-extra-4.15.0-224-generic - 4.15.0-224.236~16.04.1 linux-source-4.15.0 - 4.15.0-224.236~16.04.1 linux-tools-4.15.0-224-generic - 4.15.0-224.236~16.04.1 linux-tools-4.15.0-224-lowlatency - 4.15.0-224.236~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 4.15.0.1130.141~16.04.1 linux-image-oracle - 4.15.0.1130.141~16.04.1 linux-oracle - 4.15.0.1130.141~16.04.1 linux-signed-image-oracle - 4.15.0.1130.141~16.04.1 linux-signed-oracle - 4.15.0.1130.141~16.04.1 linux-tools-oracle - 4.15.0.1130.141~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp - 4.15.0.1161.178~16.04.1 linux-gke - 4.15.0.1161.178~16.04.1 linux-headers-gcp - 4.15.0.1161.178~16.04.1 linux-headers-gke - 4.15.0.1161.178~16.04.1 linux-image-gcp - 4.15.0.1161.178~16.04.1 linux-image-gke - 4.15.0.1161.178~16.04.1 linux-modules-extra-gcp - 4.15.0.1161.178~16.04.1 linux-modules-extra-gke - 4.15.0.1161.178~16.04.1 linux-tools-gcp - 4.15.0.1161.178~16.04.1 linux-tools-gke - 4.15.0.1161.178~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-edge - 4.15.0.1167.180~16.04.1 linux-aws-hwe - 4.15.0.1167.180~16.04.1 linux-headers-aws-hwe - 4.15.0.1167.180~16.04.1 linux-image-aws-hwe - 4.15.0.1167.180~16.04.1 linux-modules-extra-aws-hwe - 4.15.0.1167.180~16.04.1 linux-tools-aws-hwe - 4.15.0.1167.180~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 4.15.0.1176.191~16.04.1 linux-azure-edge - 4.15.0.1176.191~16.04.1 linux-cloud-tools-azure - 4.15.0.1176.191~16.04.1 linux-cloud-tools-azure-edge - 4.15.0.1176.191~16.04.1 linux-headers-azure - 4.15.0.1176.191~16.04.1 linux-headers-azure-edge - 4.15.0.1176.191~16.04.1 linux-image-azure - 4.15.0.1176.191~16.04.1 linux-image-azure-edge - 4.15.0.1176.191~16.04.1 linux-modules-extra-azure - 4.15.0.1176.191~16.04.1 linux-modules-extra-azure-edge - 4.15.0.1176.191~16.04.1 linux-signed-azure - 4.15.0.1176.191~16.04.1 linux-signed-azure-edge - 4.15.0.1176.191~16.04.1 linux-signed-image-azure - 4.15.0.1176.191~16.04.1 linux-signed-image-azure-edge - 4.15.0.1176.191~16.04.1 linux-tools-azure - 4.15.0.1176.191~16.04.1 linux-tools-azure-edge - 4.15.0.1176.191~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-hwe-16.04 - 4.15.0.224.236~16.04.1 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.224.236~16.04.1 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.224.236~16.04.1 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.224.236~16.04.1 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.224.236~16.04.1 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.224.236~16.04.1 linux-generic-hwe-16.04 - 4.15.0.224.236~16.04.1 linux-generic-hwe-16.04-edge - 4.15.0.224.236~16.04.1 linux-headers-generic-hwe-16.04 - 4.15.0.224.236~16.04.1 linux-headers-generic-hwe-16.04-edge - 4.15.0.224.236~16.04.1 linux-headers-lowlatency-hwe-16.04 - 4.15.0.224.236~16.04.1 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.224.236~16.04.1 linux-headers-oem - 4.15.0.224.236~16.04.1 linux-headers-virtual-hwe-16.04 - 4.15.0.224.236~16.04.1 linux-headers-virtual-hwe-16.04-edge - 4.15.0.224.236~16.04.1 linux-image-extra-virtual-hwe-16.04 - 4.15.0.224.236~16.04.1 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.224.236~16.04.1 linux-image-generic-hwe-16.04 - 4.15.0.224.236~16.04.1 linux-image-generic-hwe-16.04-edge - 4.15.0.224.236~16.04.1 linux-image-lowlatency-hwe-16.04 - 4.15.0.224.236~16.04.1 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.224.236~16.04.1 linux-image-oem - 4.15.0.224.236~16.04.1 linux-image-virtual-hwe-16.04 - 4.15.0.224.236~16.04.1 linux-image-virtual-hwe-16.04-edge - 4.15.0.224.236~16.04.1 linux-lowlatency-hwe-16.04 - 4.15.0.224.236~16.04.1 linux-lowlatency-hwe-16.04-edge - 4.15.0.224.236~16.04.1 linux-oem - 4.15.0.224.236~16.04.1 linux-signed-generic-hwe-16.04 - 4.15.0.224.236~16.04.1 linux-signed-generic-hwe-16.04-edge - 4.15.0.224.236~16.04.1 linux-signed-image-generic-hwe-16.04 - 4.15.0.224.236~16.04.1 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.224.236~16.04.1 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.224.236~16.04.1 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.224.236~16.04.1 linux-signed-image-oem - 4.15.0.224.236~16.04.1 linux-signed-lowlatency-hwe-16.04 - 4.15.0.224.236~16.04.1 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.224.236~16.04.1 linux-signed-oem - 4.15.0.224.236~16.04.1 linux-tools-generic-hwe-16.04 - 4.15.0.224.236~16.04.1 linux-tools-generic-hwe-16.04-edge - 4.15.0.224.236~16.04.1 linux-tools-lowlatency-hwe-16.04 - 4.15.0.224.236~16.04.1 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.224.236~16.04.1 linux-tools-oem - 4.15.0.224.236~16.04.1 linux-tools-virtual-hwe-16.04 - 4.15.0.224.236~16.04.1 linux-tools-virtual-hwe-16.04-edge - 4.15.0.224.236~16.04.1 linux-virtual-hwe-16.04 - 4.15.0.224.236~16.04.1 linux-virtual-hwe-16.04-edge - 4.15.0.224.236~16.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-1382 CVE-2023-1838 CVE-2023-1998 CVE-2023-24023 CVE-2023-51043 CVE-2023-51779 CVE-2023-52429 CVE-2023-52445 CVE-2023-52451 CVE-2023-52464 CVE-2023-52600 CVE-2023-52603 CVE-2023-6915 CVE-2024-0639 CVE-2024-23851 Ubuntu 16.04 LTS Hugo van Kemenade discovered that Pillow was not properly performing bounds checks when processing an ICC file, which could lead to a buffer overflow. If a user or automated system were tricked into processing a specially crafted ICC file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6744-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-imaging - 3.1.2-0ubuntu1.6+esm2 python-pil - 3.1.2-0ubuntu1.6+esm2 python-pil-doc - 3.1.2-0ubuntu1.6+esm2 python-pil.imagetk - 3.1.2-0ubuntu1.6+esm2 python3-pil - 3.1.2-0ubuntu1.6+esm2 python3-pil.imagetk - 3.1.2-0ubuntu1.6+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2024-28219 Ubuntu 16.04 LTS It was discovered that in Percona XtraBackup, a local crafted filename could trigger arbitrary code execution. Update Instructions: Run `sudo pro fix USN-6745-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: percona-xtrabackup - 2.3.7-0ubuntu0.16.04.2+esm1 percona-xtrabackup-test - 2.3.7-0ubuntu0.16.04.2+esm1 xtrabackup - 2.3.7-0ubuntu0.16.04.2+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-25834 Ubuntu 16.04 LTS It was discovered that Zabbix incorrectly handled input data in the discovery and graphs pages. A remote authenticated attacker could possibly use this issue to perform reflected cross-site scripting (XSS) attacks. (CVE-2022-35229, CVE-2022-35230) Update Instructions: Run `sudo pro fix USN-6751-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: zabbix-agent - 1:2.4.7+dfsg-2ubuntu2.1+esm4 zabbix-frontend-php - 1:2.4.7+dfsg-2ubuntu2.1+esm4 zabbix-java-gateway - 1:2.4.7+dfsg-2ubuntu2.1+esm4 zabbix-proxy-mysql - 1:2.4.7+dfsg-2ubuntu2.1+esm4 zabbix-proxy-pgsql - 1:2.4.7+dfsg-2ubuntu2.1+esm4 zabbix-proxy-sqlite3 - 1:2.4.7+dfsg-2ubuntu2.1+esm4 zabbix-server-mysql - 1:2.4.7+dfsg-2ubuntu2.1+esm4 zabbix-server-pgsql - 1:2.4.7+dfsg-2ubuntu2.1+esm4 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-35229 CVE-2022-35230 Ubuntu 16.04 LTS Thomas Neil James Shadwell discovered that CryptoJS was using an insecure cryptographic default configuration. A remote attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-6753-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjs-cryptojs - 3.1.2+dfsg-2ubuntu0.16.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-46233 Ubuntu 16.04 LTS It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511, CVE-2019-9513) It was discovered that nghttp2 incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487) It was discovered that nghttp2 could be made to process an unlimited number of HTTP/2 CONTINUATION frames. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. (CVE-2024-28182) Update Instructions: Run `sudo pro fix USN-6754-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnghttp2-14 - 1.7.1-1ubuntu0.1~esm2 libnghttp2-dev - 1.7.1-1ubuntu0.1~esm2 libnghttp2-doc - 1.7.1-1ubuntu0.1~esm2 nghttp2 - 1.7.1-1ubuntu0.1~esm2 nghttp2-client - 1.7.1-1ubuntu0.1~esm2 nghttp2-proxy - 1.7.1-1ubuntu0.1~esm2 nghttp2-server - 1.7.1-1ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-9511 CVE-2019-9513 CVE-2023-44487 CVE-2024-28182 Ubuntu 16.04 LTS It was discovered that less mishandled newline characters in file names. If a user or automated system were tricked into opening specially crafted files, an attacker could possibly use this issue to execute arbitrary commands on the host. Update Instructions: Run `sudo pro fix USN-6756-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: less - 481-2.1ubuntu0.2+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2024-32487 Ubuntu 16.04 LTS It was discovered that PHP incorrectly handled PHP_CLI_SERVER_WORKERS variable. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-4900) It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to cookie by pass. (CVE-2024-2756) It was discovered that PHP incorrectly handled some passwords. An attacker could possibly use this issue to cause an account takeover attack. (CVE-2024-3096) Update Instructions: Run `sudo pro fix USN-6757-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-php7.0 - 7.0.33-0ubuntu0.16.04.16+esm9 libphp7.0-embed - 7.0.33-0ubuntu0.16.04.16+esm9 php7.0 - 7.0.33-0ubuntu0.16.04.16+esm9 php7.0-bcmath - 7.0.33-0ubuntu0.16.04.16+esm9 php7.0-bz2 - 7.0.33-0ubuntu0.16.04.16+esm9 php7.0-cgi - 7.0.33-0ubuntu0.16.04.16+esm9 php7.0-cli - 7.0.33-0ubuntu0.16.04.16+esm9 php7.0-common - 7.0.33-0ubuntu0.16.04.16+esm9 php7.0-curl - 7.0.33-0ubuntu0.16.04.16+esm9 php7.0-dba - 7.0.33-0ubuntu0.16.04.16+esm9 php7.0-dev - 7.0.33-0ubuntu0.16.04.16+esm9 php7.0-enchant - 7.0.33-0ubuntu0.16.04.16+esm9 php7.0-fpm - 7.0.33-0ubuntu0.16.04.16+esm9 php7.0-gd - 7.0.33-0ubuntu0.16.04.16+esm9 php7.0-gmp - 7.0.33-0ubuntu0.16.04.16+esm9 php7.0-imap - 7.0.33-0ubuntu0.16.04.16+esm9 php7.0-interbase - 7.0.33-0ubuntu0.16.04.16+esm9 php7.0-intl - 7.0.33-0ubuntu0.16.04.16+esm9 php7.0-json - 7.0.33-0ubuntu0.16.04.16+esm9 php7.0-ldap - 7.0.33-0ubuntu0.16.04.16+esm9 php7.0-mbstring - 7.0.33-0ubuntu0.16.04.16+esm9 php7.0-mcrypt - 7.0.33-0ubuntu0.16.04.16+esm9 php7.0-mysql - 7.0.33-0ubuntu0.16.04.16+esm9 php7.0-odbc - 7.0.33-0ubuntu0.16.04.16+esm9 php7.0-opcache - 7.0.33-0ubuntu0.16.04.16+esm9 php7.0-pgsql - 7.0.33-0ubuntu0.16.04.16+esm9 php7.0-phpdbg - 7.0.33-0ubuntu0.16.04.16+esm9 php7.0-pspell - 7.0.33-0ubuntu0.16.04.16+esm9 php7.0-readline - 7.0.33-0ubuntu0.16.04.16+esm9 php7.0-recode - 7.0.33-0ubuntu0.16.04.16+esm9 php7.0-snmp - 7.0.33-0ubuntu0.16.04.16+esm9 php7.0-soap - 7.0.33-0ubuntu0.16.04.16+esm9 php7.0-sqlite3 - 7.0.33-0ubuntu0.16.04.16+esm9 php7.0-sybase - 7.0.33-0ubuntu0.16.04.16+esm9 php7.0-tidy - 7.0.33-0ubuntu0.16.04.16+esm9 php7.0-xml - 7.0.33-0ubuntu0.16.04.16+esm9 php7.0-xmlrpc - 7.0.33-0ubuntu0.16.04.16+esm9 php7.0-xsl - 7.0.33-0ubuntu0.16.04.16+esm9 php7.0-zip - 7.0.33-0ubuntu0.16.04.16+esm9 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-4900 CVE-2024-2756 CVE-2024-3096 Ubuntu 16.04 LTS George-Andrei Iosif and David Fernandez Gonzalez discovered that Gerbv did not properly initialize a data structure when parsing certain nested RS-274X format files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service (application crash). Update Instructions: Run `sudo pro fix USN-6760-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gerbv - 2.6.0-1ubuntu0.16.04.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Low CVE-2023-4508 Ubuntu 16.04 LTS It was discovered that Anope did not properly process credentials for suspended accounts. An attacker could possibly use this issue to normally login to the platform as a suspended user after changing their password. Update Instructions: Run `sudo pro fix USN-6761-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: anope - 2.0.3-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2024-30187 Ubuntu 16.04 LTS It was discovered that GNU C Library incorrectly handled netgroup requests. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9984) It was discovered that GNU C Library might allow context-dependent attackers to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-20109) It was discovered that GNU C Library when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. This issue only affected Ubuntu 14.04 LTS. (CVE-2018-11236) It was discovered that the GNU C library getcwd function incorrectly handled buffers. An attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2021-3999) Charles Fol discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2024-2961) Update Instructions: Run `sudo pro fix USN-6762-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: glibc-doc - 2.23-0ubuntu11.3+esm6 glibc-source - 2.23-0ubuntu11.3+esm6 libc-bin - 2.23-0ubuntu11.3+esm6 libc-dev-bin - 2.23-0ubuntu11.3+esm6 libc6 - 2.23-0ubuntu11.3+esm6 libc6-amd64 - 2.23-0ubuntu11.3+esm6 libc6-armel - 2.23-0ubuntu11.3+esm6 libc6-dev - 2.23-0ubuntu11.3+esm6 libc6-dev-amd64 - 2.23-0ubuntu11.3+esm6 libc6-dev-armel - 2.23-0ubuntu11.3+esm6 libc6-dev-i386 - 2.23-0ubuntu11.3+esm6 libc6-dev-s390 - 2.23-0ubuntu11.3+esm6 libc6-dev-x32 - 2.23-0ubuntu11.3+esm6 libc6-i386 - 2.23-0ubuntu11.3+esm6 libc6-pic - 2.23-0ubuntu11.3+esm6 libc6-s390 - 2.23-0ubuntu11.3+esm6 libc6-x32 - 2.23-0ubuntu11.3+esm6 locales - 2.23-0ubuntu11.3+esm6 locales-all - 2.23-0ubuntu11.3+esm6 multiarch-support - 2.23-0ubuntu11.3+esm6 nscd - 2.23-0ubuntu11.3+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2014-9984 CVE-2015-20109 CVE-2018-11236 CVE-2021-3999 CVE-2024-2961 https://launchpad.net/bugs/2063328 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 1:38.7.2+build1-0ubuntu0.16.04.1 46.0+build5-0ubuntu0.16.04.2 46.0.1+build1-0ubuntu0.16.04.2 2.52.2-1ubuntu0.1 2:4.3.9+dfsg-0ubuntu0.16.04.1 2:4.3.9+dfsg-0ubuntu0.16.04.2 5.7.12-0ubuntu1 1.14.7-0ubuntu1 1.0.27.1 4.7-3ubuntu0.16.04.1 1.0.2g-1ubuntu4.1 1.14.9-0ubuntu0.16.04.1 8u91-b14-0ubuntu4~16.04.1 4.4.0-22.39 4.4.0-1010.12 4.4.0-1013.14 1:38.8.0+build1-0ubuntu0.16.04.1 1:2.5+dfsg-5ubuntu10.1 4.4.0-22.40 4.4.0-1010.13 4.4.0-1013.15 1.4-2ubuntu0.16.04.1 3.1.2-11ubuntu0.16.04.1 1.3.3-1ubuntu0.16.04.1 2.1.0-7ubuntu0.16.04.1 7.0.4-7ubuntu2.1 3.0.28-2ubuntu0.1 2.1.1-4ubuntu0.16.04.1 2.0.2-0ubuntu1~16.04.1 8:6.8.9.9-7ubuntu5.1 1.10.0-0ubuntu0.16.04.2 1.15.7-0ubuntu0.16.04.1 47.0+build3-0ubuntu0.16.04.1 2.9.3+dfsg1-1ubuntu0.1 3.5.12-1ubuntu7.2 4.4.0-24.43 4.4.0-1012.16 4.4.0-1015.18 2.75-1ubuntu0.16.04.1 2.1.0-7ubuntu0.16.04.2 1.6.3-1ubuntu0.1 1.17.1-1ubuntu1.1 0.12.6-4ubuntu0.1 1.15.8-0ubuntu0.16.04.1 4.4.0-28.47 4.4.0-1016.22 4.4.0-1019.22 1.0.2+LibO5.1.4-0ubuntu1 1.2.0+LibO5.1.4-0ubuntu1 1:5.1.4-0ubuntu1 2:102.7+LibO5.1.4-0ubuntu1 5.1.4-0ubuntu1 1:45.2.0+build1-0ubuntu0.16.04.1 7.0.68-1ubuntu0.1 1.2.0+dfsg-3~ubuntu0.2 1.0.10-2ubuntu0.1 8.0.32-1ubuntu1.1 2:4.12-0ubuntu0.16.04.1 2:3.23-0ubuntu0.16.04.1 2.1.1-4ubuntu0.16.04.2 111-0ubuntu1.1 3.1.2-11ubuntu0.16.04.2 2.4.18-2ubuntu3.1 1.8.7-1ubuntu5.1 5.7.13-0ubuntu0.16.04.2 1.16.5-0ubuntu0.16.04.1 8u91-b14-3ubuntu1~16.04.1 48.0+build2-0ubuntu0.16.04.1 7.0.8-0ubuntu0.16.04.2 1:2.5+dfsg-5ubuntu10.3 1:2.5+dfsg-5ubuntu10.4 7.47.0-1ubuntu2.1 4.4.0-34.53 4.4.0-1019.25 4.4.0-1022.25 1.17.7-0ubuntu0.16.04.1 0.54.2-1.1ubuntu0.1 2.1.1-4ubuntu0.16.04.3 1:7.2p2-4ubuntu2.1 2.11.94-0ubuntu1.1 1.4.20-1ubuntu3.1 1.5.4-3+really1.6.5-2ubuntu0.2 1.6.5-2ubuntu0.2 9.5.4-0ubuntu0.16.04 1.0.1-1ubuntu0.1 1.32-3ubuntu1.1 3.18.2-1ubuntu2.1 4.4.0-36.55 4.4.0-1021.27 4.4.0-1024.27 1:45.3.0+build1-0ubuntu0.16.04.2 3.16.5-0ubuntu1.2 1.4.7-1ubuntu0.1 49.0+build4-0ubuntu0.16.04.1 5.7.15-0ubuntu0.16.04.1 2.12.5-0ubuntu0.16.04.1 8.0.32-1ubuntu1.2 6.0.45+dfsg-1ubuntu0.2 4.4.0-38.57 4.4.0-1023.29 4.4.0-1026.29 2.32.2-1ubuntu1.2 0.8.19-1ubuntu1.2 1.0.2g-1ubuntu4.4 1.0.2g-1ubuntu4.5 1:9.10.3.dfsg.P4-8ubuntu1.1 1.8.7-1ubuntu5.2 1.17.9-0ubuntu0.16.04.1 2:4.3.11+dfsg-0ubuntu0.16.04.1 0.99.2+dfsg-0ubuntu0.16.04.1 229-4ubuntu10 7.0.8-0ubuntu0.16.04.3 1:4.2.8p4+dfsg-3ubuntu5.3 4.4.0-42.62 4.4.0-1027.33 4.4.0-1030.33 1.6.2-0ubuntu1.1 0.99.24.1-2ubuntu1.1 4.4.0-45.66 4.4.0-1029.36 4.4.0-1032.36 5.7.16-0ubuntu0.16.04.1 0.99.24.1-2ubuntu1.2 49.0.2+build2-0ubuntu0.16.04.2 1:45.4.0+build1-0ubuntu0.16.04.1 1.18.3-0ubuntu0.16.04.1 1.10.0-0ubuntu0.16.04.3 1.10.0-0ubuntu0.16.04.4 1.8.7-1ubuntu5.4 1.10.6-1ubuntu3.1 2.1.1-4ubuntu0.16.04.5 1:2.1.20-1ubuntu0.1 1:9.10.3.dfsg.P4-8ubuntu1.2 1.4.25-2ubuntu1.2 8u111-b14-2ubuntu0.16.04.2 304.132-0ubuntu0.16.04.2 340.98-0ubuntu0.16.04.1 367.57-0ubuntu0.16.04.1 7.47.0-1ubuntu2.2 50.0+build2-0ubuntu0.16.04.2 1:2.5+dfsg-5ubuntu10.6 4.4.0-47.68 4.4.0-1035.39 8:6.8.9.9-7ubuntu5.2 1.28-2.1ubuntu0.1 1.18.5-0ubuntu0.16.04.1 2.7.12-1ubuntu0~16.04.1 3.5.2-2ubuntu0~16.04.1 1.8.2-1ubuntu0.2 1.8.2-1ubuntu0.3 2.0.5-0ubuntu1~ubuntu16.04.3 1.9.8-1ubuntu1.16.04.1 1.2.3-1ubuntu0.1 2:7.4.1689-3ubuntu1.2 50.0.2+build1-0ubuntu0.16.04.1 1:45.5.1+build1-0ubuntu0.16.04.1 8:6.8.9.9-7ubuntu5.3 8:6.8.9.9-7ubuntu5.4 1.10.0-3ubuntu0.1 4.4.0-51.72 9.18~dfsg~0-0ubuntu2.2 4.4.0-53.74 4.4.0-1039.43 4.4.0-1034.41 1.19.4-0ubuntu0.16.04.1 50.1.0+build2-0ubuntu0.16.04.1 1.2.15ubuntu0.2 2.20.1-0ubuntu2.4 2:4.3.11+dfsg-0ubuntu0.16.04.3 4.4.0-57.78 4.4.0-1038.45 4.4.0-1042.46 2:3.26.2-0ubuntu0.16.04.2 4.86.2-2ubuntu2.1 1:45.7.0+build1-0ubuntu0.16.04.1 2.14.2-0ubuntu0.16.04.1 4.4.0-59.80 4.4.0-1040.47 4.4.0-1044.48 0.9.10+dfsg-3ubuntu0.16.04.1 1:9.10.3.dfsg.P4-8ubuntu1.4 304.134-0ubuntu0.16.04.1 340.101-0ubuntu0.16.04.1 375.39-0ubuntu0.16.04.1 5.7.17-0ubuntu0.16.04.1 51.0.1+build2-0ubuntu0.16.04.1 51.0.1+build2-0ubuntu0.16.04.2 1.8.14-1ubuntu1.16.04.1 8.0.32-1ubuntu1.3 8u121-b13-0ubuntu1.16.04.2 1.20.4-0ubuntu0.16.04.1 1.0.2g-1ubuntu4.6 1:2015.3.14AR.1-1ubuntu0.1 3.4.10-4ubuntu1.2 0.8.19-1ubuntu1.3 1:3.5.11-1ubuntu0.16.04.1 1.5.1-1ubuntu0.1 4.4.0-1042.49 4.4.0-1046.50 4.4.0-62.83 2.14.3-0ubuntu0.16.04.1 3.5.12-1ubuntu7.3 3.2-1ubuntu0.16.04.1 13.2.0-0ubuntu1.16.04.1 1:7.4.2-7.3ubuntu0.1 2.6.1-6ubuntu0.16.04.1 2.6.1-6ubuntu0.16.04.2 2.14.5-0ubuntu0.16.04.1 1:9.10.3.dfsg.P4-8ubuntu1.5 0.12.6-4ubuntu0.2 4.9.0-1ubuntu1~ubuntu16.04.1 4.4.0-1048.52 4.4.0-64.85 1.0.2+LibO5.1.6~rc2-0ubuntu1~xenial1 1.2.0+LibO5.1.6~rc2-0ubuntu1~xenial1 1:5.1.6~rc2-0ubuntu1~xenial1 2:102.7+LibO5.1.6~rc2-0ubuntu1~xenial1 5.1.6~rc2-0ubuntu1~xenial1 7.0.15-0ubuntu0.16.04.2 7.0.15-0ubuntu0.16.04.4 4.0.6-1ubuntu0.1 4.0.6-1ubuntu0.2 2.1.1-4ubuntu0.16.04.6 52.0+build2-0ubuntu0.16.04.1 52.0.2+build1-0ubuntu0.16.04.1 1.2.6-0ubuntu0.16.04.2 4.4.0-1005.6 4.4.0-1046.53 4.4.0-1050.54 4.4.0-66.87 4.4.0-1007.16 4.8.0-41.44~16.04.1 8:6.8.9.9-7ubuntu5.5 2.0.7-0ubuntu1~16.04.2 3.1.2-11ubuntu0.16.04.3 55.1-7ubuntu0.1 2.0.21-stable-2ubuntu0.16.04.1 3.1.2-0ubuntu1.1 8:6.8.9.9-7ubuntu5.6 1:45.8.0+build1-0ubuntu0.16.04.1 4.4.0-1006.6 4.4.0-1009.18 4.4.0-1048.55 4.4.0-1051.55 4.4.0-67.88 2.9.3+dfsg1-1ubuntu0.2 1.21.5-0ubuntu0.16.04.1 2.6.1-0.1ubuntu2.1 52.0.1+build2-0ubuntu0.16.04.1 2.23-0ubuntu6 2.23-0ubuntu7 304.135-0ubuntu0.16.04.1 340.102-0ubuntu0.16.04.1 375.39-0ubuntu0.16.04.1 2:4.3.11+dfsg-0ubuntu0.16.04.5 2:4.3.11+dfsg-0ubuntu0.16.04.6 1.8.3-1ubuntu0.2 1.8.3-1ubuntu0.4 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.04.1 2.10.95-0ubuntu2.6 4.4.0-1009.9 4.4.0-1012.21 4.4.0-1051.58 4.4.0-1054.58 4.4.0-71.92 4.8.0-45.48~16.04.1 3.5.1.dfsg-2.1ubuntu1.1 3.5.1.dfsg-2.1ubuntu1.3 1.8.7-1ubuntu5.5 1.18.3-0ubuntu1.1 4.4.0-1010.10 4.4.0-1013.22 4.4.0-1052.59 4.4.0-1055.59 4.4.0-72.93 4.8.0-46.49~16.04.1 2.16.1-0ubuntu0.16.04.1 1:2.2.22-1ubuntu2.3 1:2.2.22-1ubuntu2.4 1:9.10.3.dfsg.P4-8ubuntu1.6 53.0+build6-0ubuntu0.16.04.1 53.0.2+build1-0ubuntu0.16.04.2 1:2.5+dfsg-5ubuntu10.11 2.6.1-0.1ubuntu2.2 4.4.0-1012.12 4.4.0-1016.25 4.4.0-1054.61 4.4.0-1057.61 4.4.0-75.96 4.8.0-49.52~16.04.1 5.7.18-0ubuntu0.16.04.1 2:3.28.4-0ubuntu0.16.04.1 1.1.28-2.1ubuntu0.1 9.18~dfsg~0-0ubuntu2.4 9.18~dfsg~0-0ubuntu2.6 1.0.2+LibO5.1.6~rc2-0ubuntu1~xenial2 1.2.0+LibO5.1.6~rc2-0ubuntu1~xenial2 1:5.1.6~rc2-0ubuntu1~xenial2 2:102.7+LibO5.1.6~rc2-0ubuntu1~xenial2 5.1.6~rc2-0ubuntu1~xenial2 55.1-7ubuntu0.2 8u131-b11-0ubuntu1.16.04.2 1:4.2-3.1ubuntu5.2 1:4.2-3.1ubuntu5.3 1:52.1.1+build1-0ubuntu0.16.04.1 2.4.18-2ubuntu3.2 2.6.1-0.1ubuntu2.3 2.4+20151223.gitfa8646d-1ubuntu0.1 1:2.7.4-0ubuntu1.1 1:2.5+dfsg-5ubuntu10.14 4.4.0-78.99 4.4.0-1013.13 4.4.0-1017.26 4.4.0-1055.62 4.4.0-1058.62 4.8.0-52.55~16.04.1 4.3-14ubuntu1.2 1.900.1-debian1-2.4ubuntu1.1 2:4.3.11+dfsg-0ubuntu0.16.04.7 0.12+20150918-1ubuntu0.1 1.9.20140610-2ubuntu2.16.04.1 53.0.3+build1-0ubuntu0.16.04.2 2.0.2-0ubuntu0.16.04.2 5.3.5-1ubuntu3.3 8:6.8.9.9-7ubuntu5.7 2.16.3-0ubuntu0.16.04.1 1.8.16-0ubuntu1.4 375.66-0ubuntu0.16.04.1 1.0.25-10ubuntu0.16.04.1 2.4.42+dfsg-2ubuntu3.2 4.7-3ubuntu0.16.04.2 2.5.43ubuntu0.1 3.2.27-1ubuntu0.16.04.1 4.4.0-1014.14 4.4.0-1018.27 4.4.0-1057.64 4.4.0-1059.63 4.4.0-79.100 4.8.0-54.57~16.04.1 54.0+build3-0ubuntu0.16.04.1 0.8.19-1ubuntu1.4 3.4.10-4ubuntu1.3 0.3.7-1ubuntu2.1 0.13.62-3ubuntu0.16.04.1 1:52.2.1+build1-0ubuntu0.16.04.1 4.86.2-2ubuntu2.2 2.23-0ubuntu9 4.4.0-81.104 4.4.0-1016.16 4.4.0-1061.66 4.4.0-1020.29 4.4.0-1059.67 4.8.0-56.61~16.04.1 2:3.28.4-0ubuntu0.16.04.2 1:3.11.0-1ubuntu4.2 2.3.10-1ubuntu2.1 2.4.18-2ubuntu3.3 4.8.0-58.63~16.04.1 4.4.0-1018.18 4.4.0-1022.31 4.4.0-1061.69 4.4.0-1063.68 4.4.0-83.106 1:9.10.3.dfsg.P4-8ubuntu1.7 1:9.10.3.dfsg.P4-8ubuntu1.8 1.5.4-3+really1.6.5-2ubuntu0.3 1.6.5-2ubuntu0.3 2:4.3.11+dfsg-0ubuntu0.16.04.8 1:4.2.8p4+dfsg-3ubuntu5.5 0.41.0-0ubuntu1.2 3.18.2-1ubuntu4.1 1.10.3-0ubuntu0.16.04.2 1.7~git20150920+dfsg-4ubuntu1.16.04.1 2:4.3.11+dfsg-0ubuntu0.16.04.9 2.20.1-0ubuntu2.10 0.12.6-4ubuntu0.3 2.1.0-7ubuntu0.16.04.3 5.7.19-0ubuntu0.16.04.1 4.10.0-27.30~16.04.2 2:1.18.4-0ubuntu0.3 2:1.18.4-1ubuntu6.1~16.04.2 8:6.8.9.9-7ubuntu5.8 8:6.8.9.9-7ubuntu5.9 4.4.0-1065.73 4.4.0-1067.72 4.4.0-87.110 4.4.0-1022.22 4.4.0-1026.35 2.3.1-2~16.04.2 8u131-b11-2ubuntu1.16.04.2 8u131-b11-2ubuntu1.16.04.3 7.11.1-0ubuntu1~16.5 20160215-1ubuntu0.2 2.2.8+dfsg-0.1ubuntu0.1 2.4.18-2ubuntu3.4 4.10.0-28.32~16.04.2 3.5.7-1ubuntu0.16.04.2 2.16.6-0ubuntu0.16.04.1 4.10.0-30.34~16.04.1 4.4.0-1024.24 4.4.0-1028.37 4.4.0-1067.75 4.4.0-1069.74 4.4.0-89.112 0.22.0+git20160108.r1.f2fb1f7-0ubuntu1.1 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 7.0.22-0ubuntu0.16.04.1 2.52.2-1ubuntu0.2 4.10.0-32.36~16.04.1 4.4.0-1026.26 4.4.0-1030.39 4.4.0-1069.77 4.4.0-1071.76 4.4.0-91.114 1:2.7.4-0ubuntu1.2 1.9.3-2ubuntu1.1 2.1.1-4ubuntu0.16.04.7 9.5.8-0ubuntu0.16.04.1 55.0.1+build2-0ubuntu0.16.04.2 3.4-0ubuntu0.16.04.1 55.0.2+build1-0ubuntu0.16.04.1 4.4.0-1027.27 4.4.0-1031.40 4.4.0-1070.78 4.4.0-1072.77 4.4.0-92.115 0.99.2+dfsg-0ubuntu0.16.04.2 0.5-1ubuntu0.16.04.1 1.10.0-3ubuntu0.2 5.3.5-1ubuntu3.4 1.3.10-0ubuntu0.16.04.1 2:1.12.13+real-15ubuntu0.1 1.4.0-0ubuntu1.1 2015.20160320-1ubuntu0.1 3.0.0-3ubuntu1.16.04.1 9.18~dfsg~0-0ubuntu2.7 4.10.0-33.37~16.04.1 4.4.0-1028.28 4.4.0-1032.41 4.4.0-1071.79 4.4.0-1073.78 4.4.0-93.116 1.3.0-1ubuntu0.1 2.6.4-2ubuntu0.1 2.1.1-4ubuntu0.16.04.8 2.7.0-2ubuntu3.1 5.37-0ubuntu5.1 1:2.5+dfsg-5ubuntu10.15 1:2.5+dfsg-5ubuntu10.16 4.9.2-0ubuntu0.16.04.1 1:52.3.0+build1-0ubuntu0.16.04.1 2.32.2-1ubuntu1.3 4.10.0-35.39~16.04.1 4.4.0-1007.12 4.4.0-1031.31 4.4.0-1035.44 4.4.0-1074.82 4.4.0-1076.81 4.4.0-96.119 0.10-3ubuntu0.1~esm1 2.9.3+dfsg1-1ubuntu0.3 2.4.18-2ubuntu3.5 2:4.3.11+dfsg-0ubuntu0.16.04.11 24.5+1-6ubuntu1.1 1.12-3.1ubuntu0.16.04.1 2.75-1ubuntu0.16.04.3 2:3.28.4-0ubuntu0.16.04.3 20170717~16.04.1 0.41.0-0ubuntu1.3 1.32-3ubuntu1.2 56.0+build6-0ubuntu0.16.04.1 56.0+build6-0ubuntu0.16.04.2 1:52.4.0+build1-0ubuntu0.16.04.2 1:2.7.4-0ubuntu1.3 0.41.0-0ubuntu1.4 7.47.0-1ubuntu2.3 1:1.5.1-1ubuntu0.16.04.3 1:2.0.1-3~ubuntu16.04.2 4.10.0-37.41~16.04.1 4.10.0-1007.7 4.4.0-1008.13 4.4.0-1032.32 4.4.0-1038.47 4.4.0-1075.83 4.4.0-1077.82 4.4.0-97.120 2:9.3.0-0ubuntu3.1 2.5.2-0ubuntu0.16.04.2 2:1.18.4-0ubuntu0.6 2:1.19.3-1ubuntu1~16.04.3 1:2.4-0ubuntu6.2 2.4-0ubuntu6.2 2:1.18.4-0ubuntu0.7 2:1.19.3-1ubuntu1~16.04.4 7.47.0-1ubuntu2.4 55.1-7ubuntu0.3 5.7.20-0ubuntu0.16.04.1 2.18.0-0ubuntu0.16.04.2 384.90-0ubuntu0.16.04.1 1.1.14-2ubuntu1.2 0.10.4+dfsg1-1ubuntu1.1 1.17.1-1ubuntu1.3 0.8.19-1ubuntu1.5 0.41.0-0ubuntu1.5 4.10.0-38.42~16.04.1 4.10.0-1008.8 4.4.0-1009.14 4.4.0-1033.33 4.4.0-1039.48 4.4.0-1076.84 4.4.0-1078.83 4.4.0-98.121 0.99.24.1-2ubuntu1.3 8u151-b12-0ubuntu0.16.04.2 1.0.2g-1ubuntu4.9 173ubuntu0.1 9.5+173ubuntu0.1 57.0+build4-0ubuntu0.16.04.5 57.0+build4-0ubuntu0.16.04.6 57.0.1+build2-0ubuntu0.16.04.1 57.0.3+build1-0ubuntu0.16.04.1 5.22.1-9ubuntu0.2 9.5.10-0ubuntu0.16.04 2.20.1-0ubuntu2.12 2.20.1-0ubuntu2.13 2.20.1-0ubuntu2.15 2.18.3-0ubuntu0.16.04.1 3.22-25ubuntu0.16.04.1 4.10.0-40.44~16.04.1 4.10.0-1009.9 4.4.0-101.124 4.4.0-1010.15 4.4.0-1034.34 4.4.0-1041.50 4.4.0-1077.85 4.4.0-1079.84 2:4.3.11+dfsg-0ubuntu0.16.04.12 4.11.0-1015.15 5.3.28-11ubuntu0.1 1:52.5.0+build1-0ubuntu0.16.04.1 1.6.17-8ubuntu0.1 0.17.1-1ubuntu0.1 2.0123+dfsg-1ubuntu0.1 0.7.6-1ubuntu0.16.04.1 2.7.12-1ubuntu0~16.04.2 3.5.2-2ubuntu0~16.04.4 7.47.0-1ubuntu2.5 1:1.5.1-1ubuntu0.16.04.4 1:2.0.1-3~ubuntu16.04.3 1:1.1.14-1ubuntu0.16.04.1 3.18.2-1ubuntu4.3 2.9.3+dfsg1-1ubuntu0.4 1.157.14 3.1.1-3ubuntu1.1 4.13.0-1002.5 4.10.0-42.46~16.04.1 4.4.0-1012.17 4.4.0-103.126 4.4.0-1043.52 4.4.0-1079.87 4.4.0-1081.86 4.4.0-1013.18 4.4.0-104.127 4.4.0-1044.53 4.4.0-1080.88 4.11.0-1016.16 1.0.2g-1ubuntu4.10 2.9.3+dfsg1-1ubuntu0.5 2.18.4-0ubuntu0.16.04.1 2.3.1-2~16.04.4 57.0.4+build1-0ubuntu0.16.04.1 0.41.0-0ubuntu1.6 7.4+dfsg-1ubuntu0.2 8.0.32-1ubuntu1.5 3.0.0-3ubuntu1.16.04.3 384.111-0ubuntu0.16.04.1 4.4.0-1015.20 4.4.0-1047.56 4.4.0-108.131 4.4.0-9021.22 4.4.0-109.132 4.13.0-1005.7 4.13.0-1006.9 4.13.0-1015.16 4.13.0-26.29~16.04.2 1.13.4-1ubuntu1.10 0.8.19-1ubuntu1.6 2.3.1-2~16.04.5 1:52.6.0+build1-0ubuntu0.16.04.1 2.18.5-0ubuntu0.16.04.1 3.20180108.0~ubuntu16.04.2 3.20180108.0+really20170707ubuntu16.04.1 3.20180312.0~ubuntu16.04.1 2.32.2-1ubuntu1.4 2.84-3ubuntu3.1 2.23-0ubuntu10 1:9.10.3.dfsg.P4-8ubuntu1.10 5.7.21-0ubuntu0.16.04.1 1:7.2p2-4ubuntu2.4 4.4.0-1049.58 4.4.0-112.135 4.4.0-9023.24 4.13.0-1006.8 4.13.0-1007.10 4.13.0-1017.18 4.13.0-31.34~16.04.1 3.1.1-3ubuntu1.2 58.0+build6-0ubuntu0.16.04.1 58.0.2+build1-0ubuntu0.16.04.1 1:52.7.0+build1-0ubuntu0.16.04.1 0.7-1ubuntu0.1 4.7-3ubuntu0.16.04.3 4.13.0-1007.9 4.13.0-1008.11 4.13.0-1019.20 4.13.0-32.35~16.04.1 4.4.0-1017.22 0.99.3+addedllvm-0ubuntu0.16.04.1 2.18.6-0ubuntu0.16.04.1 58.0.1+build1-0ubuntu0.16.04.1 2.3.1-2~16.04.6 7.47.0-1ubuntu2.6 0.5.3-26ubuntu0.2 1:2.2.22-1ubuntu2.6 3.5.12-1ubuntu7.5 229-4ubuntu21.1 1:2.5+dfsg-5ubuntu10.20 1.3.1-1ubuntu10.17 1.9.20140610-2ubuntu2.16.04.2 1:2.1.20-1ubuntu0.3 9.5.11-0ubuntu0.16.04 4.86.2-2ubuntu2.3 4.75.2-2ubuntu0.1 1.3.5-3ubuntu0.1 1.20-1ubuntu0.1 1:18.3-dfsg-1ubuntu3.1 0.99.24.1-2ubuntu1.4 1:2.5+dfsg-5ubuntu10.22 1:2.5+dfsg-5ubuntu10.24 1.3.1-1ubuntu10.19 2.1.3-4ubuntu0.4 1.0.2+LibO5.1.6~rc2-0ubuntu1~xenial3 1.2.0+LibO5.1.6~rc2-0ubuntu1~xenial3 1:5.1.6~rc2-0ubuntu1~xenial3 2:102.7+LibO5.1.6~rc2-0ubuntu1~xenial3 5.1.6~rc2-0ubuntu1~xenial3 4.13.0-1011.14 4.13.0-1011.15 4.13.0-1021.23 4.13.0-36.40~16.04.1 4.4.0-1019.24 4.4.0-1052.61 4.4.0-1085.93 4.4.0-1087.92 4.4.0-116.140 0.0.9ubuntu0.16.04.1 16.0.0-1ubuntu0.2 1:16.0.0-1ubuntu0.2 4.3.3-5ubuntu12.9 1:2.2.22-1ubuntu2.7 1.4.25-2ubuntu1.3 9.5.12-0ubuntu0.16.04 0.8.19-1ubuntu1.7 1.8.7-1ubuntu5.6 0.99.4+addedllvm-0ubuntu0.16.04.1 5.1.1-1ubuntu2.1 2:4.3.11+dfsg-0ubuntu0.16.04.13 59.0+build5-0ubuntu0.16.04.1 59.0.2+build1-0ubuntu0.16.04.3 4.13.0-37.42~16.04.1 7.47.0-1ubuntu2.7 59.0.1+build1-0ubuntu0.16.04.1 7.0.28-0ubuntu0.16.04.1 1.4.25-2ubuntu1.4 4.0.6-1ubuntu0.3 1.16.0-1ubuntu0.1 1.3.5-3ubuntu0.2 1:4.15.2-1ubuntu0.1 4.0.6-1ubuntu0.4 0.17.1.1~16.04.1 5.1.1-1ubuntu2.2 59.0.2+build1-0ubuntu0.16.04.1 55.1-7ubuntu0.4 1.0.2g-1ubuntu4.11 8u162-b12-0ubuntu0.16.04.2 0.17.1-1ubuntu0.2 2.6.1-6ubuntu0.16.04.3 4.13.0-1012.16 4.13.0-1022.24 4.13.0-38.43~16.04.1 0.9.10+dfsg-3ubuntu0.16.04.2 4.4.0-1020.25 4.4.0-1054.63 4.4.0-1086.94 4.4.0-1088.93 4.4.0-119.143 2.3.1-2~16.04.7 1.12.0-1~ubuntu16.04.3 1:16.04.25 2.7.5-1ubuntu0.16.04.1 5.22.1-9ubuntu0.3 2.3.1-2~16.04.9 2.4.18-2ubuntu3.8 1.0.2g-1ubuntu4.12 5.7.22-0ubuntu0.16.04.1 4.13.0-1013.17 4.13.0-1024.27 4.13.0-39.44~16.04.1 4.4.0-1021.26 4.4.0-1055.64 4.4.0-1087.95 4.4.0-1090.95 4.4.0-121.145 4.13.0-1014.17 4.4.0-9026.28 2.20.1-0ubuntu0.16.04.1 9.18~dfsg~0-0ubuntu2.8 8.0.2-3~16.04.1 0.17.1-1ubuntu0.3 2.20.2-0ubuntu0.16.04.1 4.13.0-1015.19 4.13.0-1016.19 4.13.0-1026.29 4.13.0-41.46~16.04.1 4.4.0-1023.28 4.4.0-1057.66 4.4.0-1089.97 4.4.0-1092.97 4.4.0-124.148 4.4.0-9027.29 1.17.1-1ubuntu1.4 8u171-b11-0ubuntu0.16.04.1 60.0+build2-0ubuntu0.16.04.1 60.0.1+build2-0ubuntu0.16.04.1 7.0.30-0ubuntu0.16.04.1 0.41.0-0ubuntu1.7 7.47.0-1ubuntu2.8 1:2.5+dfsg-5ubuntu10.28 1.1.1-1ubuntu1.16.04.3 1:2.5+dfsg-5ubuntu10.29 4.13.0-1017.21 4.13.0-1018.21 4.13.0-1028.31 4.13.0-43.48~16.04.1 4.4.0-1026.31 4.4.0-1060.69 4.4.0-127.153 4.4.0-1090.98 4.4.0-1093.98 2:3.3.10-4ubuntu2.4 0.12.10-1ubuntu0.1 1:52.8.0+build1-0ubuntu0.16.04.1 384.130-0ubuntu0.16.04.1 2.20.1-0ubuntu2.18 8.0.32-1ubuntu1.6 3.8.0-2ubuntu1 2.2.2-2ubuntu0.1 2.6.4-2ubuntu0.2 0.165-3ubuntu1.1 1:2.7.4-0ubuntu1.4 2.6.4-2ubuntu0.3 1.5.8-1ubuntu1.1 1.4.20-1ubuntu3.2 2.1.11-6ubuntu2.1 4.4.0-1027.32 4.4.0-1061.70 4.4.0-1091.99 4.4.0-1094.99 4.4.0-128.154 4.13.0-1019.23 4.13.0-1030.33 4.13.0-45.50~16.04.1 4.15.0-1013.13~16.04.2 1:2.5+dfsg-5ubuntu10.30 1.3.1-1ubuntu10.24 8:6.8.9.9-7ubuntu5.11 60.0.2+build1-0ubuntu0.16.04.1 5.22.1-9ubuntu0.5 2.3.1-2~16.04.10 1:5.25-2ubuntu1.1 2.20.3-0ubuntu0.16.04.1 1.5.4-3+really1.6.5-2ubuntu0.5 1.6.5-2ubuntu0.5 3.20180524.1~ubuntu0.16.04.1 1.0.2g-1ubuntu4.13 1.900.1-debian1-2.4ubuntu1.2 4.15.0-1014.14~16.04.1 4.15.0-24.26~16.04.1 4.4.0-1029.34 4.4.0-1062.71 4.4.0-1092.100 4.4.0-1095.100 4.4.0-130.156 4.13.0-1031.35 0.13.62-3ubuntu0.16.04.2 0.25-2.1ubuntu16.04.2 2.52.2-1ubuntu0.3 1.56-2ubuntu0.1 61.0+build3-0ubuntu0.16.04.2 61.0.1+build1-0ubuntu0.16.04.1 1.4.2-0ubuntu3.1 1:4.2.8p4+dfsg-3ubuntu5.9 1.2.1-11ubuntu0.16.04.1 8:6.8.9.9-7ubuntu5.12 1.2.54-1ubuntu1.1 2.1.3-4ubuntu0.5 1:52.9.1+build3-0ubuntu0.16.04.1 2018013001~16.04.1 2.75-1ubuntu0.16.04.5 0.105-14.1ubuntu0.1 4.15.0-1014.14~16.04.1 4.15.0-1018.18~16.04.1 4.15.0-29.31~16.04.1 1.5.24-1ubuntu0.1 1.5.24-1ubuntu0.2 0.100.1+dfsg-1ubuntu0.16.04.1 0.100.1+dfsg-1ubuntu0.16.04.2 0.100.1+dfsg-1ubuntu0.16.04.3 8.0.32-1ubuntu1.7 3.18.5-1ubuntu1.1 5.7.23-0ubuntu0.16.04.1 0.5-1ubuntu0.16.04.2 1:1.1.14-1ubuntu0.16.04.2 4.6.3a-1ubuntu0.1 4.15.0-1015.15~16.04.1 4.15.0-1019.19~16.04.1 4.15.0-30.32~16.04.1 1.4.20-1ubuntu3.3 8u181-b13-0ubuntu0.16.04.1 3.1.2-11ubuntu0.16.04.4 2:4.3.11+dfsg-0ubuntu0.16.04.15 2.9.3+dfsg1-1ubuntu0.6 4.15.0-1017.18~16.04.1 4.15.0-1021.21~16.04.1 4.15.0-32.35~16.04.1 4.4.0-1031.37 4.4.0-1065.75 4.4.0-1094.102 4.4.0-1098.103 4.4.0-133.159 2.20.5-0ubuntu0.16.04.1 9.5.14-0ubuntu0.16.04 1:2.4-0ubuntu6.3 2.4-0ubuntu6.3 0.12.10-1ubuntu0.2 4.15.0-33.36~16.04.1 4.15.0-1018.19~16.04.2 4.15.0-1022.22~16.04.1 4.4.0-1032.38 4.4.0-1066.76 4.4.0-1095.103 4.4.0-1099.104 4.4.0-134.160 2.1.1-4ubuntu0.16.04.10 3.20180807a.0ubuntu0.16.04.1 0.41.0-0ubuntu1.8 2:1.6.3-1ubuntu2.1 0.2.5-1ubuntu0.1 1:3.2.5.e-5ubuntu0.1 62.0+build2-0ubuntu0.16.04.3 62.0+build2-0ubuntu0.16.04.4 62.0+build2-0ubuntu0.16.04.5 4.15.0-1019.20~16.04.1 4.15.0-1023.24~16.04.1 4.15.0-34.37~16.04.1 5.1.1-1ubuntu2.3 7.47.0-1ubuntu2.9 7.0.32-0ubuntu0.16.04.1 2.48.2-0ubuntu4.1 9.18~dfsg~0-0ubuntu2.9 1:9.10.3.dfsg.P4-8ubuntu1.11 2.6-3ubuntu2.1 5.3.5-1ubuntu3.7 9.25~dfsg+1-0ubuntu0.16.04.1 5.3.5-1ubuntu3.8 4.4.0-1035.41 4.4.0-1069.79 4.4.0-1098.106 4.4.0-1102.107 4.4.0-137.163 4.15.0-1021.22~16.04.1 4.15.0-36.39~16.04.1 4.15.0-1025.26~16.04.1 62.0.3+build1-0ubuntu0.16.04.2 2.6.4-2ubuntu0.4 2.10.95-0ubuntu2.10 8:6.8.9.9-7ubuntu5.13 0.5.0-1ubuntu2.1 8.0.32-1ubuntu1.8 2015.20160222.37495-1ubuntu0.1 0.100.2+dfsg-1ubuntu0.16.04.1 2.9.1-3ubuntu0.1 1:2.7.4-0ubuntu1.5 5.7.3+dfsg-1ubuntu4.2 1:60.2.1+build1-0ubuntu0.16.04.4 1.9.8-1ubuntu1.16.04.2 0.6.3-4.3ubuntu0.1 0.6.3-4.3ubuntu0.2 1.16.0-1ubuntu0.2 4.4.0-1036.42 4.4.0-1070.80 4.4.0-1099.107 4.4.0-1103.108 4.4.0-138.164 5.7.24-0ubuntu0.16.04.1 63.0+build2-0ubuntu0.16.04.2 63.0.3+build1-0ubuntu0.16.04.1 2:1.19.6-1ubuntu4.1~16.04.2 9.25~dfsg+1-0ubuntu0.16.04.2 8u181-b13-1ubuntu0.16.04.1 7.47.0-1ubuntu2.11 229-4ubuntu21.6 1.2.6-0ubuntu0.16.04.3 2.3.1-2~16.04.11 1:7.2p2-4ubuntu2.6 2.4.7-1+2ubuntu1.16.04.1 3.4.2-0ubuntu0.16.04.1 1.10.3-0ubuntu0.16.04.3 0.15.1-2ubuntu0.2 0.5-1ubuntu0.16.04.3 0.19.7-2ubuntu3.1 229-4ubuntu21.8 229-4ubuntu21.9 229-4ubuntu21.10 2.7.12-1ubuntu0~16.04.4 3.5.2-2ubuntu0~16.04.5 4.15.0-1024.25~16.04.2 4.15.0-1031.32~16.04.1 4.15.0-39.42~16.04.1 4.4.0-1037.43 4.4.0-1072.82 4.4.0-1100.108 4.4.0-1104.109 4.4.0-139.165 2.0.9-4ubuntu1.2 1:2.5+dfsg-5ubuntu10.33 2:4.3.11+dfsg-0ubuntu0.16.04.18 1:2.7.4-0ubuntu1.6 8u191-b12-0ubuntu0.16.04.1 9.26~dfsg+0-0ubuntu0.16.04.1 9.26~dfsg+0-0ubuntu0.16.04.3 5.22.1-9ubuntu0.6 4.15.0-1025.26~16.04.1 4.15.0-42.45~16.04.1 0.41.0-0ubuntu1.9 0.41.0-0ubuntu1.10 0.17.1-1ubuntu0.4 4.75.2-2ubuntu0.2 1.0.2g-1ubuntu4.14 3.5.0-1ubuntu0.1 2.1.3-4ubuntu0.6 64.0+build3-0ubuntu0.16.04.1 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3 4.15.0-1026.27~16.04.1 4.15.0-1031.33~16.04.1 4.15.0-1036.38~16.04.1 4.15.0-43.46~16.04.1 4.4.0-1039.45 4.4.0-1074.84 4.4.0-1102.110 4.4.0-1106.111 4.4.0-141.167 2:3.28.4-0ubuntu0.16.04.4 1.8.7-1ubuntu5.7 0.25-2.1ubuntu16.04.3 229-4ubuntu21.15 1:1.10.1+submodules+notgz-6ubuntu0.1 1.6.3-1ubuntu0.2 3.1.2-11ubuntu0.16.04.5 0.99.beta19-2ubuntu0.16.04.1 0.105-14.1ubuntu0.4 0.8.19-1ubuntu1.8 1.2.29ubuntu0.1 4.0.6-1ubuntu0.5 0.41.0-0ubuntu1.11 9.26~dfsg+0-0ubuntu0.16.04.4 9.26~dfsg+0-0ubuntu0.16.04.5 9.26~dfsg+0-0ubuntu0.16.04.7 5.7.25-0ubuntu0.16.04.2 1:60.4.0+build2-0ubuntu0.16.04.1 0.12.6-4ubuntu0.4 4.15.0-1027.28~16.04.1 4.15.0-1032.34~16.04.1 4.15.0-45.48~16.04.1 4.15.0-1037.39~16.04.1 2.5.5-0ubuntu0.16.04.2 65.0+build2-0ubuntu0.16.04.1 8u191-b12-2ubuntu0.16.04.1 0.6.32~rc+dfsg-1ubuntu2.3 0.9.10+dfsg-3ubuntu0.16.04.3 4.4.0-1040.46 4.4.0-1075.85 4.4.0-1103.111 4.4.0-1107.112 4.4.0-142.168 1:2.2.22-1ubuntu2.9 7.47.0-1ubuntu2.12 1.0.2+LibO5.1.6~rc2-0ubuntu1~xenial6 1.2.0+LibO5.1.6~rc2-0ubuntu1~xenial6 1:5.1.6~rc2-0ubuntu1~xenial6 2:102.7+LibO5.1.6~rc2-0ubuntu1~xenial6 5.1.6~rc2-0ubuntu1~xenial6 3.1.2-11ubuntu0.16.04.6 1:7.2p2-4ubuntu2.7 1:7.2p2-4ubuntu2.8 0.41.0-0ubuntu1.12 2.34.2ubuntu0.1 1.8.7-1ubuntu5.8 229-4ubuntu21.16 1:9.10.3.dfsg.P4-8ubuntu1.12 3.18.3-0ubuntu2.1 2:1.1.24-1ubuntu3.1 65.0.1+build2-0ubuntu0.16.04.1 1:60.5.1+build2-0ubuntu0.16.04.1 2:3.28.4-0ubuntu0.16.04.5 1.0.2g-1ubuntu4.15 2.1.1-4ubuntu0.16.04.11 4.15.0-1009.11~16.04.1 4.15.0-1028.29~16.04.1 4.15.0-1033.35~16.04.1 4.15.0-1040.44 4.15.0-46.49~16.04.1 7.0.33-0ubuntu0.16.04.2 0.41.0-0ubuntu1.13 4.0.6-1ubuntu0.6 2.2.32-0ubuntu1~16.04.2 1.3.1-1ubuntu10.25 4.4.0-1041.47 4.4.0-1077.87 4.4.0-1104.112 4.4.0-1108.113 4.4.0-143.169 1:5.25-2ubuntu1.2 1:5.25-2ubuntu1.4 2.32.2-1ubuntu1.6 9.20.1~dfsg.1-4.2ubuntu0.1 1:2015.3.14AR.1-1ubuntu0.2 1:2015.3.14AR.1-1ubuntu0.3 9.26~dfsg+0-0ubuntu0.16.04.8 2.37.4ubuntu0.1 66.0+build3-0ubuntu0.16.04.2 66.0.2+build1-0ubuntu0.16.04.1 66.0.3+build1-0ubuntu0.16.04.1 66.0.1+build1-0ubuntu0.16.04.1 1.5.6-2ubuntu0.3 7.0.33-0ubuntu0.16.04.3 1:2.5+dfsg-5ubuntu10.36 3.17.0+ds1-2ubuntu0.1 0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1 1:60.6.1+build2-0ubuntu0.16.04.1 1:2.2.22-1ubuntu2.10 4.15.0-1010.12~16.04.1 4.15.0-1029.31~16.04.1 4.15.0-1035.37~16.04.1 4.15.0-1041.45 4.15.0-47.50~16.04.1 4.4.0-1043.49 4.4.0-1079.89 4.4.0-1106.114 4.4.0-1110.115 4.4.0-145.171 0.105-14.1ubuntu0.5 1:1.22.0-15ubuntu1.4 1.20-1ubuntu0.2 2.4.18-2ubuntu3.10 229-4ubuntu21.21 2:4.3.11+dfsg-0ubuntu0.16.04.19 0.100.3+dfsg-0ubuntu0.16.04.1 5.3.1-1ubuntu2.1 1.17.1-1ubuntu1.5 1:2.4-0ubuntu6.4 2.4-0ubuntu6.4 2.3.1-2~16.04.12 2.3.4-4+deb8u2ubuntu0.16.04.2 1.1.28-2.1ubuntu0.2 1.1.14-2ubuntu1.6 7.0.33-0ubuntu0.16.04.4 1.4.5+repack1-1ubuntu0.1 1:9.10.3.dfsg.P4-8ubuntu1.14 5.7.26-0ubuntu0.16.04.1 0.10.36-2ubuntu0.2 1.8.3-1ubuntu0.3 3.18.2-1ubuntu4.4 1.8.16-0ubuntu1.6 1:2.4-0ubuntu6.5 2.4-0ubuntu6.5 9.26~dfsg+0-0ubuntu0.16.04.9 9.5.17-0ubuntu0.16.04.1 0.1.14+dfsg-2ubuntu0.1 8u212-b03-0ubuntu1.16.04.1 2:4.3.11+dfsg-0ubuntu0.16.04.20 2:4.3.11+dfsg-0ubuntu0.16.04.21 3.20190514.0ubuntu0.16.04.1 3.20190514.0ubuntu0.16.04.2 3.20190618.0ubuntu0.16.04.1 1:2.5+dfsg-5ubuntu10.38 4.15.0-1013.15~16.04.1 4.15.0-1032.34~16.04.1 4.15.0-1045.49 4.15.0-50.54~16.04.1 4.4.0-1046.52 4.4.0-1083.93 4.4.0-1109.117 4.4.0-1113.118 4.4.0-148.174 1.3.1-1ubuntu10.26 2.6.8-1~ubuntu16.04.0 0.17.1-1ubuntu0.5 1.13.1-2ubuntu0.16.04.3 67.0+build2-0ubuntu0.16.04.1 67.0.1+build1-0ubuntu0.16.04.1 67.0.2+build2-0ubuntu0.16.04.1 7.47.0-1ubuntu2.13 1:1.2.24-1ubuntu0.16.04.2 1:60.7.0+build1-0ubuntu0.16.04.1 3.18.5-1ubuntu1.2 3.4.10-4ubuntu1.5 2.3.5-3ubuntu2.3 2.4.1-0ubuntu0.16.04.2 1.8.11-1ubuntu0.1 5.5.1+dfsg-16ubuntu7.6 5.3.28-11ubuntu0.2 4.15.0-1014.16~16.04.1 4.15.0-1040.42~16.04.1 4.15.0-51.55~16.04.1 4.4.0-1047.53 4.4.0-1084.94 4.4.0-1110.118 4.4.0-1114.119 4.4.0-150.176 2.10.95-0ubuntu2.11 7.0.33-0ubuntu0.16.04.5 2.8-1ubuntu0.1 0.165-3ubuntu1.2 1.0.25-10ubuntu0.16.04.2 2.48.2-0ubuntu4.2 1.10.6-1ubuntu3.4 2:7.4.1689-3ubuntu1.3 4.15.0-1015.17~16.04.1 4.15.0-1034.36~16.04.1 4.15.0-1041.43~16.04.1 4.15.0-1047.51 4.15.0-52.56~16.04.1 4.4.0-1048.55 4.4.0-1085.96 4.4.0-1111.120 4.4.0-1115.121 4.4.0-151.178 3.11.0-1ubuntu1.2 67.0.3+build1-0ubuntu0.16.04.1 19.4.5-1ubuntu1.1 1.4.8-1ubuntu0.16.04.7 3.18.2-1ubuntu4.5 1:60.7.1+build1-0ubuntu0.16.04.1 2.12.3-1ubuntu0.1 67.0.4+build1-0ubuntu0.16.04.1 8:6.8.9.9-7ubuntu5.14 10.2.11-0ubuntu0.16.04.2 2:8.4.0-0ubuntu7.4 0.20ubuntu16.04.1 1.0.6-8ubuntu0.1 1.0.6-8ubuntu0.2 2.1.0-7ubuntu0.16.04.4 4.15.0-1017.19~16.04.2 4.15.0-1036.38~16.04.1 4.15.0-1043.45~16.04.1 4.15.0-1049.54 4.15.0-54.58~16.04.1 4.4.0-1051.58 4.4.0-1087.98 4.4.0-1114.123 4.4.0-1118.124 4.4.0-154.181 0.41.0-0ubuntu1.14 1.8.7-1ubuntu5.9 1.6.3-1ubuntu0.2 1:60.7.2+build2-0ubuntu0.16.04.1 0.8.19-1ubuntu1.9 1.3.1-1ubuntu10.27 18.09.7-0ubuntu1~16.04.4 2.48.2-0ubuntu4.3 2.48.2-0ubuntu4.4 4.1.4-7ubuntu0.1 2.20.1-0ubuntu2.19 0.2.52.5ubuntu0.1 1.28.2-1ubuntu1~16.04.3 68.0+build3-0ubuntu0.16.04.1 68.0.1+build1-0ubuntu0.16.04.1 0.7.2+dfsg-6ubuntu0.1 0.25-2.1ubuntu16.04.4 0.1.5.9+cvs.2007.04.28-5.2ubuntu0.16.04.1 4.3-14ubuntu1.4 3.5.12-1ubuntu7.7 2:3.28.4-0ubuntu0.16.04.6 2:3.0.6-1ubuntu0.4 1.0.2+LibO5.1.6~rc2-0ubuntu1~xenial8 1.2.0+LibO5.1.6~rc2-0ubuntu1~xenial8 1:5.1.6~rc2-0ubuntu1~xenial8 2:102.7+LibO5.1.6~rc2-0ubuntu1~xenial8 5.1.6~rc2-0ubuntu1~xenial8 1:60.8.0+build1-0ubuntu0.16.04.2 3.5.12-1ubuntu7.8 0.5-1ubuntu0.16.04.4 3.18.2-1ubuntu4.6 4.15.0-1037.39~16.04.1 4.15.0-55.60~16.04.2 5.7.27-0ubuntu0.16.04.1 2.7.5-1ubuntu0.16.04.2 2.0.0.2-2ubuntu1.3 1.3.3-1ubuntu0.1 4.86.2-2ubuntu2.4 4.4.0-1052.59 4.4.0-1088.99 4.4.0-1117.126 4.4.0-157.185 1.6.13+nmu1+deb9u1build0.16.04.1 2.4.42+dfsg-2ubuntu3.6 14.4.1-5+deb8u4ubuntu0.1 8u222-b10-1ubuntu1~16.04.1 1.9.3-2ubuntu1.3 1.8.7-1ubuntu5.10 0.9.5+dfsg-0ubuntu1+esm1 1.6.4-3ubuntu0.1 9.5.19-0ubuntu0.16.04.1 9.26~dfsg+0-0ubuntu0.16.04.10 4.15.0-1021.23~16.04.1 4.15.0-1040.42~16.04.1 4.15.0-58.64~16.04.1 4.4.0-1054.61 4.4.0-1090.101 4.4.0-1118.127 4.4.0-1122.128 4.4.0-159.187 4.15.0-1045.47~16.04.1 7.0.33-0ubuntu0.16.04.6 1.10.3-0ubuntu0.16.04.4 4:4.14.16-0ubuntu3.3 5.18.0-0ubuntu1.1 68.0.2+build1-0ubuntu0.16.04.1 1.0.2+LibO5.1.6~rc2-0ubuntu1~xenial9 1.2.0+LibO5.1.6~rc2-0ubuntu1~xenial9 1:5.1.6~rc2-0ubuntu1~xenial9 2:102.7+LibO5.1.6~rc2-0ubuntu1~xenial9 5.1.6~rc2-0ubuntu1~xenial9 18.09.7-0ubuntu1~16.04.5 2:13.1.4-0ubuntu4.5 2.1.3-4ubuntu0.10 3.1-1ubuntu0.1 5.1.4-0.3~16.04.1 1:2.2.22-1ubuntu2.11 1:2.2.22-1ubuntu2.12 9.26~dfsg+0-0ubuntu0.16.04.11 2.4.18-2ubuntu3.12 2.4.18-2ubuntu3.13 4.15.0-1022.25~16.04.1 4.15.0-1041.43 4.15.0-1056.61 4.15.0-60.67~16.04.1 4.15.0-1023.26~16.04.1 4.15.0-1042.44 4.15.0-1048.50~16.04.1 4.15.0-1057.62 4.15.0-62.69~16.04.1 4.4.0-1056.63 4.4.0-1092.103 4.4.0-1120.129 4.4.0-1124.130 4.4.0-161.189 4.15.0-1047.49~16.04.1 69.0+build2-0ubuntu0.16.04.4 69.0.2+build1-0ubuntu0.16.04.1 4.86.2-2ubuntu2.5 1.4.25-2ubuntu1.5 2.6.1-0.1ubuntu2.4 2.7.12-1ubuntu0~16.04.8 3.5.2-2ubuntu0~16.04.8 8.0.32-1ubuntu1.10 7.47.0-1ubuntu2.14 2.1.0-7ubuntu0.16.04.5 2.6.10-1~ubuntu16.04.0 1.5.11-1ubuntu2.2 1.5.11-1ubuntu2.3 1.5.11-1ubuntu2.4 4.15.0-1025.28~16.04.1 4.15.0-1044.46 4.15.0-1050.52~16.04.1 4.15.0-1059.64 4.15.0-64.73~16.04.1 4.4.0-1058.65 4.4.0-1094.105 4.4.0-1122.131 4.4.0-1126.132 4.4.0-164.192 1:2.4-0ubuntu6.6 2.4-0ubuntu6.6 1.0.2+LibO5.1.6~rc2-0ubuntu1~xenial10 1.2.0+LibO5.1.6~rc2-0ubuntu1~xenial10 1:5.1.6~rc2-0ubuntu1~xenial10 2:102.7+LibO5.1.6~rc2-0ubuntu1~xenial10 5.1.6~rc2-0ubuntu1~xenial10 3.16.5-0ubuntu1.3 69.0.1+build1-0ubuntu0.16.04.1 1.42.13-1ubuntu1.1 2.0-1.42.13-1ubuntu1.1 2.1-1.42.13-1ubuntu1.1 2.0.4+dfsg1-2ubuntu2.16.04.2 4.15.0-1026.29~16.04.1 4.15.0-1051.53~16.04.1 4.15.0-1060.65 4.15.0-65.74~16.04.1 4.4.0-1059.66 4.4.0-1095.106 4.4.0-1123.132 4.4.0-1127.135 4.4.0-165.193 0.101.4+dfsg-0ubuntu0.16.04.1 2.2.0-10ubuntu2.1 1:60.9.0+build1-0ubuntu0.16.04.2 2.7.12-1ubuntu0~16.04.9 3.5.2-2ubuntu0~16.04.9 1.8.16-0ubuntu1.8 0.60.7~20110707-3ubuntu0.1 1.2.15+dfsg1-3ubuntu0.1 4.0.6-1ubuntu0.7 0.25-2.1ubuntu16.04.5 8:2007f~dfsg-4+deb8u1build0.16.04.1 4.15.0-1027.30~16.04.1 4.15.0-1047.50 4.15.0-1052.54~16.04.1 4.15.0-1061.66 4.15.0-66.75~16.04.1 4.4.0-1060.67 4.4.0-1096.107 4.4.0-1124.133 4.4.0-1128.136 4.4.0-166.195 1.1.28-2.1ubuntu0.3 70.0+build2-0ubuntu0.16.04.1 70.0.1+build1-0ubuntu0.16.04.1 7.0.33-0ubuntu0.16.04.7 2:4.3.11+dfsg-0ubuntu0.16.04.23 3.1.2-11ubuntu0.16.04.7 0.2.52.5ubuntu0.2 0.2.52.5ubuntu0.3 0.2.52.5ubuntu0.4 2.20.1-0ubuntu2.20 2.20.1-0ubuntu2.21 2.20.1-0ubuntu2.22 2.20.1-0ubuntu2.27 1:5.25-2ubuntu1.3 1.6.3-1ubuntu0.3 1.6.7.2-3ubuntu0.1 2.11+dfsg-5ubuntu1.1 3.20191112-0ubuntu0.16.04.2 3.20191115.1ubuntu0.16.04.2 4.15.0-1029.32~16.04.1 4.15.0-1049.52 4.15.0-1054.56~16.04.1 4.15.0-1063.68 4.15.0-69.78~16.04.1 4.15.0-70.79~16.04.1 4.4.0-1062.69 4.4.0-1098.109 4.4.0-168.197 4.4.0-169.198 1.4.2-0ubuntu3.3 1:2.5+dfsg-5ubuntu10.42 8:6.8.9.9-7ubuntu5.15 9.26~dfsg+0-0ubuntu0.16.04.12 173ubuntu0.3 9.5+173ubuntu0.3 5.7.28-0ubuntu0.16.04.2 0.13-2ubuntu0.16.04.1 3.5.27.1-5ubuntu0.1 1.5.0-2ubuntu1.1 3.2.1-2ubuntu0.2 2.3.1-2~ubuntu16.04.14 2:3.28.4-0ubuntu0.16.04.8 3.4.2-1ubuntu0.1 3.11.0-1ubuntu1.3 1.3.23-1ubuntu0.2 4.15.0-1030.33~16.04.1 4.15.0-1050.53 4.15.0-1056.58~16.04.1 4.15.0-72.81~16.04.1 4.4.0-1063.70 4.4.0-1099.110 4.4.0-1126.135 4.4.0-1130.138 4.4.0-170.199 3.5.12-1ubuntu7.9 0.7.1-1ubuntu0.2 2:3.28.4-0ubuntu0.16.04.9 71.0+build5-0ubuntu0.16.04.1 2:4.3.11+dfsg-0ubuntu0.16.04.24 0.6.3-4.3ubuntu0.5 1:2.7.4-0ubuntu1.7 1.7.4-2ubuntu0.1 1.3.23-1ubuntu0.3 8u232-b09-0ubuntu1~16.04.1 1.8.7-1ubuntu5.11 4.15.0-1031.34~16.04.1 4.15.0-1052.56 4.15.0-1057.59~16.04.1 4.15.0-1066.71 4.15.0-74.83~16.04.1 4.4.0-1064.71 4.4.0-1100.111 4.4.0-1127.136 4.4.0-1131.139 4.4.0-171.200 1:4.2.8p4+dfsg-3ubuntu5.10 0.102.1+dfsg-0ubuntu0.16.04.2 2:3.28.4-0ubuntu0.16.04.10 1.3.23-1ubuntu0.4 3.4.10-4ubuntu1.6 3.4.10-4ubuntu1.7 72.0.1+build1-0ubuntu0.16.04.1 72.0.2+build1-0ubuntu0.16.04.1 1.10.3-0ubuntu0.16.04.5 1.5.4-3+really1.6.5-2ubuntu0.6 1.6.5-2ubuntu0.6 3.4.2-0ubuntu0.16.04.2 1.2.12-5+deb9u1ubuntu0.16.04.1 7.0.33-0ubuntu0.16.04.9 4.3.4-1.1ubuntu2.1 11.2.0-1ubuntu0.3 0.8.2-1ubuntu0.1 2:4.3.11+dfsg-0ubuntu0.16.04.25 3.0.0-3ubuntu1.16.04.4 1:1.2.8.dfsg-2ubuntu4.3 1.1.0~beta1ubuntu0.16.04.7 1.1.0~beta1ubuntu0.16.04.8 1.3.23-1ubuntu0.5 1.42.13-1ubuntu1.2 2.0-1.42.13-1ubuntu1.2 2.1-1.42.13-1ubuntu1.2 5.7.29-0ubuntu0.16.04.1 8.0.32-1ubuntu1.11 4.9.3-0ubuntu0.16.04.1 4.4.0-1065.72 4.4.0-1101.112 4.4.0-1128.137 4.4.0-1132.140 4.4.0-173.203 4.15.0-1058.60~16.04.1 4.15.0-76.86~16.04.1 2.1.26.dfsg1-14ubuntu0.2 8u242-b08-0ubuntu3~16.04 3.6.2+dfsg-8ubuntu0.1 1.8.16-0ubuntu1.9 3.4.2-0ubuntu0.16.04.3 1.3.23-1ubuntu0.6 2.2.1-2ubuntu0.3 229-4ubuntu21.27 0.25-2.1ubuntu16.04.6 3.1.2-0ubuntu1.3 3.3.0-1ubuntu0.1 2.9.3+dfsg1-1ubuntu0.7 5.5.1+dfsg-16ubuntu7.7 0.6.21-2ubuntu0.1 73.0.1+build1-0ubuntu0.16.04.1 7.0.33-0ubuntu0.16.04.11 7.0.33-0ubuntu0.16.04.12 0.102.2+dfsg-0ubuntu0.16.04.1 1:2.5+dfsg-5ubuntu10.43 4.4.0-1066.73 4.4.0-1102.113 4.4.0-1129.138 4.4.0-1133.141 4.4.0-174.204 4.15.0-1033.36~16.04.1 4.15.0-1055.59 4.15.0-1060.62~16.04.1 4.15.0-1071.76 4.15.0-88.88~16.04.1 2.4.7-1+2ubuntu1.16.04.2 3.5.12-1ubuntu7.10 1.3.17-0ubuntu4.1 3.1.1-3ubuntu1.3 3.1.2-11ubuntu0.16.04.8 10.5.0-2ubuntu0.1 1.8.7-1ubuntu5.12 3.11.0-1ubuntu1.4 74.0+build3-0ubuntu0.16.04.1 4.15.0-1035.38~16.04.1 4.15.0-1058.62 4.15.0-1063.67~16.04.1 4.15.0-1075.80 4.15.0-91.92~16.04.1 4.4.0-1068.75 4.4.0-1104.115 4.4.0-1130.139 4.4.0-1134.142 4.4.0-176.206 55.1-7ubuntu0.5 16.0.0-1ubuntu0.4 1:16.0.0-1ubuntu0.4 2:7.4.1689-3ubuntu1.4 5.37-0ubuntu5.3 4.7-2ubuntu0.1 2.20.1-0ubuntu2.23 2.1.1-4ubuntu0.16.04.12 74.0.1+build1-0ubuntu0.16.04.1 4.15.0-96.97~16.04.1 4.4.0-1069.76 4.4.0-1105.116 4.4.0-1131.140 4.4.0-1135.143 4.4.0-177.207 75.0+build3-0ubuntu0.16.04.1 4.15.0-1037.41~16.04.1 4.15.0-1060.64 4.15.0-1065.69~16.04.1 4.15.0-1077.82 20160215-1ubuntu0.3 1:2.7.4-0ubuntu1.8 7.0.33-0ubuntu0.16.04.14 3.16.5-0ubuntu1.4 2.7.12-1ubuntu0~16.04.11 3.5.2-2ubuntu0~16.04.10 1:2.7.4-0ubuntu1.9 1:68.7.0+build1-0ubuntu0.16.04.2 2.26.1-1ubuntu1~16.04.8+esm1 8u252-b09-1~16.04 2.2.0-10ubuntu2.2 2.1.3-4ubuntu0.11 2:4.3.11+dfsg-0ubuntu0.16.04.26 2:4.3.11+dfsg-0ubuntu0.16.04.27 4.15.0-1038.42~16.04.1 4.15.0-1061.65 4.15.0-1066.70~16.04.1 4.15.0-1082.92~16.04.1 4.15.0-99.100~16.04.1 4.4.0-1070.77 4.4.0-1106.117 4.4.0-1132.141 4.4.0-1136.144 4.4.0-178.208 1:2.1.20-1ubuntu0.4 0~20160408.ffea0a2c-2ubuntu0.1 5.7.30-0ubuntu0.16.04.1 1.157.23 2.4.42+dfsg-2ubuntu3.8 76.0+build2-0ubuntu0.16.04.1 76.0.1+build1-0ubuntu0.16.04.1 1:2.1.20-1ubuntu0.5 1:8.0-0ubuntu3.12 3.5.12-1ubuntu7.11 0.6.21-2ubuntu0.2 1.2.32ubuntu0.1 0.11-4ubuntu2.1 0.11-4ubuntu2.5 0.11-4ubuntu2.6 4.15.0-101.102~16.04.1 4.15.0-1039.43~16.04.1 4.15.0-1067.71~16.04.1 4.15.0-1071.81~16.04.1 4.15.0-1083.93~16.04.1 4.4.0-1071.78 4.4.0-1107.118 4.4.0-1133.142 4.4.0-1137.145 4.4.0-179.209 1:9.10.3.dfsg.P4-8ubuntu1.16 4.86.2-2ubuntu2.6 0.102.3+dfsg-0ubuntu0.16.04.1 1:2.5+dfsg-5ubuntu10.44 1:68.8.0+build2-0ubuntu0.16.04.2 7.0.33-0ubuntu0.16.04.15 1.0.2g-1ubuntu4.16 20190110~16.04.1 0.10.1-2ubuntu0.1 1.8.7-1ubuntu5.13 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4 77.0.1+build1-0ubuntu0.16.04.1 3.20200609.0ubuntu0.16.04.0 3.20200609.0ubuntu0.16.04.1 1.4.2-0ubuntu3.4 4.15.0-1045.49~16.04.1 4.15.0-106.107~16.04.1 4.15.0-1073.77~16.04.1 4.15.0-1077.87~16.04.1 4.15.0-1089.99~16.04.1 4.4.0-1075.82 4.4.0-1109.120 4.4.0-1134.143 4.4.0-1138.146 4.4.0-184.214 3.11.0-1ubuntu1.5 0.8.3-0ubuntu5.1 0.6.21-2ubuntu0.5 2:3.28.4-0ubuntu0.16.04.11 1.10.6-1ubuntu3.6 1:1.2.8-9ubuntu12.3 1.5.24-1ubuntu0.3 7.47.0-1ubuntu2.15 1.5.24-1ubuntu0.4 2.48.2-1~ubuntu16.04.2 1:2.1.20-1ubuntu0.6 0.9.10+dfsg-3ubuntu0.16.04.4 78.0.1+build1-0ubuntu0.16.04.1 2:4.3.11+dfsg-0ubuntu0.16.04.28 4.15.0-1046.50~16.04.1 4.15.0-107.108~16.04.1 4.15.0-1074.78~16.04.1 4.15.0-1078.88~16.04.1 4.15.0-1091.101~16.04.1 4.5.0.3-1ubuntu0.3 2.23-0ubuntu11.2 2:3.28.4-0ubuntu0.16.04.12 2.2.0-10ubuntu2.3 4.4.0-1076.83 4.4.0-1110.121 4.4.0-1135.144 4.4.0-1139.147 4.4.0-185.215 1:68.10.0+build1-0ubuntu0.16.04.1 78.0.2+build2-0ubuntu0.16.04.1 2.45.1ubuntu0.2 4.15.0-1050.54~16.04.1 4.15.0-1079.83~16.04.1 4.15.0-1080.90~16.04.1 4.15.0-1092.102~16.04.1 4.15.0-112.113~16.04.1 4.4.0-1077.84 4.4.0-1111.123 4.4.0-1136.145 4.4.0-1140.148 4.4.0-186.216 2.7.12-1ubuntu0~16.04.12 3.5.2-2ubuntu0~16.04.11 3.18.5-1ubuntu1.3 3.1.2-0ubuntu1.4 7:2.8.17-0ubuntu0.1 1.66.26+2.02~beta2-36ubuntu3.26 2.02~beta2-36ubuntu3.26 1.66.27+2.02~beta2-36ubuntu3.27 2.02~beta2-36ubuntu3.27 0.9.10+dfsg-3ubuntu0.16.04.5 0.102.4+dfsg-0ubuntu0.16.04.1 2.40.13-3ubuntu0.1 2.40.13-3ubuntu0.2 5.7.31-0ubuntu0.16.04.1 6.1.24~dfsg-1ubuntu0.1~esm1 79.0+build1-0ubuntu0.16.04.2 3.5.12-1ubuntu7.12 3.5.12-1ubuntu7.13 0.6.3-4.3ubuntu0.6 8.0.32-1ubuntu1.13 2.20.1-0ubuntu2.24 0.2.52.5ubuntu0.5 2.4.7-1+2ubuntu1.16.04.3 8u265-b01-0ubuntu2~16.04 2:4.3.11+dfsg-0ubuntu0.16.04.29 2:3.28.4-0ubuntu0.16.04.13 1:2.2.22-1ubuntu2.13 0.96.20.10 2.4.18-2ubuntu3.17 2015.8.8+ds-1ubuntu0.1 4.4.0-1078.85 4.4.0-1112.124 4.4.0-1137.146 4.4.0-1141.149 4.4.0-187.217 7.47.0-1ubuntu2.16 1:2.5+dfsg-5ubuntu10.45 1:2.5+dfsg-5ubuntu10.51 1:9.10.3.dfsg.P4-8ubuntu1.17 9.26~dfsg+0-0ubuntu0.16.04.13 1.0.25+git20150528-1ubuntu2.16.04.3 5.7.3+dfsg-1ubuntu4.5 5.7.3+dfsg-1ubuntu4.6 9.5.23-0ubuntu0.16.04.1 80.0+build2-0ubuntu0.16.04.1 80.0.1+build1-0ubuntu0.16.04.1 2:3.28.4-0ubuntu0.16.04.14 3.2.3-1.1ubuntu0.1~esm1 4:15.12.3-0ubuntu1.2 4.15.0-1051.55~16.04.1 4.15.0-1080.84~16.04.1 4.15.0-1081.92~16.04.1 4.15.0-1093.103~16.04.1 4.4.0-1079.86 4.4.0-1113.126 4.4.0-1138.147 4.4.0-1142.151 4.4.0-189.219 2:1.6.3-1ubuntu2.2 2:1.18.4-0ubuntu0.9 2:1.19.6-1ubuntu4.1~16.04.3 4.15.0-1053.57~16.04.1 4.15.0-1082.86~16.04.1 4.15.0-1083.94~16.04.1 4.15.0-1095.105~16.04.1 4.15.0-117.118~16.04.1 2:1.18.4-0ubuntu0.10 2:1.19.6-1ubuntu4.1~16.04.4 3.1.3-7+deb8u1build0.16.04.1 2.1.2-1.1+deb9u5build0.16.04.1 2.0.3-2+deb9u3build0.16.04.1 0.90.85+dfsg-2.2+deb8u1build0.16.04.1 4.3-15+deb8u1build0.16.04.1 2.0.4+dfsg-1+deb9u1build0.16.04.1 0.1.2-1+deb9u1build0.16.04.1 1.634-1ubuntu0.1 1.0.2g-1ubuntu4.17 0.10.2-1+deb8u1build0.16.04.1 0.24-1+deb8u1build0.16.04.1 3.2.1-1+deb8u1build0.16.04.1 2:4.3.11+dfsg-0ubuntu0.16.04.30 1:2.5+dfsg-5ubuntu10.46 1.5-3+deb8u1build0.16.04.1 0.4.11-5ubuntu1.1 1.0.36-3.2+deb8u1build0.16.04.1 0.05-1+deb9u1build0.16.04.1 3.103-3+deb8u1build0.16.04.1 1:8.0-0ubuntu3.14 4.2.1-14+deb8u1build0.16.04.1 1.3.8-2+deb8u1build0.16.04.1 1:0.4+dfsg+1+20131010+gitf68af8af3d-4+deb8u1build0.16.04.1 1:0.9.10-1+deb8u2build0.16.04.1 1.4.9-1+deb8u4build0.16.04.1 4.15.0-1054.58~16.04.1 4.15.0-1083.87~16.04.1 4.15.0-1084.95~16.04.1 4.15.0-1096.106~16.04.1 4.15.0-118.119~16.04.1 4.4.0-1080.87 4.4.0-1114.127 4.4.0-1139.148 4.4.0-1143.152 4.4.0-190.220 10.2.11-0ubuntu0.16.04.3 1.634-1ubuntu0.2 4.1.2-3+deb8u1build0.16.04.1 1.1.1+bzr982-0ubuntu14.4 0.8.17-4ubuntu6~gcc5.4ubuntu1.5 4.6.6-3ubuntu0.1 1.8.20140523-4.1+deb9u2build0.16.04.1 2:1.2.4-7+deb8u1ubuntu0.1 81.0+build2-0ubuntu0.16.04.1 81.0.2+build1-0ubuntu0.16.04.1 1.0.29-2+deb8u1build0.16.04.1 3.5.12-1ubuntu7.15 1.0.4-1.1+deb8u1build0.16.04.1 1.0.4-1.1+deb8u1ubuntu0.1 6.14.12-3.1ubuntu0.1 6.0.45+dfsg-1ubuntu0.1 2:4.3.11+dfsg-0ubuntu0.16.04.31 1.6.4-3ubuntu0.2 1.5-4ubuntu0.1 1.0.3-1ubuntu1~16.04.2 1.13.1-2ubuntu0.16.04.4 0.4.0-1+deb9u2build0.16.04.1 0.12.6-4ubuntu0.5 3.8.1-0ubuntu9.3 0.0~git20150813.0.1b506fc-2+deb9u1build0.16.04.1 1.6.1+dfsg.3-2ubuntu1.1 4.15.0-1056.61~16.04.1 4.15.0-1085.90~16.04.1 4.15.0-1086.98~16.04.1 4.15.0-1098.109~16.04.1 4.15.0-120.122~16.04.1 4.4.0-1082.91 4.4.0-1117.131 4.4.0-1141.151 4.4.0-1145.155 4.4.0-193.224 2.7.12-1ubuntu0~16.04.13 3.5.2-2ubuntu0~16.04.12 2:7.4.1689-3ubuntu1.5 7.0.33-0ubuntu0.16.04.16 2.8-1ubuntu2.1 2.9-3ubuntu0.1 3.4.0~rc6-1ubuntu3+esm1 1:2.0.2+dfsg1-4ubuntu0.1 3.4.0-3ubuntu1.1 1.2.6-0ubuntu1~16.04.4 18.09.7-0ubuntu1~16.04.6 2.0+dfsg-6ubuntu1.1 4.15.0-122.124~16.04.1 2.6.1-0.1ubuntu2.5 0.12.0-2+deb9u1build0.16.04.1 1.6-1ubuntu0.1 82.0+build2-0ubuntu0.16.04.5 82.0.2+build1-0ubuntu0.16.04.1 3.9.0.Final-1ubuntu0.1 5.22.1-9ubuntu0.9 5.7.32-0ubuntu0.16.04.1 2.0.4-1ubuntu2.1 8u272-b10-0ubuntu1~16.04 8u275-b01-0ubuntu1~16.04 20201027ubuntu0.16.04.1 2.7.4+reloaded2-9ubuntu1.1 2:4.3.11+dfsg-0ubuntu0.16.04.32 1.2.3-1ubuntu0.3 1.5-9ubuntu0.1 0.6.40-2ubuntu11.6 1.6.1+dfsg.3-2ubuntu1.2 1.06-6.2~deb10u1build0.16.04.1 2.4.42+dfsg-2ubuntu3.10 1.1.14-2ubuntu1.9 0.6.21-2ubuntu0.6 82.0.3+build1-0ubuntu0.16.04.1 4.15.0-1058.64~16.04.1 4.15.0-1087.100~16.04.1 4.15.0-123.126~16.04.1 4.4.0-194.226 3.20201110.0ubuntu0.16.04.1 3.20201110.0ubuntu0.16.04.2 1.9.8-1ubuntu1.16.04.3 2.0.14-1ubuntu0.16.04.1 1:1.0.17-8ubuntu16.04.1 9.5.24-0ubuntu0.16.04.1 2.4.42+dfsg-2ubuntu3.11 1.13.2+dfsg-5ubuntu2.2 0.9.10+dfsg-3ubuntu0.16.04.6 3.8.1-0ubuntu9.4 83.0+build2-0ubuntu0.16.04.3 1:8.0-0ubuntu3.15 1:1.3-4+deb9u3build0.16.04.1 0.12-6ubuntu0.2 0.7.git20120829-3.1~0.16.04.1 0.7.1-2.1+deb9u1build0.16.04.1 1.5.24-1ubuntu0.5 0.41.0-0ubuntu1.15 0.41.0-0ubuntu1.16 1.1.1-1ubuntu1.16.04.4 1.1.1-1ubuntu1.16.04.5 1:2.5+dfsg-5ubuntu10.48 0.3.7.beta-19ubuntu0.1 1.2.6-0ubuntu1~16.04.5 1.2.6-0ubuntu1~16.04.6 1:1.10.1+submodules+notgz-6ubuntu0.2 0.10.4+dfsg1-1ubuntu1.2 2:1.18.4-0ubuntu0.11 2:1.19.6-1ubuntu4.1~16.04.5 4.4.0-1084.93 4.4.0-1118.132 4.4.0-1142.152 4.4.0-1146.156 4.4.0-197.229 4.15.0-1059.65~16.04.1 4.15.0-1088.101~16.04.1 4.15.0-1088.93~16.04.1 4.15.0-1100.111~16.04.1 4.15.0-126.129~16.04.1 4.15.0-1061.67~16.04.1 4.15.0-1090.103~16.04.1 4.15.0-1090.95~16.04.1 4.15.0-1102.113~16.04.1 4.15.0-128.131~16.04.1 2.43.1+16.04.1 1.0.2g-1ubuntu4.18 1.1.1+bzr982-0ubuntu14.5 7.47.0-1ubuntu2.18 3.5.0-1ubuntu0.2 3.5.0-1ubuntu0.3 1.2.32ubuntu0.2 1.1.0~beta1ubuntu0.16.04.10 1.1.0~beta1ubuntu0.16.04.11 2:1.4.23~svn20120406-2+deb8u3ubuntu0.16.04.2 8:6.8.9.9-7ubuntu5.16 84.0+build3-0ubuntu0.16.04.1 6.0-20ubuntu1.1 0.4.11-5ubuntu1.2 1:2.2.22-1ubuntu2.14 2:9.1.2-0ubuntu5.2 2.2.0-10ubuntu2.4 0.23.2-5~ubuntu16.04.2 4.15.0-1062.68~16.04.1 4.15.0-1091.104~16.04.1 4.15.0-1091.96~16.04.1 4.15.0-1103.114~16.04.1 4.15.0-129.132~16.04.1 4.4.0-1085.94 4.4.0-1119.133 4.4.0-1143.153 4.4.0-1147.157 4.4.0-198.230 0~20160408.ffea0a2c-2ubuntu0.2 9.26~dfsg+0-0ubuntu0.16.04.14 84.0.2+build1-0ubuntu0.16.04.1 1.900.1-debian1-2.4ubuntu1.3 4.5.0.3-1ubuntu0.4 2.5.9-0ubuntu0.16.04.2 1.28-2.1ubuntu0.2 3.6-rzb2779+dfsg-0ubuntu9.2 4.15.0-132.136~16.04.1 4.4.0-200.232 0.31.0-3ubuntu0.1 1.8.27-8ubuntu1.1 3.1.2-0ubuntu1.5 2.75-1ubuntu0.16.04.7 2.75-1ubuntu0.16.04.8 1.2.10+dfsg-7ubuntu0.16.04.1 0.25-4ubuntu0.16.04.1 2.6-6.1ubuntu0.1 1.5.24-1ubuntu0.6 1.0.25-10ubuntu0.16.04.3 1.8.16-0ubuntu1.10 4.4.0-201.233 4.4.0-1087.96 4.4.0-1121.135 4.4.0-1145.155 4.4.0-1149.159 4.15.0-133.137~16.04.1 4.15.0-1064.71~16.04.1 4.15.0-1092.105~16.04.1 4.15.0-1093.99~16.04.1 4.15.0-1106.118~16.04.1 1.8.7-1ubuntu5.14 5.7.33-0ubuntu0.16.04.1 85.0+build1-0ubuntu0.16.04.1 85.0.1+build1-0ubuntu0.16.04.1 17-4ubuntu0.1 20210119~16.04.1 2.20.1-0ubuntu2.30 1.1.5+dfsg-2ubuntu0.1 1:1.10.1+submodules+notgz-6ubuntu0.3 2.4.42+dfsg-2ubuntu3.12 1:2.5+dfsg-5ubuntu10.49 8u282-b08-0ubuntu1~16.04 2.48.3 2.5.9-0ubuntu0.16.04.3 4.12-4ubuntu1.1 1:2.4-0ubuntu6.7 2.4-0ubuntu6.7 1:9.10.3.dfsg.P4-8ubuntu1.18 1.0.2g-1ubuntu4.19 1.9.2-7ubuntu0.2 2.4.42+dfsg-2ubuntu3.13 322-1ubuntu1.2 4.3.1-2ubuntu0.1 4.4.0-1088.97 4.4.0-1122.136 4.4.0-1146.156 4.4.0-1150.160 4.4.0-203.235 4.15.0-1065.73~16.04.1 4.15.0-1093.106~16.04.1 4.15.0-1094.101~16.04.1 4.15.0-1108.120~16.04.1 4.15.0-136.140~16.04.1 2.7.12-1ubuntu0~16.04.14 3.5.2-2ubuntu0~16.04.13 2.7.12-1ubuntu0~16.04.16 2.7.12-1ubuntu0~16.04.18 4.0.6-1ubuntu0.8 86.0+build3-0ubuntu0.16.04.1 1:2.4-0ubuntu6.8 2.4-0ubuntu6.8 1.10.4-2ubuntu1~16.04.2 2.48.2-0ubuntu4.7 1:2.7.4-0ubuntu1.10 3.1.2-0ubuntu1.6 2.48.2-0ubuntu4.8 4.2.0-3ubuntu0.1~esm1 1.9.2-3ubuntu0.1~esm1 1:2.4.7+dfsg-2ubuntu2.1+esm3 1.1.9-1ubuntu0.1~esm2 2015.8.8+ds-1ubuntu0.1+esm1 3.7.6-1ubuntu1+esm1 8.4.2~dfsg.1-1ubuntu0.1~esm1 4.1.1+xorg4.3.0-37.3ubuntu2.1+esm1 7.44-1ubuntu1~16.04.0+esm1 3.2.13-5ubuntu0.1~esm1 1.4.35-4ubuntu2.1+esm1 2.1.0-2ubuntu0.1~esm1 1.0.3-2ubuntu0.1~esm1 4.02.3-5ubuntu2+esm1 1.0.11-2ubuntu0.1~esm1 3.99.5+repack1-9ubuntu0.1~esm2 15.08.7-1ubuntu0.1~esm4 15.08.7-1ubuntu0.1~esm5 2.1.2-1.1+deb9u6ubuntu0.1~esm1 1.0.0-1ubuntu0.1~esm2 3.1.3+debian-1ubuntu0.1~esm1 3.5.2-0ubuntu4.1.16.04.1~esm1 2.11.0+ds-1ubuntu0.1~esm1 1.5+dfsg-1ubuntu0.1+esm2 3.0.11-1ubuntu0.1~esm1 3.4.8-1ubuntu0.1~esm1 1.0.7-1ubuntu0.1~esm1 7.0.68-1ubuntu0.4+esm1 4.3.1-0ubuntu1+esm1 5.5.1-1ubuntu0.1~esm1 1:1.6.19+git20160116-1ubuntu0.1~esm1 2.4.5-1ubuntu0.1~esm1 4.2.6~dfsg-1ubuntu4.2+esm1 0.13.1-1ubuntu0.1~esm2 0.24.1-2ubuntu0.2+esm1 3.2.3-4ubuntu0.1~esm3 2.8.9dev8-4ubuntu1+esm2 5.34.30-0ubuntu8+esm1 1.2.1-2ubuntu1+esm1 1.88-1ubuntu0.1~esm1 3.8.5-2ubuntu0.1+esm1 2.2.2-5ubuntu0.16.04.5+esm1 1.22.4-1ubuntu0.1+esm2 0.3.8-2ubuntu0.1~esm1 1.8.3-3ubuntu16.04.1~esm1 1.9-3ubuntu0.1~esm1 1.0.1-0ubuntu1.1~esm1 1.3.1-1ubuntu0.1~esm1 2.4.2-3ubuntu0.1~esm2 1:13.1.0~dfsg-1.1ubuntu4.1+esm1 0.6.1-2ubuntu0.3+esm1 0.6.0-3ubuntu0.16.04.1+esm1 1.8.16+docs-4ubuntu1.1+esm1 2.4.9.1+dfsg-1.5ubuntu1.1+esm1 1.73-1ubuntu0.1~esm1 14.8.6-1ubuntu0.1~esm1 2.3.0-1ubuntu0.1~esm1 2.5.4.26856.ds4-1ubuntu0.1~esm1 1.4.8-1ubuntu0.16.04.7+esm1 4.1.1-1ubuntu0.2+esm1 3.1.4~abc9f50+dfsg1-1ubuntu0.1~esm1 1.9.2-2+deb9u1ubuntu0.1~esm1 5.6.1-9ubuntu0.1+esm1 1.2.9-1ubuntu0.1~esm1 0.3.8-2ubuntu0.1~esm1 2.2+dfsg1-1ubuntu0.1~esm2 4:4.5.4.1-2ubuntu2.1+esm6 2.8.6-1ubuntu1+esm1 0.41-7ubuntu1+esm1 1.0.3-1ubuntu0.1~esm1 1.23-1ubuntu0.1~esm1 0.6.11-1.1ubuntu0.1~esm1 5.10.1+dfsg-2.1ubuntu0.1~esm1 2016.02.09-1ubuntu0.1~esm1 2.4.1-1ubuntu0.1~esm2 0.7.12-5ubuntu0.1~esm1 0.7.82-1ubuntu0.1~esm1 1:5.16-2ubuntu0.2+esm1 0.1.24-1ubuntu0.16.04.1~esm1 1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4+esm2 1.17-7ubuntu0.1+esm1 1.19.0-1ubuntu0.1~esm1 1.9.6-1ubuntu1.1+esm1 5.7.3p2-1ubuntu0.1~esm2 4.4.0-1089.98 4.4.0-1123.137 4.4.0-1147.157 4.4.0-1151.161 4.4.0-204.236 4.15.0-1066.74~16.04.1 4.15.0-1094.107~16.04.1 4.15.0-1095.102~16.04.1 4.15.0-1109.121~16.04.1 4.15.0-137.141~16.04.1 2.1.2-1.1+deb9u6build0.16.04.1 2.3.1-2~ubuntu16.04.15 4.15.0-1067.75~16.04.1 4.15.0-1095.108~16.04.1 4.15.0-1096.103~16.04.1 4.15.0-1110.122~16.04.1 4.15.0-139.143~16.04.1 4.4.0-1090.99 4.4.0-1124.138 4.4.0-1148.158 4.4.0-1152.162 4.4.0-206.238 2.1+dfsg-1ubuntu0.1 3.0.24-1ubuntu0.1 2:1.1.24-1ubuntu3.2 4.15.0-1068.76~16.04.1 4.15.0-1096.109~16.04.1 4.15.0-1097.104~16.04.1 4.15.0-1111.123~16.04.1 4.15.0-140.144~16.04.1 8u292-b10-0ubuntu1~16.04.1 87.0+build3-0ubuntu0.16.04.2 3.5.12-1ubuntu7.16 3.5.0-1ubuntu0.4 2.1+dfsg-1ubuntu0.2 7.47.0-1ubuntu2.19 3.4.2-0ubuntu0.16.04.5 2.2.0-10ubuntu2.6 1.8.7-1ubuntu5.15 4.4.0-1091.100 4.4.0-1126.140 4.4.0-1150.161 4.4.0-1154.164 4.4.0-208.240 2:1.18.4-0ubuntu0.12 2:1.19.6-1ubuntu4.1~16.04.6 3.2-1ubuntu0.16.04.2 4.15.0-1069.77~16.04.1 4.15.0-1097.110~16.04.1 4.15.0-1098.105~16.04.1 4.15.0-1112.124~16.04.1 1.7.0~dfsg-1ubuntu1.1 4.15.0-1070.78~16.04.1 4.15.0-1098.111~16.04.1 4.15.0-1099.106~16.04.1 4.15.0-1113.126~16.04.1 4.15.0-142.146~16.04.1 4.4.0-1092.101 4.4.0-1127.141 4.4.0-1151.162 4.4.0-1155.165 4.4.0-209.241 4.4.0-1093.102 4.4.0-1128.142 4.4.0-1152.163 4.4.0-1156.166 4.4.0-210.242 0.103.2+dfsg-0ubuntu0.16.04.1 0.103.2+dfsg-0ubuntu0.16.04.1+esm1 1.2.1-11ubuntu0.16.04.2 4.1.4-7ubuntu0.1+esm2 0.99.beta19-2ubuntu0.16.04.2 2.3.1-2~ubuntu16.04.16 2.75-1ubuntu0.16.04.10 88.0+build2-0ubuntu0.16.04.1 3.16.5-0ubuntu1.5 1.8.3-1ubuntu0.5 1:9.10.3.dfsg.P4-8ubuntu1.19 2:4.3.11+dfsg-0ubuntu0.16.04.34 1.8.7-1ubuntu5.15+esm1 4.86.2-2ubuntu2.6+esm1 0.25-2.1ubuntu16.04.7+esm1 4.15.0-1071.79~16.04.1 4.15.0-1099.112~16.04.1 4.15.0-1102.109~16.04.1 4.15.0-143.147~16.04.3 7.4+dfsg-1ubuntu0.4+esm1 2.23-0ubuntu11.3 3.5.27.1-5ubuntu0.1+esm1 1.8.3-1ubuntu0.3+esm1 8.1.1-2ubuntu0.6+esm2 1.3+dfsg.1-6ubuntu0.1~esm1 0.25-2.1ubuntu16.04.7+esm2 2.20.1-0ubuntu2.30+esm1 2:1.6.3-1ubuntu2.2+esm1 1.10.3-0ubuntu0.16.04.5+esm1 0.0~r131-2ubuntu2+esm1 4.3.3-5ubuntu12.10+esm1 0.4.4-1ubuntu0.1~esm1 1.8.7-1ubuntu5.15+esm3 2.79-1ubuntu0.16.04.1+esm1 4.15.0-1072.80~16.04.1 4.15.0-1100.113~16.04.1 4.15.0-1103.110~16.04.1 4.15.0-1115.128~16.04.1 4.15.0-144.148~16.04.1 3.20210608.0ubuntu0.16.04.1+esm1 0.2.3-0.2ubuntu0.16.04.1+esm1 0.2.3-0.2ubuntu0.16.04.1+esm2 10.10-1ubuntu0.1~esm1 5.37-0ubuntu5.3+esm1 2.9.3+dfsg1-1ubuntu0.7+esm1 2.4.18-2ubuntu3.17+esm1 2.2.0-10ubuntu2.6+esm1 4.15.0-1075.83~16.04.1 4.15.0-1103.116~16.04.1 4.15.0-1106.113~16.04.1 4.15.0-1118.131~16.04.1 4.15.0-147.151~16.04.1 3.5.7-1ubuntu0.16.04.4+esm1 3.5.27.1-5ubuntu0.1+esm2 7.0.33-0ubuntu0.16.04.16+esm1 0.6.32~rc+dfsg-1ubuntu2.3+esm1 229-4ubuntu21.31+esm1 4.4.0-1095.104 4.4.0-1130.144 4.4.0-212.244 4.15.0-1078.86~16.04.1 4.15.0-1106.120~16.04.1 4.15.0-1109.116~16.04.1 4.15.0-1121.134~16.04.1 4.15.0-151.157~16.04.1 2.3.1-2~ubuntu16.04.16+esm1 7.47.0-1ubuntu2.19+esm3 5.7.35-0ubuntu0.16.04.1+esm1 0.60.7~20110707-3ubuntu0.1+esm1 1.0.25-10ubuntu0.16.04.3+esm1 8.0.2-3~16.04.1+esm1 1:1.10.1+submodules+notgz-6ubuntu0.3+esm1 0.25-2.1ubuntu16.04.7+esm3 1.634-1ubuntu0.2+esm1 1.10.0-3ubuntu0.2+esm1 0.2.9.14-1ubuntu1~16.04.3+esm1 4.4.0-1096.105 4.4.0-1131.145 4.4.0-213.245 2.13-4ubuntu2+esm1 0.25-2.1ubuntu16.04.7+esm4 4.15.0-1079.87~16.04.1 4.15.0-1107.121~16.04.1 4.15.0-1110.117~16.04.1 4.15.0-1122.135~16.04.1 4.15.0-154.161~16.04.1 2:1.9.4-1ubuntu0.1~esm1 1.0.2g-1ubuntu4.20+esm1 2.0.12-5ubuntu3.2+esm1 0.2.15-1ubuntu0.1~esm1 1.5.2-3ubuntu0.1~esm1 1:2015.3.14AR.1-1ubuntu0.3+esm1 5.5.2-2ubuntu3+esm1 4.4.0-1097.106 4.4.0-1132.146 4.4.0-214.246 2.11+dfsg-5ubuntu1.1+esm1 3.0.0-3ubuntu1.16.04.4+esm1 2.1.1-4ubuntu0.16.04.12+esm1 4.15.0-1080.88~16.04.1 4.15.0-1111.118~16.04.1 4.15.0-1123.136~16.04.1 4.15.0-156.163~16.04.1 4.15.0-1108.122~16.04.1 1:2.7.4-0ubuntu1.10+esm1 2.20.1-0ubuntu2.30+esm2 1:4.3-3ubuntu2.16.04.3+esm1 7.47.0-1ubuntu2.19+esm1 7.47.0-1ubuntu2.19+esm2 1.5.4-3+really1.6.5-2ubuntu0.6+esm1 1.6.5-2ubuntu0.6+esm1 3.5.2-2ubuntu0~16.04.13+esm1 4.15.0-158.166~16.04.1 4.4.0-216.249 20210119~16.04.1ubuntu0.1~esm1 2.4.18-2ubuntu3.17+esm2 2.4.18-2ubuntu3.17+esm3 2:7.4.1689-3ubuntu1.5+esm2 4.15.0-1081.89~16.04.1 4.15.0-1109.123~16.04.1 4.15.0-1112.119~16.04.1 4.15.0-1124.137~16.04.1 4.15.0-159.167~16.04.1 3.7.3-1ubuntu1.2+esm2 18.09.7-0ubuntu1~16.04.9+esm1 1.4-7ubuntu0.1~esm1 1.10.3-0ubuntu0.16.04.5+esm2 5.3.5-1ubuntu3.8+esm1 4.15.0-1082.90~16.04.1 4.15.0-1110.124~16.04.1 4.15.0-1113.120~16.04.1 4.15.0-1125.138~16.04.1 4.15.0-161.169~16.04.1 0.99.beta19-2ubuntu0.16.04.2+esm1 1:2.1.20-1ubuntu0.6+esm1 2.20.1-0ubuntu2.30+esm3 5.7.36-0ubuntu0.16.04.1+esm1 7.0.33-0ubuntu0.16.04.16+esm2 1:9.10.3.dfsg.P4-8ubuntu1.19+esm1 55.1-7ubuntu0.5+esm1 4.15.0-1083.91~16.04.1 4.15.0-1111.125~16.04.1 4.15.0-1115.122~16.04.1 4.15.0-1126.139~16.04.1 4.15.0-162.170~16.04.1 2.2.0-10ubuntu2.6+esm2 2:7.4.1689-3ubuntu1.5+esm3 1.3.13-1ubuntu0.1~esm1 2.2.0-10ubuntu2.6+esm3 1:2.1.20-1ubuntu0.6+esm2 8:6.8.9.9-7ubuntu5.16+esm1 0.9.3-1ubuntu0.1~esm1 3:4.8.15-2ubuntu0.1~esm1 4.15.0-1084.92~16.04.1 4.15.0-1112.126~16.04.1 4.15.0-1116.123~16.04.1 4.15.0-1127.140~16.04.1 4.15.0-163.171~16.04.1 7:2.8.17-0ubuntu0.1+esm4 2:3.28.4-0ubuntu0.16.04.14+esm1 2:3.28.4-0ubuntu0.16.04.14+esm2 0.34.3-2ubuntu0.1~esm1 0.621-1ubuntu0.1~esm1 0.8.4-1ubuntu0.16.04.1~esm2 3.0.6-1ubuntu0.1~esm1 2:1.9.4-1ubuntu0.1~esm2 1:1.22.0-15ubuntu1.4+esm1 1.2~beta+dfsg.1-0ubuntu1+esm2 1.5.3-1ubuntu0.1~esm1 2.3-1ubuntu0.1~esm1 2.48.2-0ubuntu4.8+esm1 1.3.23-1ubuntu0.6+esm1 2.4-2ubuntu0.1~esm1 2:1.18.4-0ubuntu0.12+esm1 2:1.19.6-1ubuntu4.1~16.04.6+esm5 1.2.12-1ubuntu1+esm1 8u312-b07-0ubuntu1~16.04 3.4.4-2+deb8u1ubuntu0.1~esm2 4.15.0-1085.93~16.04.1 4.15.0-1114.128~16.04.1 4.15.0-1118.125~16.04.1 4.15.0-1129.142~16.04.1 4.15.0-166.174~16.04.1 4.4.0-1099.108 4.4.0-1134.148 4.4.0-218.251 2.4.18-2ubuntu3.17+esm4 0.8.8f+ds1-4ubuntu4.16.04.2+esm1 3.1-1ubuntu0.1+esm1 1.0.0~beta2-1ubuntu0.1~esm1 2:3.0.6-1ubuntu0.4+esm1 1.2.17-7ubuntu1+esm1 9.26~dfsg+0-0ubuntu0.16.04.14+esm1 3.5.0-1ubuntu0.4+esm2 3.1.2-0ubuntu1.6+esm1 1.7040-1ubuntu0.1~esm1 1.3.4.9-1ubuntu0.1~esm1 0.9.3-1ubuntu0.1~esm1 0.103.5+dfsg-0ubuntu0.16.04.1+esm1 5.106-0ubuntu1+esm1 2.3.1-2~ubuntu16.04.16+esm2 1.7.85-1ubuntu0.1~esm1 0.7.82-1ubuntu0.1~esm2 4.5.1-1ubuntu0.1~esm1 0.16~a2.git20130520-3ubuntu0.1~esm1 1.10.6-1ubuntu3.6+esm1 3.3.9-3ubuntu0.1~esm1 5.3.5-1ubuntu3.8+esm2 0.3.4-1ubuntu2+esm1 0.105-14.1ubuntu0.5+esm1 1.6.4-3ubuntu0.2+esm2 1:4.2-3.1ubuntu5.5+esm1 0.8.4-1ubuntu0.16.04.1~esm3 1.6.17-8ubuntu0.1+esm1 1.4-2ubuntu0.1+esm1 3.0pl1-128ubuntu2+esm1 3.0pl1-128ubuntu2+esm2 2:4.3.11+dfsg-0ubuntu0.16.04.34+esm1 5.0.27-2ubuntu0.1~esm1 1.0.1-1ubuntu0.1~esm2 2.38.0-12ubuntu2.1+esm1 4.15.0-1086.94~16.04.1 4.15.0-1115.129~16.04.1 4.15.0-1119.126~16.04.2 4.15.0-1130.143~16.04.1 4.15.0-167.175~16.04.1 1.8.7-1ubuntu5.15+esm4 5.7.37-0ubuntu0.16.04.1+esm1 4.2.1-1ubuntu1+esm1 1.8.16+docs-4ubuntu1.1+esm2 4.12.0.1+dfsg1-3ubuntu0.1~esm1 5.37-0ubuntu5.3+esm2 1.2~rc1.2-1ubuntu1+esm1 0.15.0-1ubuntu1+esm1 0.12-6ubuntu0.2+esm1 2.1.0-7ubuntu0.16.04.5+esm2 2.54.3+16.04~esm2 2.54.3+16.04.0ubuntu0.1~esm4 0.9.1.2-9+deb8u1ubuntu0.16.04.1~esm1 4.15.0-1087.95~16.04.1 4.15.0-1116.130~16.04.1 4.15.0-1120.128~16.04.1 4.15.0-1131.144~16.04.1 4.15.0-169.177~16.04.1 4.4.0-1100.109 4.4.0-1135.149 4.4.0-219.252 7.0.33-0ubuntu0.16.04.16+esm3 2.1.26.dfsg1-14ubuntu0.2+esm1 1.5.0-2ubuntu0.1+esm1 2.23-0ubuntu11.3+esm1 2.0.0.2-2ubuntu1.3+esm1 4.15.0-1089.98~16.04.1 4.15.0-1118.132~16.04.1 4.15.0-1123.132~16.04.1 4.15.0-1133.146~16.04.1 4.15.0-171.180~16.04.1 4.4.0-1102.111 4.4.0-1137.151 4.4.0-221.254 2.1.0-7ubuntu0.16.04.5+esm5 1.9.3-2ubuntu1.3+esm1 5.1.1-1ubuntu2.3+esm1 2.9.4-1ubuntu3.1+esm1 1.0.2g-1ubuntu4.20+esm2 1.28-2.1ubuntu0.2+esm1 4.9.3-0ubuntu0.16.04.1+esm1 1:9.10.3.dfsg.P4-8ubuntu1.19+esm2 2.4.18-2ubuntu3.17+esm5 2.7.5-1ubuntu0.1~esm1 8:6.8.9.9-7ubuntu5.16+esm2 1:9b-1ubuntu1+esm1 4.15.0-1090.99~16.04.1 4.15.0-1119.133~16.04.1 4.15.0-1124.133~16.04.1 4.15.0-1134.147~16.04.1 4.15.0-173.182~16.04.1 4.5.7+dfsg-2ubuntu0.16.04.1~esm1 2.26.1-1ubuntu1~16.04.8+esm3 2.7.12-1ubuntu0~16.04.18+esm1 3.5.2-2ubuntu0~16.04.13+esm2 4.4.0-1103.112 4.4.0-1138.152 4.4.0-222.255 4.033-1ubuntu0.1+esm1 3.1.21-1ubuntu1+esm1 2.26.1-1ubuntu1~16.04.8+esm4 1.16.0-1ubuntu0.2+esm2 4.7-3ubuntu0.16.04.3+esm2 16.0.0-1ubuntu0.4+esm1 1:16.0.0-1ubuntu0.4+esm1 1:1.2.8.dfsg-2ubuntu4.3+esm1 4.15.0-175.184~16.04.1 4.15.0-1091.100~16.04.1 4.15.0-1120.134~16.04.1 4.15.0-1126.135~16.04.2 4.15.0-1136.149~16.04.1 3.1.1-3ubuntu1.3+esm1 4.4.0-1104.113 4.4.0-1139.153 4.4.0-223.256 3.8.0-2ubuntu0.1~esm1 1.10.3-0ubuntu0.16.04.5+esm3 1.10.3-0ubuntu0.16.04.5+esm4 1.8.7-1ubuntu5.15+esm5 1:1.4+dfsg1-3ubuntu1.16.04.1~esm1 5.1.1alpha+20120614-2ubuntu2.16.04.1+esm1 1.6-4ubuntu1+esm1 2.0.4-8ubuntu1.16.04.4+esm1 4.3-14ubuntu1.4+esm1 4.15.0-1092.101~16.04.1 4.15.0-1121.135~16.04.1 4.15.0-1127.136~16.04.1 4.15.0-1137.150~16.04.1 4.15.0-176.185~16.04.1 0.6.11-1ubuntu0.1~esm1 2.4-2ubuntu0.1~esm1 1.5.24-1ubuntu0.6+esm2 9.26~dfsg+0-0ubuntu0.16.04.14+esm3 1.2.15+dfsg1-3ubuntu0.1+esm1 5.7.38-0ubuntu0.16.04.1+esm1 1.0.2g-1ubuntu4.20+esm3 8.16.0-1ubuntu3.1+esm2 0.12+20150918-1ubuntu0.1+esm2 1.14.6-1ubuntu0.1~esm1 2.75-1ubuntu0.16.04.10+esm1 1.0.25-10ubuntu0.16.04.3+esm2 4.4.0-1105.114 4.4.0-1140.154 4.4.0-224.257 4.15.0-1093.102~16.04.1 4.15.0-1122.136~16.04.1 4.15.0-1128.137~16.04.1 4.15.0-1138.151~16.04.1 4.15.0-177.186~16.04.1 8.16.0-1ubuntu3.1+esm1 1.3.5-3ubuntu0.2+esm1 4.0.6-1ubuntu0.8+esm1 2.9.3+dfsg1-1ubuntu0.7+esm2 0.103.6+dfsg-0ubuntu0.16.04.1+esm1 2.4.42+dfsg-2ubuntu3.13+esm1 2:8.38-3.1ubuntu0.1~esm1 2:1.5.0-1ubuntu0.1~esm1 1.2.54-1ubuntu1.1+esm1 1.6.20-2ubuntu0.1~esm1 2:7.4.1689-3ubuntu1.5+esm4 1:0.9.9-0ubuntu1+esm1 1:5.0.1-2ubuntu0.1~esm1 1.8.27-8ubuntu1.1+esm1 4.15.0-1095.104~16.04.1 4.15.0-1124.138~16.04.1 4.15.0-1130.139~16.04.1 4.15.0-1139.152~16.04.1 4.15.0-180.189~16.04.1 1.18.4ubuntu1.7+esm1 6.0+20160213-1ubuntu1+esm1 2:1.0.10-1ubuntu0.16.04.1~esm1 1:2015.3.14AR.1-1ubuntu0.3+esm2 2.6.1-0.1ubuntu2.5+esm1 2.1.3-4ubuntu0.11+esm1 1.2-3ubuntu0.16.04.1~esm2 8:6.8.9.9-7ubuntu5.16+esm3 2:7.4.1689-3ubuntu1.5+esm5 2:7.4.1689-3ubuntu1.5+esm6 2.3.1-2~ubuntu16.04.16+esm3 1:2015.3.14AR.1-1ubuntu0.3+esm3 1.42.13-1ubuntu1.2+esm1 2.0-1.42.13-1ubuntu1.2+esm1 2.1-1.42.13-1ubuntu1.2+esm1 4.4.0-1108.118 4.4.0-1143.158 4.4.0-227.261 4.15.0-1098.108~16.04.1 4.15.0-1127.142~16.04.1 4.15.0-1133.143~16.04.1 4.15.0-1142.156~16.04.1 4.15.0-184.194~16.04.1 20211016~16.04.1~esm1 6.0+20160213-1ubuntu1+esm2 1:2.27.1-6ubuntu3.10+esm2 2.27.1-6ubuntu3.10+esm2 7.0.33-0ubuntu0.16.04.16+esm4 4.15.0-1101.112~16.04.1 4.15.0-1130.146~16.04.1 4.15.0-1136.147~16.04.1 4.15.0-1145.160~16.04.1 4.15.0-187.198~16.04.1 2.4.18-2ubuntu3.17+esm6 2.4.18-2ubuntu3.17+esm7 1.0.2g-1ubuntu4.20+esm5 2.6.1-1.3ubuntu0.1~esm1 2:7.4.1689-3ubuntu1.5+esm7 4.15.0-188.199~16.04.1 1:6b2-2ubuntu0.1~esm1 2:7.4.1689-3ubuntu1.5+esm8 7.47.0-1ubuntu2.19+esm4 4.4.0-1145.160 4.4.0-229.263 1.4.20-1ubuntu3.3+esm2 2.1.11-6ubuntu2.1+esm1 4.4.0-1110.120 2:7.4.1689-3ubuntu1.5+esm10 2:1.18.4-0ubuntu0.12+esm2 2:1.19.6-1ubuntu4.1~16.04.6+esm1 4.15.0-1102.113~16.04.1 4.15.0-1131.147~16.04.1 4.15.0-1137.148~16.04.1 4.15.0-189.200~16.04.1 2:7.4.1689-3ubuntu1.5+esm11 2.7.12-1ubuntu0~16.04.18+esm2 3.5.2-2ubuntu0~16.04.13+esm3 6.01-1ubuntu0.16.04~esm1 1.2.6-0ubuntu1~16.04.6+esm2 4.0.6-1ubuntu0.8+esm2 1.2.6p12-1ubuntu0.16.04.1+esm1 0.12.7-1+deb8u1ubuntu0.1~esm1 2:7.4.1689-3ubuntu1.5+esm12 8:6.8.9.9-7ubuntu5.16+esm4 3.20220510.0ubuntu0.16.04.1+esm1 5.7.39-0ubuntu0.16.04.1+esm2 4.4.0-1111.121 4.4.0-1146.161 4.4.0-230.264 4.15.0-1146.161~16.04.1 8u342-b07-0ubuntu1~16.04 2.9.3+dfsg1-1ubuntu0.7+esm3 1.4.2-0ubuntu3.4+esm1 1.8.3-1ubuntu0.5+esm1 4.4.0-1112.122 4.4.0-1147.162 4.4.0-231.265 0.83-4.2ubuntu1+esm1 4.15.0-1104.115~16.04.1 4.15.0-1134.150~16.04.2 4.15.0-1139.150~16.04.1 4.15.0-1149.164~16.04.1 4.15.0-191.202~16.04.1 1:1.2.8.dfsg-2ubuntu4.3+esm2 4.4.0-1148.163 3.1.1-3ubuntu1.3+esm2 4.86.2-2ubuntu2.6+esm2 1.1.28-2.1ubuntu0.3+esm1 2:10.2.0-3~ubuntu0.16.04.1+esm1 4.4.0-1113.123 4.4.0-233.267 4.4.0-1150.165 1.6.10-1ubuntu3+esm1 1.2.15+dfsg1-3ubuntu0.1+esm2 7.47.0-1ubuntu2.19+esm5 4.15.0-1135.151~16.04.2 4.15.0-1150.165~16.04.1 4.15.0-192.203~16.04.1 4.15.0-1140.151~16.04.1 1.3.1+dfsg-1~ubuntu0.16.04.1+esm2 4.15.0-1105.116~16.04.1 4.0.6-1ubuntu0.8+esm3 0.41.0-0ubuntu1.16+esm1 0.41.0-0ubuntu1.16+esm2 1.12.0-1~ubuntu16.04.3+esm1 3.11.0-1ubuntu1.5+esm1 9.26~dfsg+0-0ubuntu0.16.04.14+esm4 4.0.6-1ubuntu0.8+esm4 4.15.0-1106.117~16.04.1 4.15.0-1136.152~16.04.1 4.15.0-1141.152~16.04.1 4.15.0-193.204~16.04.1 1.0.3+ds1-1ubuntu1+esm1 1:9.10.3.dfsg.P4-8ubuntu1.19+esm3 3.5.2-2ubuntu0~16.04.13+esm5 3.9.1-1ubuntu0.16.04.2+esm1 1.5.0-2ubuntu1.1+esm1 2.1.0-7ubuntu0.16.04.5+esm6 2.1.0-7ubuntu0.16.04.5+esm7 9.5.25-0ubuntu0.16.04.1+esm1 2:1.7.6-1ubuntu0.1~esm1 4.4.0-1114.124 4.4.0-1151.166 4.4.0-234.268 5.3.5-1ubuntu3.8+esm3 4.15.0-1151.166~16.04.1 1.9.10+20150825git1ed50c92~dfsg-1ubuntu1+esm1 1.3.10-0ubuntu0.16.04.1+esm1 4.3.3-5ubuntu12.10+esm2 5.9.6-1ubuntu0.1+esm3 1:1.5.2-3.1ubuntu0.1~esm2 2:8.38-3.1ubuntu0.1~esm2 1:7.2p2-4ubuntu2.10+esm2 4.15.0-1107.118~16.04.1 4.15.0-194.205~16.04.1 1.20-1ubuntu0.2+esm1 2:6.1.0+dfsg-2ubuntu0.1~esm1 6.0-20ubuntu1.1+esm1 1.2.20-2ubuntu4+esm1 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1 9.5.25-0ubuntu0.16.04.1+esm2 4.15.0-1142.154~16.04.1 3:3.4.3-1ubuntu0.1~esm1 4.15.0-1153.168~16.04.1 1:2.7.4-0ubuntu1.10+esm3 1:2.7.4-0ubuntu1.10+esm6 1.3.3-1ubuntu0.16.04.1+esm1 5.22.1-9ubuntu0.9+esm1 1:1.1.2-1.1ubuntu0.1~esm1 4.15.0-1137.153~16.04.1 5.7.40-0ubuntu0.16.04.1+esm1 2.5.9-0ubuntu0.16.04.3+esm1 2.23-0ubuntu11.3+esm2 2.8-1ubuntu0.1+esm1 7.47.0-1ubuntu2.19+esm6 1.10.6-1ubuntu3.6+esm2 4.0.6-1ubuntu0.8+esm6 4.7-3ubuntu0.16.04.3+esm3 1:2015.3.14AR.1-1ubuntu0.3+esm4 3.11.0-1ubuntu1.5+esm2 4.0.6-1ubuntu0.8+esm7 0.33.6-1ubuntu0.1~esm1 8u352-ga-1~16.04 1.3.1+dfsg-1~ubuntu0.16.04.1+esm3 4.75.2-2ubuntu0.2+esm1 1.10.3-0ubuntu0.16.04.5+esm5 2:7.4.1689-3ubuntu1.5+esm13 1.13.8-1ubuntu1~16.04.3+esm2 4.15.0-1108.119~16.04.1 4.15.0-1143.155~16.04.1 4.15.0-197.208~16.04.1 4.15.0-1138.154~16.04.1 1.3.1-4ubuntu0.1~esm1 11.2.0-1ubuntu0.3+esm1 8:6.8.9.9-7ubuntu5.16+esm5 1.5.4-1ubuntu0.1~esm1 2:1.18.4-0ubuntu0.12+esm4 2:1.19.6-1ubuntu4.1~16.04.6+esm3 2.1-3.1ubuntu0.1~esm1 4.0.6-1ubuntu0.8+esm8 2:1.0.9-1ubuntu0.16.04.1+esm1 1:4.2-3.1ubuntu5.5+esm2 1:4.2-3.1ubuntu5.5+esm3 1.0.1-1ubuntu0.1+esm1 1:9.10.3.dfsg.P4-8ubuntu1.19+esm5 0.1.8-8ubuntu0.1~esm1 3.4.10-4ubuntu1.9+esm1 1.0.4-2.1ubuntu0.1~esm1 2.54.3+16.04.0ubuntu0.1~esm5 4.15.0-1111.122~16.04.2 4.15.0-1141.157~16.04.2 4.15.0-1146.158~16.04.2 4.15.0-200.211~16.04.2 4.4.0-1115.125 4.4.0-1152.167 4.4.0-235.269 2.9.3+dfsg1-1ubuntu0.7+esm4 20211016~16.04.1~esm2 2.26.1-1ubuntu1~16.04.8+esm5 9.5.25-0ubuntu0.16.04.1+esm3 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm2 2.7.12-1ubuntu0~16.04.18+esm3 3.5.2-2ubuntu0~16.04.13+esm6 2.23-0ubuntu11.3+esm3 2.6.1-1.3ubuntu0.1~esm2 1:5.4.0-6ubuntu1~16.04.12+esm2 1:6.0.1-0ubuntu1+esm1 5.4.0-6ubuntu1~16.04.12+esm2 6.0.1-0ubuntu1+esm1 3.5.12-1ubuntu7.16+esm1 1:2.5+dfsg-5ubuntu10.51+esm1 2:7.4.1689-3ubuntu1.5+esm14 2:1.18.4-0ubuntu0.12+esm5 2:1.19.6-1ubuntu4.1~16.04.6+esm4 24.5+1-6ubuntu1.1+esm1 0.7.1-1ubuntu0.16.04.1~esm1 2.2.8+dfsg-0.1ubuntu0.1+esm1 1.3.3-1ubuntu0.16.04.1+esm2 4.15.0-1112.123~16.04.1 4.15.0-1142.158~16.04.1 4.15.0-1147.159~16.04.1 4.15.0-201.212~16.04.1 4.4.0-1153.168 5.7.3+dfsg-1ubuntu4.6+esm1 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 4.4.0-1116.126 4.4.0-236.270 4.15.0-1143.159~16.04.1 4.15.0-1148.160~16.04.1 4.15.0-202.213~16.04.1 2.3.1-2~ubuntu16.04.16+esm4 1:3.5.11-1ubuntu0.16.04.1+esm1 1:2.7.4-0ubuntu1.10+esm4 1.8.16-0ubuntu1.10+esm1 4.15.0-1113.124~16.04.1 20.7.0-1ubuntu0.1~esm1 1:5.9~svn20110310-11ubuntu0.1~esm1 0.29.0-1ubuntu0.1~esm1 8.1.1-2ubuntu0.6+esm4 8.1.1-2ubuntu0.6+esm5 5.7.41-0ubuntu0.16.04.1+esm1 1.1.8-3.2ubuntu2.3+esm2 1.1.8-3.2ubuntu2.3+esm4 1.13.2+dfsg-5ubuntu2.2+esm3 0.15.2-1ubuntu0.1~esm1 2.4.18-2ubuntu3.17+esm8 2:7.4.1689-3ubuntu1.5+esm15 1.8.7-1ubuntu5.15+esm6 1.20-1ubuntu0.2+esm2 2.4.18-2ubuntu3.17+esm9 0.621-1ubuntu0.1~esm2 4.0.6-1ubuntu0.8+esm9 0.12.0-2ubuntu0.1~esm1 2.1-3ubuntu0.1~esm1 1.0.2g-1ubuntu4.20+esm6 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm4 8:6.8.9.9-7ubuntu5.16+esm7 4.15.0-1159.174~16.04.1 2:13.1.4-0ubuntu4.5+esm1 1.5.4-1ubuntu0.1~esm2 1:2.7.4-0ubuntu1.10+esm5 2:3.28.4-0ubuntu0.16.04.14+esm3 3.6.1~20150924-5ubuntu0.1~esm1 4.15.0-206.217~16.04.1 4.15.0-206.217~16.04.1+1 4.4.0-1154.169 3.20230214.0ubuntu0.16.04.1+esm1 0.103.8+dfsg-0ubuntu0.16.04.1+esm1 1.29.0+dfsg-1ubuntu2+esm1 2:3.28.4-0ubuntu0.16.04.14+esm4 7.47.0-1ubuntu2.19+esm7 2:1.2.1-1ubuntu1.1+esm1 8u362-ga-0ubuntu1~16.04.1 7.4+dfsg-1ubuntu0.4+esm2 1.28-2.1ubuntu0.2+esm2 14.4.1-5+deb8u4ubuntu0.1+esm1 14.4.1-5+deb8u4ubuntu0.1+esm2 7.0.33-0ubuntu0.16.04.16+esm5 1.6.4-3ubuntu0.2+esm4 4.15.0-1115.126~16.04.1 4.15.0-1151.164~16.04.1 0.19.7-1ubuntu0.1~esm1 4.0.6-1ubuntu0.8+esm10 4.4.0-1117.127 4.4.0-237.271 4.4.0-237.271+1 229-4ubuntu21.31+esm3 1.12.11+20110422.1-2.1+deb10u3ubuntu0.16.04.1~esm1 0.7-1ubuntu0.1~esm1 2.4.18-2ubuntu3.17+esm10 1.12-2ubuntu0.16.04.1~esm1 1.4.8-1ubuntu0.1+esm1 1.23.1-1ubuntu4+esm1 0.10.4+dfsg1-1ubuntu1.2+esm1 2.1.2-1.1+deb9u6ubuntu0.1~esm3 24.5+1-6ubuntu1.1+esm2 5.2.14+dfsg-1ubuntu0.1~esm1 5.2.14+dfsg-1ubuntu0.1~esm2 2.0.9-2ubuntu0.1~esm1 7:2.8.17-0ubuntu0.1+esm5 2.7.12-1ubuntu0~16.04.18+esm4 3.5.2-2ubuntu0~16.04.13+esm7 7.8.9-1ubuntu0.16.04.1~esm1 2:7.4.1689-3ubuntu1.5+esm17 7.47.0-1ubuntu2.19+esm8 1:3.3.6-4.1ubuntu0.1 1:3.3.6-4.1ubuntu0.1+esm2 1.0.1+git137-gc8b8379-2.1ubuntu0.1~esm1 1.7-3ubuntu0.1~esm1 1.0.5-2ubuntu0.1~esm2 1.3.23-1ubuntu0.6+esm2 4.15.0-1162.177~16.04.1 4.15.0-1116.127~16.04.1 4.15.0-1153.166~16.04.1 4.15.0-208.219~16.04.1 2.3.8-1ubuntu1+esm1 1.0.7-5ubuntu0.1~esm1 3.7.6-1ubuntu1+esm2 1.1.9-1ubuntu0.1~esm3 2.6.4-2ubuntu0.4+esm1 1.8.16-3ubuntu0.2+esm1 1.2.17-7ubuntu1+esm1 4.4.0-1155.170 24.5+1-6ubuntu1.1+esm3 1.8.16-0ubuntu1.10+esm2 4.15.0-1146.162~16.04.1 0.10.7-1ubuntu0.1~esm1 4.15.0-1147.163~16.04.1 4.4.0-1118.128 4.4.0-239.273 9.26~dfsg+0-0ubuntu0.16.04.14+esm5 4.3.4-1.1ubuntu2.1+esm1 2.9.3+dfsg1-1ubuntu0.7+esm5 4.15.0-1117.128~16.04.1 4.15.0-1148.164~16.04.1 4.15.0-1154.167~16.04.1 4.15.0-1163.178~16.04.1 4.15.0-209.220~16.04.1 2.79-1ubuntu0.16.04.1+esm2 5.18.0-0ubuntu2+esm1 3.4-2ubuntu2+esm1 1.13.8-1ubuntu1~16.04.3+esm3 1.0.2g-1ubuntu4.20+esm7 21.1-19-gbad84ad4-0ubuntu1~16.04.4 4.4.0-1119.129 4.4.0-1156.171 4.4.0-240.274 1.3.0-0ubuntu2.16.04.3 4.15.0-1118.129~16.04.1 4.15.0-1149.165~16.04.1 4.15.0-1164.179~16.04.1 4.15.0-210.221~16.04.1 0.4.32-1ubuntu0.16.04.1+esm1 1:4.0.34-1ubuntu0.1~esm1 1:2.7.4-0ubuntu1.10+esm7 7.0.33-0ubuntu0.16.04.16+esm6 1.8.7-1ubuntu5.15+esm7 2.3.1-2~ubuntu16.04.16+esm5 2.3.1-2~ubuntu16.04.16+esm6 4.15.0-1155.168~16.04.1 5.7.42-0ubuntu0.16.04.1+esm1 2.1.0-1ubuntu0.16.04.1~esm1 8u372-ga~us1-0ubuntu1~16.04 0.4.4-1ubuntu0.1~esm2 4.15.0-1156.169~16.04.1 0.1.6-1ubuntu0.1~esm1 1.8.3-2ubuntu3.5+esm1 4.15.0-1119.130~16.04.1 2.3.1-2~ubuntu16.04.16+esm7 1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4+esm4 4.15.0-1165.180~16.04.1 4.15.0-1150.166~16.04.1 4.15.0-211.222~16.04.1 1.6-1ubuntu0.1~esm1 1:3.00-4+deb9u1ubuntu0.1~esm1 6.0+20160213-1ubuntu1+esm3 1.05-2ubuntu0.1~esm1 2.26.1-1ubuntu1~16.04.8+esm6 20230311~16.04.1~esm1 1:3.00-4+deb9u1ubuntu0.1~esm2 1:3.00-4+deb9u1ubuntu0.1~esm3 5.22.1-9ubuntu0.9+esm2 1:3.00-4+deb9u1ubuntu0.1~esm4 1.8-3ubuntu1+esm1 2.54.3+16.04.0ubuntu0.1~esm6 2.1.3-4ubuntu0.11+esm2 0.6.32~rc+dfsg-1ubuntu2.3+esm2 4.15.0-1120.131~16.04.1 4.15.0-1151.167~16.04.1 4.15.0-1157.170~16.04.1 4.15.0-1166.181~16.04.1 4.15.0-212.223~16.04.1 2.7.12-1ubuntu0~16.04.18+esm5 3.5.2-2ubuntu0~16.04.13+esm8 1.7.1-1ubuntu0.1~esm1 11.2.0-1ubuntu0.3+esm2 2.2.5-1ubuntu0.2+esm1 4.4.0-1120.130 4.4.0-1157.172 4.4.0-241.275 2:7.4.1689-3ubuntu1.5+esm18 2.9.1-3ubuntu0.1+esm1 4.2.1-1ubuntu3.1+esm1 2.9.19+dfsg-2ubuntu0.1~esm1 1.10.0-3ubuntu0.2+esm2 2.48.2-0ubuntu4.8+esm3 1:2.24-12ubuntu0.1~esm1 1:2.5+dfsg-5ubuntu10.51+esm2 2:1.6.3-1ubuntu2.2+esm2 1.8.0-8ubuntu2+esm1 1.25.1-1ubuntu0.1~esm1 1.2-3ubuntu0.1~esm1 1.2-3ubuntu0.1~esm2 2.2.2-5ubuntu0.16.04.5+esm2 2.3.0-7ubuntu0.16.04.1~esm1 1:9.10.3.dfsg.P4-8ubuntu1.19+esm6 2.1.3-4ubuntu0.11+esm3 1.0.2g-1ubuntu4.20+esm9 0.6.40-2ubuntu11.6+esm1 4.15.0-1121.132~16.04.1 4.15.0-1152.168~16.04.1 4.15.0-1158.171~16.04.1 4.15.0-1167.182~16.04.1 4.15.0-213.224~16.04.1 2.4.42+dfsg-2ubuntu3.13+esm2 4.3.1-2ubuntu0.1+esm1 7.0.33-0ubuntu0.16.04.16+esm7 8:6.8.9.9-7ubuntu5.16+esm8 1.2.6-0ubuntu1~16.04.6+esm4 0.0~git20150811.0.b6ab76f-1ubuntu0.1~esm1 2.6.0-1ubuntu0.16.04.1~esm1 2.2.1-1ubuntu0.1~esm1 2.3.1-2~ubuntu16.04.16+esm8 4.4.0-1121.131 4.4.0-1158.173 4.4.0-242.276 1.0.0~beta3-1ubuntu0.1~esm1 4.0.6-1ubuntu0.8+esm11 9.5.25-0ubuntu0.16.04.1+esm4 0.12.2.4-1ubuntu0.1~esm1 2.1.0-2ubuntu0.16.04.1~esm1 1.21-1.2+deb8u1ubuntu0.1~esm1 7.47.0-1ubuntu2.19+esm9 0.3.2+git20151018-2ubuntu0.16.04.1~esm1 1:7.2p2-4ubuntu2.10+esm3 0.9.15+debian-1ubuntu0.1~esm1 3.20191021.1+really3.20180524.1~ubuntu0.16.04.2+esm1 4.15.0-1122.133~16.04.1 4.15.0-1153.170~16.04.1 4.15.0-1159.172~16.04.1 4.15.0-1168.183~16.04.1 4.15.0-214.225~16.04.1 4.4.0-1122.132 4.4.0-1159.174 4.4.0-243.277 2:10.2.0-3~ubuntu0.16.04.1+esm2 2.0.873+git0.3b4b4500-14ubuntu3.7+esm1 2.6.10-1~ubuntu16.04.0+esm1 8u382-ga-1~16.04.1 3.5.7-1ubuntu0.16.04.4+esm2 2:7.4.1689-3ubuntu1.5+esm19 2.0.13-1ubuntu0.1~esm1 1.5.6-2ubuntu0.3+esm1 0.47.0-1~exp1ubuntu1~16.04.1+esm1 2.3.1-4.1ubuntu0.1~esm1 0.6.1+dfsg-2ubuntu1+esm1 1:7.2p2-4ubuntu2.10+esm4 1.25.1-1ubuntu0.1~esm2 1.7-4ubuntu0.1~esm1 2.0-4ubuntu0.1~esm1 3.20230808.0ubuntu0.16.04.1+esm1 0.0+git20160301.0.a83829b-1ubuntu0.1~esm1 5.7.43-0ubuntu0.16.04.1+esm1 4.0.6-1ubuntu0.8+esm12 1.8.3-1~ubuntu0.1+esm1 9.26~dfsg+0-0ubuntu0.16.04.14+esm6 0.13.62-3ubuntu0.16.04.2+esm1 0.41.0-0ubuntu1.16+esm3 0.103.9+dfsg-0ubuntu0.16.04.1+esm1 7.0.33-0ubuntu0.16.04.16+esm8 4.4.0-1160.175 4.4.0-244.278 2.8.0~cvs20150510-1ubuntu0.1+esm1 3.20191021.1+really3.20180524.1~ubuntu0.16.04.2+esm2 0.165-3ubuntu1.2+esm1 1.0.1+git137-gc8b8379-2.1ubuntu0.1~esm2 4.4.0-1123.133 0.7.git20120829-3.1~0.16.04.1+esm1 1:1.22.0-15ubuntu1.4+esm2 2.3.0~ds1-1ubuntu0.1~esm1 4.15.0-1123.134~16.04.1 4.15.0-1154.171~16.04.1 4.15.0-1160.173~16.04.1 4.15.0-216.227~16.04.1 4.15.0-1169.184~16.04.1 14.4.1-5+deb8u4ubuntu0.1+esm3 1.8.5-7ubuntu0.1~esm1 2.7.12-1ubuntu0~16.04.18+esm6 3.5.2-2ubuntu0~16.04.13+esm9 1.3.1+dfsg-3ubuntu0.1~esm1 4.2.9-5ubuntu0.1~esm1 1.3.1-4ubuntu0.1~esm2 2.1.3-4ubuntu0.11+esm5 9.26~dfsg+0-0ubuntu0.16.04.14+esm7 2:10.2.0-3~ubuntu0.16.04.1+esm3 9.5.25-0ubuntu0.16.04.1+esm5 2.9.0-1ubuntu0.1~esm1 1.5.0-2ubuntu0.1+esm2 1.10.6-1ubuntu3.6+esm3 1:4.1.3+dfsg-0.1ubuntu0.1~esm1 1.5.24-1ubuntu0.6+esm3 4.2.6~dfsg-1ubuntu4.2+esm2 2.26.1-1ubuntu1~16.04.8+esm7 1.4.25-2ubuntu1.5+esm1 4.4.0-1124.134 4.4.0-1161.176 4.4.0-245.279 2.1.3-4ubuntu0.11+esm4 8:6.8.9.9-7ubuntu5.16+esm9 3.5.2-2ubuntu0~16.04.13+esm10 2.7.12-1ubuntu0~16.04.18+esm8 4.15.0-1124.135~16.04.1 4.15.0-1155.172~16.04.1 4.15.0-1161.174~16.04.1 4.15.0-1170.185~16.04.1 4.15.0-218.229~16.04.1 1.1.5+dfsg-2ubuntu0.1+esm1 2.7.12-1ubuntu0~16.04.18+esm7 3.5.2-2ubuntu0~16.04.13+esm11 0.42.0-1.2ubuntu0.1~esm1 1.5.0-2ubuntu1.1+esm2 2:1.6.3-1ubuntu2.2+esm4 1:3.5.11-1ubuntu0.16.04.1+esm2 4.86.2-2ubuntu2.6+esm4 2.26.1-1ubuntu1~16.04.8+esm9 1.10.1+dfsg-1ubuntu0.16.04.1~esm1 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 4.0.6-1ubuntu0.8+esm13 7.47.0-1ubuntu2.19+esm10 7:2.8.17-0ubuntu0.1+esm6 3.0.11-1ubuntu0.1~esm2 0.99.24.1-2ubuntu1.4+esm1 1.0.2g-1ubuntu4.20+esm10 8.2.2-1ubuntu0.1~esm1 4.4.0-1125.135 4.4.0-1162.177 4.4.0-246.280 4.15.0-1125.136~16.04.1 4.15.0-1156.173~16.04.1 4.15.0-1171.186~16.04.1 4.15.0-219.230~16.04.1 4.15.0-1162.175~16.04.1 1.12.11+20110422.1-2.1+deb10u3ubuntu0.16.04.1~esm2 6.0+20160213-1ubuntu1+esm4 2:7.4.1689-3ubuntu1.5+esm20 2:1.18.4-0ubuntu0.12+esm6 4.86.2-2ubuntu2.6+esm5 2:10.2.0-3~ubuntu0.16.04.1+esm4 1.13.2+dfsg-5ubuntu2.2+esm4 0.6.1-2ubuntu0.3+esm2 1.4-24ubuntu0.1~esm1 1.0.25-10ubuntu0.16.04.3+esm3 2.1+dfsg-2ubuntu0.1~esm1 1.13.1-2ubuntu0.16.04.4+esm1 8.1.1-2ubuntu0.6+esm6 0.6.1-2ubuntu0.3+esm3 2.4.1-0ubuntu2+esm1 2:3.3.10-4ubuntu2.5+esm1 1:2.0.21-1ubuntu0.1~esm1 3.20231114.0ubuntu0.16.04.1+esm1 0.6.32~rc+dfsg-1ubuntu2.3+esm3 5.3.5-1ubuntu3.8+esm4 1.0.1-0ubuntu1~16.04.1+esm1 4.15.0-1126.137~16.04.1 4.15.0-1163.176~16.04.1 4.15.0-220.231~16.04.1 4.15.0-1157.174~16.04.1 4.15.0-1172.187~16.04.1 3.5.12-1ubuntu7.16+esm2 0.41.0-0ubuntu1.16+esm4 2.4.18-2ubuntu3.17+esm11 4.0.6-1ubuntu0.8+esm14 2.7.12-1ubuntu0~16.04.18+esm9 3.5.2-2ubuntu0~16.04.13+esm12 3.7.7-3ubuntu0.1~esm1 1.0.0-0ubuntu4~16.04.4+esm1 8u392-ga-1~16.04 2:3.0.6-1ubuntu0.4+esm2 4.4.0-1126.136 4.4.0-1163.178 4.4.0-248.282 5.37-0ubuntu5.3+esm3 2.23-0ubuntu11.3+esm5 2.6.2-3ubuntu0.1~esm1 1.28-2.1ubuntu0.2+esm3 2:1.18.4-0ubuntu0.12+esm8 2:7.4.1689-3ubuntu1.5+esm22 0.3.6-2ubuntu0.16.04.1+esm1 3.4.8-1ubuntu0.1~esm2 1:7.2p2-4ubuntu2.10+esm5 9.5.25-0ubuntu0.16.04.1+esm6 1:5.16-2ubuntu0.2+esm2 4.4.0-1164.179 3.1.3+debian-1ubuntu0.1~esm2 5.7.44-0ubuntu0.16.04.1+esm1 1.2.10-6ubuntu0.1~esm1 1.2.10-6ubuntu0.1~esm2 3.17.0+ds1-2ubuntu0.1+esm1 2:1.18.4-0ubuntu0.12+esm9 2:1.18.4-0ubuntu0.12+esm10 1.1.8-3.2ubuntu2.3+esm5 3.1.3+debian-1ubuntu0.1~esm3 3.1.0-3ubuntu0.4+esm2 3.1.0-3ubuntu0.4+esm3 0.6.3-4.3ubuntu0.6+esm1 0.4-1ubuntu0.16.04.1~esm1 2.8-1ubuntu0.1+esm2 4.4.0-1128.138 4.4.0-250.284 4.4.0-1165.180 4.15.0-1127.138~16.04.1 4.15.0-1158.175~16.04.1 4.15.0-1164.177~16.04.1 4.15.0-221.232~16.04.1 4.15.0-1173.188~16.04.1 4.86.2-2ubuntu2.6+esm6 2.6.2-3ubuntu0.1~esm2 10.2.11-0ubuntu0.16.04.3+esm1 1.0.2-2ubuntu0.16.04.1~esm1 8:6.8.9.9-7ubuntu5.16+esm10 1.0.2-2ubuntu0.16.04.1~esm2 1.33-1ubuntu0.1~esm2 1.0.2g-1ubuntu4.20+esm11 1:4.2-3.1ubuntu5.5+esm4 7.47.0-1ubuntu2.19+esm11 4.0.6-1ubuntu0.8+esm15 4.4.0-1129.139 4.4.0-1166.181 4.4.0-251.285 4.15.0-1128.139~16.04.1 4.15.0-1159.176~16.04.1 4.15.0-1165.178~16.04.1 4.15.0-1174.189~16.04.1 4.15.0-222.233~16.04.1 1.2~beta+dfsg.1-0ubuntu1+esm3 9.5.25-0ubuntu0.16.04.1+esm7 2.90-0ubuntu0.16.04.1+esm1 2.9.3+dfsg1-1ubuntu0.7+esm6 1.0.2-2ubuntu0.16.04.1~esm3 1.0.2g-1ubuntu4.20+esm12 481-2.1ubuntu0.2+esm1 1.2.3-1ubuntu0.3+esm1 1.10.0-3ubuntu0.2+esm3 1.0.2-2ubuntu0.16.04.1~esm4 0.24.1-2ubuntu0.2+esm2 6.0+20160213-1ubuntu1+esm5 1.10-1ubuntu0.1~esm1 2.4-1ubuntu0.1~esm1 2:7.4.1689-3ubuntu1.5+esm23 4.4.0-1130.140 4.4.0-252.286 4.4.0-1167.182 4.15.0-223.235~16.04.1 4.15.0-1160.177~16.04.1 4.15.0-1129.140~16.04.1 4.15.0-1166.179~16.04.1 4.15.0-1175.190~16.04.1 2.38.0-12ubuntu2.1+esm2 2.3.1-4.1ubuntu0.1~esm2 7.47.0-1ubuntu2.19+esm12 2:1.18.4-0ubuntu0.12+esm12 2:1.18.4-0ubuntu0.12+esm13 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 2.4.18-2ubuntu3.17+esm12 0.9-1ubuntu0.1~esm1 0.8.7.6+git20160220-3ubuntu0.1~esm1 4.2.6~dfsg-1ubuntu4.2+esm3 2.0.4-8ubuntu1.16.04.4+esm2 2.0.11-0ubuntu1~16.04.4+esm1 4.4.0-1131.141 4.4.0-1168.183 4.4.0-253.287 4.15.0-1130.141~16.04.1 4.15.0-1161.178~16.04.1 4.15.0-1167.180~16.04.1 4.15.0-1176.191~16.04.1 4.15.0-224.236~16.04.1 3.1.2-0ubuntu1.6+esm2 2.3.7-0ubuntu0.16.04.2+esm1 1:2.4.7+dfsg-2ubuntu2.1+esm4 3.1.2+dfsg-2ubuntu0.16.04.1~esm1 1.7.1-1ubuntu0.1~esm2 481-2.1ubuntu0.2+esm2 7.0.33-0ubuntu0.16.04.16+esm9 2.6.0-1ubuntu0.16.04.1~esm2 2.0.3-1ubuntu0.1~esm1 2.23-0ubuntu11.3+esm6 ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-globalmenu(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-testsuite(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^libsoup-gnome2.4-1(?::\w+|)\s+(.*)$ ^libsoup-gnome2.4-dev(?::\w+|)\s+(.*)$ ^gir1.2-soup-2.4(?::\w+|)\s+(.*)$ ^libsoup2.4-1(?::\w+|)\s+(.*)$ ^libsoup2.4-dev(?::\w+|)\s+(.*)$ ^libsoup2.4-doc(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-common(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^liboxideqtcore0(?::\w+|)\s+(.*)$ ^liboxideqt-qmlplugin(?::\w+|)\s+(.*)$ ^liboxideqtquick-dev(?::\w+|)\s+(.*)$ ^oxideqt-codecs-extra(?::\w+|)\s+(.*)$ ^liboxideqtcore-dev(?::\w+|)\s+(.*)$ ^oxideqt-codecs(?::\w+|)\s+(.*)$ ^liboxideqtquick0(?::\w+|)\s+(.*)$ ^ubuntu-core-launcher(?::\w+|)\s+(.*)$ ^libtasn1-6-dev(?::\w+|)\s+(.*)$ ^libtasn1-3-bin(?::\w+|)\s+(.*)$ ^libtasn1-doc(?::\w+|)\s+(.*)$ ^libtasn1-bin(?::\w+|)\s+(.*)$ ^libtasn1-6(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libcrypto1.0.0-udeb(?::\w+|)\s+(.*)$ ^libssl1.0.0-udeb(?::\w+|)\s+(.*)$ ^liboxideqtcore0(?::\w+|)\s+(.*)$ ^liboxideqt-qmlplugin(?::\w+|)\s+(.*)$ ^liboxideqtquick-dev(?::\w+|)\s+(.*)$ ^oxideqt-codecs-extra(?::\w+|)\s+(.*)$ ^liboxideqtcore-dev(?::\w+|)\s+(.*)$ ^oxideqt-codecs(?::\w+|)\s+(.*)$ ^liboxideqtquick0(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^openjdk-8-jre-jamvm(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-globalmenu(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-testsuite(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-aarch64(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^libndp0(?::\w+|)\s+(.*)$ ^libndp-dev(?::\w+|)\s+(.*)$ ^libndp-tools(?::\w+|)\s+(.*)$ ^bsdcpio(?::\w+|)\s+(.*)$ ^libarchive13(?::\w+|)\s+(.*)$ ^bsdtar(?::\w+|)\s+(.*)$ ^libarchive-dev(?::\w+|)\s+(.*)$ ^libksba8(?::\w+|)\s+(.*)$ ^libksba-dev(?::\w+|)\s+(.*)$ ^libexpat1(?::\w+|)\s+(.*)$ ^expat(?::\w+|)\s+(.*)$ ^libexpat1-dev(?::\w+|)\s+(.*)$ ^lib64expat1-dev(?::\w+|)\s+(.*)$ ^libexpat1-udeb(?::\w+|)\s+(.*)$ ^lib64expat1(?::\w+|)\s+(.*)$ ^php7.0-cgi(?::\w+|)\s+(.*)$ ^php7.0-mcrypt(?::\w+|)\s+(.*)$ ^php7.0-xsl(?::\w+|)\s+(.*)$ ^php7.0-fpm(?::\w+|)\s+(.*)$ ^php7.0-phpdbg(?::\w+|)\s+(.*)$ ^php7.0-curl(?::\w+|)\s+(.*)$ ^php7.0-ldap(?::\w+|)\s+(.*)$ ^php7.0-mbstring(?::\w+|)\s+(.*)$ ^php7.0-gmp(?::\w+|)\s+(.*)$ ^libphp7.0-embed(?::\w+|)\s+(.*)$ ^php7.0-gd(?::\w+|)\s+(.*)$ ^php7.0-common(?::\w+|)\s+(.*)$ ^php7.0-enchant(?::\w+|)\s+(.*)$ ^php7.0-odbc(?::\w+|)\s+(.*)$ ^php7.0-cli(?::\w+|)\s+(.*)$ ^php7.0-json(?::\w+|)\s+(.*)$ ^php7.0-pgsql(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.0(?::\w+|)\s+(.*)$ ^php7.0-zip(?::\w+|)\s+(.*)$ ^php7.0-imap(?::\w+|)\s+(.*)$ ^php7.0-sqlite3(?::\w+|)\s+(.*)$ ^php7.0-sybase(?::\w+|)\s+(.*)$ ^php7.0-pspell(?::\w+|)\s+(.*)$ ^php7.0-xml(?::\w+|)\s+(.*)$ ^php7.0-bz2(?::\w+|)\s+(.*)$ ^php7.0-recode(?::\w+|)\s+(.*)$ ^php7.0-soap(?::\w+|)\s+(.*)$ ^php7.0(?::\w+|)\s+(.*)$ ^php7.0-tidy(?::\w+|)\s+(.*)$ ^php7.0-interbase(?::\w+|)\s+(.*)$ ^php7.0-opcache(?::\w+|)\s+(.*)$ ^php7.0-readline(?::\w+|)\s+(.*)$ ^php7.0-intl(?::\w+|)\s+(.*)$ ^php7.0-mysql(?::\w+|)\s+(.*)$ ^php7.0-xmlrpc(?::\w+|)\s+(.*)$ ^php7.0-bcmath(?::\w+|)\s+(.*)$ ^php7.0-dev(?::\w+|)\s+(.*)$ ^php7.0-snmp(?::\w+|)\s+(.*)$ ^dosfstools(?::\w+|)\s+(.*)$ ^dosfstools-udeb(?::\w+|)\s+(.*)$ ^libgd3(?::\w+|)\s+(.*)$ ^libgd-tools(?::\w+|)\s+(.*)$ ^libgd-dev(?::\w+|)\s+(.*)$ ^golang-github-lxc-lxd-dev(?::\w+|)\s+(.*)$ ^lxc2(?::\w+|)\s+(.*)$ ^lxd-client(?::\w+|)\s+(.*)$ ^lxd(?::\w+|)\s+(.*)$ ^lxd-tools(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-5v5(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-2(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2-extra(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2(?::\w+|)\s+(.*)$ ^nginx-extras(?::\w+|)\s+(.*)$ ^nginx-core(?::\w+|)\s+(.*)$ ^nginx-common(?::\w+|)\s+(.*)$ ^nginx-full(?::\w+|)\s+(.*)$ ^nginx(?::\w+|)\s+(.*)$ ^nginx-doc(?::\w+|)\s+(.*)$ ^nginx-light(?::\w+|)\s+(.*)$ ^liboxideqtcore0(?::\w+|)\s+(.*)$ ^liboxideqt-qmlplugin(?::\w+|)\s+(.*)$ ^liboxideqtquick-dev(?::\w+|)\s+(.*)$ ^oxideqt-codecs-extra(?::\w+|)\s+(.*)$ ^liboxideqtcore-dev(?::\w+|)\s+(.*)$ ^oxideqt-codecs(?::\w+|)\s+(.*)$ ^liboxideqtquick0(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^python-libxml2(?::\w+|)\s+(.*)$ ^libxml2-utils(?::\w+|)\s+(.*)$ ^libxml2(?::\w+|)\s+(.*)$ ^libxml2-udeb(?::\w+|)\s+(.*)$ ^libxml2-doc(?::\w+|)\s+(.*)$ ^libxml2-dev(?::\w+|)\s+(.*)$ ^squid-common(?::\w+|)\s+(.*)$ ^squid(?::\w+|)\s+(.*)$ ^squid-cgi(?::\w+|)\s+(.*)$ ^squid-purge(?::\w+|)\s+(.*)$ ^squidclient(?::\w+|)\s+(.*)$ ^squid3(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^dnsmasq(?::\w+|)\s+(.*)$ ^dnsmasq-utils(?::\w+|)\s+(.*)$ ^dnsmasq-base(?::\w+|)\s+(.*)$ ^libexpat1(?::\w+|)\s+(.*)$ ^expat(?::\w+|)\s+(.*)$ ^libexpat1-dev(?::\w+|)\s+(.*)$ ^lib64expat1-dev(?::\w+|)\s+(.*)$ ^libexpat1-udeb(?::\w+|)\s+(.*)$ ^lib64expat1(?::\w+|)\s+(.*)$ ^haproxy(?::\w+|)\s+(.*)$ ^haproxy-doc(?::\w+|)\s+(.*)$ ^vim-haproxy(?::\w+|)\s+(.*)$ ^wget(?::\w+|)\s+(.*)$ ^wget-udeb(?::\w+|)\s+(.*)$ ^libspice-server1(?::\w+|)\s+(.*)$ ^libspice-server-dev(?::\w+|)\s+(.*)$ ^liboxideqtcore0(?::\w+|)\s+(.*)$ ^liboxideqt-qmlplugin(?::\w+|)\s+(.*)$ ^liboxideqtquick-dev(?::\w+|)\s+(.*)$ ^oxideqt-codecs-extra(?::\w+|)\s+(.*)$ ^liboxideqtcore-dev(?::\w+|)\s+(.*)$ ^oxideqt-codecs(?::\w+|)\s+(.*)$ ^liboxideqtquick0(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^libreoffice-mysql-connector(?::\w+|)\s+(.*)$ ^libreoffice-wiki-publisher(?::\w+|)\s+(.*)$ ^libreoffice-impress(?::\w+|)\s+(.*)$ ^libreoffice-officebean(?::\w+|)\s+(.*)$ ^libreoffice-base(?::\w+|)\s+(.*)$ ^libreoffice-librelogo(?::\w+|)\s+(.*)$ ^libreoffice-java-common(?::\w+|)\s+(.*)$ ^gir1.2-lokdocview-0.1(?::\w+|)\s+(.*)$ ^libreoffice-subsequentcheckbase(?::\w+|)\s+(.*)$ ^libreoffice-style-elementary(?::\w+|)\s+(.*)$ ^libreoffice-kde(?::\w+|)\s+(.*)$ ^libreoffice-style-galaxy(?::\w+|)\s+(.*)$ ^libreoffice-style-hicontrast(?::\w+|)\s+(.*)$ ^libreoffice-core(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-bsh(?::\w+|)\s+(.*)$ ^libreoffice-avmedia-backend-gstreamer(?::\w+|)\s+(.*)$ ^libreofficekit-dev(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-python(?::\w+|)\s+(.*)$ ^libreoffice-common(?::\w+|)\s+(.*)$ ^libreoffice-gnome(?::\w+|)\s+(.*)$ ^libreoffice-dev(?::\w+|)\s+(.*)$ ^libreoffice-gtk3(?::\w+|)\s+(.*)$ ^libreoffice-report-builder(?::\w+|)\s+(.*)$ ^libreoffice-pdfimport(?::\w+|)\s+(.*)$ ^libreoffice-base-core(?::\w+|)\s+(.*)$ ^libreoffice-ogltrans(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-hsqldb(?::\w+|)\s+(.*)$ ^libreoffice-gtk(?::\w+|)\s+(.*)$ ^libreoffice-calc(?::\w+|)\s+(.*)$ ^libreoffice-base-drivers(?::\w+|)\s+(.*)$ ^libreoffice-style-oxygen(?::\w+|)\s+(.*)$ ^libreoffice-style-tango(?::\w+|)\s+(.*)$ ^libreoffice-style-human(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-firebird(?::\w+|)\s+(.*)$ ^python3-uno(?::\w+|)\s+(.*)$ ^libreoffice-math(?::\w+|)\s+(.*)$ ^libreoffice-writer(?::\w+|)\s+(.*)$ ^libreoffice-report-builder-bin(?::\w+|)\s+(.*)$ ^libreoffice-style-breeze(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-js(?::\w+|)\s+(.*)$ ^libreoffice(?::\w+|)\s+(.*)$ ^libreoffice-draw(?::\w+|)\s+(.*)$ ^libreoffice-style-sifr(?::\w+|)\s+(.*)$ ^libreoffice-dev-doc(?::\w+|)\s+(.*)$ ^libreoffice-l10n-in(?::\w+|)\s+(.*)$ ^libreoffice-l10n-za(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-postgresql(?::\w+|)\s+(.*)$ ^fonts-opensymbol(?::\w+|)\s+(.*)$ ^uno-libs3(?::\w+|)\s+(.*)$ ^ure(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-globalmenu(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-testsuite(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^tomcat7-common(?::\w+|)\s+(.*)$ ^libservlet3.0-java(?::\w+|)\s+(.*)$ ^tomcat7-docs(?::\w+|)\s+(.*)$ ^libservlet3.0-java-doc(?::\w+|)\s+(.*)$ ^tomcat7(?::\w+|)\s+(.*)$ ^libtomcat7-java(?::\w+|)\s+(.*)$ ^tomcat7-user(?::\w+|)\s+(.*)$ ^tomcat7-admin(?::\w+|)\s+(.*)$ ^tomcat7-examples(?::\w+|)\s+(.*)$ ^libimobiledevice-utils(?::\w+|)\s+(.*)$ ^libimobiledevice6(?::\w+|)\s+(.*)$ ^libimobiledevice-dev(?::\w+|)\s+(.*)$ ^python-imobiledevice(?::\w+|)\s+(.*)$ ^libimobiledevice-doc(?::\w+|)\s+(.*)$ ^libusbmuxd-tools(?::\w+|)\s+(.*)$ ^libusbmuxd4(?::\w+|)\s+(.*)$ ^libusbmuxd-dev(?::\w+|)\s+(.*)$ ^tomcat8-docs(?::\w+|)\s+(.*)$ ^tomcat8-user(?::\w+|)\s+(.*)$ ^libservlet3.1-java(?::\w+|)\s+(.*)$ ^libservlet3.1-java-doc(?::\w+|)\s+(.*)$ ^tomcat8-examples(?::\w+|)\s+(.*)$ ^tomcat8-admin(?::\w+|)\s+(.*)$ ^libtomcat8-java(?::\w+|)\s+(.*)$ ^tomcat8-common(?::\w+|)\s+(.*)$ ^tomcat8(?::\w+|)\s+(.*)$ ^libnspr4-dev(?::\w+|)\s+(.*)$ ^libnspr4(?::\w+|)\s+(.*)$ ^libnspr4-0d(?::\w+|)\s+(.*)$ ^libnss3-nssdb(?::\w+|)\s+(.*)$ ^libnss3-dev(?::\w+|)\s+(.*)$ ^libnss3(?::\w+|)\s+(.*)$ ^libnss3-1d(?::\w+|)\s+(.*)$ ^libnss3-tools(?::\w+|)\s+(.*)$ ^libgd3(?::\w+|)\s+(.*)$ ^libgd-tools(?::\w+|)\s+(.*)$ ^libgd-dev(?::\w+|)\s+(.*)$ ^ecryptfs-utils(?::\w+|)\s+(.*)$ ^python-ecryptfs(?::\w+|)\s+(.*)$ ^libecryptfs1(?::\w+|)\s+(.*)$ ^libecryptfs-dev(?::\w+|)\s+(.*)$ ^bsdcpio(?::\w+|)\s+(.*)$ ^libarchive13(?::\w+|)\s+(.*)$ ^bsdtar(?::\w+|)\s+(.*)$ ^libarchive-dev(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-common(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^liboxideqtcore0(?::\w+|)\s+(.*)$ ^liboxideqt-qmlplugin(?::\w+|)\s+(.*)$ ^liboxideqtquick-dev(?::\w+|)\s+(.*)$ ^oxideqt-codecs-extra(?::\w+|)\s+(.*)$ ^liboxideqtcore-dev(?::\w+|)\s+(.*)$ ^oxideqt-codecs(?::\w+|)\s+(.*)$ ^liboxideqtquick0(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^openjdk-8-jre-jamvm(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^php7.0-cgi(?::\w+|)\s+(.*)$ ^php7.0-mcrypt(?::\w+|)\s+(.*)$ ^php7.0-xsl(?::\w+|)\s+(.*)$ ^php7.0-fpm(?::\w+|)\s+(.*)$ ^libphp7.0-embed(?::\w+|)\s+(.*)$ ^php7.0-phpdbg(?::\w+|)\s+(.*)$ ^php7.0-curl(?::\w+|)\s+(.*)$ ^php7.0-ldap(?::\w+|)\s+(.*)$ ^php7.0-mbstring(?::\w+|)\s+(.*)$ ^php7.0-gmp(?::\w+|)\s+(.*)$ ^php7.0-sqlite3(?::\w+|)\s+(.*)$ ^php7.0-gd(?::\w+|)\s+(.*)$ ^php7.0-common(?::\w+|)\s+(.*)$ ^php7.0-enchant(?::\w+|)\s+(.*)$ ^php7.0-odbc(?::\w+|)\s+(.*)$ ^php7.0-cli(?::\w+|)\s+(.*)$ ^php7.0-json(?::\w+|)\s+(.*)$ ^php7.0-pgsql(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.0(?::\w+|)\s+(.*)$ ^php7.0-zip(?::\w+|)\s+(.*)$ ^php7.0-mysql(?::\w+|)\s+(.*)$ ^php7.0-dba(?::\w+|)\s+(.*)$ ^php7.0-sybase(?::\w+|)\s+(.*)$ ^php7.0-pspell(?::\w+|)\s+(.*)$ ^php7.0-xml(?::\w+|)\s+(.*)$ ^php7.0-bz2(?::\w+|)\s+(.*)$ ^php7.0-recode(?::\w+|)\s+(.*)$ ^php7.0-soap(?::\w+|)\s+(.*)$ ^php7.0(?::\w+|)\s+(.*)$ ^php7.0-tidy(?::\w+|)\s+(.*)$ ^php7.0-interbase(?::\w+|)\s+(.*)$ ^php7.0-opcache(?::\w+|)\s+(.*)$ ^php7.0-readline(?::\w+|)\s+(.*)$ ^php7.0-intl(?::\w+|)\s+(.*)$ ^php7.0-imap(?::\w+|)\s+(.*)$ ^php7.0-xmlrpc(?::\w+|)\s+(.*)$ ^php7.0-bcmath(?::\w+|)\s+(.*)$ ^php7.0-dev(?::\w+|)\s+(.*)$ ^php7.0-snmp(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-aarch64(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-aarch64(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl3(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^liboxideqtcore0(?::\w+|)\s+(.*)$ ^liboxideqt-qmlplugin(?::\w+|)\s+(.*)$ ^liboxideqtquick-dev(?::\w+|)\s+(.*)$ ^oxideqt-codecs-extra(?::\w+|)\s+(.*)$ ^liboxideqtcore-dev(?::\w+|)\s+(.*)$ ^oxideqt-codecs(?::\w+|)\s+(.*)$ ^liboxideqtquick0(?::\w+|)\s+(.*)$ ^libxmlrpc-epi0(?::\w+|)\s+(.*)$ ^libxmlrpc-epi-dev(?::\w+|)\s+(.*)$ ^libgd3(?::\w+|)\s+(.*)$ ^libgd-tools(?::\w+|)\s+(.*)$ ^libgd-dev(?::\w+|)\s+(.*)$ ^openssh-server-udeb(?::\w+|)\s+(.*)$ ^ssh-krb5(?::\w+|)\s+(.*)$ ^openssh-client(?::\w+|)\s+(.*)$ ^openssh-server(?::\w+|)\s+(.*)$ ^openssh-client-ssh1(?::\w+|)\s+(.*)$ ^ssh(?::\w+|)\s+(.*)$ ^ssh-askpass-gnome(?::\w+|)\s+(.*)$ ^openssh-client-udeb(?::\w+|)\s+(.*)$ ^openssh-sftp-server(?::\w+|)\s+(.*)$ ^fontconfig-config(?::\w+|)\s+(.*)$ ^libfontconfig1(?::\w+|)\s+(.*)$ ^fontconfig-udeb(?::\w+|)\s+(.*)$ ^libfontconfig1-dev(?::\w+|)\s+(.*)$ ^fontconfig(?::\w+|)\s+(.*)$ ^gnupg-curl(?::\w+|)\s+(.*)$ ^gpgv-udeb(?::\w+|)\s+(.*)$ ^gpgv(?::\w+|)\s+(.*)$ ^gnupg(?::\w+|)\s+(.*)$ ^libgcrypt11-dev(?::\w+|)\s+(.*)$ ^libgcrypt20(?::\w+|)\s+(.*)$ ^libgcrypt20-doc(?::\w+|)\s+(.*)$ ^libgcrypt20-udeb(?::\w+|)\s+(.*)$ ^libgcrypt20-dev(?::\w+|)\s+(.*)$ ^postgresql-doc-9.5(?::\w+|)\s+(.*)$ ^postgresql-plperl-9.5(?::\w+|)\s+(.*)$ ^postgresql-server-dev-9.5(?::\w+|)\s+(.*)$ ^postgresql-9.5(?::\w+|)\s+(.*)$ ^postgresql-plpython-9.5(?::\w+|)\s+(.*)$ ^libecpg6(?::\w+|)\s+(.*)$ ^postgresql-client-9.5(?::\w+|)\s+(.*)$ ^libpq-dev(?::\w+|)\s+(.*)$ ^postgresql-contrib-9.5(?::\w+|)\s+(.*)$ ^libpgtypes3(?::\w+|)\s+(.*)$ ^libecpg-dev(?::\w+|)\s+(.*)$ ^postgresql-pltcl-9.5(?::\w+|)\s+(.*)$ ^libpq5(?::\w+|)\s+(.*)$ ^postgresql-plpython3-9.5(?::\w+|)\s+(.*)$ ^libecpg-compat3(?::\w+|)\s+(.*)$ ^gir1.2-harfbuzz-0.0(?::\w+|)\s+(.*)$ ^libharfbuzz-gobject0(?::\w+|)\s+(.*)$ ^libharfbuzz-dev(?::\w+|)\s+(.*)$ ^libharfbuzz-icu0(?::\w+|)\s+(.*)$ ^libharfbuzz0b(?::\w+|)\s+(.*)$ ^libharfbuzz-bin(?::\w+|)\s+(.*)$ ^libharfbuzz0-udeb(?::\w+|)\s+(.*)$ ^libharfbuzz-doc(?::\w+|)\s+(.*)$ ^idn(?::\w+|)\s+(.*)$ ^libidn11-dev(?::\w+|)\s+(.*)$ ^libidn11-java(?::\w+|)\s+(.*)$ ^libidn11(?::\w+|)\s+(.*)$ ^eog-dev(?::\w+|)\s+(.*)$ ^eog(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-globalmenu(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-testsuite(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^file-roller(?::\w+|)\s+(.*)$ ^libimlib2-dev(?::\w+|)\s+(.*)$ ^libimlib2(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-common(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^tomcat8-docs(?::\w+|)\s+(.*)$ ^tomcat8-user(?::\w+|)\s+(.*)$ ^libservlet3.1-java(?::\w+|)\s+(.*)$ ^libservlet3.1-java-doc(?::\w+|)\s+(.*)$ ^tomcat8-examples(?::\w+|)\s+(.*)$ ^tomcat8-admin(?::\w+|)\s+(.*)$ ^libtomcat8-java(?::\w+|)\s+(.*)$ ^tomcat8-common(?::\w+|)\s+(.*)$ ^tomcat8(?::\w+|)\s+(.*)$ ^libservlet2.5-java(?::\w+|)\s+(.*)$ ^libservlet2.5-java-doc(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^libgdk-pixbuf2.0-0(?::\w+|)\s+(.*)$ ^libgdk-pixbuf2.0-common(?::\w+|)\s+(.*)$ ^libgdk-pixbuf2.0-dev(?::\w+|)\s+(.*)$ ^libgdk-pixbuf2.0-0-udeb(?::\w+|)\s+(.*)$ ^libgdk-pixbuf2.0-doc(?::\w+|)\s+(.*)$ ^gir1.2-gdkpixbuf-2.0(?::\w+|)\s+(.*)$ ^irssi-dev(?::\w+|)\s+(.*)$ ^irssi(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libcrypto1.0.0-udeb(?::\w+|)\s+(.*)$ ^libssl1.0.0-udeb(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libcrypto1.0.0-udeb(?::\w+|)\s+(.*)$ ^libssl1.0.0-udeb(?::\w+|)\s+(.*)$ ^libisccfg-export140-udeb(?::\w+|)\s+(.*)$ ^libisc160(?::\w+|)\s+(.*)$ ^libisccc-export140-udeb(?::\w+|)\s+(.*)$ ^libdns162(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^libisc-export160-udeb(?::\w+|)\s+(.*)$ ^liblwres141(?::\w+|)\s+(.*)$ ^libisccc-export140(?::\w+|)\s+(.*)$ ^libisccfg-export140(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^libisc-export160(?::\w+|)\s+(.*)$ ^libdns-export162-udeb(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libisccc140(?::\w+|)\s+(.*)$ ^host(?::\w+|)\s+(.*)$ ^libisccfg140(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^libdns-export162(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^libirs-export141-udeb(?::\w+|)\s+(.*)$ ^libbind9-140(?::\w+|)\s+(.*)$ ^libirs141(?::\w+|)\s+(.*)$ ^libirs-export141(?::\w+|)\s+(.*)$ ^lwresd(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^liboxideqtcore0(?::\w+|)\s+(.*)$ ^liboxideqt-qmlplugin(?::\w+|)\s+(.*)$ ^liboxideqtquick-dev(?::\w+|)\s+(.*)$ ^oxideqt-codecs-extra(?::\w+|)\s+(.*)$ ^liboxideqtcore-dev(?::\w+|)\s+(.*)$ ^oxideqt-codecs(?::\w+|)\s+(.*)$ ^liboxideqtquick0(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^libclamav-dev(?::\w+|)\s+(.*)$ ^clamav-testfiles(?::\w+|)\s+(.*)$ ^clamav-base(?::\w+|)\s+(.*)$ ^clamav(?::\w+|)\s+(.*)$ ^libclamav7(?::\w+|)\s+(.*)$ ^clamav-daemon(?::\w+|)\s+(.*)$ ^clamav-milter(?::\w+|)\s+(.*)$ ^clamav-docs(?::\w+|)\s+(.*)$ ^clamav-freshclam(?::\w+|)\s+(.*)$ ^clamdscan(?::\w+|)\s+(.*)$ ^systemd-coredump(?::\w+|)\s+(.*)$ ^systemd(?::\w+|)\s+(.*)$ ^udev-udeb(?::\w+|)\s+(.*)$ ^libsystemd0(?::\w+|)\s+(.*)$ ^systemd-container(?::\w+|)\s+(.*)$ ^libnss-myhostname(?::\w+|)\s+(.*)$ ^libudev1-udeb(?::\w+|)\s+(.*)$ ^libudev1(?::\w+|)\s+(.*)$ ^libsystemd-dev(?::\w+|)\s+(.*)$ ^systemd-journal-remote(?::\w+|)\s+(.*)$ ^libpam-systemd(?::\w+|)\s+(.*)$ ^libnss-mymachines(?::\w+|)\s+(.*)$ ^libnss-resolve(?::\w+|)\s+(.*)$ ^systemd-sysv(?::\w+|)\s+(.*)$ ^udev(?::\w+|)\s+(.*)$ ^libudev-dev(?::\w+|)\s+(.*)$ ^php7.0-cgi(?::\w+|)\s+(.*)$ ^php7.0-mcrypt(?::\w+|)\s+(.*)$ ^php7.0-xsl(?::\w+|)\s+(.*)$ ^php7.0-fpm(?::\w+|)\s+(.*)$ ^libphp7.0-embed(?::\w+|)\s+(.*)$ ^php7.0-phpdbg(?::\w+|)\s+(.*)$ ^php7.0-curl(?::\w+|)\s+(.*)$ ^php7.0-ldap(?::\w+|)\s+(.*)$ ^php7.0-mbstring(?::\w+|)\s+(.*)$ ^php7.0-gmp(?::\w+|)\s+(.*)$ ^php7.0-sqlite3(?::\w+|)\s+(.*)$ ^php7.0-gd(?::\w+|)\s+(.*)$ ^php7.0-common(?::\w+|)\s+(.*)$ ^php7.0-enchant(?::\w+|)\s+(.*)$ ^php7.0-odbc(?::\w+|)\s+(.*)$ ^php7.0-cli(?::\w+|)\s+(.*)$ ^php7.0-json(?::\w+|)\s+(.*)$ ^php7.0-pgsql(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.0(?::\w+|)\s+(.*)$ ^php7.0-zip(?::\w+|)\s+(.*)$ ^php7.0-mysql(?::\w+|)\s+(.*)$ ^php7.0-dba(?::\w+|)\s+(.*)$ ^php7.0-sybase(?::\w+|)\s+(.*)$ ^php7.0-pspell(?::\w+|)\s+(.*)$ ^php7.0-xml(?::\w+|)\s+(.*)$ ^php7.0-bz2(?::\w+|)\s+(.*)$ ^php7.0-recode(?::\w+|)\s+(.*)$ ^php7.0-soap(?::\w+|)\s+(.*)$ ^php7.0(?::\w+|)\s+(.*)$ ^php7.0-tidy(?::\w+|)\s+(.*)$ ^php7.0-interbase(?::\w+|)\s+(.*)$ ^php7.0-opcache(?::\w+|)\s+(.*)$ ^php7.0-readline(?::\w+|)\s+(.*)$ ^php7.0-intl(?::\w+|)\s+(.*)$ ^php7.0-imap(?::\w+|)\s+(.*)$ ^php7.0-xmlrpc(?::\w+|)\s+(.*)$ ^php7.0-bcmath(?::\w+|)\s+(.*)$ ^php7.0-dev(?::\w+|)\s+(.*)$ ^php7.0-snmp(?::\w+|)\s+(.*)$ ^ntp(?::\w+|)\s+(.*)$ ^ntp-doc(?::\w+|)\s+(.*)$ ^ntpdate(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^libtracker-miner-1.0-dev(?::\w+|)\s+(.*)$ ^libtracker-miner-1.0-0(?::\w+|)\s+(.*)$ ^tracker-miner-fs(?::\w+|)\s+(.*)$ ^libtracker-control-doc(?::\w+|)\s+(.*)$ ^libtracker-control-1.0-dev(?::\w+|)\s+(.*)$ ^libtracker-sparql-1.0-dev(?::\w+|)\s+(.*)$ ^libtracker-sparql-1.0-0(?::\w+|)\s+(.*)$ ^gir1.2-tracker-1.0(?::\w+|)\s+(.*)$ ^tracker(?::\w+|)\s+(.*)$ ^libtracker-control-1.0-0(?::\w+|)\s+(.*)$ ^tracker-gui(?::\w+|)\s+(.*)$ ^libtracker-miner-doc(?::\w+|)\s+(.*)$ ^tracker-extract(?::\w+|)\s+(.*)$ ^libtracker-sparql-doc(?::\w+|)\s+(.*)$ ^quagga(?::\w+|)\s+(.*)$ ^quagga-doc(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-common(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^quagga(?::\w+|)\s+(.*)$ ^quagga-doc(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-globalmenu(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-testsuite(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^liboxideqtcore0(?::\w+|)\s+(.*)$ ^liboxideqt-qmlplugin(?::\w+|)\s+(.*)$ ^liboxideqtquick-dev(?::\w+|)\s+(.*)$ ^oxideqt-codecs-extra(?::\w+|)\s+(.*)$ ^liboxideqtcore-dev(?::\w+|)\s+(.*)$ ^oxideqt-codecs(?::\w+|)\s+(.*)$ ^liboxideqtquick0(?::\w+|)\s+(.*)$ ^nginx-extras(?::\w+|)\s+(.*)$ ^nginx-core(?::\w+|)\s+(.*)$ ^nginx-common(?::\w+|)\s+(.*)$ ^nginx-full(?::\w+|)\s+(.*)$ ^nginx(?::\w+|)\s+(.*)$ ^nginx-doc(?::\w+|)\s+(.*)$ ^nginx-light(?::\w+|)\s+(.*)$ ^nginx-extras(?::\w+|)\s+(.*)$ ^nginx-core(?::\w+|)\s+(.*)$ ^nginx-common(?::\w+|)\s+(.*)$ ^nginx-full(?::\w+|)\s+(.*)$ ^nginx(?::\w+|)\s+(.*)$ ^nginx-doc(?::\w+|)\s+(.*)$ ^nginx-light(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^dbus-1-doc(?::\w+|)\s+(.*)$ ^dbus(?::\w+|)\s+(.*)$ ^libdbus-1-dev(?::\w+|)\s+(.*)$ ^dbus-udeb(?::\w+|)\s+(.*)$ ^dbus-user-session(?::\w+|)\s+(.*)$ ^libdbus-1-3-udeb(?::\w+|)\s+(.*)$ ^dbus-x11(?::\w+|)\s+(.*)$ ^dbus-tests(?::\w+|)\s+(.*)$ ^libdbus-1-3(?::\w+|)\s+(.*)$ ^libgd3(?::\w+|)\s+(.*)$ ^libgd-tools(?::\w+|)\s+(.*)$ ^libgd-dev(?::\w+|)\s+(.*)$ ^mailman(?::\w+|)\s+(.*)$ ^libisccfg-export140-udeb(?::\w+|)\s+(.*)$ ^libisc160(?::\w+|)\s+(.*)$ ^libisccc-export140-udeb(?::\w+|)\s+(.*)$ ^libdns162(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^libisc-export160-udeb(?::\w+|)\s+(.*)$ ^liblwres141(?::\w+|)\s+(.*)$ ^libisccc-export140(?::\w+|)\s+(.*)$ ^libisccfg-export140(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^libisc-export160(?::\w+|)\s+(.*)$ ^libdns-export162-udeb(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libisccc140(?::\w+|)\s+(.*)$ ^host(?::\w+|)\s+(.*)$ ^libisccfg140(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^libdns-export162(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^libirs-export141-udeb(?::\w+|)\s+(.*)$ ^libbind9-140(?::\w+|)\s+(.*)$ ^libirs141(?::\w+|)\s+(.*)$ ^libirs-export141(?::\w+|)\s+(.*)$ ^lwresd(?::\w+|)\s+(.*)$ ^memcached(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^openjdk-8-jre-jamvm(?::\w+|)\s+(.*)$ ^nvidia-current-dev(?::\w+|)\s+(.*)$ ^libcuda1-304(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-304-updates(?::\w+|)\s+(.*)$ ^nvidia-304-updates(?::\w+|)\s+(.*)$ ^nvidia-304(?::\w+|)\s+(.*)$ ^nvidia-current(?::\w+|)\s+(.*)$ ^nvidia-304-updates-dev(?::\w+|)\s+(.*)$ ^nvidia-304-dev(?::\w+|)\s+(.*)$ ^libcuda1-304-updates(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-304(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-304-updates(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-304(?::\w+|)\s+(.*)$ ^nvidia-331(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-331(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-331-updates(?::\w+|)\s+(.*)$ ^libcuda1-340(?::\w+|)\s+(.*)$ ^nvidia-340-updates(?::\w+|)\s+(.*)$ ^nvidia-331-updates(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-340-updates(?::\w+|)\s+(.*)$ ^libcuda1-331-updates(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-331-updates(?::\w+|)\s+(.*)$ ^nvidia-340-dev(?::\w+|)\s+(.*)$ ^nvidia-340-updates-dev(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-331(?::\w+|)\s+(.*)$ ^nvidia-340(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-340(?::\w+|)\s+(.*)$ ^libcuda1-340-updates(?::\w+|)\s+(.*)$ ^libcuda1-331(?::\w+|)\s+(.*)$ ^nvidia-331-updates-dev(?::\w+|)\s+(.*)$ ^nvidia-331-dev(?::\w+|)\s+(.*)$ ^nvidia-331-updates-uvm(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-340(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-340-updates(?::\w+|)\s+(.*)$ ^nvidia-340-uvm(?::\w+|)\s+(.*)$ ^nvidia-331-uvm(?::\w+|)\s+(.*)$ ^libcuda1-367(?::\w+|)\s+(.*)$ ^libcuda1-361(?::\w+|)\s+(.*)$ ^nvidia-367-dev(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-367(?::\w+|)\s+(.*)$ ^nvidia-367(?::\w+|)\s+(.*)$ ^nvidia-361(?::\w+|)\s+(.*)$ ^nvidia-361-dev(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-361(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-367(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-361(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl3(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-aarch64(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-5v5(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-2(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2-extra(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2(?::\w+|)\s+(.*)$ ^tar-scripts(?::\w+|)\s+(.*)$ ^tar(?::\w+|)\s+(.*)$ ^liboxideqtcore0(?::\w+|)\s+(.*)$ ^liboxideqt-qmlplugin(?::\w+|)\s+(.*)$ ^liboxideqtquick-dev(?::\w+|)\s+(.*)$ ^oxideqt-codecs-extra(?::\w+|)\s+(.*)$ ^liboxideqtcore-dev(?::\w+|)\s+(.*)$ ^oxideqt-codecs(?::\w+|)\s+(.*)$ ^liboxideqtquick0(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^libpython3.5-stdlib(?::\w+|)\s+(.*)$ ^python3.5-venv(?::\w+|)\s+(.*)$ ^python3.5-doc(?::\w+|)\s+(.*)$ ^python3.5-dev(?::\w+|)\s+(.*)$ ^libpython3.5-dev(?::\w+|)\s+(.*)$ ^libpython3.5-minimal(?::\w+|)\s+(.*)$ ^python3.5(?::\w+|)\s+(.*)$ ^idle-python3.5(?::\w+|)\s+(.*)$ ^libpython3.5-testsuite(?::\w+|)\s+(.*)$ ^python3.5-examples(?::\w+|)\s+(.*)$ ^python3.5-minimal(?::\w+|)\s+(.*)$ ^libpython3.5(?::\w+|)\s+(.*)$ ^gstreamer1.0-plugins-good(?::\w+|)\s+(.*)$ ^gstreamer1.0-pulseaudio(?::\w+|)\s+(.*)$ ^gstreamer1.0-plugins-good-doc(?::\w+|)\s+(.*)$ ^libgstreamer-plugins-good1.0-0(?::\w+|)\s+(.*)$ ^libgstreamer-plugins-good1.0-dev(?::\w+|)\s+(.*)$ ^gstreamer1.0-plugins-good(?::\w+|)\s+(.*)$ ^gstreamer1.0-pulseaudio(?::\w+|)\s+(.*)$ ^gstreamer1.0-plugins-good-doc(?::\w+|)\s+(.*)$ ^libgstreamer-plugins-good1.0-0(?::\w+|)\s+(.*)$ ^libgstreamer-plugins-good1.0-dev(?::\w+|)\s+(.*)$ ^lxc-common(?::\w+|)\s+(.*)$ ^lxc-dev(?::\w+|)\s+(.*)$ ^liblxc1(?::\w+|)\s+(.*)$ ^lua-lxc(?::\w+|)\s+(.*)$ ^lxc-templates(?::\w+|)\s+(.*)$ ^python3-lxc(?::\w+|)\s+(.*)$ ^lxc1(?::\w+|)\s+(.*)$ ^lxc(?::\w+|)\s+(.*)$ ^lxc-tests(?::\w+|)\s+(.*)$ ^python-moinmoin(?::\w+|)\s+(.*)$ ^python3-cryptography(?::\w+|)\s+(.*)$ ^python-cryptography(?::\w+|)\s+(.*)$ ^python-cryptography-doc(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-nox-py2(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-athena-py2(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-gtk3-py2(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-gtk-py2(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^vim-gnome-py2(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-globalmenu(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-testsuite(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-5v5(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-2(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2-extra(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-5v5(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-2(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2-extra(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2(?::\w+|)\s+(.*)$ ^libc-ares2(?::\w+|)\s+(.*)$ ^libc-ares-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^liboxideqtcore0(?::\w+|)\s+(.*)$ ^liboxideqt-qmlplugin(?::\w+|)\s+(.*)$ ^liboxideqtquick-dev(?::\w+|)\s+(.*)$ ^oxideqt-codecs-extra(?::\w+|)\s+(.*)$ ^liboxideqtcore-dev(?::\w+|)\s+(.*)$ ^oxideqt-doc(?::\w+|)\s+(.*)$ ^oxideqt-codecs(?::\w+|)\s+(.*)$ ^liboxideqtquick0(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^apt-doc(?::\w+|)\s+(.*)$ ^apt-transport-https(?::\w+|)\s+(.*)$ ^libapt-pkg5.0(?::\w+|)\s+(.*)$ ^libapt-pkg-doc(?::\w+|)\s+(.*)$ ^apt(?::\w+|)\s+(.*)$ ^apt-utils(?::\w+|)\s+(.*)$ ^libapt-inst2.0(?::\w+|)\s+(.*)$ ^libapt-pkg-dev(?::\w+|)\s+(.*)$ ^python-apport(?::\w+|)\s+(.*)$ ^python3-problem-report(?::\w+|)\s+(.*)$ ^apport-kde(?::\w+|)\s+(.*)$ ^apport-retrace(?::\w+|)\s+(.*)$ ^apport-valgrind(?::\w+|)\s+(.*)$ ^python3-apport(?::\w+|)\s+(.*)$ ^dh-apport(?::\w+|)\s+(.*)$ ^apport-gtk(?::\w+|)\s+(.*)$ ^apport(?::\w+|)\s+(.*)$ ^python-problem-report(?::\w+|)\s+(.*)$ ^apport-noui(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^libnss3-nssdb(?::\w+|)\s+(.*)$ ^libnss3-dev(?::\w+|)\s+(.*)$ ^libnss3(?::\w+|)\s+(.*)$ ^libnss3-1d(?::\w+|)\s+(.*)$ ^libnss3-tools(?::\w+|)\s+(.*)$ ^exim4-dev(?::\w+|)\s+(.*)$ ^eximon4(?::\w+|)\s+(.*)$ ^exim4(?::\w+|)\s+(.*)$ ^exim4-daemon-light(?::\w+|)\s+(.*)$ ^exim4-config(?::\w+|)\s+(.*)$ ^exim4-daemon-heavy(?::\w+|)\s+(.*)$ ^exim4-base(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-globalmenu(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-testsuite(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^libvncserver-config(?::\w+|)\s+(.*)$ ^libvncserver-dev(?::\w+|)\s+(.*)$ ^libvncserver1(?::\w+|)\s+(.*)$ ^libvncclient1(?::\w+|)\s+(.*)$ ^libisccfg-export140-udeb(?::\w+|)\s+(.*)$ ^libisc160(?::\w+|)\s+(.*)$ ^libisccc-export140-udeb(?::\w+|)\s+(.*)$ ^libdns162(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^libisc-export160-udeb(?::\w+|)\s+(.*)$ ^liblwres141(?::\w+|)\s+(.*)$ ^libisccc-export140(?::\w+|)\s+(.*)$ ^libisccfg-export140(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^libisc-export160(?::\w+|)\s+(.*)$ ^libdns-export162-udeb(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libisccc140(?::\w+|)\s+(.*)$ ^host(?::\w+|)\s+(.*)$ ^libisccfg140(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^libdns-export162(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^libirs-export141-udeb(?::\w+|)\s+(.*)$ ^libbind9-140(?::\w+|)\s+(.*)$ ^libirs141(?::\w+|)\s+(.*)$ ^libirs-export141(?::\w+|)\s+(.*)$ ^lwresd(?::\w+|)\s+(.*)$ ^nvidia-current-dev(?::\w+|)\s+(.*)$ ^libcuda1-304(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-304-updates(?::\w+|)\s+(.*)$ ^nvidia-304-updates(?::\w+|)\s+(.*)$ ^nvidia-304(?::\w+|)\s+(.*)$ ^nvidia-current(?::\w+|)\s+(.*)$ ^nvidia-304-updates-dev(?::\w+|)\s+(.*)$ ^nvidia-304-dev(?::\w+|)\s+(.*)$ ^libcuda1-304-updates(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-304(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-304-updates(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-304(?::\w+|)\s+(.*)$ ^nvidia-331(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-331(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-331-updates(?::\w+|)\s+(.*)$ ^libcuda1-340(?::\w+|)\s+(.*)$ ^nvidia-340-updates(?::\w+|)\s+(.*)$ ^nvidia-331-updates(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-340-updates(?::\w+|)\s+(.*)$ ^libcuda1-331-updates(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-331-updates(?::\w+|)\s+(.*)$ ^nvidia-340-dev(?::\w+|)\s+(.*)$ ^nvidia-340-updates-dev(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-331(?::\w+|)\s+(.*)$ ^nvidia-340(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-340(?::\w+|)\s+(.*)$ ^libcuda1-340-updates(?::\w+|)\s+(.*)$ ^libcuda1-331(?::\w+|)\s+(.*)$ ^nvidia-331-updates-dev(?::\w+|)\s+(.*)$ ^nvidia-331-dev(?::\w+|)\s+(.*)$ ^nvidia-331-updates-uvm(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-340(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-340-updates(?::\w+|)\s+(.*)$ ^nvidia-340-uvm(?::\w+|)\s+(.*)$ ^nvidia-331-uvm(?::\w+|)\s+(.*)$ ^nvidia-375-dev(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-375(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-367(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-367(?::\w+|)\s+(.*)$ ^nvidia-367-dev(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-375(?::\w+|)\s+(.*)$ ^libcuda1-367(?::\w+|)\s+(.*)$ ^libcuda1-375(?::\w+|)\s+(.*)$ ^nvidia-367(?::\w+|)\s+(.*)$ ^nvidia-375(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-common(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^libpcsclite-dev(?::\w+|)\s+(.*)$ ^pcscd(?::\w+|)\s+(.*)$ ^libpcsclite1(?::\w+|)\s+(.*)$ ^tomcat8-docs(?::\w+|)\s+(.*)$ ^tomcat8-user(?::\w+|)\s+(.*)$ ^libservlet3.1-java(?::\w+|)\s+(.*)$ ^libservlet3.1-java-doc(?::\w+|)\s+(.*)$ ^tomcat8-examples(?::\w+|)\s+(.*)$ ^tomcat8-admin(?::\w+|)\s+(.*)$ ^libtomcat8-java(?::\w+|)\s+(.*)$ ^tomcat8-common(?::\w+|)\s+(.*)$ ^tomcat8(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^openjdk-8-jre-jamvm(?::\w+|)\s+(.*)$ ^liboxideqtcore0(?::\w+|)\s+(.*)$ ^liboxideqt-qmlplugin(?::\w+|)\s+(.*)$ ^liboxideqtquick-dev(?::\w+|)\s+(.*)$ ^oxideqt-codecs-extra(?::\w+|)\s+(.*)$ ^liboxideqtcore-dev(?::\w+|)\s+(.*)$ ^oxideqt-doc(?::\w+|)\s+(.*)$ ^oxideqt-codecs(?::\w+|)\s+(.*)$ ^liboxideqtquick0(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libcrypto1.0.0-udeb(?::\w+|)\s+(.*)$ ^libssl1.0.0-udeb(?::\w+|)\s+(.*)$ ^ntfs-3g(?::\w+|)\s+(.*)$ ^ntfs-3g-udeb(?::\w+|)\s+(.*)$ ^ntfs-3g-dev(?::\w+|)\s+(.*)$ ^libgnutls30(?::\w+|)\s+(.*)$ ^libgnutls28-dev(?::\w+|)\s+(.*)$ ^libgnutlsxx28(?::\w+|)\s+(.*)$ ^gnutls-doc(?::\w+|)\s+(.*)$ ^libgnutls-dev(?::\w+|)\s+(.*)$ ^gnutls-bin(?::\w+|)\s+(.*)$ ^guile-gnutls(?::\w+|)\s+(.*)$ ^libgnutls-openssl27(?::\w+|)\s+(.*)$ ^irssi-dev(?::\w+|)\s+(.*)$ ^irssi(?::\w+|)\s+(.*)$ ^xpmutils(?::\w+|)\s+(.*)$ ^libxpm-dev(?::\w+|)\s+(.*)$ ^libxpm4(?::\w+|)\s+(.*)$ ^iucode-tool(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^squid-common(?::\w+|)\s+(.*)$ ^squid(?::\w+|)\s+(.*)$ ^squid-cgi(?::\w+|)\s+(.*)$ ^squid-purge(?::\w+|)\s+(.*)$ ^squidclient(?::\w+|)\s+(.*)$ ^squid3(?::\w+|)\s+(.*)$ ^nettle-bin(?::\w+|)\s+(.*)$ ^libnettle6(?::\w+|)\s+(.*)$ ^libhogweed4(?::\w+|)\s+(.*)$ ^nettle-dev(?::\w+|)\s+(.*)$ ^nova-compute-lxd(?::\w+|)\s+(.*)$ ^python-nova.lxd(?::\w+|)\s+(.*)$ ^python-nova-lxd(?::\w+|)\s+(.*)$ ^libgc-dev(?::\w+|)\s+(.*)$ ^libgc1c2(?::\w+|)\s+(.*)$ ^python-crypto-doc(?::\w+|)\s+(.*)$ ^python3-crypto(?::\w+|)\s+(.*)$ ^python-crypto(?::\w+|)\s+(.*)$ ^python-crypto-doc(?::\w+|)\s+(.*)$ ^python3-crypto(?::\w+|)\s+(.*)$ ^python-crypto(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^libisccfg-export140-udeb(?::\w+|)\s+(.*)$ ^libisc160(?::\w+|)\s+(.*)$ ^libisccc-export140-udeb(?::\w+|)\s+(.*)$ ^libdns162(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^libisc-export160-udeb(?::\w+|)\s+(.*)$ ^liblwres141(?::\w+|)\s+(.*)$ ^libisccc-export140(?::\w+|)\s+(.*)$ ^libisccfg-export140(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^libisc-export160(?::\w+|)\s+(.*)$ ^libdns-export162-udeb(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libisccc140(?::\w+|)\s+(.*)$ ^host(?::\w+|)\s+(.*)$ ^libisccfg140(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^libdns-export162(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^libirs-export141-udeb(?::\w+|)\s+(.*)$ ^libbind9-140(?::\w+|)\s+(.*)$ ^libirs141(?::\w+|)\s+(.*)$ ^libirs-export141(?::\w+|)\s+(.*)$ ^lwresd(?::\w+|)\s+(.*)$ ^libspice-server1(?::\w+|)\s+(.*)$ ^libspice-server-dev(?::\w+|)\s+(.*)$ ^tcpdump(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^libreoffice-mysql-connector(?::\w+|)\s+(.*)$ ^libreoffice-wiki-publisher(?::\w+|)\s+(.*)$ ^libreoffice-impress(?::\w+|)\s+(.*)$ ^libreoffice-officebean(?::\w+|)\s+(.*)$ ^libreoffice-base(?::\w+|)\s+(.*)$ ^libreoffice-librelogo(?::\w+|)\s+(.*)$ ^libreoffice-java-common(?::\w+|)\s+(.*)$ ^gir1.2-lokdocview-0.1(?::\w+|)\s+(.*)$ ^libreoffice-subsequentcheckbase(?::\w+|)\s+(.*)$ ^libreoffice-style-elementary(?::\w+|)\s+(.*)$ ^libreoffice-kde(?::\w+|)\s+(.*)$ ^libreoffice-style-galaxy(?::\w+|)\s+(.*)$ ^libreoffice-style-hicontrast(?::\w+|)\s+(.*)$ ^libreoffice-core(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-bsh(?::\w+|)\s+(.*)$ ^libreoffice-avmedia-backend-gstreamer(?::\w+|)\s+(.*)$ ^libreofficekit-dev(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-python(?::\w+|)\s+(.*)$ ^libreoffice-common(?::\w+|)\s+(.*)$ ^libreoffice-gnome(?::\w+|)\s+(.*)$ ^libreoffice-dev(?::\w+|)\s+(.*)$ ^libreoffice-gtk3(?::\w+|)\s+(.*)$ ^libreoffice-report-builder(?::\w+|)\s+(.*)$ ^libreoffice-pdfimport(?::\w+|)\s+(.*)$ ^libreoffice-base-core(?::\w+|)\s+(.*)$ ^libreoffice-ogltrans(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-hsqldb(?::\w+|)\s+(.*)$ ^libreoffice-gtk(?::\w+|)\s+(.*)$ ^libreoffice-calc(?::\w+|)\s+(.*)$ ^libreoffice-base-drivers(?::\w+|)\s+(.*)$ ^libreoffice-style-oxygen(?::\w+|)\s+(.*)$ ^libreoffice-style-tango(?::\w+|)\s+(.*)$ ^libreoffice-style-human(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-firebird(?::\w+|)\s+(.*)$ ^python3-uno(?::\w+|)\s+(.*)$ ^libreoffice-math(?::\w+|)\s+(.*)$ ^libreoffice-writer(?::\w+|)\s+(.*)$ ^libreoffice-report-builder-bin(?::\w+|)\s+(.*)$ ^libreoffice-style-breeze(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-js(?::\w+|)\s+(.*)$ ^libreoffice(?::\w+|)\s+(.*)$ ^libreoffice-draw(?::\w+|)\s+(.*)$ ^libreoffice-style-sifr(?::\w+|)\s+(.*)$ ^libreoffice-dev-doc(?::\w+|)\s+(.*)$ ^libreoffice-l10n-in(?::\w+|)\s+(.*)$ ^libreoffice-l10n-za(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-postgresql(?::\w+|)\s+(.*)$ ^fonts-opensymbol(?::\w+|)\s+(.*)$ ^uno-libs3(?::\w+|)\s+(.*)$ ^ure(?::\w+|)\s+(.*)$ ^php7.0-cgi(?::\w+|)\s+(.*)$ ^php7.0-mcrypt(?::\w+|)\s+(.*)$ ^php7.0-xsl(?::\w+|)\s+(.*)$ ^php7.0-fpm(?::\w+|)\s+(.*)$ ^libphp7.0-embed(?::\w+|)\s+(.*)$ ^php7.0-phpdbg(?::\w+|)\s+(.*)$ ^php7.0-curl(?::\w+|)\s+(.*)$ ^php7.0-ldap(?::\w+|)\s+(.*)$ ^php7.0-mbstring(?::\w+|)\s+(.*)$ ^php7.0-gmp(?::\w+|)\s+(.*)$ ^php7.0-sqlite3(?::\w+|)\s+(.*)$ ^php7.0-gd(?::\w+|)\s+(.*)$ ^php7.0-common(?::\w+|)\s+(.*)$ ^php7.0-enchant(?::\w+|)\s+(.*)$ ^php7.0-odbc(?::\w+|)\s+(.*)$ ^php7.0-cli(?::\w+|)\s+(.*)$ ^php7.0-json(?::\w+|)\s+(.*)$ ^php7.0-pgsql(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.0(?::\w+|)\s+(.*)$ ^php7.0-zip(?::\w+|)\s+(.*)$ ^php7.0-mysql(?::\w+|)\s+(.*)$ ^php7.0-dba(?::\w+|)\s+(.*)$ ^php7.0-sybase(?::\w+|)\s+(.*)$ ^php7.0-pspell(?::\w+|)\s+(.*)$ ^php7.0-xml(?::\w+|)\s+(.*)$ ^php7.0-bz2(?::\w+|)\s+(.*)$ ^php7.0-recode(?::\w+|)\s+(.*)$ ^php7.0-soap(?::\w+|)\s+(.*)$ ^php7.0(?::\w+|)\s+(.*)$ ^php7.0-tidy(?::\w+|)\s+(.*)$ ^php7.0-interbase(?::\w+|)\s+(.*)$ ^php7.0-opcache(?::\w+|)\s+(.*)$ ^php7.0-readline(?::\w+|)\s+(.*)$ ^php7.0-intl(?::\w+|)\s+(.*)$ ^php7.0-imap(?::\w+|)\s+(.*)$ ^php7.0-xmlrpc(?::\w+|)\s+(.*)$ ^php7.0-bcmath(?::\w+|)\s+(.*)$ ^php7.0-dev(?::\w+|)\s+(.*)$ ^php7.0-snmp(?::\w+|)\s+(.*)$ ^php7.0-cgi(?::\w+|)\s+(.*)$ ^php7.0-mcrypt(?::\w+|)\s+(.*)$ ^php7.0-xsl(?::\w+|)\s+(.*)$ ^php7.0-fpm(?::\w+|)\s+(.*)$ ^libphp7.0-embed(?::\w+|)\s+(.*)$ ^php7.0-phpdbg(?::\w+|)\s+(.*)$ ^php7.0-curl(?::\w+|)\s+(.*)$ ^php7.0-ldap(?::\w+|)\s+(.*)$ ^php7.0-mbstring(?::\w+|)\s+(.*)$ ^php7.0-gmp(?::\w+|)\s+(.*)$ ^php7.0-sqlite3(?::\w+|)\s+(.*)$ ^php7.0-gd(?::\w+|)\s+(.*)$ ^php7.0-common(?::\w+|)\s+(.*)$ ^php7.0-enchant(?::\w+|)\s+(.*)$ ^php7.0-odbc(?::\w+|)\s+(.*)$ ^php7.0-cli(?::\w+|)\s+(.*)$ ^php7.0-json(?::\w+|)\s+(.*)$ ^php7.0-pgsql(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.0(?::\w+|)\s+(.*)$ ^php7.0-zip(?::\w+|)\s+(.*)$ ^php7.0-mysql(?::\w+|)\s+(.*)$ ^php7.0-dba(?::\w+|)\s+(.*)$ ^php7.0-sybase(?::\w+|)\s+(.*)$ ^php7.0-pspell(?::\w+|)\s+(.*)$ ^php7.0-xml(?::\w+|)\s+(.*)$ ^php7.0-bz2(?::\w+|)\s+(.*)$ ^php7.0-recode(?::\w+|)\s+(.*)$ ^php7.0-soap(?::\w+|)\s+(.*)$ ^php7.0(?::\w+|)\s+(.*)$ ^php7.0-tidy(?::\w+|)\s+(.*)$ ^php7.0-interbase(?::\w+|)\s+(.*)$ ^php7.0-opcache(?::\w+|)\s+(.*)$ ^php7.0-readline(?::\w+|)\s+(.*)$ ^php7.0-intl(?::\w+|)\s+(.*)$ ^php7.0-imap(?::\w+|)\s+(.*)$ ^php7.0-xmlrpc(?::\w+|)\s+(.*)$ ^php7.0-bcmath(?::\w+|)\s+(.*)$ ^php7.0-dev(?::\w+|)\s+(.*)$ ^php7.0-snmp(?::\w+|)\s+(.*)$ ^libtiff-opengl(?::\w+|)\s+(.*)$ ^libtiffxx5(?::\w+|)\s+(.*)$ ^libtiff5-dev(?::\w+|)\s+(.*)$ ^libtiff5(?::\w+|)\s+(.*)$ ^libtiff-tools(?::\w+|)\s+(.*)$ ^libtiff-doc(?::\w+|)\s+(.*)$ ^libtiff-opengl(?::\w+|)\s+(.*)$ ^libtiffxx5(?::\w+|)\s+(.*)$ ^libtiff5-dev(?::\w+|)\s+(.*)$ ^libtiff5(?::\w+|)\s+(.*)$ ^libtiff-tools(?::\w+|)\s+(.*)$ ^libtiff-doc(?::\w+|)\s+(.*)$ ^libgd3(?::\w+|)\s+(.*)$ ^libgd-tools(?::\w+|)\s+(.*)$ ^libgd-dev(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^gir1.2-nmgtk-1.0(?::\w+|)\s+(.*)$ ^libnm-gtk-common(?::\w+|)\s+(.*)$ ^libnma-common(?::\w+|)\s+(.*)$ ^network-manager-gnome(?::\w+|)\s+(.*)$ ^libnma-dev(?::\w+|)\s+(.*)$ ^libnma0(?::\w+|)\s+(.*)$ ^libnm-gtk-dev(?::\w+|)\s+(.*)$ ^libnm-gtk0(?::\w+|)\s+(.*)$ ^gir1.2-nma-1.0(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.8.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-5v5(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-2(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2-extra(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2(?::\w+|)\s+(.*)$ ^lxc-common(?::\w+|)\s+(.*)$ ^lxc-dev(?::\w+|)\s+(.*)$ ^liblxc1(?::\w+|)\s+(.*)$ ^lua-lxc(?::\w+|)\s+(.*)$ ^lxc-templates(?::\w+|)\s+(.*)$ ^python3-lxc(?::\w+|)\s+(.*)$ ^lxc1(?::\w+|)\s+(.*)$ ^lxc(?::\w+|)\s+(.*)$ ^lxc-tests(?::\w+|)\s+(.*)$ ^bsdcpio(?::\w+|)\s+(.*)$ ^libarchive13(?::\w+|)\s+(.*)$ ^bsdtar(?::\w+|)\s+(.*)$ ^libarchive-dev(?::\w+|)\s+(.*)$ ^icu-devtools(?::\w+|)\s+(.*)$ ^libicu55(?::\w+|)\s+(.*)$ ^libicu-dev(?::\w+|)\s+(.*)$ ^icu-doc(?::\w+|)\s+(.*)$ ^libevent-2.0-5(?::\w+|)\s+(.*)$ ^libevent-extra-2.0-5(?::\w+|)\s+(.*)$ ^libevent-pthreads-2.0-5(?::\w+|)\s+(.*)$ ^libevent-core-2.0-5(?::\w+|)\s+(.*)$ ^libevent-dev(?::\w+|)\s+(.*)$ ^libevent-openssl-2.0-5(?::\w+|)\s+(.*)$ ^python3-pil.imagetk(?::\w+|)\s+(.*)$ ^python-pil-doc(?::\w+|)\s+(.*)$ ^python3-pil(?::\w+|)\s+(.*)$ ^python-pil.imagetk(?::\w+|)\s+(.*)$ ^python-imaging(?::\w+|)\s+(.*)$ ^python-pil(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-5v5(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-2(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2-extra(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-globalmenu(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-testsuite(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^python-libxml2(?::\w+|)\s+(.*)$ ^libxml2-utils(?::\w+|)\s+(.*)$ ^libxml2(?::\w+|)\s+(.*)$ ^libxml2-udeb(?::\w+|)\s+(.*)$ ^libxml2-doc(?::\w+|)\s+(.*)$ ^libxml2-dev(?::\w+|)\s+(.*)$ ^liboxideqtcore0(?::\w+|)\s+(.*)$ ^liboxideqt-qmlplugin(?::\w+|)\s+(.*)$ ^liboxideqtquick-dev(?::\w+|)\s+(.*)$ ^oxideqt-codecs-extra(?::\w+|)\s+(.*)$ ^liboxideqtcore-dev(?::\w+|)\s+(.*)$ ^oxideqt-doc(?::\w+|)\s+(.*)$ ^oxideqt-codecs(?::\w+|)\s+(.*)$ ^liboxideqtquick0(?::\w+|)\s+(.*)$ ^libfreetype6-dev(?::\w+|)\s+(.*)$ ^libfreetype6-udeb(?::\w+|)\s+(.*)$ ^freetype2-demos(?::\w+|)\s+(.*)$ ^libfreetype6(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^libc6-i386(?::\w+|)\s+(.*)$ ^libc6-ppc64(?::\w+|)\s+(.*)$ ^libc6-dev-s390(?::\w+|)\s+(.*)$ ^glibc-source(?::\w+|)\s+(.*)$ ^libc-bin(?::\w+|)\s+(.*)$ ^libc6-x32(?::\w+|)\s+(.*)$ ^libc6-s390(?::\w+|)\s+(.*)$ ^libc6-armel(?::\w+|)\s+(.*)$ ^libc6-pic(?::\w+|)\s+(.*)$ ^libc6-dev-ppc64(?::\w+|)\s+(.*)$ ^libc6-dev-armel(?::\w+|)\s+(.*)$ ^glibc-doc(?::\w+|)\s+(.*)$ ^multiarch-support(?::\w+|)\s+(.*)$ ^libc6-dev(?::\w+|)\s+(.*)$ ^libc6-amd64(?::\w+|)\s+(.*)$ ^libc6-dev-amd64(?::\w+|)\s+(.*)$ ^libc6(?::\w+|)\s+(.*)$ ^locales-all(?::\w+|)\s+(.*)$ ^libc6-dev-x32(?::\w+|)\s+(.*)$ ^locales(?::\w+|)\s+(.*)$ ^libc6-udeb(?::\w+|)\s+(.*)$ ^libc6-dev-i386(?::\w+|)\s+(.*)$ ^libc-dev-bin(?::\w+|)\s+(.*)$ ^nscd(?::\w+|)\s+(.*)$ ^libc6-i386(?::\w+|)\s+(.*)$ ^libc6-ppc64(?::\w+|)\s+(.*)$ ^libc6-dev-s390(?::\w+|)\s+(.*)$ ^glibc-source(?::\w+|)\s+(.*)$ ^libc-bin(?::\w+|)\s+(.*)$ ^libc6-x32(?::\w+|)\s+(.*)$ ^libc6-s390(?::\w+|)\s+(.*)$ ^libc6-armel(?::\w+|)\s+(.*)$ ^libc6-pic(?::\w+|)\s+(.*)$ ^libc6-dev-ppc64(?::\w+|)\s+(.*)$ ^libc6-dev-armel(?::\w+|)\s+(.*)$ ^glibc-doc(?::\w+|)\s+(.*)$ ^multiarch-support(?::\w+|)\s+(.*)$ ^libc6-dev(?::\w+|)\s+(.*)$ ^libc6-amd64(?::\w+|)\s+(.*)$ ^libc6-dev-amd64(?::\w+|)\s+(.*)$ ^libc6(?::\w+|)\s+(.*)$ ^locales-all(?::\w+|)\s+(.*)$ ^libc6-dev-x32(?::\w+|)\s+(.*)$ ^locales(?::\w+|)\s+(.*)$ ^libc6-udeb(?::\w+|)\s+(.*)$ ^libc6-dev-i386(?::\w+|)\s+(.*)$ ^libc-dev-bin(?::\w+|)\s+(.*)$ ^nscd(?::\w+|)\s+(.*)$ ^nvidia-current-dev(?::\w+|)\s+(.*)$ ^libcuda1-304(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-304-updates(?::\w+|)\s+(.*)$ ^nvidia-304-updates(?::\w+|)\s+(.*)$ ^nvidia-304(?::\w+|)\s+(.*)$ ^nvidia-current(?::\w+|)\s+(.*)$ ^nvidia-304-updates-dev(?::\w+|)\s+(.*)$ ^nvidia-304-dev(?::\w+|)\s+(.*)$ ^libcuda1-304-updates(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-304(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-304-updates(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-304(?::\w+|)\s+(.*)$ ^nvidia-331(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-331(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-331-updates(?::\w+|)\s+(.*)$ ^libcuda1-340(?::\w+|)\s+(.*)$ ^nvidia-340-updates(?::\w+|)\s+(.*)$ ^nvidia-331-updates(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-340-updates(?::\w+|)\s+(.*)$ ^libcuda1-331-updates(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-331-updates(?::\w+|)\s+(.*)$ ^nvidia-340-dev(?::\w+|)\s+(.*)$ ^nvidia-340-updates-dev(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-331(?::\w+|)\s+(.*)$ ^nvidia-340(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-340(?::\w+|)\s+(.*)$ ^libcuda1-340-updates(?::\w+|)\s+(.*)$ ^libcuda1-331(?::\w+|)\s+(.*)$ ^nvidia-331-updates-dev(?::\w+|)\s+(.*)$ ^nvidia-331-dev(?::\w+|)\s+(.*)$ ^nvidia-331-updates-uvm(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-340(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-340-updates(?::\w+|)\s+(.*)$ ^nvidia-340-uvm(?::\w+|)\s+(.*)$ ^nvidia-331-uvm(?::\w+|)\s+(.*)$ ^libcuda1-367(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-375(?::\w+|)\s+(.*)$ ^nvidia-367-dev(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-367(?::\w+|)\s+(.*)$ ^nvidia-367(?::\w+|)\s+(.*)$ ^nvidia-375-dev(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-375(?::\w+|)\s+(.*)$ ^libcuda1-375(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-367(?::\w+|)\s+(.*)$ ^nvidia-375(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^gstreamer1.0-plugins-base(?::\w+|)\s+(.*)$ ^libgstreamer-plugins-base1.0-0(?::\w+|)\s+(.*)$ ^gstreamer1.0-x(?::\w+|)\s+(.*)$ ^gstreamer1.0-alsa(?::\w+|)\s+(.*)$ ^libgstreamer-plugins-base1.0-dev(?::\w+|)\s+(.*)$ ^gir1.2-gst-plugins-base-1.0(?::\w+|)\s+(.*)$ ^gstreamer1.0-plugins-base-doc(?::\w+|)\s+(.*)$ ^gstreamer1.0-plugins-base-apps(?::\w+|)\s+(.*)$ ^gstreamer1.0-plugins-good(?::\w+|)\s+(.*)$ ^gstreamer1.0-pulseaudio(?::\w+|)\s+(.*)$ ^gstreamer1.0-plugins-good-doc(?::\w+|)\s+(.*)$ ^libgstreamer-plugins-good1.0-0(?::\w+|)\s+(.*)$ ^libgstreamer-plugins-good1.0-dev(?::\w+|)\s+(.*)$ ^eject-udeb(?::\w+|)\s+(.*)$ ^eject(?::\w+|)\s+(.*)$ ^apparmor-docs(?::\w+|)\s+(.*)$ ^python-apparmor(?::\w+|)\s+(.*)$ ^libapparmor-dev(?::\w+|)\s+(.*)$ ^libapparmor-perl(?::\w+|)\s+(.*)$ ^libapparmor1(?::\w+|)\s+(.*)$ ^apparmor-notify(?::\w+|)\s+(.*)$ ^apparmor-profiles(?::\w+|)\s+(.*)$ ^python3-libapparmor(?::\w+|)\s+(.*)$ ^python-libapparmor(?::\w+|)\s+(.*)$ ^libpam-apparmor(?::\w+|)\s+(.*)$ ^apparmor-easyprof(?::\w+|)\s+(.*)$ ^apparmor(?::\w+|)\s+(.*)$ ^python3-apparmor(?::\w+|)\s+(.*)$ ^apparmor-utils(?::\w+|)\s+(.*)$ ^libapache2-mod-apparmor(?::\w+|)\s+(.*)$ ^dh-apparmor(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.8.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^nagios3-core(?::\w+|)\s+(.*)$ ^nagios3-doc(?::\w+|)\s+(.*)$ ^nagios3-cgi(?::\w+|)\s+(.*)$ ^nagios3-common(?::\w+|)\s+(.*)$ ^nagios3(?::\w+|)\s+(.*)$ ^nagios3-core(?::\w+|)\s+(.*)$ ^nagios3-doc(?::\w+|)\s+(.*)$ ^nagios3-cgi(?::\w+|)\s+(.*)$ ^nagios3-common(?::\w+|)\s+(.*)$ ^nagios3(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^liblightdm-qt5-3-0(?::\w+|)\s+(.*)$ ^liblightdm-gobject-1-doc(?::\w+|)\s+(.*)$ ^liblightdm-qt5-3-dev(?::\w+|)\s+(.*)$ ^lightdm(?::\w+|)\s+(.*)$ ^gir1.2-lightdm-1(?::\w+|)\s+(.*)$ ^liblightdm-qt-dev(?::\w+|)\s+(.*)$ ^liblightdm-gobject-1-0(?::\w+|)\s+(.*)$ ^liblightdm-gobject-1-dev(?::\w+|)\s+(.*)$ ^liblightdm-qt-3-0(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.8.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^dovecot-pgsql(?::\w+|)\s+(.*)$ ^dovecot-mysql(?::\w+|)\s+(.*)$ ^dovecot-sieve(?::\w+|)\s+(.*)$ ^dovecot-core(?::\w+|)\s+(.*)$ ^dovecot-ldap(?::\w+|)\s+(.*)$ ^dovecot-sqlite(?::\w+|)\s+(.*)$ ^dovecot-dev(?::\w+|)\s+(.*)$ ^dovecot-pop3d(?::\w+|)\s+(.*)$ ^dovecot-imapd(?::\w+|)\s+(.*)$ ^dovecot-managesieved(?::\w+|)\s+(.*)$ ^dovecot-lucene(?::\w+|)\s+(.*)$ ^mail-stack-delivery(?::\w+|)\s+(.*)$ ^dovecot-gssapi(?::\w+|)\s+(.*)$ ^dovecot-solr(?::\w+|)\s+(.*)$ ^dovecot-lmtpd(?::\w+|)\s+(.*)$ ^dovecot-pgsql(?::\w+|)\s+(.*)$ ^dovecot-mysql(?::\w+|)\s+(.*)$ ^dovecot-sieve(?::\w+|)\s+(.*)$ ^dovecot-core(?::\w+|)\s+(.*)$ ^dovecot-ldap(?::\w+|)\s+(.*)$ ^dovecot-sqlite(?::\w+|)\s+(.*)$ ^dovecot-dev(?::\w+|)\s+(.*)$ ^dovecot-pop3d(?::\w+|)\s+(.*)$ ^dovecot-imapd(?::\w+|)\s+(.*)$ ^dovecot-managesieved(?::\w+|)\s+(.*)$ ^dovecot-lucene(?::\w+|)\s+(.*)$ ^mail-stack-delivery(?::\w+|)\s+(.*)$ ^dovecot-gssapi(?::\w+|)\s+(.*)$ ^dovecot-solr(?::\w+|)\s+(.*)$ ^dovecot-lmtpd(?::\w+|)\s+(.*)$ ^libisccfg-export140-udeb(?::\w+|)\s+(.*)$ ^libisc160(?::\w+|)\s+(.*)$ ^libisccc-export140-udeb(?::\w+|)\s+(.*)$ ^libdns162(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^libisc-export160-udeb(?::\w+|)\s+(.*)$ ^liblwres141(?::\w+|)\s+(.*)$ ^libisccc-export140(?::\w+|)\s+(.*)$ ^libisccfg-export140(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^libisc-export160(?::\w+|)\s+(.*)$ ^libdns-export162-udeb(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libisccc140(?::\w+|)\s+(.*)$ ^host(?::\w+|)\s+(.*)$ ^libisccfg140(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^libdns-export162(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^libirs-export141-udeb(?::\w+|)\s+(.*)$ ^libbind9-140(?::\w+|)\s+(.*)$ ^libirs141(?::\w+|)\s+(.*)$ ^libirs-export141(?::\w+|)\s+(.*)$ ^lwresd(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-aarch64(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^libfreetype6-dev(?::\w+|)\s+(.*)$ ^libfreetype6-udeb(?::\w+|)\s+(.*)$ ^freetype2-demos(?::\w+|)\s+(.*)$ ^libfreetype6(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.8.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-common(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^libnss3-nssdb(?::\w+|)\s+(.*)$ ^libnss3-dev(?::\w+|)\s+(.*)$ ^libnss3(?::\w+|)\s+(.*)$ ^libnss3-1d(?::\w+|)\s+(.*)$ ^libnss3-tools(?::\w+|)\s+(.*)$ ^python-libxslt1(?::\w+|)\s+(.*)$ ^libxslt1-dev(?::\w+|)\s+(.*)$ ^libxslt1.1(?::\w+|)\s+(.*)$ ^xsltproc(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^libreoffice-mysql-connector(?::\w+|)\s+(.*)$ ^libreoffice-wiki-publisher(?::\w+|)\s+(.*)$ ^libreoffice-impress(?::\w+|)\s+(.*)$ ^libreoffice-officebean(?::\w+|)\s+(.*)$ ^libreoffice-base(?::\w+|)\s+(.*)$ ^libreoffice-librelogo(?::\w+|)\s+(.*)$ ^libreoffice-java-common(?::\w+|)\s+(.*)$ ^gir1.2-lokdocview-0.1(?::\w+|)\s+(.*)$ ^libreoffice-subsequentcheckbase(?::\w+|)\s+(.*)$ ^libreoffice-style-elementary(?::\w+|)\s+(.*)$ ^libreoffice-kde(?::\w+|)\s+(.*)$ ^libreoffice-style-galaxy(?::\w+|)\s+(.*)$ ^libreoffice-style-hicontrast(?::\w+|)\s+(.*)$ ^libreoffice-core(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-bsh(?::\w+|)\s+(.*)$ ^libreoffice-avmedia-backend-gstreamer(?::\w+|)\s+(.*)$ ^libreofficekit-dev(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-python(?::\w+|)\s+(.*)$ ^libreoffice-common(?::\w+|)\s+(.*)$ ^libreoffice-gnome(?::\w+|)\s+(.*)$ ^libreoffice-dev(?::\w+|)\s+(.*)$ ^libreoffice-gtk3(?::\w+|)\s+(.*)$ ^libreoffice-report-builder(?::\w+|)\s+(.*)$ ^libreoffice-pdfimport(?::\w+|)\s+(.*)$ ^libreoffice-base-core(?::\w+|)\s+(.*)$ ^libreoffice-ogltrans(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-hsqldb(?::\w+|)\s+(.*)$ ^libreoffice-gtk(?::\w+|)\s+(.*)$ ^libreoffice-calc(?::\w+|)\s+(.*)$ ^libreoffice-base-drivers(?::\w+|)\s+(.*)$ ^libreoffice-style-oxygen(?::\w+|)\s+(.*)$ ^libreoffice-style-tango(?::\w+|)\s+(.*)$ ^libreoffice-style-human(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-firebird(?::\w+|)\s+(.*)$ ^python3-uno(?::\w+|)\s+(.*)$ ^libreoffice-math(?::\w+|)\s+(.*)$ ^libreoffice-writer(?::\w+|)\s+(.*)$ ^libreoffice-report-builder-bin(?::\w+|)\s+(.*)$ ^libreoffice-style-breeze(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-js(?::\w+|)\s+(.*)$ ^libreoffice(?::\w+|)\s+(.*)$ ^libreoffice-draw(?::\w+|)\s+(.*)$ ^libreoffice-style-sifr(?::\w+|)\s+(.*)$ ^libreoffice-dev-doc(?::\w+|)\s+(.*)$ ^libreoffice-l10n-in(?::\w+|)\s+(.*)$ ^libreoffice-l10n-za(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-postgresql(?::\w+|)\s+(.*)$ ^fonts-opensymbol(?::\w+|)\s+(.*)$ ^uno-libs3(?::\w+|)\s+(.*)$ ^ure(?::\w+|)\s+(.*)$ ^icu-devtools(?::\w+|)\s+(.*)$ ^libicu55(?::\w+|)\s+(.*)$ ^libicu-dev(?::\w+|)\s+(.*)$ ^icu-doc(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^openjdk-8-jre-jamvm(?::\w+|)\s+(.*)$ ^passwd(?::\w+|)\s+(.*)$ ^login(?::\w+|)\s+(.*)$ ^uidmap(?::\w+|)\s+(.*)$ ^passwd(?::\w+|)\s+(.*)$ ^login(?::\w+|)\s+(.*)$ ^uidmap(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-globalmenu(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-testsuite(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^libfreetype6-dev(?::\w+|)\s+(.*)$ ^libfreetype6-udeb(?::\w+|)\s+(.*)$ ^freetype2-demos(?::\w+|)\s+(.*)$ ^libfreetype6(?::\w+|)\s+(.*)$ ^rtmpdump(?::\w+|)\s+(.*)$ ^librtmp1(?::\w+|)\s+(.*)$ ^librtmp-dev(?::\w+|)\s+(.*)$ ^git(?::\w+|)\s+(.*)$ ^gitweb(?::\w+|)\s+(.*)$ ^git-gui(?::\w+|)\s+(.*)$ ^git-daemon-sysvinit(?::\w+|)\s+(.*)$ ^git-arch(?::\w+|)\s+(.*)$ ^git-el(?::\w+|)\s+(.*)$ ^gitk(?::\w+|)\s+(.*)$ ^git-all(?::\w+|)\s+(.*)$ ^git-mediawiki(?::\w+|)\s+(.*)$ ^git-daemon-run(?::\w+|)\s+(.*)$ ^git-man(?::\w+|)\s+(.*)$ ^git-doc(?::\w+|)\s+(.*)$ ^git-svn(?::\w+|)\s+(.*)$ ^git-cvs(?::\w+|)\s+(.*)$ ^git-core(?::\w+|)\s+(.*)$ ^git-email(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-aarch64(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.8.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^bash-builtins(?::\w+|)\s+(.*)$ ^bash-doc(?::\w+|)\s+(.*)$ ^bash-static(?::\w+|)\s+(.*)$ ^bash(?::\w+|)\s+(.*)$ ^libjasper-runtime(?::\w+|)\s+(.*)$ ^libjasper-dev(?::\w+|)\s+(.*)$ ^libjasper1(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^libjbig2dec0(?::\w+|)\s+(.*)$ ^jbig2dec(?::\w+|)\s+(.*)$ ^libjbig2dec0-dev(?::\w+|)\s+(.*)$ ^libminiupnpc-dev(?::\w+|)\s+(.*)$ ^python-miniupnpc(?::\w+|)\s+(.*)$ ^miniupnpc(?::\w+|)\s+(.*)$ ^libminiupnpc10(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^juju(?::\w+|)\s+(.*)$ ^juju-2.0(?::\w+|)\s+(.*)$ ^strongswan-plugin-xauth-noauth(?::\w+|)\s+(.*)$ ^libcharon-extra-plugins(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-simaka-pseudonym(?::\w+|)\s+(.*)$ ^libstrongswan-extra-plugins(?::\w+|)\s+(.*)$ ^strongswan-plugin-unbound(?::\w+|)\s+(.*)$ ^strongswan-plugin-farp(?::\w+|)\s+(.*)$ ^strongswan-charon(?::\w+|)\s+(.*)$ ^strongswan-ikev1(?::\w+|)\s+(.*)$ ^strongswan-plugin-pkcs11(?::\w+|)\s+(.*)$ ^strongswan-plugin-xauth-eap(?::\w+|)\s+(.*)$ ^strongswan-plugin-sshkey(?::\w+|)\s+(.*)$ ^strongswan-plugin-error-notify(?::\w+|)\s+(.*)$ ^strongswan-plugin-gcrypt(?::\w+|)\s+(.*)$ ^strongswan-plugin-sql(?::\w+|)\s+(.*)$ ^strongswan-plugin-coupling(?::\w+|)\s+(.*)$ ^strongswan-plugin-xauth-generic(?::\w+|)\s+(.*)$ ^strongswan-plugin-lookip(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-ttls(?::\w+|)\s+(.*)$ ^strongswan-plugin-af-alg(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-aka-3gpp2(?::\w+|)\s+(.*)$ ^strongswan-ike(?::\w+|)\s+(.*)$ ^strongswan-plugin-dnskey(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-aka(?::\w+|)\s+(.*)$ ^libstrongswan(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-simaka-sql(?::\w+|)\s+(.*)$ ^libstrongswan-standard-plugins(?::\w+|)\s+(.*)$ ^strongswan-plugin-sqlite(?::\w+|)\s+(.*)$ ^strongswan-plugin-duplicheck(?::\w+|)\s+(.*)$ ^strongswan(?::\w+|)\s+(.*)$ ^strongswan-tnc-server(?::\w+|)\s+(.*)$ ^strongswan-plugin-attr-sql(?::\w+|)\s+(.*)$ ^strongswan-tnc-base(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-peap(?::\w+|)\s+(.*)$ ^strongswan-starter(?::\w+|)\s+(.*)$ ^strongswan-plugin-curl(?::\w+|)\s+(.*)$ ^strongswan-plugin-radattr(?::\w+|)\s+(.*)$ ^strongswan-plugin-soup(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-dynamic(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-gtc(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-tls(?::\w+|)\s+(.*)$ ^strongswan-tnc-ifmap(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-tnc(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-radius(?::\w+|)\s+(.*)$ ^strongswan-ikev2(?::\w+|)\s+(.*)$ ^strongswan-plugin-mysql(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-simaka-reauth(?::\w+|)\s+(.*)$ ^strongswan-plugin-openssl(?::\w+|)\s+(.*)$ ^strongswan-plugin-dnscert(?::\w+|)\s+(.*)$ ^strongswan-plugin-xauth-pam(?::\w+|)\s+(.*)$ ^strongswan-plugin-pubkey(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-md5(?::\w+|)\s+(.*)$ ^charon-cmd(?::\w+|)\s+(.*)$ ^strongswan-plugin-whitelist(?::\w+|)\s+(.*)$ ^strongswan-plugin-fips-prf(?::\w+|)\s+(.*)$ ^strongswan-libcharon(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-mschapv2(?::\w+|)\s+(.*)$ ^strongswan-nm(?::\w+|)\s+(.*)$ ^strongswan-plugin-ldap(?::\w+|)\s+(.*)$ ^strongswan-plugin-certexpire(?::\w+|)\s+(.*)$ ^strongswan-tnc-pdp(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-sim(?::\w+|)\s+(.*)$ ^strongswan-plugin-kernel-libipsec(?::\w+|)\s+(.*)$ ^strongswan-plugin-ipseckey(?::\w+|)\s+(.*)$ ^strongswan-plugin-dhcp(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-sim-pcsc(?::\w+|)\s+(.*)$ ^strongswan-plugin-ntru(?::\w+|)\s+(.*)$ ^strongswan-plugin-gmp(?::\w+|)\s+(.*)$ ^strongswan-plugin-agent(?::\w+|)\s+(.*)$ ^strongswan-plugin-pgp(?::\w+|)\s+(.*)$ ^strongswan-tnc-client(?::\w+|)\s+(.*)$ ^strongswan-plugin-load-tester(?::\w+|)\s+(.*)$ ^strongswan-plugin-unity(?::\w+|)\s+(.*)$ ^strongswan-plugin-led(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-sim-file(?::\w+|)\s+(.*)$ ^strongswan-plugin-systime-fix(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-5v5(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-2(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2-extra(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^sudo-ldap(?::\w+|)\s+(.*)$ ^sudo(?::\w+|)\s+(.*)$ ^nvidia-375-dev(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-375(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-367(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-367(?::\w+|)\s+(.*)$ ^nvidia-367-dev(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-375(?::\w+|)\s+(.*)$ ^libcuda1-367(?::\w+|)\s+(.*)$ ^libcuda1-375(?::\w+|)\s+(.*)$ ^nvidia-367(?::\w+|)\s+(.*)$ ^nvidia-375(?::\w+|)\s+(.*)$ ^libsndfile1(?::\w+|)\s+(.*)$ ^libsndfile1-dev(?::\w+|)\s+(.*)$ ^sndfile-programs(?::\w+|)\s+(.*)$ ^ldap-utils(?::\w+|)\s+(.*)$ ^libldap2-dev(?::\w+|)\s+(.*)$ ^libldap-2.4-2(?::\w+|)\s+(.*)$ ^slapd-smbk5pwd(?::\w+|)\s+(.*)$ ^slapd(?::\w+|)\s+(.*)$ ^libtasn1-6-dev(?::\w+|)\s+(.*)$ ^libtasn1-3-bin(?::\w+|)\s+(.*)$ ^libtasn1-doc(?::\w+|)\s+(.*)$ ^libtasn1-bin(?::\w+|)\s+(.*)$ ^libtasn1-6(?::\w+|)\s+(.*)$ ^lintian(?::\w+|)\s+(.*)$ ^libnl-route-3-dev(?::\w+|)\s+(.*)$ ^libnl-nf-3-200(?::\w+|)\s+(.*)$ ^libnl-utils(?::\w+|)\s+(.*)$ ^libnl-idiag-3-200(?::\w+|)\s+(.*)$ ^libnl-nf-3-dev(?::\w+|)\s+(.*)$ ^libnl-genl-3-200-udeb(?::\w+|)\s+(.*)$ ^libnl-xfrm-3-dev(?::\w+|)\s+(.*)$ ^libnl-route-3-200(?::\w+|)\s+(.*)$ ^libnl-cli-3-200(?::\w+|)\s+(.*)$ ^libnl-genl-3-dev(?::\w+|)\s+(.*)$ ^libnl-3-200(?::\w+|)\s+(.*)$ ^libnl-idiag-3-dev(?::\w+|)\s+(.*)$ ^libnl-3-200-udeb(?::\w+|)\s+(.*)$ ^libnl-xfrm-3-200(?::\w+|)\s+(.*)$ ^libnl-3-dev(?::\w+|)\s+(.*)$ ^libnl-cli-3-dev(?::\w+|)\s+(.*)$ ^libnl-genl-3-200(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.8.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^irssi-dev(?::\w+|)\s+(.*)$ ^irssi(?::\w+|)\s+(.*)$ ^libgnutls30(?::\w+|)\s+(.*)$ ^libgnutls28-dev(?::\w+|)\s+(.*)$ ^libgnutlsxx28(?::\w+|)\s+(.*)$ ^gnutls-doc(?::\w+|)\s+(.*)$ ^libgnutls-dev(?::\w+|)\s+(.*)$ ^gnutls-bin(?::\w+|)\s+(.*)$ ^guile-gnutls(?::\w+|)\s+(.*)$ ^libgnutls-openssl27(?::\w+|)\s+(.*)$ ^libmwaw-dev(?::\w+|)\s+(.*)$ ^libmwaw-0.3-3(?::\w+|)\s+(.*)$ ^libmwaw-tools(?::\w+|)\s+(.*)$ ^libmwaw-doc(?::\w+|)\s+(.*)$ ^zziplib-bin(?::\w+|)\s+(.*)$ ^libzzip-dev(?::\w+|)\s+(.*)$ ^libzzip-0-13(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-globalmenu(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-testsuite(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^exim4-dev(?::\w+|)\s+(.*)$ ^eximon4(?::\w+|)\s+(.*)$ ^exim4(?::\w+|)\s+(.*)$ ^exim4-daemon-light(?::\w+|)\s+(.*)$ ^exim4-config(?::\w+|)\s+(.*)$ ^exim4-daemon-heavy(?::\w+|)\s+(.*)$ ^exim4-base(?::\w+|)\s+(.*)$ ^libc6-i386(?::\w+|)\s+(.*)$ ^libc6-ppc64(?::\w+|)\s+(.*)$ ^libc6-dev-s390(?::\w+|)\s+(.*)$ ^glibc-source(?::\w+|)\s+(.*)$ ^libc-bin(?::\w+|)\s+(.*)$ ^libc6-x32(?::\w+|)\s+(.*)$ ^libc6-s390(?::\w+|)\s+(.*)$ ^libc6-armel(?::\w+|)\s+(.*)$ ^libc6-pic(?::\w+|)\s+(.*)$ ^libc6-dev-ppc64(?::\w+|)\s+(.*)$ ^libc6-dev-armel(?::\w+|)\s+(.*)$ ^glibc-doc(?::\w+|)\s+(.*)$ ^multiarch-support(?::\w+|)\s+(.*)$ ^libc6-dev(?::\w+|)\s+(.*)$ ^libc6-amd64(?::\w+|)\s+(.*)$ ^libc6-dev-amd64(?::\w+|)\s+(.*)$ ^libc6(?::\w+|)\s+(.*)$ ^locales-all(?::\w+|)\s+(.*)$ ^libc6-dev-x32(?::\w+|)\s+(.*)$ ^locales(?::\w+|)\s+(.*)$ ^libc6-udeb(?::\w+|)\s+(.*)$ ^libc6-dev-i386(?::\w+|)\s+(.*)$ ^libc-dev-bin(?::\w+|)\s+(.*)$ ^nscd(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.8.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^libnss3-nssdb(?::\w+|)\s+(.*)$ ^libnss3-dev(?::\w+|)\s+(.*)$ ^libnss3(?::\w+|)\s+(.*)$ ^libnss3-1d(?::\w+|)\s+(.*)$ ^libnss3-tools(?::\w+|)\s+(.*)$ ^valgrind(?::\w+|)\s+(.*)$ ^openvpn(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.8.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^libisccfg-export140-udeb(?::\w+|)\s+(.*)$ ^libisc160(?::\w+|)\s+(.*)$ ^libisccc-export140-udeb(?::\w+|)\s+(.*)$ ^libdns162(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^libisc-export160-udeb(?::\w+|)\s+(.*)$ ^liblwres141(?::\w+|)\s+(.*)$ ^libisccc-export140(?::\w+|)\s+(.*)$ ^libisccfg-export140(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^libisc-export160(?::\w+|)\s+(.*)$ ^libdns-export162-udeb(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libisccc140(?::\w+|)\s+(.*)$ ^host(?::\w+|)\s+(.*)$ ^libisccfg140(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^libdns-export162(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^libirs-export141-udeb(?::\w+|)\s+(.*)$ ^libbind9-140(?::\w+|)\s+(.*)$ ^libirs141(?::\w+|)\s+(.*)$ ^libirs-export141(?::\w+|)\s+(.*)$ ^lwresd(?::\w+|)\s+(.*)$ ^libisccfg-export140-udeb(?::\w+|)\s+(.*)$ ^libisc160(?::\w+|)\s+(.*)$ ^libisccc-export140-udeb(?::\w+|)\s+(.*)$ ^libdns162(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^libisc-export160-udeb(?::\w+|)\s+(.*)$ ^liblwres141(?::\w+|)\s+(.*)$ ^libisccc-export140(?::\w+|)\s+(.*)$ ^libisccfg-export140(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^libisc-export160(?::\w+|)\s+(.*)$ ^libdns-export162-udeb(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libisccc140(?::\w+|)\s+(.*)$ ^host(?::\w+|)\s+(.*)$ ^libisccfg140(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^libdns-export162(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^libirs-export141-udeb(?::\w+|)\s+(.*)$ ^libbind9-140(?::\w+|)\s+(.*)$ ^libirs141(?::\w+|)\s+(.*)$ ^libirs-export141(?::\w+|)\s+(.*)$ ^lwresd(?::\w+|)\s+(.*)$ ^libgcrypt11-dev(?::\w+|)\s+(.*)$ ^libgcrypt20(?::\w+|)\s+(.*)$ ^libgcrypt20-doc(?::\w+|)\s+(.*)$ ^libgcrypt20-udeb(?::\w+|)\s+(.*)$ ^libgcrypt20-dev(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^ntp(?::\w+|)\s+(.*)$ ^ntp-doc(?::\w+|)\s+(.*)$ ^ntpdate(?::\w+|)\s+(.*)$ ^libpoppler58(?::\w+|)\s+(.*)$ ^poppler-utils(?::\w+|)\s+(.*)$ ^libpoppler-qt5-1(?::\w+|)\s+(.*)$ ^libpoppler-cpp-dev(?::\w+|)\s+(.*)$ ^libpoppler-cpp0(?::\w+|)\s+(.*)$ ^gir1.2-poppler-0.18(?::\w+|)\s+(.*)$ ^libpoppler-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib8(?::\w+|)\s+(.*)$ ^libpoppler-private-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt4-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt4-4(?::\w+|)\s+(.*)$ ^libpoppler-qt5-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-doc(?::\w+|)\s+(.*)$ ^gir1.2-evince-3.0(?::\w+|)\s+(.*)$ ^libevview3-3(?::\w+|)\s+(.*)$ ^evince-common(?::\w+|)\s+(.*)$ ^libevince-dev(?::\w+|)\s+(.*)$ ^evince(?::\w+|)\s+(.*)$ ^libevdocument3-4(?::\w+|)\s+(.*)$ ^evince-gtk(?::\w+|)\s+(.*)$ ^nginx-extras(?::\w+|)\s+(.*)$ ^nginx-core(?::\w+|)\s+(.*)$ ^nginx-common(?::\w+|)\s+(.*)$ ^nginx-full(?::\w+|)\s+(.*)$ ^nginx(?::\w+|)\s+(.*)$ ^nginx-doc(?::\w+|)\s+(.*)$ ^nginx-light(?::\w+|)\s+(.*)$ ^libhcrypto4-heimdal(?::\w+|)\s+(.*)$ ^libwind0-heimdal(?::\w+|)\s+(.*)$ ^libroken18-heimdal(?::\w+|)\s+(.*)$ ^libgssapi3-heimdal(?::\w+|)\s+(.*)$ ^heimdal-kcm(?::\w+|)\s+(.*)$ ^libhdb9-heimdal(?::\w+|)\s+(.*)$ ^libasn1-8-heimdal(?::\w+|)\s+(.*)$ ^libsl0-heimdal(?::\w+|)\s+(.*)$ ^libkadm5clnt7-heimdal(?::\w+|)\s+(.*)$ ^heimdal-kdc(?::\w+|)\s+(.*)$ ^libkdc2-heimdal(?::\w+|)\s+(.*)$ ^heimdal-servers(?::\w+|)\s+(.*)$ ^libheimntlm0-heimdal(?::\w+|)\s+(.*)$ ^heimdal-docs(?::\w+|)\s+(.*)$ ^libheimbase1-heimdal(?::\w+|)\s+(.*)$ ^libkrb5-26-heimdal(?::\w+|)\s+(.*)$ ^libotp0-heimdal(?::\w+|)\s+(.*)$ ^heimdal-dev(?::\w+|)\s+(.*)$ ^libkafs0-heimdal(?::\w+|)\s+(.*)$ ^libhx509-5-heimdal(?::\w+|)\s+(.*)$ ^heimdal-multidev(?::\w+|)\s+(.*)$ ^libkadm5srv8-heimdal(?::\w+|)\s+(.*)$ ^heimdal-clients(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^python-apport(?::\w+|)\s+(.*)$ ^python3-problem-report(?::\w+|)\s+(.*)$ ^apport-kde(?::\w+|)\s+(.*)$ ^apport-retrace(?::\w+|)\s+(.*)$ ^apport-valgrind(?::\w+|)\s+(.*)$ ^python3-apport(?::\w+|)\s+(.*)$ ^dh-apport(?::\w+|)\s+(.*)$ ^apport-gtk(?::\w+|)\s+(.*)$ ^apport(?::\w+|)\s+(.*)$ ^python-problem-report(?::\w+|)\s+(.*)$ ^apport-noui(?::\w+|)\s+(.*)$ ^libspice-server1(?::\w+|)\s+(.*)$ ^libspice-server-dev(?::\w+|)\s+(.*)$ ^libexpat1(?::\w+|)\s+(.*)$ ^expat(?::\w+|)\s+(.*)$ ^libexpat1-dev(?::\w+|)\s+(.*)$ ^lib64expat1-dev(?::\w+|)\s+(.*)$ ^libexpat1-udeb(?::\w+|)\s+(.*)$ ^lib64expat1(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-common(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.10.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^xserver-xorg-core(?::\w+|)\s+(.*)$ ^xmir(?::\w+|)\s+(.*)$ ^xwayland(?::\w+|)\s+(.*)$ ^xorg-server-source(?::\w+|)\s+(.*)$ ^xdmx(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy(?::\w+|)\s+(.*)$ ^xserver-xorg-xmir(?::\w+|)\s+(.*)$ ^xvfb(?::\w+|)\s+(.*)$ ^xserver-xorg-dev(?::\w+|)\s+(.*)$ ^xserver-xorg-core-udeb(?::\w+|)\s+(.*)$ ^xnest(?::\w+|)\s+(.*)$ ^xserver-xephyr(?::\w+|)\s+(.*)$ ^xserver-common(?::\w+|)\s+(.*)$ ^xdmx-tools(?::\w+|)\s+(.*)$ ^xorg-server-source-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xephyr-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xorg-core-hwe-16.04(?::\w+|)\s+(.*)$ ^xmir-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy-hwe-16.04(?::\w+|)\s+(.*)$ ^xwayland-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xorg-dev-hwe-16.04(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-5v5(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-2(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2-extra(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-5v5(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-2(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2-extra(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^libruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3-tcltk(?::\w+|)\s+(.*)$ ^ruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3-dev(?::\w+|)\s+(.*)$ ^ruby2.3-doc(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^openjdk-8-jre-jamvm(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^openjdk-8-jre-jamvm(?::\w+|)\s+(.*)$ ^gdb-multiarch(?::\w+|)\s+(.*)$ ^gdb-source(?::\w+|)\s+(.*)$ ^gdbserver(?::\w+|)\s+(.*)$ ^gdb(?::\w+|)\s+(.*)$ ^gdb-doc(?::\w+|)\s+(.*)$ ^gdb64(?::\w+|)\s+(.*)$ ^libiberty-dev(?::\w+|)\s+(.*)$ ^freeradius-mysql(?::\w+|)\s+(.*)$ ^freeradius-ldap(?::\w+|)\s+(.*)$ ^libfreeradius2(?::\w+|)\s+(.*)$ ^libfreeradius-dev(?::\w+|)\s+(.*)$ ^freeradius-postgresql(?::\w+|)\s+(.*)$ ^freeradius-utils(?::\w+|)\s+(.*)$ ^freeradius(?::\w+|)\s+(.*)$ ^freeradius-iodbc(?::\w+|)\s+(.*)$ ^freeradius-common(?::\w+|)\s+(.*)$ ^freeradius-krb5(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.10.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^rabbitmq-server(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.10.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^shotwell(?::\w+|)\s+(.*)$ ^shotwell-common(?::\w+|)\s+(.*)$ ^libfreerdp-common1.1.0(?::\w+|)\s+(.*)$ ^libwinpr-dev(?::\w+|)\s+(.*)$ ^libfreerdp-client1.1(?::\w+|)\s+(.*)$ ^libwinpr-crt0.1(?::\w+|)\s+(.*)$ ^libfreerdp-primitives1.1(?::\w+|)\s+(.*)$ ^libwinpr-pool0.1(?::\w+|)\s+(.*)$ ^libwinpr-library0.1(?::\w+|)\s+(.*)$ ^libwinpr-io0.1(?::\w+|)\s+(.*)$ ^libfreerdp-core1.1(?::\w+|)\s+(.*)$ ^libfreerdp-locale1.1(?::\w+|)\s+(.*)$ ^libfreerdp-gdi1.1(?::\w+|)\s+(.*)$ ^libwinpr-winhttp0.1(?::\w+|)\s+(.*)$ ^libwinpr-synch0.1(?::\w+|)\s+(.*)$ ^libwinpr-sysinfo0.1(?::\w+|)\s+(.*)$ ^libfreerdp-codec1.1(?::\w+|)\s+(.*)$ ^libwinpr-rpc0.1(?::\w+|)\s+(.*)$ ^libfreerdp-dev(?::\w+|)\s+(.*)$ ^libwinpr-environment0.1(?::\w+|)\s+(.*)$ ^libfreerdp-cache1.1(?::\w+|)\s+(.*)$ ^libwinpr-crypto0.1(?::\w+|)\s+(.*)$ ^libwinpr-sspi0.1(?::\w+|)\s+(.*)$ ^libfreerdp-utils1.1(?::\w+|)\s+(.*)$ ^libwinpr-credui0.1(?::\w+|)\s+(.*)$ ^freerdp-x11(?::\w+|)\s+(.*)$ ^libwinpr-heap0.1(?::\w+|)\s+(.*)$ ^libfreerdp-rail1.1(?::\w+|)\s+(.*)$ ^libwinpr-thread0.1(?::\w+|)\s+(.*)$ ^libwinpr-asn1-0.1(?::\w+|)\s+(.*)$ ^libwinpr-bcrypt0.1(?::\w+|)\s+(.*)$ ^libxfreerdp-client1.1(?::\w+|)\s+(.*)$ ^libwinpr-file0.1(?::\w+|)\s+(.*)$ ^libwinpr-handle0.1(?::\w+|)\s+(.*)$ ^libwinpr-interlocked0.1(?::\w+|)\s+(.*)$ ^libwinpr-sspicli0.1(?::\w+|)\s+(.*)$ ^libwinpr-utils0.1(?::\w+|)\s+(.*)$ ^libwinpr-path0.1(?::\w+|)\s+(.*)$ ^libwinpr-error0.1(?::\w+|)\s+(.*)$ ^libwinpr-dsparse0.1(?::\w+|)\s+(.*)$ ^libfreerdp-plugins-standard(?::\w+|)\s+(.*)$ ^libwinpr-timezone0.1(?::\w+|)\s+(.*)$ ^libfreerdp-crypto1.1(?::\w+|)\s+(.*)$ ^libwinpr-winsock0.1(?::\w+|)\s+(.*)$ ^libwinpr-pipe0.1(?::\w+|)\s+(.*)$ ^libwinpr-credentials0.1(?::\w+|)\s+(.*)$ ^libwinpr-registry0.1(?::\w+|)\s+(.*)$ ^libwinpr-input0.1(?::\w+|)\s+(.*)$ ^php7.0-cgi(?::\w+|)\s+(.*)$ ^php7.0-mcrypt(?::\w+|)\s+(.*)$ ^php7.0-xsl(?::\w+|)\s+(.*)$ ^php7.0-fpm(?::\w+|)\s+(.*)$ ^libphp7.0-embed(?::\w+|)\s+(.*)$ ^php7.0-phpdbg(?::\w+|)\s+(.*)$ ^php7.0-curl(?::\w+|)\s+(.*)$ ^php7.0-ldap(?::\w+|)\s+(.*)$ ^php7.0-mbstring(?::\w+|)\s+(.*)$ ^php7.0-gmp(?::\w+|)\s+(.*)$ ^php7.0-sqlite3(?::\w+|)\s+(.*)$ ^php7.0-gd(?::\w+|)\s+(.*)$ ^php7.0-common(?::\w+|)\s+(.*)$ ^php7.0-enchant(?::\w+|)\s+(.*)$ ^php7.0-odbc(?::\w+|)\s+(.*)$ ^php7.0-cli(?::\w+|)\s+(.*)$ ^php7.0-json(?::\w+|)\s+(.*)$ ^php7.0-pgsql(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.0(?::\w+|)\s+(.*)$ ^php7.0-zip(?::\w+|)\s+(.*)$ ^php7.0-mysql(?::\w+|)\s+(.*)$ ^php7.0-dba(?::\w+|)\s+(.*)$ ^php7.0-sybase(?::\w+|)\s+(.*)$ ^php7.0-pspell(?::\w+|)\s+(.*)$ ^php7.0-xml(?::\w+|)\s+(.*)$ ^php7.0-bz2(?::\w+|)\s+(.*)$ ^php7.0-recode(?::\w+|)\s+(.*)$ ^php7.0-soap(?::\w+|)\s+(.*)$ ^php7.0(?::\w+|)\s+(.*)$ ^php7.0-tidy(?::\w+|)\s+(.*)$ ^php7.0-interbase(?::\w+|)\s+(.*)$ ^php7.0-opcache(?::\w+|)\s+(.*)$ ^php7.0-readline(?::\w+|)\s+(.*)$ ^php7.0-intl(?::\w+|)\s+(.*)$ ^php7.0-imap(?::\w+|)\s+(.*)$ ^php7.0-xmlrpc(?::\w+|)\s+(.*)$ ^php7.0-bcmath(?::\w+|)\s+(.*)$ ^php7.0-dev(?::\w+|)\s+(.*)$ ^php7.0-snmp(?::\w+|)\s+(.*)$ ^libsoup-gnome2.4-1(?::\w+|)\s+(.*)$ ^libsoup-gnome2.4-dev(?::\w+|)\s+(.*)$ ^gir1.2-soup-2.4(?::\w+|)\s+(.*)$ ^libsoup2.4-1(?::\w+|)\s+(.*)$ ^libsoup2.4-dev(?::\w+|)\s+(.*)$ ^libsoup2.4-doc(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.10.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^git(?::\w+|)\s+(.*)$ ^gitweb(?::\w+|)\s+(.*)$ ^git-gui(?::\w+|)\s+(.*)$ ^git-daemon-sysvinit(?::\w+|)\s+(.*)$ ^git-arch(?::\w+|)\s+(.*)$ ^git-el(?::\w+|)\s+(.*)$ ^gitk(?::\w+|)\s+(.*)$ ^git-all(?::\w+|)\s+(.*)$ ^git-mediawiki(?::\w+|)\s+(.*)$ ^git-daemon-run(?::\w+|)\s+(.*)$ ^git-man(?::\w+|)\s+(.*)$ ^git-doc(?::\w+|)\s+(.*)$ ^git-svn(?::\w+|)\s+(.*)$ ^git-cvs(?::\w+|)\s+(.*)$ ^git-core(?::\w+|)\s+(.*)$ ^git-email(?::\w+|)\s+(.*)$ ^libsvn-dev(?::\w+|)\s+(.*)$ ^ruby-svn(?::\w+|)\s+(.*)$ ^subversion-tools(?::\w+|)\s+(.*)$ ^libapache2-svn(?::\w+|)\s+(.*)$ ^libapache2-mod-svn(?::\w+|)\s+(.*)$ ^python-subversion(?::\w+|)\s+(.*)$ ^libsvn-java(?::\w+|)\s+(.*)$ ^subversion(?::\w+|)\s+(.*)$ ^libsvn-doc(?::\w+|)\s+(.*)$ ^libsvn1(?::\w+|)\s+(.*)$ ^libsvn-perl(?::\w+|)\s+(.*)$ ^libsvn-ruby1.8(?::\w+|)\s+(.*)$ ^libgd3(?::\w+|)\s+(.*)$ ^libgd-tools(?::\w+|)\s+(.*)$ ^libgd-dev(?::\w+|)\s+(.*)$ ^postgresql-doc-9.5(?::\w+|)\s+(.*)$ ^postgresql-plperl-9.5(?::\w+|)\s+(.*)$ ^postgresql-server-dev-9.5(?::\w+|)\s+(.*)$ ^postgresql-9.5(?::\w+|)\s+(.*)$ ^postgresql-plpython-9.5(?::\w+|)\s+(.*)$ ^libecpg6(?::\w+|)\s+(.*)$ ^postgresql-client-9.5(?::\w+|)\s+(.*)$ ^libpq-dev(?::\w+|)\s+(.*)$ ^postgresql-contrib-9.5(?::\w+|)\s+(.*)$ ^libpgtypes3(?::\w+|)\s+(.*)$ ^libecpg-dev(?::\w+|)\s+(.*)$ ^postgresql-pltcl-9.5(?::\w+|)\s+(.*)$ ^libpq5(?::\w+|)\s+(.*)$ ^postgresql-plpython3-9.5(?::\w+|)\s+(.*)$ ^libecpg-compat3(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^ubufox(?::\w+|)\s+(.*)$ ^xul-ext-ubufox(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^libclamav-dev(?::\w+|)\s+(.*)$ ^clamav-testfiles(?::\w+|)\s+(.*)$ ^clamav-base(?::\w+|)\s+(.*)$ ^clamav(?::\w+|)\s+(.*)$ ^libclamav7(?::\w+|)\s+(.*)$ ^clamav-daemon(?::\w+|)\s+(.*)$ ^clamav-milter(?::\w+|)\s+(.*)$ ^clamav-docs(?::\w+|)\s+(.*)$ ^clamav-freshclam(?::\w+|)\s+(.*)$ ^clamdscan(?::\w+|)\s+(.*)$ ^libmspack0(?::\w+|)\s+(.*)$ ^libmspack-dev(?::\w+|)\s+(.*)$ ^libmspack-doc(?::\w+|)\s+(.*)$ ^libc-ares2(?::\w+|)\s+(.*)$ ^libc-ares-dev(?::\w+|)\s+(.*)$ ^strongswan-plugin-xauth-noauth(?::\w+|)\s+(.*)$ ^libcharon-extra-plugins(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-simaka-pseudonym(?::\w+|)\s+(.*)$ ^libstrongswan-extra-plugins(?::\w+|)\s+(.*)$ ^strongswan-plugin-unbound(?::\w+|)\s+(.*)$ ^strongswan-plugin-farp(?::\w+|)\s+(.*)$ ^strongswan-charon(?::\w+|)\s+(.*)$ ^strongswan-ikev1(?::\w+|)\s+(.*)$ ^strongswan-plugin-pkcs11(?::\w+|)\s+(.*)$ ^strongswan-plugin-xauth-eap(?::\w+|)\s+(.*)$ ^strongswan-plugin-sshkey(?::\w+|)\s+(.*)$ ^strongswan-plugin-error-notify(?::\w+|)\s+(.*)$ ^strongswan-plugin-gcrypt(?::\w+|)\s+(.*)$ ^strongswan-plugin-sql(?::\w+|)\s+(.*)$ ^strongswan-plugin-coupling(?::\w+|)\s+(.*)$ ^strongswan-plugin-xauth-generic(?::\w+|)\s+(.*)$ ^strongswan-plugin-lookip(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-ttls(?::\w+|)\s+(.*)$ ^strongswan-plugin-af-alg(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-aka-3gpp2(?::\w+|)\s+(.*)$ ^strongswan-ike(?::\w+|)\s+(.*)$ ^strongswan-plugin-dnskey(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-aka(?::\w+|)\s+(.*)$ ^libstrongswan(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-simaka-sql(?::\w+|)\s+(.*)$ ^libstrongswan-standard-plugins(?::\w+|)\s+(.*)$ ^strongswan-plugin-sqlite(?::\w+|)\s+(.*)$ ^strongswan-plugin-duplicheck(?::\w+|)\s+(.*)$ ^strongswan(?::\w+|)\s+(.*)$ ^strongswan-tnc-server(?::\w+|)\s+(.*)$ ^strongswan-plugin-attr-sql(?::\w+|)\s+(.*)$ ^strongswan-tnc-base(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-peap(?::\w+|)\s+(.*)$ ^strongswan-starter(?::\w+|)\s+(.*)$ ^strongswan-plugin-curl(?::\w+|)\s+(.*)$ ^strongswan-plugin-radattr(?::\w+|)\s+(.*)$ ^strongswan-plugin-soup(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-dynamic(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-gtc(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-tls(?::\w+|)\s+(.*)$ ^strongswan-tnc-ifmap(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-tnc(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-radius(?::\w+|)\s+(.*)$ ^strongswan-ikev2(?::\w+|)\s+(.*)$ ^strongswan-plugin-mysql(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-simaka-reauth(?::\w+|)\s+(.*)$ ^strongswan-plugin-openssl(?::\w+|)\s+(.*)$ ^strongswan-plugin-dnscert(?::\w+|)\s+(.*)$ ^strongswan-plugin-xauth-pam(?::\w+|)\s+(.*)$ ^strongswan-plugin-pubkey(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-md5(?::\w+|)\s+(.*)$ ^charon-cmd(?::\w+|)\s+(.*)$ ^strongswan-plugin-whitelist(?::\w+|)\s+(.*)$ ^strongswan-plugin-fips-prf(?::\w+|)\s+(.*)$ ^strongswan-libcharon(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-mschapv2(?::\w+|)\s+(.*)$ ^strongswan-nm(?::\w+|)\s+(.*)$ ^strongswan-plugin-ldap(?::\w+|)\s+(.*)$ ^strongswan-plugin-certexpire(?::\w+|)\s+(.*)$ ^strongswan-tnc-pdp(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-sim(?::\w+|)\s+(.*)$ ^strongswan-plugin-kernel-libipsec(?::\w+|)\s+(.*)$ ^strongswan-plugin-ipseckey(?::\w+|)\s+(.*)$ ^strongswan-plugin-dhcp(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-sim-pcsc(?::\w+|)\s+(.*)$ ^strongswan-plugin-ntru(?::\w+|)\s+(.*)$ ^strongswan-plugin-gmp(?::\w+|)\s+(.*)$ ^strongswan-plugin-agent(?::\w+|)\s+(.*)$ ^strongswan-plugin-pgp(?::\w+|)\s+(.*)$ ^strongswan-tnc-client(?::\w+|)\s+(.*)$ ^strongswan-plugin-load-tester(?::\w+|)\s+(.*)$ ^strongswan-plugin-unity(?::\w+|)\s+(.*)$ ^strongswan-plugin-led(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-sim-file(?::\w+|)\s+(.*)$ ^strongswan-plugin-systime-fix(?::\w+|)\s+(.*)$ ^libgraphite2-doc(?::\w+|)\s+(.*)$ ^libgraphite2-3(?::\w+|)\s+(.*)$ ^libgraphite2-dev(?::\w+|)\s+(.*)$ ^cvs(?::\w+|)\s+(.*)$ ^augeas-tools(?::\w+|)\s+(.*)$ ^libaugeas0(?::\w+|)\s+(.*)$ ^libaugeas-dev(?::\w+|)\s+(.*)$ ^augeas-doc(?::\w+|)\s+(.*)$ ^augeas-lenses(?::\w+|)\s+(.*)$ ^texlive-fonts-recommended-doc(?::\w+|)\s+(.*)$ ^texlive-pictures(?::\w+|)\s+(.*)$ ^texlive-full(?::\w+|)\s+(.*)$ ^texlive-luatex(?::\w+|)\s+(.*)$ ^texlive-pictures-doc(?::\w+|)\s+(.*)$ ^texlive-xetex(?::\w+|)\s+(.*)$ ^texlive-metapost(?::\w+|)\s+(.*)$ ^texlive-latex-base(?::\w+|)\s+(.*)$ ^texlive-fonts-recommended(?::\w+|)\s+(.*)$ ^texlive-latex-recommended-doc(?::\w+|)\s+(.*)$ ^texlive-omega(?::\w+|)\s+(.*)$ ^texlive-base(?::\w+|)\s+(.*)$ ^texlive-generic-recommended(?::\w+|)\s+(.*)$ ^texlive-metapost-doc(?::\w+|)\s+(.*)$ ^texlive-latex-base-doc(?::\w+|)\s+(.*)$ ^texlive-latex-recommended(?::\w+|)\s+(.*)$ ^texlive(?::\w+|)\s+(.*)$ ^luasseq(?::\w+|)\s+(.*)$ ^python-pysaml2-doc(?::\w+|)\s+(.*)$ ^python-pysaml2(?::\w+|)\s+(.*)$ ^python3-pysaml2(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.10.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^python-jwt(?::\w+|)\s+(.*)$ ^python3-jwt(?::\w+|)\s+(.*)$ ^liblouis9(?::\w+|)\s+(.*)$ ^liblouis-bin(?::\w+|)\s+(.*)$ ^python-louis(?::\w+|)\s+(.*)$ ^liblouis-dev(?::\w+|)\s+(.*)$ ^python3-louis(?::\w+|)\s+(.*)$ ^liblouis-data(?::\w+|)\s+(.*)$ ^libgd3(?::\w+|)\s+(.*)$ ^libgd-tools(?::\w+|)\s+(.*)$ ^libgd-dev(?::\w+|)\s+(.*)$ ^bzr-doc(?::\w+|)\s+(.*)$ ^python-bzrlib(?::\w+|)\s+(.*)$ ^bzr(?::\w+|)\s+(.*)$ ^python-bzrlib.tests(?::\w+|)\s+(.*)$ ^libbluetooth3(?::\w+|)\s+(.*)$ ^bluez-tests(?::\w+|)\s+(.*)$ ^bluez-obexd(?::\w+|)\s+(.*)$ ^bluetooth(?::\w+|)\s+(.*)$ ^bluez(?::\w+|)\s+(.*)$ ^bluez-hcidump(?::\w+|)\s+(.*)$ ^bluez-cups(?::\w+|)\s+(.*)$ ^libbluetooth-dev(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-aarch64(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-aarch64(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^tcpdump(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-globalmenu(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-testsuite(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^libgdk-pixbuf2.0-0(?::\w+|)\s+(.*)$ ^libgdk-pixbuf2.0-common(?::\w+|)\s+(.*)$ ^libgdk-pixbuf2.0-dev(?::\w+|)\s+(.*)$ ^libgdk-pixbuf2.0-0-udeb(?::\w+|)\s+(.*)$ ^libgdk-pixbuf2.0-doc(?::\w+|)\s+(.*)$ ^gir1.2-gdkpixbuf-2.0(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.10.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^libidn2-0-dev(?::\w+|)\s+(.*)$ ^libidn2-0(?::\w+|)\s+(.*)$ ^idn2(?::\w+|)\s+(.*)$ ^python-libxml2(?::\w+|)\s+(.*)$ ^libxml2-utils(?::\w+|)\s+(.*)$ ^libxml2(?::\w+|)\s+(.*)$ ^libxml2-udeb(?::\w+|)\s+(.*)$ ^libxml2-doc(?::\w+|)\s+(.*)$ ^libxml2-dev(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^emacs24-bin-common(?::\w+|)\s+(.*)$ ^emacs24-lucid(?::\w+|)\s+(.*)$ ^emacs24(?::\w+|)\s+(.*)$ ^emacs24-el(?::\w+|)\s+(.*)$ ^emacs24-nox(?::\w+|)\s+(.*)$ ^emacs24-common(?::\w+|)\s+(.*)$ ^python-plist(?::\w+|)\s+(.*)$ ^libplist++3v5(?::\w+|)\s+(.*)$ ^libplist-doc(?::\w+|)\s+(.*)$ ^libplist-dev(?::\w+|)\s+(.*)$ ^libplist-utils(?::\w+|)\s+(.*)$ ^libplist3(?::\w+|)\s+(.*)$ ^libplist++-dev(?::\w+|)\s+(.*)$ ^dnsmasq(?::\w+|)\s+(.*)$ ^dnsmasq-utils(?::\w+|)\s+(.*)$ ^dnsmasq-base(?::\w+|)\s+(.*)$ ^libnss3-nssdb(?::\w+|)\s+(.*)$ ^libnss3-dev(?::\w+|)\s+(.*)$ ^libnss3(?::\w+|)\s+(.*)$ ^libnss3-1d(?::\w+|)\s+(.*)$ ^libnss3-tools(?::\w+|)\s+(.*)$ ^ca-certificates(?::\w+|)\s+(.*)$ ^libpoppler58(?::\w+|)\s+(.*)$ ^poppler-utils(?::\w+|)\s+(.*)$ ^libpoppler-qt5-1(?::\w+|)\s+(.*)$ ^libpoppler-cpp-dev(?::\w+|)\s+(.*)$ ^libpoppler-cpp0(?::\w+|)\s+(.*)$ ^gir1.2-poppler-0.18(?::\w+|)\s+(.*)$ ^libpoppler-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib8(?::\w+|)\s+(.*)$ ^libpoppler-private-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt4-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt4-4(?::\w+|)\s+(.*)$ ^libpoppler-qt5-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-doc(?::\w+|)\s+(.*)$ ^idn(?::\w+|)\s+(.*)$ ^libidn11-dev(?::\w+|)\s+(.*)$ ^libidn11-java(?::\w+|)\s+(.*)$ ^libidn11(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-globalmenu(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-testsuite(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^git(?::\w+|)\s+(.*)$ ^gitweb(?::\w+|)\s+(.*)$ ^git-gui(?::\w+|)\s+(.*)$ ^git-daemon-sysvinit(?::\w+|)\s+(.*)$ ^git-arch(?::\w+|)\s+(.*)$ ^git-el(?::\w+|)\s+(.*)$ ^gitk(?::\w+|)\s+(.*)$ ^git-all(?::\w+|)\s+(.*)$ ^git-mediawiki(?::\w+|)\s+(.*)$ ^git-daemon-run(?::\w+|)\s+(.*)$ ^git-man(?::\w+|)\s+(.*)$ ^git-doc(?::\w+|)\s+(.*)$ ^git-svn(?::\w+|)\s+(.*)$ ^git-cvs(?::\w+|)\s+(.*)$ ^git-core(?::\w+|)\s+(.*)$ ^git-email(?::\w+|)\s+(.*)$ ^libpoppler58(?::\w+|)\s+(.*)$ ^poppler-utils(?::\w+|)\s+(.*)$ ^libpoppler-qt5-1(?::\w+|)\s+(.*)$ ^libpoppler-cpp-dev(?::\w+|)\s+(.*)$ ^libpoppler-cpp0(?::\w+|)\s+(.*)$ ^gir1.2-poppler-0.18(?::\w+|)\s+(.*)$ ^libpoppler-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib8(?::\w+|)\s+(.*)$ ^libpoppler-private-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt4-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt4-4(?::\w+|)\s+(.*)$ ^libpoppler-qt5-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-doc(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl3(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^libxfont1-dev(?::\w+|)\s+(.*)$ ^libxfont1-udeb(?::\w+|)\s+(.*)$ ^libxfont1(?::\w+|)\s+(.*)$ ^libxfont2-udeb(?::\w+|)\s+(.*)$ ^libxfont2(?::\w+|)\s+(.*)$ ^libxfont-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.10.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.10.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^python-keystone(?::\w+|)\s+(.*)$ ^keystone-doc(?::\w+|)\s+(.*)$ ^keystone(?::\w+|)\s+(.*)$ ^openvswitch-switch(?::\w+|)\s+(.*)$ ^openvswitch-pki(?::\w+|)\s+(.*)$ ^ovn-docker(?::\w+|)\s+(.*)$ ^openvswitch-common(?::\w+|)\s+(.*)$ ^openvswitch-testcontroller(?::\w+|)\s+(.*)$ ^openvswitch-vtep(?::\w+|)\s+(.*)$ ^python-openvswitch(?::\w+|)\s+(.*)$ ^openvswitch-ipsec(?::\w+|)\s+(.*)$ ^ovn-host(?::\w+|)\s+(.*)$ ^ovn-common(?::\w+|)\s+(.*)$ ^ovn-central(?::\w+|)\s+(.*)$ ^openvswitch-switch-dpdk(?::\w+|)\s+(.*)$ ^openvswitch-test(?::\w+|)\s+(.*)$ ^xserver-xorg-core(?::\w+|)\s+(.*)$ ^xmir(?::\w+|)\s+(.*)$ ^xwayland(?::\w+|)\s+(.*)$ ^xorg-server-source(?::\w+|)\s+(.*)$ ^xdmx(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy(?::\w+|)\s+(.*)$ ^xserver-xorg-xmir(?::\w+|)\s+(.*)$ ^xvfb(?::\w+|)\s+(.*)$ ^xserver-xorg-dev(?::\w+|)\s+(.*)$ ^xserver-xorg-core-udeb(?::\w+|)\s+(.*)$ ^xnest(?::\w+|)\s+(.*)$ ^xserver-xephyr(?::\w+|)\s+(.*)$ ^xserver-common(?::\w+|)\s+(.*)$ ^xdmx-tools(?::\w+|)\s+(.*)$ ^xorg-server-source-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xephyr-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xorg-core-hwe-16.04(?::\w+|)\s+(.*)$ ^xmir-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy-hwe-16.04(?::\w+|)\s+(.*)$ ^xwayland-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xorg-dev-hwe-16.04(?::\w+|)\s+(.*)$ ^hostapd(?::\w+|)\s+(.*)$ ^wpagui(?::\w+|)\s+(.*)$ ^wpasupplicant-udeb(?::\w+|)\s+(.*)$ ^wpasupplicant(?::\w+|)\s+(.*)$ ^xserver-xorg-core(?::\w+|)\s+(.*)$ ^xmir(?::\w+|)\s+(.*)$ ^xwayland(?::\w+|)\s+(.*)$ ^xorg-server-source(?::\w+|)\s+(.*)$ ^xdmx(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy(?::\w+|)\s+(.*)$ ^xserver-xorg-xmir(?::\w+|)\s+(.*)$ ^xvfb(?::\w+|)\s+(.*)$ ^xserver-xorg-dev(?::\w+|)\s+(.*)$ ^xserver-xorg-core-udeb(?::\w+|)\s+(.*)$ ^xnest(?::\w+|)\s+(.*)$ ^xserver-xephyr(?::\w+|)\s+(.*)$ ^xserver-common(?::\w+|)\s+(.*)$ ^xdmx-tools(?::\w+|)\s+(.*)$ ^xorg-server-source-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xephyr-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xorg-core-hwe-16.04(?::\w+|)\s+(.*)$ ^xmir-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy-hwe-16.04(?::\w+|)\s+(.*)$ ^xwayland-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xorg-dev-hwe-16.04(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl3(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^icu-devtools(?::\w+|)\s+(.*)$ ^libicu55(?::\w+|)\s+(.*)$ ^libicu-dev(?::\w+|)\s+(.*)$ ^icu-doc(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-common(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-384(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-375(?::\w+|)\s+(.*)$ ^nvidia-375-dev(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-384(?::\w+|)\s+(.*)$ ^nvidia-384-dev(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-375(?::\w+|)\s+(.*)$ ^libcuda1-384(?::\w+|)\s+(.*)$ ^nvidia-384(?::\w+|)\s+(.*)$ ^libcuda1-375(?::\w+|)\s+(.*)$ ^nvidia-375(?::\w+|)\s+(.*)$ ^pacemaker-remote(?::\w+|)\s+(.*)$ ^libcrmcommon-dev(?::\w+|)\s+(.*)$ ^pacemaker-resource-agents(?::\w+|)\s+(.*)$ ^pacemaker-cli-utils(?::\w+|)\s+(.*)$ ^pacemaker-common(?::\w+|)\s+(.*)$ ^liblrmd1(?::\w+|)\s+(.*)$ ^libcrmcluster-dev(?::\w+|)\s+(.*)$ ^libstonithd-dev(?::\w+|)\s+(.*)$ ^libpe-status10(?::\w+|)\s+(.*)$ ^libtransitioner2(?::\w+|)\s+(.*)$ ^libstonithd2(?::\w+|)\s+(.*)$ ^libcrmservice3(?::\w+|)\s+(.*)$ ^libcrmcommon3(?::\w+|)\s+(.*)$ ^libcib-dev(?::\w+|)\s+(.*)$ ^pacemaker(?::\w+|)\s+(.*)$ ^libcrmservice-dev(?::\w+|)\s+(.*)$ ^libpe-rules2(?::\w+|)\s+(.*)$ ^liblrmd-dev(?::\w+|)\s+(.*)$ ^libpengine10(?::\w+|)\s+(.*)$ ^libpengine-dev(?::\w+|)\s+(.*)$ ^pacemaker-doc(?::\w+|)\s+(.*)$ ^libcrmcluster4(?::\w+|)\s+(.*)$ ^libcib4(?::\w+|)\s+(.*)$ ^python3-werkzeug(?::\w+|)\s+(.*)$ ^python-werkzeug(?::\w+|)\s+(.*)$ ^python-werkzeug-doc(?::\w+|)\s+(.*)$ ^wget(?::\w+|)\s+(.*)$ ^wget-udeb(?::\w+|)\s+(.*)$ ^irssi-dev(?::\w+|)\s+(.*)$ ^irssi(?::\w+|)\s+(.*)$ ^libpoppler58(?::\w+|)\s+(.*)$ ^poppler-utils(?::\w+|)\s+(.*)$ ^libpoppler-qt5-1(?::\w+|)\s+(.*)$ ^libpoppler-cpp-dev(?::\w+|)\s+(.*)$ ^libpoppler-cpp0(?::\w+|)\s+(.*)$ ^gir1.2-poppler-0.18(?::\w+|)\s+(.*)$ ^libpoppler-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib8(?::\w+|)\s+(.*)$ ^libpoppler-private-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt4-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt4-4(?::\w+|)\s+(.*)$ ^libpoppler-qt5-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-doc(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.10.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.10.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^quagga(?::\w+|)\s+(.*)$ ^quagga-doc(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^openjdk-8-jre-jamvm(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libcrypto1.0.0-udeb(?::\w+|)\s+(.*)$ ^libssl1.0.0-udeb(?::\w+|)\s+(.*)$ ^postgresql-server-dev-all(?::\w+|)\s+(.*)$ ^postgresql-client-common(?::\w+|)\s+(.*)$ ^postgresql-common(?::\w+|)\s+(.*)$ ^postgresql(?::\w+|)\s+(.*)$ ^postgresql-contrib(?::\w+|)\s+(.*)$ ^postgresql-doc(?::\w+|)\s+(.*)$ ^postgresql-client(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^perl-modules-5.22(?::\w+|)\s+(.*)$ ^libperl-dev(?::\w+|)\s+(.*)$ ^perl-doc(?::\w+|)\s+(.*)$ ^perl(?::\w+|)\s+(.*)$ ^perl-base(?::\w+|)\s+(.*)$ ^perl-debug(?::\w+|)\s+(.*)$ ^libperl5.22(?::\w+|)\s+(.*)$ ^postgresql-doc-9.5(?::\w+|)\s+(.*)$ ^postgresql-plperl-9.5(?::\w+|)\s+(.*)$ ^postgresql-server-dev-9.5(?::\w+|)\s+(.*)$ ^postgresql-9.5(?::\w+|)\s+(.*)$ ^postgresql-plpython-9.5(?::\w+|)\s+(.*)$ ^libecpg6(?::\w+|)\s+(.*)$ ^postgresql-client-9.5(?::\w+|)\s+(.*)$ ^libpq-dev(?::\w+|)\s+(.*)$ ^postgresql-contrib-9.5(?::\w+|)\s+(.*)$ ^libpgtypes3(?::\w+|)\s+(.*)$ ^libecpg-dev(?::\w+|)\s+(.*)$ ^postgresql-pltcl-9.5(?::\w+|)\s+(.*)$ ^libpq5(?::\w+|)\s+(.*)$ ^postgresql-plpython3-9.5(?::\w+|)\s+(.*)$ ^libecpg-compat3(?::\w+|)\s+(.*)$ ^python-apport(?::\w+|)\s+(.*)$ ^python3-problem-report(?::\w+|)\s+(.*)$ ^apport-kde(?::\w+|)\s+(.*)$ ^apport-retrace(?::\w+|)\s+(.*)$ ^apport-valgrind(?::\w+|)\s+(.*)$ ^python3-apport(?::\w+|)\s+(.*)$ ^dh-apport(?::\w+|)\s+(.*)$ ^apport-gtk(?::\w+|)\s+(.*)$ ^apport(?::\w+|)\s+(.*)$ ^python-problem-report(?::\w+|)\s+(.*)$ ^apport-noui(?::\w+|)\s+(.*)$ ^python-apport(?::\w+|)\s+(.*)$ ^python3-problem-report(?::\w+|)\s+(.*)$ ^apport-kde(?::\w+|)\s+(.*)$ ^apport-retrace(?::\w+|)\s+(.*)$ ^apport-valgrind(?::\w+|)\s+(.*)$ ^python3-apport(?::\w+|)\s+(.*)$ ^dh-apport(?::\w+|)\s+(.*)$ ^apport-gtk(?::\w+|)\s+(.*)$ ^apport(?::\w+|)\s+(.*)$ ^python-problem-report(?::\w+|)\s+(.*)$ ^apport-noui(?::\w+|)\s+(.*)$ ^python-apport(?::\w+|)\s+(.*)$ ^python3-problem-report(?::\w+|)\s+(.*)$ ^apport-kde(?::\w+|)\s+(.*)$ ^apport-retrace(?::\w+|)\s+(.*)$ ^apport-valgrind(?::\w+|)\s+(.*)$ ^python3-apport(?::\w+|)\s+(.*)$ ^dh-apport(?::\w+|)\s+(.*)$ ^apport-gtk(?::\w+|)\s+(.*)$ ^apport(?::\w+|)\s+(.*)$ ^python-problem-report(?::\w+|)\s+(.*)$ ^apport-noui(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^procmail(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.10.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.10.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.11.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^db5.3-doc(?::\w+|)\s+(.*)$ ^libdb5.3-java-jni(?::\w+|)\s+(.*)$ ^libdb5.3-tcl(?::\w+|)\s+(.*)$ ^libdb5.3-java-dev(?::\w+|)\s+(.*)$ ^libdb5.3-dev(?::\w+|)\s+(.*)$ ^db5.3-util(?::\w+|)\s+(.*)$ ^libdb5.3-stl-dev(?::\w+|)\s+(.*)$ ^libdb5.3-sql(?::\w+|)\s+(.*)$ ^libdb5.3++-dev(?::\w+|)\s+(.*)$ ^db5.3-sql-util(?::\w+|)\s+(.*)$ ^libdb5.3(?::\w+|)\s+(.*)$ ^libdb5.3-stl(?::\w+|)\s+(.*)$ ^libdb5.3-java-gcj(?::\w+|)\s+(.*)$ ^libdb5.3-sql-dev(?::\w+|)\s+(.*)$ ^libdb5.3-java(?::\w+|)\s+(.*)$ ^libdb5.3++(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-globalmenu(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-testsuite(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^libldns-dev(?::\w+|)\s+(.*)$ ^python-ldns(?::\w+|)\s+(.*)$ ^ldnsutils(?::\w+|)\s+(.*)$ ^libldns1(?::\w+|)\s+(.*)$ ^libraw-doc(?::\w+|)\s+(.*)$ ^libraw-bin(?::\w+|)\s+(.*)$ ^libraw-dev(?::\w+|)\s+(.*)$ ^libraw15(?::\w+|)\s+(.*)$ ^libxml-libxml-perl(?::\w+|)\s+(.*)$ ^optipng(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^libpython3.5-stdlib(?::\w+|)\s+(.*)$ ^libpython3.5-minimal(?::\w+|)\s+(.*)$ ^python3.5-venv(?::\w+|)\s+(.*)$ ^python3.5(?::\w+|)\s+(.*)$ ^python3.5-minimal(?::\w+|)\s+(.*)$ ^python3.5-doc(?::\w+|)\s+(.*)$ ^libpython3.5-testsuite(?::\w+|)\s+(.*)$ ^libpython3.5(?::\w+|)\s+(.*)$ ^python3.5-examples(?::\w+|)\s+(.*)$ ^python3.5-dev(?::\w+|)\s+(.*)$ ^idle-python3.5(?::\w+|)\s+(.*)$ ^libpython3.5-dev(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl3(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^libxfont1-dev(?::\w+|)\s+(.*)$ ^libxfont1-udeb(?::\w+|)\s+(.*)$ ^libxfont1(?::\w+|)\s+(.*)$ ^libxfont2-udeb(?::\w+|)\s+(.*)$ ^libxfont2(?::\w+|)\s+(.*)$ ^libxfont-dev(?::\w+|)\s+(.*)$ ^libxcursor-dev(?::\w+|)\s+(.*)$ ^libxcursor1(?::\w+|)\s+(.*)$ ^libxcursor1-udeb(?::\w+|)\s+(.*)$ ^gir1.2-evince-3.0(?::\w+|)\s+(.*)$ ^libevview3-3(?::\w+|)\s+(.*)$ ^evince-common(?::\w+|)\s+(.*)$ ^libevince-dev(?::\w+|)\s+(.*)$ ^evince(?::\w+|)\s+(.*)$ ^libevdocument3-4(?::\w+|)\s+(.*)$ ^evince-gtk(?::\w+|)\s+(.*)$ ^python-libxml2(?::\w+|)\s+(.*)$ ^libxml2-utils(?::\w+|)\s+(.*)$ ^libxml2(?::\w+|)\s+(.*)$ ^libxml2-udeb(?::\w+|)\s+(.*)$ ^libxml2-doc(?::\w+|)\s+(.*)$ ^libxml2-dev(?::\w+|)\s+(.*)$ ^scsi-firmware(?::\w+|)\s+(.*)$ ^nic-firmware(?::\w+|)\s+(.*)$ ^linux-firmware(?::\w+|)\s+(.*)$ ^rsync(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.13.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.10.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.11.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libcrypto1.0.0-udeb(?::\w+|)\s+(.*)$ ^libssl1.0.0-udeb(?::\w+|)\s+(.*)$ ^python-libxml2(?::\w+|)\s+(.*)$ ^libxml2-utils(?::\w+|)\s+(.*)$ ^libxml2(?::\w+|)\s+(.*)$ ^libxml2-udeb(?::\w+|)\s+(.*)$ ^libxml2-doc(?::\w+|)\s+(.*)$ ^libxml2-dev(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^libruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3-tcltk(?::\w+|)\s+(.*)$ ^ruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3-dev(?::\w+|)\s+(.*)$ ^ruby2.3-doc(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^libpoppler58(?::\w+|)\s+(.*)$ ^poppler-utils(?::\w+|)\s+(.*)$ ^libpoppler-qt5-1(?::\w+|)\s+(.*)$ ^libpoppler-cpp-dev(?::\w+|)\s+(.*)$ ^libpoppler-cpp0(?::\w+|)\s+(.*)$ ^gir1.2-poppler-0.18(?::\w+|)\s+(.*)$ ^libpoppler-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib8(?::\w+|)\s+(.*)$ ^libpoppler-private-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt4-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt4-4(?::\w+|)\s+(.*)$ ^libpoppler-qt5-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-doc(?::\w+|)\s+(.*)$ ^awstats(?::\w+|)\s+(.*)$ ^tomcat8-docs(?::\w+|)\s+(.*)$ ^tomcat8-user(?::\w+|)\s+(.*)$ ^libservlet3.1-java(?::\w+|)\s+(.*)$ ^libservlet3.1-java-doc(?::\w+|)\s+(.*)$ ^tomcat8-examples(?::\w+|)\s+(.*)$ ^tomcat8-admin(?::\w+|)\s+(.*)$ ^libtomcat8-java(?::\w+|)\s+(.*)$ ^tomcat8-common(?::\w+|)\s+(.*)$ ^tomcat8(?::\w+|)\s+(.*)$ ^python-pysaml2-doc(?::\w+|)\s+(.*)$ ^python-pysaml2(?::\w+|)\s+(.*)$ ^python3-pysaml2(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-384(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-375(?::\w+|)\s+(.*)$ ^nvidia-375-dev(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-384(?::\w+|)\s+(.*)$ ^nvidia-384-dev(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-375(?::\w+|)\s+(.*)$ ^libcuda1-384(?::\w+|)\s+(.*)$ ^nvidia-384(?::\w+|)\s+(.*)$ ^libcuda1-375(?::\w+|)\s+(.*)$ ^nvidia-375(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-euclid)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.13.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.13.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.13.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.13.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^libipa-hbac-dev(?::\w+|)\s+(.*)$ ^sssd-ad(?::\w+|)\s+(.*)$ ^libsss-sudo(?::\w+|)\s+(.*)$ ^libsss-nss-idmap0(?::\w+|)\s+(.*)$ ^libnss-sss(?::\w+|)\s+(.*)$ ^sssd-ipa(?::\w+|)\s+(.*)$ ^libsss-simpleifp0(?::\w+|)\s+(.*)$ ^libsss-idmap-dev(?::\w+|)\s+(.*)$ ^python3-libsss-nss-idmap(?::\w+|)\s+(.*)$ ^sssd-common(?::\w+|)\s+(.*)$ ^python3-sss(?::\w+|)\s+(.*)$ ^libpam-sss(?::\w+|)\s+(.*)$ ^python-libsss-nss-idmap(?::\w+|)\s+(.*)$ ^libsss-idmap0(?::\w+|)\s+(.*)$ ^sssd-ldap(?::\w+|)\s+(.*)$ ^libsss-nss-idmap-dev(?::\w+|)\s+(.*)$ ^libsss-simpleifp-dev(?::\w+|)\s+(.*)$ ^sssd(?::\w+|)\s+(.*)$ ^python-libipa-hbac(?::\w+|)\s+(.*)$ ^libwbclient-sssd(?::\w+|)\s+(.*)$ ^libwbclient-sssd-dev(?::\w+|)\s+(.*)$ ^python3-libipa-hbac(?::\w+|)\s+(.*)$ ^libipa-hbac0(?::\w+|)\s+(.*)$ ^sssd-tools(?::\w+|)\s+(.*)$ ^sssd-ad-common(?::\w+|)\s+(.*)$ ^sssd-krb5-common(?::\w+|)\s+(.*)$ ^sssd-dbus(?::\w+|)\s+(.*)$ ^sssd-krb5(?::\w+|)\s+(.*)$ ^python-sss(?::\w+|)\s+(.*)$ ^sssd-proxy(?::\w+|)\s+(.*)$ ^irssi-dev(?::\w+|)\s+(.*)$ ^irssi(?::\w+|)\s+(.*)$ ^libruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3-tcltk(?::\w+|)\s+(.*)$ ^ruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3-dev(?::\w+|)\s+(.*)$ ^ruby2.3-doc(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-globalmenu(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-testsuite(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^intel-microcode(?::\w+|)\s+(.*)$ ^intel-microcode(?::\w+|)\s+(.*)$ ^intel-microcode(?::\w+|)\s+(.*)$ ^libgdk-pixbuf2.0-0(?::\w+|)\s+(.*)$ ^libgdk-pixbuf2.0-common(?::\w+|)\s+(.*)$ ^libgdk-pixbuf2.0-dev(?::\w+|)\s+(.*)$ ^libgdk-pixbuf2.0-0-udeb(?::\w+|)\s+(.*)$ ^libgdk-pixbuf2.0-doc(?::\w+|)\s+(.*)$ ^gir1.2-gdkpixbuf-2.0(?::\w+|)\s+(.*)$ ^transmission-common(?::\w+|)\s+(.*)$ ^transmission(?::\w+|)\s+(.*)$ ^transmission-daemon(?::\w+|)\s+(.*)$ ^transmission-qt(?::\w+|)\s+(.*)$ ^transmission-gtk(?::\w+|)\s+(.*)$ ^transmission-cli(?::\w+|)\s+(.*)$ ^libc6-i386(?::\w+|)\s+(.*)$ ^libc6-ppc64(?::\w+|)\s+(.*)$ ^libc6-dev-s390(?::\w+|)\s+(.*)$ ^glibc-source(?::\w+|)\s+(.*)$ ^libc-bin(?::\w+|)\s+(.*)$ ^libc6-x32(?::\w+|)\s+(.*)$ ^libc6-s390(?::\w+|)\s+(.*)$ ^libc6-armel(?::\w+|)\s+(.*)$ ^libc6-pic(?::\w+|)\s+(.*)$ ^libc6-dev-ppc64(?::\w+|)\s+(.*)$ ^libc6-dev-armel(?::\w+|)\s+(.*)$ ^glibc-doc(?::\w+|)\s+(.*)$ ^multiarch-support(?::\w+|)\s+(.*)$ ^libc6-dev(?::\w+|)\s+(.*)$ ^libc6-amd64(?::\w+|)\s+(.*)$ ^libc6-dev-amd64(?::\w+|)\s+(.*)$ ^libc6(?::\w+|)\s+(.*)$ ^locales-all(?::\w+|)\s+(.*)$ ^libc6-dev-x32(?::\w+|)\s+(.*)$ ^locales(?::\w+|)\s+(.*)$ ^libc6-udeb(?::\w+|)\s+(.*)$ ^libc6-dev-i386(?::\w+|)\s+(.*)$ ^libc-dev-bin(?::\w+|)\s+(.*)$ ^nscd(?::\w+|)\s+(.*)$ ^libisccfg-export140-udeb(?::\w+|)\s+(.*)$ ^libisc160(?::\w+|)\s+(.*)$ ^libisccc-export140-udeb(?::\w+|)\s+(.*)$ ^libdns162(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^libisc-export160-udeb(?::\w+|)\s+(.*)$ ^liblwres141(?::\w+|)\s+(.*)$ ^libisccc-export140(?::\w+|)\s+(.*)$ ^libisccfg-export140(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^libisc-export160(?::\w+|)\s+(.*)$ ^libdns-export162-udeb(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libisccc140(?::\w+|)\s+(.*)$ ^host(?::\w+|)\s+(.*)$ ^libisccfg140(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^libdns-export162(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^libirs-export141-udeb(?::\w+|)\s+(.*)$ ^libbind9-140(?::\w+|)\s+(.*)$ ^libirs141(?::\w+|)\s+(.*)$ ^libirs-export141(?::\w+|)\s+(.*)$ ^lwresd(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-common(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^openssh-server-udeb(?::\w+|)\s+(.*)$ ^ssh-krb5(?::\w+|)\s+(.*)$ ^openssh-client(?::\w+|)\s+(.*)$ ^openssh-server(?::\w+|)\s+(.*)$ ^openssh-client-ssh1(?::\w+|)\s+(.*)$ ^ssh(?::\w+|)\s+(.*)$ ^ssh-askpass-gnome(?::\w+|)\s+(.*)$ ^openssh-client-udeb(?::\w+|)\s+(.*)$ ^openssh-sftp-server(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-euclid)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.13.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.13.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.13.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.13.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^rsync(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-globalmenu(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-testsuite(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^gir1.2-libgcab-1.0(?::\w+|)\s+(.*)$ ^libgcab-doc(?::\w+|)\s+(.*)$ ^libgcab-dev(?::\w+|)\s+(.*)$ ^libgcab-1.0-0(?::\w+|)\s+(.*)$ ^gcab(?::\w+|)\s+(.*)$ ^libtasn1-6-dev(?::\w+|)\s+(.*)$ ^libtasn1-3-bin(?::\w+|)\s+(.*)$ ^libtasn1-doc(?::\w+|)\s+(.*)$ ^libtasn1-bin(?::\w+|)\s+(.*)$ ^libtasn1-6(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.13.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.13.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.13.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.13.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^libclamav-dev(?::\w+|)\s+(.*)$ ^clamav-testfiles(?::\w+|)\s+(.*)$ ^clamav-base(?::\w+|)\s+(.*)$ ^clamav(?::\w+|)\s+(.*)$ ^libclamav7(?::\w+|)\s+(.*)$ ^clamav-daemon(?::\w+|)\s+(.*)$ ^clamav-milter(?::\w+|)\s+(.*)$ ^clamav-docs(?::\w+|)\s+(.*)$ ^clamav-freshclam(?::\w+|)\s+(.*)$ ^clamdscan(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^libruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3-tcltk(?::\w+|)\s+(.*)$ ^ruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3-dev(?::\w+|)\s+(.*)$ ^ruby2.3-doc(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl3(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^w3m-img(?::\w+|)\s+(.*)$ ^w3m(?::\w+|)\s+(.*)$ ^dovecot-pgsql(?::\w+|)\s+(.*)$ ^dovecot-mysql(?::\w+|)\s+(.*)$ ^dovecot-sieve(?::\w+|)\s+(.*)$ ^dovecot-core(?::\w+|)\s+(.*)$ ^dovecot-ldap(?::\w+|)\s+(.*)$ ^dovecot-sqlite(?::\w+|)\s+(.*)$ ^dovecot-dev(?::\w+|)\s+(.*)$ ^dovecot-pop3d(?::\w+|)\s+(.*)$ ^dovecot-imapd(?::\w+|)\s+(.*)$ ^dovecot-managesieved(?::\w+|)\s+(.*)$ ^dovecot-lucene(?::\w+|)\s+(.*)$ ^mail-stack-delivery(?::\w+|)\s+(.*)$ ^dovecot-gssapi(?::\w+|)\s+(.*)$ ^dovecot-solr(?::\w+|)\s+(.*)$ ^dovecot-lmtpd(?::\w+|)\s+(.*)$ ^squid-common(?::\w+|)\s+(.*)$ ^squid(?::\w+|)\s+(.*)$ ^squid-cgi(?::\w+|)\s+(.*)$ ^squid-purge(?::\w+|)\s+(.*)$ ^squidclient(?::\w+|)\s+(.*)$ ^squid3(?::\w+|)\s+(.*)$ ^systemd-coredump(?::\w+|)\s+(.*)$ ^systemd(?::\w+|)\s+(.*)$ ^udev-udeb(?::\w+|)\s+(.*)$ ^libsystemd0(?::\w+|)\s+(.*)$ ^systemd-container(?::\w+|)\s+(.*)$ ^libnss-myhostname(?::\w+|)\s+(.*)$ ^libudev1-udeb(?::\w+|)\s+(.*)$ ^libudev1(?::\w+|)\s+(.*)$ ^libsystemd-dev(?::\w+|)\s+(.*)$ ^systemd-journal-remote(?::\w+|)\s+(.*)$ ^libpam-systemd(?::\w+|)\s+(.*)$ ^libnss-mymachines(?::\w+|)\s+(.*)$ ^libnss-resolve(?::\w+|)\s+(.*)$ ^systemd-sysv(?::\w+|)\s+(.*)$ ^udev(?::\w+|)\s+(.*)$ ^libudev-dev(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-aarch64(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^libvirt0(?::\w+|)\s+(.*)$ ^libvirt-dev(?::\w+|)\s+(.*)$ ^libvirt-doc(?::\w+|)\s+(.*)$ ^libvirt-bin(?::\w+|)\s+(.*)$ ^libminiupnpc-dev(?::\w+|)\s+(.*)$ ^python-miniupnpc(?::\w+|)\s+(.*)$ ^miniupnpc(?::\w+|)\s+(.*)$ ^libminiupnpc10(?::\w+|)\s+(.*)$ ^mailman(?::\w+|)\s+(.*)$ ^postgresql-doc-9.5(?::\w+|)\s+(.*)$ ^postgresql-plperl-9.5(?::\w+|)\s+(.*)$ ^postgresql-server-dev-9.5(?::\w+|)\s+(.*)$ ^postgresql-9.5(?::\w+|)\s+(.*)$ ^postgresql-plpython-9.5(?::\w+|)\s+(.*)$ ^libecpg6(?::\w+|)\s+(.*)$ ^postgresql-client-9.5(?::\w+|)\s+(.*)$ ^libpq-dev(?::\w+|)\s+(.*)$ ^postgresql-contrib-9.5(?::\w+|)\s+(.*)$ ^libpgtypes3(?::\w+|)\s+(.*)$ ^libecpg-dev(?::\w+|)\s+(.*)$ ^postgresql-pltcl-9.5(?::\w+|)\s+(.*)$ ^libpq5(?::\w+|)\s+(.*)$ ^postgresql-plpython3-9.5(?::\w+|)\s+(.*)$ ^libecpg-compat3(?::\w+|)\s+(.*)$ ^exim4-dev(?::\w+|)\s+(.*)$ ^eximon4(?::\w+|)\s+(.*)$ ^exim4(?::\w+|)\s+(.*)$ ^exim4-daemon-light(?::\w+|)\s+(.*)$ ^exim4-config(?::\w+|)\s+(.*)$ ^exim4-daemon-heavy(?::\w+|)\s+(.*)$ ^exim4-base(?::\w+|)\s+(.*)$ ^libwavpack1(?::\w+|)\s+(.*)$ ^libwavpack-dev(?::\w+|)\s+(.*)$ ^wavpack(?::\w+|)\s+(.*)$ ^libvorbis0a(?::\w+|)\s+(.*)$ ^libvorbisfile3(?::\w+|)\s+(.*)$ ^libvorbisenc2(?::\w+|)\s+(.*)$ ^libvorbis-dev(?::\w+|)\s+(.*)$ ^advancecomp(?::\w+|)\s+(.*)$ ^erlang-gs(?::\w+|)\s+(.*)$ ^erlang-x11(?::\w+|)\s+(.*)$ ^erlang-jinterface(?::\w+|)\s+(.*)$ ^erlang-asn1(?::\w+|)\s+(.*)$ ^erlang-inets(?::\w+|)\s+(.*)$ ^erlang-snmp(?::\w+|)\s+(.*)$ ^erlang-mode(?::\w+|)\s+(.*)$ ^erlang-odbc(?::\w+|)\s+(.*)$ ^erlang-typer(?::\w+|)\s+(.*)$ ^erlang-common-test(?::\w+|)\s+(.*)$ ^erlang-examples(?::\w+|)\s+(.*)$ ^erlang-wx(?::\w+|)\s+(.*)$ ^erlang-ic(?::\w+|)\s+(.*)$ ^erlang-os-mon(?::\w+|)\s+(.*)$ ^erlang-syntax-tools(?::\w+|)\s+(.*)$ ^erlang-ssl(?::\w+|)\s+(.*)$ ^erlang-dev(?::\w+|)\s+(.*)$ ^erlang-ssh(?::\w+|)\s+(.*)$ ^erlang-ic-java(?::\w+|)\s+(.*)$ ^erlang-megaco(?::\w+|)\s+(.*)$ ^erlang-manpages(?::\w+|)\s+(.*)$ ^erlang(?::\w+|)\s+(.*)$ ^erlang-runtime-tools(?::\w+|)\s+(.*)$ ^erlang-eunit(?::\w+|)\s+(.*)$ ^erlang-tools(?::\w+|)\s+(.*)$ ^erlang-observer(?::\w+|)\s+(.*)$ ^erlang-percept(?::\w+|)\s+(.*)$ ^erlang-debugger(?::\w+|)\s+(.*)$ ^erlang-parsetools(?::\w+|)\s+(.*)$ ^erlang-public-key(?::\w+|)\s+(.*)$ ^erlang-diameter(?::\w+|)\s+(.*)$ ^erlang-corba(?::\w+|)\s+(.*)$ ^erlang-doc(?::\w+|)\s+(.*)$ ^erlang-reltool(?::\w+|)\s+(.*)$ ^erlang-xmerl(?::\w+|)\s+(.*)$ ^erlang-nox(?::\w+|)\s+(.*)$ ^erlang-test-server(?::\w+|)\s+(.*)$ ^erlang-eldap(?::\w+|)\s+(.*)$ ^erlang-src(?::\w+|)\s+(.*)$ ^erlang-edoc(?::\w+|)\s+(.*)$ ^erlang-mnesia(?::\w+|)\s+(.*)$ ^erlang-webtool(?::\w+|)\s+(.*)$ ^erlang-base-hipe(?::\w+|)\s+(.*)$ ^erlang-crypto(?::\w+|)\s+(.*)$ ^erlang-erl-docgen(?::\w+|)\s+(.*)$ ^erlang-base(?::\w+|)\s+(.*)$ ^erlang-et(?::\w+|)\s+(.*)$ ^erlang-dialyzer(?::\w+|)\s+(.*)$ ^quagga(?::\w+|)\s+(.*)$ ^quagga-doc(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-aarch64(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-aarch64(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^libvirt0(?::\w+|)\s+(.*)$ ^libvirt-dev(?::\w+|)\s+(.*)$ ^libvirt-doc(?::\w+|)\s+(.*)$ ^libvirt-bin(?::\w+|)\s+(.*)$ ^libcupscgi1(?::\w+|)\s+(.*)$ ^libcups2-dev(?::\w+|)\s+(.*)$ ^cups-bsd(?::\w+|)\s+(.*)$ ^libcupsmime1(?::\w+|)\s+(.*)$ ^cups-common(?::\w+|)\s+(.*)$ ^cups-core-drivers(?::\w+|)\s+(.*)$ ^cups-server-common(?::\w+|)\s+(.*)$ ^libcupsimage2(?::\w+|)\s+(.*)$ ^cups-client(?::\w+|)\s+(.*)$ ^libcupscgi1-dev(?::\w+|)\s+(.*)$ ^cups-ipp-utils(?::\w+|)\s+(.*)$ ^libcups2(?::\w+|)\s+(.*)$ ^libcupsmime1-dev(?::\w+|)\s+(.*)$ ^cups-ppdc(?::\w+|)\s+(.*)$ ^libcupsppdc1(?::\w+|)\s+(.*)$ ^cups(?::\w+|)\s+(.*)$ ^libcupsppdc1-dev(?::\w+|)\s+(.*)$ ^libcupsimage2-dev(?::\w+|)\s+(.*)$ ^cups-daemon(?::\w+|)\s+(.*)$ ^libreoffice-mysql-connector(?::\w+|)\s+(.*)$ ^libreoffice-wiki-publisher(?::\w+|)\s+(.*)$ ^libreoffice-impress(?::\w+|)\s+(.*)$ ^libreoffice-officebean(?::\w+|)\s+(.*)$ ^libreoffice-base(?::\w+|)\s+(.*)$ ^libreoffice-librelogo(?::\w+|)\s+(.*)$ ^libreoffice-java-common(?::\w+|)\s+(.*)$ ^gir1.2-lokdocview-0.1(?::\w+|)\s+(.*)$ ^libreoffice-subsequentcheckbase(?::\w+|)\s+(.*)$ ^libreoffice-style-elementary(?::\w+|)\s+(.*)$ ^libreoffice-kde(?::\w+|)\s+(.*)$ ^libreoffice-style-galaxy(?::\w+|)\s+(.*)$ ^libreoffice-style-hicontrast(?::\w+|)\s+(.*)$ ^libreoffice-core(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-bsh(?::\w+|)\s+(.*)$ ^libreoffice-avmedia-backend-gstreamer(?::\w+|)\s+(.*)$ ^libreofficekit-dev(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-python(?::\w+|)\s+(.*)$ ^libreoffice-common(?::\w+|)\s+(.*)$ ^libreoffice-gnome(?::\w+|)\s+(.*)$ ^libreoffice-dev(?::\w+|)\s+(.*)$ ^libreoffice-gtk3(?::\w+|)\s+(.*)$ ^libreoffice-report-builder(?::\w+|)\s+(.*)$ ^libreoffice-pdfimport(?::\w+|)\s+(.*)$ ^libreoffice-base-core(?::\w+|)\s+(.*)$ ^libreoffice-ogltrans(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-hsqldb(?::\w+|)\s+(.*)$ ^libreoffice-gtk(?::\w+|)\s+(.*)$ ^libreoffice-calc(?::\w+|)\s+(.*)$ ^libreoffice-base-drivers(?::\w+|)\s+(.*)$ ^libreoffice-style-oxygen(?::\w+|)\s+(.*)$ ^libreoffice-style-tango(?::\w+|)\s+(.*)$ ^libreoffice-style-human(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-firebird(?::\w+|)\s+(.*)$ ^python3-uno(?::\w+|)\s+(.*)$ ^libreoffice-math(?::\w+|)\s+(.*)$ ^libreoffice-writer(?::\w+|)\s+(.*)$ ^libreoffice-report-builder-bin(?::\w+|)\s+(.*)$ ^libreoffice-style-breeze(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-js(?::\w+|)\s+(.*)$ ^libreoffice(?::\w+|)\s+(.*)$ ^libreoffice-draw(?::\w+|)\s+(.*)$ ^libreoffice-style-sifr(?::\w+|)\s+(.*)$ ^libreoffice-dev-doc(?::\w+|)\s+(.*)$ ^libreoffice-l10n-in(?::\w+|)\s+(.*)$ ^libreoffice-l10n-za(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-postgresql(?::\w+|)\s+(.*)$ ^fonts-opensymbol(?::\w+|)\s+(.*)$ ^uno-libs3(?::\w+|)\s+(.*)$ ^ure(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.13.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.13.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.13.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.13.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^sensible-utils(?::\w+|)\s+(.*)$ ^twisted-doc(?::\w+|)\s+(.*)$ ^python-twisted-news(?::\w+|)\s+(.*)$ ^python3-twisted(?::\w+|)\s+(.*)$ ^python-twisted-names(?::\w+|)\s+(.*)$ ^python-twisted-words(?::\w+|)\s+(.*)$ ^python-twisted-runner(?::\w+|)\s+(.*)$ ^python-twisted-core(?::\w+|)\s+(.*)$ ^python-twisted-web(?::\w+|)\s+(.*)$ ^python-twisted(?::\w+|)\s+(.*)$ ^python-twisted-mail(?::\w+|)\s+(.*)$ ^python-twisted-bin(?::\w+|)\s+(.*)$ ^python-twisted-conch(?::\w+|)\s+(.*)$ ^isc-dhcp-relay(?::\w+|)\s+(.*)$ ^isc-dhcp-client-ddns(?::\w+|)\s+(.*)$ ^isc-dhcp-dev(?::\w+|)\s+(.*)$ ^isc-dhcp-client(?::\w+|)\s+(.*)$ ^isc-dhcp-common(?::\w+|)\s+(.*)$ ^isc-dhcp-server(?::\w+|)\s+(.*)$ ^isc-dhcp-client-udeb(?::\w+|)\s+(.*)$ ^isc-dhcp-server-ldap(?::\w+|)\s+(.*)$ ^dovecot-pgsql(?::\w+|)\s+(.*)$ ^dovecot-mysql(?::\w+|)\s+(.*)$ ^dovecot-sieve(?::\w+|)\s+(.*)$ ^dovecot-core(?::\w+|)\s+(.*)$ ^dovecot-ldap(?::\w+|)\s+(.*)$ ^dovecot-sqlite(?::\w+|)\s+(.*)$ ^dovecot-dev(?::\w+|)\s+(.*)$ ^dovecot-pop3d(?::\w+|)\s+(.*)$ ^dovecot-imapd(?::\w+|)\s+(.*)$ ^dovecot-managesieved(?::\w+|)\s+(.*)$ ^dovecot-lucene(?::\w+|)\s+(.*)$ ^mail-stack-delivery(?::\w+|)\s+(.*)$ ^dovecot-gssapi(?::\w+|)\s+(.*)$ ^dovecot-solr(?::\w+|)\s+(.*)$ ^dovecot-lmtpd(?::\w+|)\s+(.*)$ ^memcached(?::\w+|)\s+(.*)$ ^postgresql-doc-9.5(?::\w+|)\s+(.*)$ ^postgresql-plperl-9.5(?::\w+|)\s+(.*)$ ^postgresql-server-dev-9.5(?::\w+|)\s+(.*)$ ^postgresql-9.5(?::\w+|)\s+(.*)$ ^postgresql-plpython-9.5(?::\w+|)\s+(.*)$ ^libecpg6(?::\w+|)\s+(.*)$ ^postgresql-client-9.5(?::\w+|)\s+(.*)$ ^libpq-dev(?::\w+|)\s+(.*)$ ^postgresql-contrib-9.5(?::\w+|)\s+(.*)$ ^libpgtypes3(?::\w+|)\s+(.*)$ ^libecpg-dev(?::\w+|)\s+(.*)$ ^postgresql-pltcl-9.5(?::\w+|)\s+(.*)$ ^libpq5(?::\w+|)\s+(.*)$ ^postgresql-plpython3-9.5(?::\w+|)\s+(.*)$ ^libecpg-compat3(?::\w+|)\s+(.*)$ ^irssi-dev(?::\w+|)\s+(.*)$ ^irssi(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^libclamav-dev(?::\w+|)\s+(.*)$ ^clamav-testfiles(?::\w+|)\s+(.*)$ ^clamav-base(?::\w+|)\s+(.*)$ ^clamav(?::\w+|)\s+(.*)$ ^libclamav7(?::\w+|)\s+(.*)$ ^clamav-daemon(?::\w+|)\s+(.*)$ ^clamav-milter(?::\w+|)\s+(.*)$ ^clamav-docs(?::\w+|)\s+(.*)$ ^clamav-freshclam(?::\w+|)\s+(.*)$ ^clamdscan(?::\w+|)\s+(.*)$ ^zsh-static(?::\w+|)\s+(.*)$ ^zsh-common(?::\w+|)\s+(.*)$ ^zsh-dev(?::\w+|)\s+(.*)$ ^zsh(?::\w+|)\s+(.*)$ ^zsh-doc(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.13.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl3(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^php7.0-cgi(?::\w+|)\s+(.*)$ ^php7.0-mcrypt(?::\w+|)\s+(.*)$ ^php7.0-xsl(?::\w+|)\s+(.*)$ ^php7.0-fpm(?::\w+|)\s+(.*)$ ^libphp7.0-embed(?::\w+|)\s+(.*)$ ^php7.0-phpdbg(?::\w+|)\s+(.*)$ ^php7.0-curl(?::\w+|)\s+(.*)$ ^php7.0-ldap(?::\w+|)\s+(.*)$ ^php7.0-mbstring(?::\w+|)\s+(.*)$ ^php7.0-gmp(?::\w+|)\s+(.*)$ ^php7.0-sqlite3(?::\w+|)\s+(.*)$ ^php7.0-gd(?::\w+|)\s+(.*)$ ^php7.0-common(?::\w+|)\s+(.*)$ ^php7.0-enchant(?::\w+|)\s+(.*)$ ^php7.0-odbc(?::\w+|)\s+(.*)$ ^php7.0-cli(?::\w+|)\s+(.*)$ ^php7.0-json(?::\w+|)\s+(.*)$ ^php7.0-pgsql(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.0(?::\w+|)\s+(.*)$ ^php7.0-zip(?::\w+|)\s+(.*)$ ^php7.0-mysql(?::\w+|)\s+(.*)$ ^php7.0-dba(?::\w+|)\s+(.*)$ ^php7.0-sybase(?::\w+|)\s+(.*)$ ^php7.0-pspell(?::\w+|)\s+(.*)$ ^php7.0-xml(?::\w+|)\s+(.*)$ ^php7.0-bz2(?::\w+|)\s+(.*)$ ^php7.0-recode(?::\w+|)\s+(.*)$ ^php7.0-soap(?::\w+|)\s+(.*)$ ^php7.0(?::\w+|)\s+(.*)$ ^php7.0-tidy(?::\w+|)\s+(.*)$ ^php7.0-interbase(?::\w+|)\s+(.*)$ ^php7.0-opcache(?::\w+|)\s+(.*)$ ^php7.0-readline(?::\w+|)\s+(.*)$ ^php7.0-intl(?::\w+|)\s+(.*)$ ^php7.0-imap(?::\w+|)\s+(.*)$ ^php7.0-xmlrpc(?::\w+|)\s+(.*)$ ^php7.0-bcmath(?::\w+|)\s+(.*)$ ^php7.0-dev(?::\w+|)\s+(.*)$ ^php7.0-snmp(?::\w+|)\s+(.*)$ ^memcached(?::\w+|)\s+(.*)$ ^libtiff-opengl(?::\w+|)\s+(.*)$ ^libtiffxx5(?::\w+|)\s+(.*)$ ^libtiff5-dev(?::\w+|)\s+(.*)$ ^libtiff5(?::\w+|)\s+(.*)$ ^libtiff-tools(?::\w+|)\s+(.*)$ ^libtiff-doc(?::\w+|)\s+(.*)$ ^python3-paramiko(?::\w+|)\s+(.*)$ ^paramiko-doc(?::\w+|)\s+(.*)$ ^python-paramiko(?::\w+|)\s+(.*)$ ^libvorbis0a(?::\w+|)\s+(.*)$ ^libvorbisfile3(?::\w+|)\s+(.*)$ ^libvorbisenc2(?::\w+|)\s+(.*)$ ^libvorbis-dev(?::\w+|)\s+(.*)$ ^sharutils(?::\w+|)\s+(.*)$ ^sharutils-doc(?::\w+|)\s+(.*)$ ^libtiff-opengl(?::\w+|)\s+(.*)$ ^libtiffxx5(?::\w+|)\s+(.*)$ ^libtiff5-dev(?::\w+|)\s+(.*)$ ^libtiff5(?::\w+|)\s+(.*)$ ^libtiff-tools(?::\w+|)\s+(.*)$ ^libtiff-doc(?::\w+|)\s+(.*)$ ^screen-resolution-extra(?::\w+|)\s+(.*)$ ^zsh-static(?::\w+|)\s+(.*)$ ^zsh-common(?::\w+|)\s+(.*)$ ^zsh-dev(?::\w+|)\s+(.*)$ ^zsh(?::\w+|)\s+(.*)$ ^zsh-doc(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^icu-devtools(?::\w+|)\s+(.*)$ ^libicu55(?::\w+|)\s+(.*)$ ^libicu-dev(?::\w+|)\s+(.*)$ ^icu-doc(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libcrypto1.0.0-udeb(?::\w+|)\s+(.*)$ ^libssl1.0.0-udeb(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^openjdk-8-jre-jamvm(?::\w+|)\s+(.*)$ ^libraw-doc(?::\w+|)\s+(.*)$ ^libraw-bin(?::\w+|)\s+(.*)$ ^libraw-dev(?::\w+|)\s+(.*)$ ^libraw15(?::\w+|)\s+(.*)$ ^python-crypto-doc(?::\w+|)\s+(.*)$ ^python3-crypto(?::\w+|)\s+(.*)$ ^python-crypto(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.13.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.13.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.13.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^libvncserver-config(?::\w+|)\s+(.*)$ ^libvncserver-dev(?::\w+|)\s+(.*)$ ^libvncserver1(?::\w+|)\s+(.*)$ ^libvncclient1(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^libruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3-tcltk(?::\w+|)\s+(.*)$ ^ruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3-dev(?::\w+|)\s+(.*)$ ^ruby2.3-doc(?::\w+|)\s+(.*)$ ^libwayland-bin(?::\w+|)\s+(.*)$ ^libwayland-dev(?::\w+|)\s+(.*)$ ^libwayland-cursor0(?::\w+|)\s+(.*)$ ^libwayland-server0(?::\w+|)\s+(.*)$ ^libwayland-doc(?::\w+|)\s+(.*)$ ^libwayland-client0(?::\w+|)\s+(.*)$ ^ubuntu-release-upgrader-core(?::\w+|)\s+(.*)$ ^python3-distupgrade(?::\w+|)\s+(.*)$ ^ubuntu-release-upgrader-gtk(?::\w+|)\s+(.*)$ ^ubuntu-release-upgrader-qt(?::\w+|)\s+(.*)$ ^patch(?::\w+|)\s+(.*)$ ^perl-modules-5.22(?::\w+|)\s+(.*)$ ^libperl-dev(?::\w+|)\s+(.*)$ ^perl-doc(?::\w+|)\s+(.*)$ ^perl(?::\w+|)\s+(.*)$ ^perl-base(?::\w+|)\s+(.*)$ ^perl-debug(?::\w+|)\s+(.*)$ ^libperl5.22(?::\w+|)\s+(.*)$ ^libruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3-tcltk(?::\w+|)\s+(.*)$ ^ruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3-dev(?::\w+|)\s+(.*)$ ^ruby2.3-doc(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libcrypto1.0.0-udeb(?::\w+|)\s+(.*)$ ^libssl1.0.0-udeb(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-common(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.13.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.13.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.13.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.13.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-euclid)(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^libqpdf-dev(?::\w+|)\s+(.*)$ ^qpdf(?::\w+|)\s+(.*)$ ^libqpdf21(?::\w+|)\s+(.*)$ ^libraw-doc(?::\w+|)\s+(.*)$ ^libraw-bin(?::\w+|)\s+(.*)$ ^libraw-dev(?::\w+|)\s+(.*)$ ^libraw15(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.13.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.13.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.13.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.13.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-euclid)(?::\w+|)\s+(.*)$ ^wget(?::\w+|)\s+(.*)$ ^wget-udeb(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^openjdk-8-jre-jamvm(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^php7.0-cgi(?::\w+|)\s+(.*)$ ^php7.0-mcrypt(?::\w+|)\s+(.*)$ ^php7.0-xsl(?::\w+|)\s+(.*)$ ^php7.0-fpm(?::\w+|)\s+(.*)$ ^libphp7.0-embed(?::\w+|)\s+(.*)$ ^php7.0-phpdbg(?::\w+|)\s+(.*)$ ^php7.0-curl(?::\w+|)\s+(.*)$ ^php7.0-ldap(?::\w+|)\s+(.*)$ ^php7.0-mbstring(?::\w+|)\s+(.*)$ ^php7.0-gmp(?::\w+|)\s+(.*)$ ^php7.0-sqlite3(?::\w+|)\s+(.*)$ ^php7.0-gd(?::\w+|)\s+(.*)$ ^php7.0-common(?::\w+|)\s+(.*)$ ^php7.0-enchant(?::\w+|)\s+(.*)$ ^php7.0-odbc(?::\w+|)\s+(.*)$ ^php7.0-cli(?::\w+|)\s+(.*)$ ^php7.0-json(?::\w+|)\s+(.*)$ ^php7.0-pgsql(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.0(?::\w+|)\s+(.*)$ ^php7.0-zip(?::\w+|)\s+(.*)$ ^php7.0-mysql(?::\w+|)\s+(.*)$ ^php7.0-dba(?::\w+|)\s+(.*)$ ^php7.0-sybase(?::\w+|)\s+(.*)$ ^php7.0-pspell(?::\w+|)\s+(.*)$ ^php7.0-xml(?::\w+|)\s+(.*)$ ^php7.0-bz2(?::\w+|)\s+(.*)$ ^php7.0-recode(?::\w+|)\s+(.*)$ ^php7.0-soap(?::\w+|)\s+(.*)$ ^php7.0(?::\w+|)\s+(.*)$ ^php7.0-tidy(?::\w+|)\s+(.*)$ ^php7.0-interbase(?::\w+|)\s+(.*)$ ^php7.0-opcache(?::\w+|)\s+(.*)$ ^php7.0-readline(?::\w+|)\s+(.*)$ ^php7.0-intl(?::\w+|)\s+(.*)$ ^php7.0-imap(?::\w+|)\s+(.*)$ ^php7.0-xmlrpc(?::\w+|)\s+(.*)$ ^php7.0-bcmath(?::\w+|)\s+(.*)$ ^php7.0-dev(?::\w+|)\s+(.*)$ ^php7.0-snmp(?::\w+|)\s+(.*)$ ^libpoppler58(?::\w+|)\s+(.*)$ ^poppler-utils(?::\w+|)\s+(.*)$ ^libpoppler-qt5-1(?::\w+|)\s+(.*)$ ^libpoppler-cpp-dev(?::\w+|)\s+(.*)$ ^libpoppler-cpp0(?::\w+|)\s+(.*)$ ^gir1.2-poppler-0.18(?::\w+|)\s+(.*)$ ^libpoppler-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib8(?::\w+|)\s+(.*)$ ^libpoppler-private-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt4-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt4-4(?::\w+|)\s+(.*)$ ^libpoppler-qt5-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-doc(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl3(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-aarch64(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^xdg-utils(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-aarch64(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.13.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.13.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.13.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.13.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^libprocps4-dev(?::\w+|)\s+(.*)$ ^libprocps4(?::\w+|)\s+(.*)$ ^procps(?::\w+|)\s+(.*)$ ^libspice-protocol-dev(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-globalmenu(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-testsuite(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-384(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-375(?::\w+|)\s+(.*)$ ^nvidia-375-dev(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-384(?::\w+|)\s+(.*)$ ^nvidia-384-dev(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-375(?::\w+|)\s+(.*)$ ^libcuda1-384(?::\w+|)\s+(.*)$ ^nvidia-384(?::\w+|)\s+(.*)$ ^libcuda1-375(?::\w+|)\s+(.*)$ ^nvidia-375(?::\w+|)\s+(.*)$ ^python-apport(?::\w+|)\s+(.*)$ ^python3-problem-report(?::\w+|)\s+(.*)$ ^apport-kde(?::\w+|)\s+(.*)$ ^apport-retrace(?::\w+|)\s+(.*)$ ^apport-valgrind(?::\w+|)\s+(.*)$ ^python3-apport(?::\w+|)\s+(.*)$ ^dh-apport(?::\w+|)\s+(.*)$ ^apport-gtk(?::\w+|)\s+(.*)$ ^apport(?::\w+|)\s+(.*)$ ^python-problem-report(?::\w+|)\s+(.*)$ ^apport-noui(?::\w+|)\s+(.*)$ ^tomcat8-docs(?::\w+|)\s+(.*)$ ^tomcat8-user(?::\w+|)\s+(.*)$ ^libservlet3.1-java(?::\w+|)\s+(.*)$ ^libservlet3.1-java-doc(?::\w+|)\s+(.*)$ ^tomcat8-examples(?::\w+|)\s+(.*)$ ^tomcat8-admin(?::\w+|)\s+(.*)$ ^libtomcat8-java(?::\w+|)\s+(.*)$ ^tomcat8-common(?::\w+|)\s+(.*)$ ^tomcat8(?::\w+|)\s+(.*)$ ^python-oslo.middleware-doc(?::\w+|)\s+(.*)$ ^python-oslo-middleware(?::\w+|)\s+(.*)$ ^python3-oslo-middleware(?::\w+|)\s+(.*)$ ^python-oslo-middleware-doc(?::\w+|)\s+(.*)$ ^python-oslo.middleware(?::\w+|)\s+(.*)$ ^python3-oslo.middleware(?::\w+|)\s+(.*)$ ^exempi(?::\w+|)\s+(.*)$ ^libexempi3(?::\w+|)\s+(.*)$ ^libexempi-dev(?::\w+|)\s+(.*)$ ^liblouis9(?::\w+|)\s+(.*)$ ^liblouis-bin(?::\w+|)\s+(.*)$ ^python-louis(?::\w+|)\s+(.*)$ ^liblouis-dev(?::\w+|)\s+(.*)$ ^python3-louis(?::\w+|)\s+(.*)$ ^liblouis-data(?::\w+|)\s+(.*)$ ^libasm1(?::\w+|)\s+(.*)$ ^libdw-dev(?::\w+|)\s+(.*)$ ^libelf1(?::\w+|)\s+(.*)$ ^libelf-dev(?::\w+|)\s+(.*)$ ^elfutils(?::\w+|)\s+(.*)$ ^libdw1(?::\w+|)\s+(.*)$ ^libasm-dev(?::\w+|)\s+(.*)$ ^git(?::\w+|)\s+(.*)$ ^gitweb(?::\w+|)\s+(.*)$ ^git-gui(?::\w+|)\s+(.*)$ ^git-daemon-sysvinit(?::\w+|)\s+(.*)$ ^git-arch(?::\w+|)\s+(.*)$ ^git-el(?::\w+|)\s+(.*)$ ^gitk(?::\w+|)\s+(.*)$ ^git-all(?::\w+|)\s+(.*)$ ^git-mediawiki(?::\w+|)\s+(.*)$ ^git-daemon-run(?::\w+|)\s+(.*)$ ^git-man(?::\w+|)\s+(.*)$ ^git-doc(?::\w+|)\s+(.*)$ ^git-svn(?::\w+|)\s+(.*)$ ^git-cvs(?::\w+|)\s+(.*)$ ^git-core(?::\w+|)\s+(.*)$ ^git-email(?::\w+|)\s+(.*)$ ^liblouis9(?::\w+|)\s+(.*)$ ^liblouis-bin(?::\w+|)\s+(.*)$ ^python-louis(?::\w+|)\s+(.*)$ ^liblouis-dev(?::\w+|)\s+(.*)$ ^python3-louis(?::\w+|)\s+(.*)$ ^liblouis-data(?::\w+|)\s+(.*)$ ^libunbound2(?::\w+|)\s+(.*)$ ^unbound(?::\w+|)\s+(.*)$ ^python-unbound(?::\w+|)\s+(.*)$ ^unbound-anchor(?::\w+|)\s+(.*)$ ^unbound-host(?::\w+|)\s+(.*)$ ^libunbound-dev(?::\w+|)\s+(.*)$ ^gnupg-curl(?::\w+|)\s+(.*)$ ^gpgv-udeb(?::\w+|)\s+(.*)$ ^gpgv(?::\w+|)\s+(.*)$ ^gnupg(?::\w+|)\s+(.*)$ ^dirmngr(?::\w+|)\s+(.*)$ ^scdaemon(?::\w+|)\s+(.*)$ ^gpgsm(?::\w+|)\s+(.*)$ ^gnupg-agent(?::\w+|)\s+(.*)$ ^gnupg2(?::\w+|)\s+(.*)$ ^gpgv-udeb(?::\w+|)\s+(.*)$ ^gpgv2(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.13.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.13.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.13.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-aarch64(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^libvirt0(?::\w+|)\s+(.*)$ ^libvirt-dev(?::\w+|)\s+(.*)$ ^libvirt-doc(?::\w+|)\s+(.*)$ ^libvirt-bin(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-5v5(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-2(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2-extra(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^perl-modules-5.22(?::\w+|)\s+(.*)$ ^libperl-dev(?::\w+|)\s+(.*)$ ^perl-doc(?::\w+|)\s+(.*)$ ^perl(?::\w+|)\s+(.*)$ ^perl-base(?::\w+|)\s+(.*)$ ^perl-debug(?::\w+|)\s+(.*)$ ^libperl5.22(?::\w+|)\s+(.*)$ ^libruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3-tcltk(?::\w+|)\s+(.*)$ ^ruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3-dev(?::\w+|)\s+(.*)$ ^ruby2.3-doc(?::\w+|)\s+(.*)$ ^libmagic-dev(?::\w+|)\s+(.*)$ ^python-magic(?::\w+|)\s+(.*)$ ^libmagic1(?::\w+|)\s+(.*)$ ^python3-magic(?::\w+|)\s+(.*)$ ^file(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^libgcrypt11-dev(?::\w+|)\s+(.*)$ ^libgcrypt20(?::\w+|)\s+(.*)$ ^libgcrypt20-doc(?::\w+|)\s+(.*)$ ^libgcrypt20-udeb(?::\w+|)\s+(.*)$ ^libgcrypt20-dev(?::\w+|)\s+(.*)$ ^amd64-microcode(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libcrypto1.0.0-udeb(?::\w+|)\s+(.*)$ ^libssl1.0.0-udeb(?::\w+|)\s+(.*)$ ^libjasper-runtime(?::\w+|)\s+(.*)$ ^libjasper-dev(?::\w+|)\s+(.*)$ ^libjasper1(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.13.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^zziplib-bin(?::\w+|)\s+(.*)$ ^libzzip-dev(?::\w+|)\s+(.*)$ ^libzzip-0-13(?::\w+|)\s+(.*)$ ^exiv2(?::\w+|)\s+(.*)$ ^libexiv2-14(?::\w+|)\s+(.*)$ ^libexiv2-doc(?::\w+|)\s+(.*)$ ^libexiv2-dev(?::\w+|)\s+(.*)$ ^libsoup-gnome2.4-1(?::\w+|)\s+(.*)$ ^libsoup-gnome2.4-dev(?::\w+|)\s+(.*)$ ^gir1.2-soup-2.4(?::\w+|)\s+(.*)$ ^libsoup2.4-1(?::\w+|)\s+(.*)$ ^libsoup2.4-dev(?::\w+|)\s+(.*)$ ^libsoup2.4-doc(?::\w+|)\s+(.*)$ ^libarchive-zip-perl(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^libjpeg-turbo8(?::\w+|)\s+(.*)$ ^libjpeg-turbo-test(?::\w+|)\s+(.*)$ ^libjpeg-turbo8-dev(?::\w+|)\s+(.*)$ ^libturbojpeg(?::\w+|)\s+(.*)$ ^libjpeg-turbo-progs(?::\w+|)\s+(.*)$ ^ntp(?::\w+|)\s+(.*)$ ^ntp-doc(?::\w+|)\s+(.*)$ ^ntpdate(?::\w+|)\s+(.*)$ ^libslp-dev(?::\w+|)\s+(.*)$ ^openslp-doc(?::\w+|)\s+(.*)$ ^slptool(?::\w+|)\s+(.*)$ ^slpd(?::\w+|)\s+(.*)$ ^libslp1(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-5v5(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-2(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2-extra(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2(?::\w+|)\s+(.*)$ ^libpng12-0-udeb(?::\w+|)\s+(.*)$ ^libpng12-dev(?::\w+|)\s+(.*)$ ^libpng3(?::\w+|)\s+(.*)$ ^libpng12-0(?::\w+|)\s+(.*)$ ^libcupscgi1(?::\w+|)\s+(.*)$ ^libcups2-dev(?::\w+|)\s+(.*)$ ^cups-bsd(?::\w+|)\s+(.*)$ ^libcupsmime1(?::\w+|)\s+(.*)$ ^cups-common(?::\w+|)\s+(.*)$ ^cups-core-drivers(?::\w+|)\s+(.*)$ ^cups-server-common(?::\w+|)\s+(.*)$ ^libcupsimage2(?::\w+|)\s+(.*)$ ^cups-client(?::\w+|)\s+(.*)$ ^libcupscgi1-dev(?::\w+|)\s+(.*)$ ^cups-ipp-utils(?::\w+|)\s+(.*)$ ^libcups2(?::\w+|)\s+(.*)$ ^libcupsmime1-dev(?::\w+|)\s+(.*)$ ^cups-ppdc(?::\w+|)\s+(.*)$ ^libcupsppdc1(?::\w+|)\s+(.*)$ ^cups(?::\w+|)\s+(.*)$ ^libcupsppdc1-dev(?::\w+|)\s+(.*)$ ^libcupsimage2-dev(?::\w+|)\s+(.*)$ ^cups-daemon(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-globalmenu(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-testsuite(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^dns-root-data(?::\w+|)\s+(.*)$ ^dnsmasq(?::\w+|)\s+(.*)$ ^dnsmasq-utils(?::\w+|)\s+(.*)$ ^dnsmasq-base(?::\w+|)\s+(.*)$ ^libpolkit-backend-1-0(?::\w+|)\s+(.*)$ ^policykit-1-doc(?::\w+|)\s+(.*)$ ^libpolkit-gobject-1-dev(?::\w+|)\s+(.*)$ ^libpolkit-agent-1-0(?::\w+|)\s+(.*)$ ^libpolkit-gobject-1-0(?::\w+|)\s+(.*)$ ^policykit-1(?::\w+|)\s+(.*)$ ^gir1.2-polkit-1.0(?::\w+|)\s+(.*)$ ^libpolkit-backend-1-dev(?::\w+|)\s+(.*)$ ^libpolkit-agent-1-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^mutt-patched(?::\w+|)\s+(.*)$ ^mutt(?::\w+|)\s+(.*)$ ^mutt-patched(?::\w+|)\s+(.*)$ ^mutt(?::\w+|)\s+(.*)$ ^libclamav-dev(?::\w+|)\s+(.*)$ ^clamav-testfiles(?::\w+|)\s+(.*)$ ^clamav-base(?::\w+|)\s+(.*)$ ^clamav(?::\w+|)\s+(.*)$ ^libclamav7(?::\w+|)\s+(.*)$ ^clamav-daemon(?::\w+|)\s+(.*)$ ^clamav-milter(?::\w+|)\s+(.*)$ ^clamav-docs(?::\w+|)\s+(.*)$ ^clamav-freshclam(?::\w+|)\s+(.*)$ ^clamdscan(?::\w+|)\s+(.*)$ ^libclamav-dev(?::\w+|)\s+(.*)$ ^clamav-testfiles(?::\w+|)\s+(.*)$ ^clamav-base(?::\w+|)\s+(.*)$ ^clamav(?::\w+|)\s+(.*)$ ^libclamav7(?::\w+|)\s+(.*)$ ^clamav-daemon(?::\w+|)\s+(.*)$ ^clamav-milter(?::\w+|)\s+(.*)$ ^clamav-docs(?::\w+|)\s+(.*)$ ^clamav-freshclam(?::\w+|)\s+(.*)$ ^clamdscan(?::\w+|)\s+(.*)$ ^libclamav-dev(?::\w+|)\s+(.*)$ ^clamav-testfiles(?::\w+|)\s+(.*)$ ^clamav-base(?::\w+|)\s+(.*)$ ^clamav(?::\w+|)\s+(.*)$ ^libclamav7(?::\w+|)\s+(.*)$ ^clamav-daemon(?::\w+|)\s+(.*)$ ^clamav-milter(?::\w+|)\s+(.*)$ ^clamav-docs(?::\w+|)\s+(.*)$ ^clamav-freshclam(?::\w+|)\s+(.*)$ ^clamdscan(?::\w+|)\s+(.*)$ ^tomcat8-docs(?::\w+|)\s+(.*)$ ^tomcat8-user(?::\w+|)\s+(.*)$ ^libservlet3.1-java(?::\w+|)\s+(.*)$ ^libservlet3.1-java-doc(?::\w+|)\s+(.*)$ ^tomcat8-examples(?::\w+|)\s+(.*)$ ^tomcat8-admin(?::\w+|)\s+(.*)$ ^libtomcat8-java(?::\w+|)\s+(.*)$ ^tomcat8-common(?::\w+|)\s+(.*)$ ^tomcat8(?::\w+|)\s+(.*)$ ^libecal1.2-dev(?::\w+|)\s+(.*)$ ^libedataserver-1.2-21(?::\w+|)\s+(.*)$ ^libebackend-1.2-10(?::\w+|)\s+(.*)$ ^libebook1.2-dev(?::\w+|)\s+(.*)$ ^libedata-cal1.2-dev(?::\w+|)\s+(.*)$ ^libcamel-1.2-54(?::\w+|)\s+(.*)$ ^libebook-contacts-1.2-2(?::\w+|)\s+(.*)$ ^libedata-book1.2-dev(?::\w+|)\s+(.*)$ ^libecal-1.2-19(?::\w+|)\s+(.*)$ ^evolution-data-server-online-accounts(?::\w+|)\s+(.*)$ ^libebackend1.2-dev(?::\w+|)\s+(.*)$ ^libcamel1.2-dev(?::\w+|)\s+(.*)$ ^libedataserverui-1.2-1(?::\w+|)\s+(.*)$ ^gir1.2-edataserver-1.2(?::\w+|)\s+(.*)$ ^libedataserver1.2-dev(?::\w+|)\s+(.*)$ ^libebook-contacts1.2-dev(?::\w+|)\s+(.*)$ ^gir1.2-ebookcontacts-1.2(?::\w+|)\s+(.*)$ ^libedata-book-1.2-25(?::\w+|)\s+(.*)$ ^evolution-data-server(?::\w+|)\s+(.*)$ ^evolution-data-server-common(?::\w+|)\s+(.*)$ ^libedataserverui1.2-dev(?::\w+|)\s+(.*)$ ^evolution-data-server-doc(?::\w+|)\s+(.*)$ ^libebook-1.2-16(?::\w+|)\s+(.*)$ ^evolution-data-server-dev(?::\w+|)\s+(.*)$ ^gir1.2-ebook-1.2(?::\w+|)\s+(.*)$ ^libedata-cal-1.2-28(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-common(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^libmspack0(?::\w+|)\s+(.*)$ ^libmspack-dev(?::\w+|)\s+(.*)$ ^libmspack-doc(?::\w+|)\s+(.*)$ ^libxcursor-dev(?::\w+|)\s+(.*)$ ^libxcursor1(?::\w+|)\s+(.*)$ ^libxcursor1-udeb(?::\w+|)\s+(.*)$ ^lftp(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^gnupg-curl(?::\w+|)\s+(.*)$ ^gpgv-udeb(?::\w+|)\s+(.*)$ ^gpgv(?::\w+|)\s+(.*)$ ^gnupg(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^openjdk-8-jre-jamvm(?::\w+|)\s+(.*)$ ^bsdcpio(?::\w+|)\s+(.*)$ ^libarchive13(?::\w+|)\s+(.*)$ ^bsdtar(?::\w+|)\s+(.*)$ ^libarchive-dev(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^python-libxml2(?::\w+|)\s+(.*)$ ^libxml2-utils(?::\w+|)\s+(.*)$ ^libxml2(?::\w+|)\s+(.*)$ ^libxml2-udeb(?::\w+|)\s+(.*)$ ^libxml2-doc(?::\w+|)\s+(.*)$ ^libxml2-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^postgresql-doc-9.5(?::\w+|)\s+(.*)$ ^postgresql-plperl-9.5(?::\w+|)\s+(.*)$ ^postgresql-server-dev-9.5(?::\w+|)\s+(.*)$ ^postgresql-9.5(?::\w+|)\s+(.*)$ ^postgresql-plpython-9.5(?::\w+|)\s+(.*)$ ^libecpg6(?::\w+|)\s+(.*)$ ^postgresql-client-9.5(?::\w+|)\s+(.*)$ ^libpq-dev(?::\w+|)\s+(.*)$ ^postgresql-contrib-9.5(?::\w+|)\s+(.*)$ ^libpgtypes3(?::\w+|)\s+(.*)$ ^libecpg-dev(?::\w+|)\s+(.*)$ ^postgresql-pltcl-9.5(?::\w+|)\s+(.*)$ ^libpq5(?::\w+|)\s+(.*)$ ^postgresql-plpython3-9.5(?::\w+|)\s+(.*)$ ^libecpg-compat3(?::\w+|)\s+(.*)$ ^hostapd(?::\w+|)\s+(.*)$ ^wpagui(?::\w+|)\s+(.*)$ ^wpasupplicant-udeb(?::\w+|)\s+(.*)$ ^wpasupplicant(?::\w+|)\s+(.*)$ ^libspice-protocol-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^libgd3(?::\w+|)\s+(.*)$ ^libgd-tools(?::\w+|)\s+(.*)$ ^libgd-dev(?::\w+|)\s+(.*)$ ^intel-microcode(?::\w+|)\s+(.*)$ ^libpoppler58(?::\w+|)\s+(.*)$ ^poppler-utils(?::\w+|)\s+(.*)$ ^libpoppler-qt5-1(?::\w+|)\s+(.*)$ ^libpoppler-cpp-dev(?::\w+|)\s+(.*)$ ^libpoppler-cpp0(?::\w+|)\s+(.*)$ ^gir1.2-poppler-0.18(?::\w+|)\s+(.*)$ ^libpoppler-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib8(?::\w+|)\s+(.*)$ ^libpoppler-private-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt4-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt4-4(?::\w+|)\s+(.*)$ ^libpoppler-qt5-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-doc(?::\w+|)\s+(.*)$ ^libx11-6(?::\w+|)\s+(.*)$ ^libx11-data(?::\w+|)\s+(.*)$ ^libx11-xcb-dev(?::\w+|)\s+(.*)$ ^libx11-xcb1(?::\w+|)\s+(.*)$ ^libx11-doc(?::\w+|)\s+(.*)$ ^libx11-6-udeb(?::\w+|)\s+(.*)$ ^libx11-dev(?::\w+|)\s+(.*)$ ^libtirpc1(?::\w+|)\s+(.*)$ ^libtirpc-dev(?::\w+|)\s+(.*)$ ^transfig(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^zsh-static(?::\w+|)\s+(.*)$ ^zsh-common(?::\w+|)\s+(.*)$ ^zsh-dev(?::\w+|)\s+(.*)$ ^zsh(?::\w+|)\s+(.*)$ ^zsh-doc(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl3(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^php7.0-cgi(?::\w+|)\s+(.*)$ ^php7.0-mcrypt(?::\w+|)\s+(.*)$ ^php7.0-xsl(?::\w+|)\s+(.*)$ ^php7.0-fpm(?::\w+|)\s+(.*)$ ^libphp7.0-embed(?::\w+|)\s+(.*)$ ^php7.0-phpdbg(?::\w+|)\s+(.*)$ ^php7.0-curl(?::\w+|)\s+(.*)$ ^php7.0-ldap(?::\w+|)\s+(.*)$ ^php7.0-mbstring(?::\w+|)\s+(.*)$ ^php7.0-gmp(?::\w+|)\s+(.*)$ ^php7.0-sqlite3(?::\w+|)\s+(.*)$ ^php7.0-gd(?::\w+|)\s+(.*)$ ^php7.0-common(?::\w+|)\s+(.*)$ ^php7.0-enchant(?::\w+|)\s+(.*)$ ^php7.0-odbc(?::\w+|)\s+(.*)$ ^php7.0-cli(?::\w+|)\s+(.*)$ ^php7.0-json(?::\w+|)\s+(.*)$ ^php7.0-pgsql(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.0(?::\w+|)\s+(.*)$ ^php7.0-zip(?::\w+|)\s+(.*)$ ^php7.0-mysql(?::\w+|)\s+(.*)$ ^php7.0-dba(?::\w+|)\s+(.*)$ ^php7.0-sybase(?::\w+|)\s+(.*)$ ^php7.0-pspell(?::\w+|)\s+(.*)$ ^php7.0-xml(?::\w+|)\s+(.*)$ ^php7.0-bz2(?::\w+|)\s+(.*)$ ^php7.0-recode(?::\w+|)\s+(.*)$ ^php7.0-soap(?::\w+|)\s+(.*)$ ^php7.0(?::\w+|)\s+(.*)$ ^php7.0-tidy(?::\w+|)\s+(.*)$ ^php7.0-interbase(?::\w+|)\s+(.*)$ ^php7.0-opcache(?::\w+|)\s+(.*)$ ^php7.0-readline(?::\w+|)\s+(.*)$ ^php7.0-intl(?::\w+|)\s+(.*)$ ^php7.0-imap(?::\w+|)\s+(.*)$ ^php7.0-xmlrpc(?::\w+|)\s+(.*)$ ^php7.0-bcmath(?::\w+|)\s+(.*)$ ^php7.0-dev(?::\w+|)\s+(.*)$ ^php7.0-snmp(?::\w+|)\s+(.*)$ ^libglib2.0-0(?::\w+|)\s+(.*)$ ^libglib2.0-0-refdbg(?::\w+|)\s+(.*)$ ^libglib2.0-data(?::\w+|)\s+(.*)$ ^libglib2.0-udeb(?::\w+|)\s+(.*)$ ^libglib2.0-tests(?::\w+|)\s+(.*)$ ^libglib2.0-doc(?::\w+|)\s+(.*)$ ^libglib2.0-bin(?::\w+|)\s+(.*)$ ^libglib2.0-dev(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^libisccfg-export140-udeb(?::\w+|)\s+(.*)$ ^libisc160(?::\w+|)\s+(.*)$ ^libisccc-export140-udeb(?::\w+|)\s+(.*)$ ^libdns162(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^libisc-export160-udeb(?::\w+|)\s+(.*)$ ^liblwres141(?::\w+|)\s+(.*)$ ^libisccc-export140(?::\w+|)\s+(.*)$ ^libisccfg-export140(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^libisc-export160(?::\w+|)\s+(.*)$ ^libdns-export162-udeb(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libisccc140(?::\w+|)\s+(.*)$ ^host(?::\w+|)\s+(.*)$ ^libisccfg140(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^libdns-export162(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^libirs-export141-udeb(?::\w+|)\s+(.*)$ ^libbind9-140(?::\w+|)\s+(.*)$ ^libirs141(?::\w+|)\s+(.*)$ ^libirs-export141(?::\w+|)\s+(.*)$ ^lwresd(?::\w+|)\s+(.*)$ ^liblcms2-dev(?::\w+|)\s+(.*)$ ^liblcms2-2(?::\w+|)\s+(.*)$ ^liblcms2-utils(?::\w+|)\s+(.*)$ ^strongswan-plugin-xauth-noauth(?::\w+|)\s+(.*)$ ^libcharon-extra-plugins(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-simaka-pseudonym(?::\w+|)\s+(.*)$ ^libstrongswan-extra-plugins(?::\w+|)\s+(.*)$ ^strongswan-plugin-unbound(?::\w+|)\s+(.*)$ ^strongswan-plugin-farp(?::\w+|)\s+(.*)$ ^strongswan-charon(?::\w+|)\s+(.*)$ ^strongswan-ikev1(?::\w+|)\s+(.*)$ ^strongswan-plugin-pkcs11(?::\w+|)\s+(.*)$ ^strongswan-plugin-xauth-eap(?::\w+|)\s+(.*)$ ^strongswan-plugin-sshkey(?::\w+|)\s+(.*)$ ^strongswan-plugin-error-notify(?::\w+|)\s+(.*)$ ^strongswan-plugin-gcrypt(?::\w+|)\s+(.*)$ ^strongswan-plugin-sql(?::\w+|)\s+(.*)$ ^strongswan-plugin-coupling(?::\w+|)\s+(.*)$ ^strongswan-plugin-xauth-generic(?::\w+|)\s+(.*)$ ^strongswan-plugin-lookip(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-ttls(?::\w+|)\s+(.*)$ ^strongswan-plugin-af-alg(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-aka-3gpp2(?::\w+|)\s+(.*)$ ^strongswan-ike(?::\w+|)\s+(.*)$ ^strongswan-plugin-dnskey(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-aka(?::\w+|)\s+(.*)$ ^libstrongswan(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-simaka-sql(?::\w+|)\s+(.*)$ ^libstrongswan-standard-plugins(?::\w+|)\s+(.*)$ ^strongswan-plugin-sqlite(?::\w+|)\s+(.*)$ ^strongswan-plugin-duplicheck(?::\w+|)\s+(.*)$ ^strongswan(?::\w+|)\s+(.*)$ ^strongswan-tnc-server(?::\w+|)\s+(.*)$ ^strongswan-plugin-attr-sql(?::\w+|)\s+(.*)$ ^strongswan-tnc-base(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-peap(?::\w+|)\s+(.*)$ ^strongswan-starter(?::\w+|)\s+(.*)$ ^strongswan-plugin-curl(?::\w+|)\s+(.*)$ ^strongswan-plugin-radattr(?::\w+|)\s+(.*)$ ^strongswan-plugin-soup(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-dynamic(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-gtc(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-tls(?::\w+|)\s+(.*)$ ^strongswan-tnc-ifmap(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-tnc(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-radius(?::\w+|)\s+(.*)$ ^strongswan-ikev2(?::\w+|)\s+(.*)$ ^strongswan-plugin-mysql(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-simaka-reauth(?::\w+|)\s+(.*)$ ^strongswan-plugin-openssl(?::\w+|)\s+(.*)$ ^strongswan-plugin-dnscert(?::\w+|)\s+(.*)$ ^strongswan-plugin-xauth-pam(?::\w+|)\s+(.*)$ ^strongswan-plugin-pubkey(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-md5(?::\w+|)\s+(.*)$ ^charon-cmd(?::\w+|)\s+(.*)$ ^strongswan-plugin-whitelist(?::\w+|)\s+(.*)$ ^strongswan-plugin-fips-prf(?::\w+|)\s+(.*)$ ^strongswan-libcharon(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-mschapv2(?::\w+|)\s+(.*)$ ^strongswan-nm(?::\w+|)\s+(.*)$ ^strongswan-plugin-ldap(?::\w+|)\s+(.*)$ ^strongswan-plugin-certexpire(?::\w+|)\s+(.*)$ ^strongswan-tnc-pdp(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-sim(?::\w+|)\s+(.*)$ ^strongswan-plugin-kernel-libipsec(?::\w+|)\s+(.*)$ ^strongswan-plugin-ipseckey(?::\w+|)\s+(.*)$ ^strongswan-plugin-dhcp(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-sim-pcsc(?::\w+|)\s+(.*)$ ^strongswan-plugin-ntru(?::\w+|)\s+(.*)$ ^strongswan-plugin-gmp(?::\w+|)\s+(.*)$ ^strongswan-plugin-agent(?::\w+|)\s+(.*)$ ^strongswan-plugin-pgp(?::\w+|)\s+(.*)$ ^strongswan-tnc-client(?::\w+|)\s+(.*)$ ^strongswan-plugin-load-tester(?::\w+|)\s+(.*)$ ^strongswan-plugin-unity(?::\w+|)\s+(.*)$ ^strongswan-plugin-led(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-sim-file(?::\w+|)\s+(.*)$ ^strongswan-plugin-systime-fix(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^strongswan-plugin-xauth-noauth(?::\w+|)\s+(.*)$ ^libcharon-extra-plugins(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-simaka-pseudonym(?::\w+|)\s+(.*)$ ^libstrongswan-extra-plugins(?::\w+|)\s+(.*)$ ^strongswan-plugin-unbound(?::\w+|)\s+(.*)$ ^strongswan-plugin-farp(?::\w+|)\s+(.*)$ ^strongswan-charon(?::\w+|)\s+(.*)$ ^strongswan-ikev1(?::\w+|)\s+(.*)$ ^strongswan-plugin-pkcs11(?::\w+|)\s+(.*)$ ^strongswan-plugin-xauth-eap(?::\w+|)\s+(.*)$ ^strongswan-plugin-sshkey(?::\w+|)\s+(.*)$ ^strongswan-plugin-error-notify(?::\w+|)\s+(.*)$ ^strongswan-plugin-gcrypt(?::\w+|)\s+(.*)$ ^strongswan-plugin-sql(?::\w+|)\s+(.*)$ ^strongswan-plugin-coupling(?::\w+|)\s+(.*)$ ^strongswan-plugin-xauth-generic(?::\w+|)\s+(.*)$ ^strongswan-plugin-lookip(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-ttls(?::\w+|)\s+(.*)$ ^strongswan-plugin-af-alg(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-aka-3gpp2(?::\w+|)\s+(.*)$ ^strongswan-ike(?::\w+|)\s+(.*)$ ^strongswan-plugin-dnskey(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-aka(?::\w+|)\s+(.*)$ ^libstrongswan(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-simaka-sql(?::\w+|)\s+(.*)$ ^libstrongswan-standard-plugins(?::\w+|)\s+(.*)$ ^strongswan-plugin-sqlite(?::\w+|)\s+(.*)$ ^strongswan-plugin-duplicheck(?::\w+|)\s+(.*)$ ^strongswan(?::\w+|)\s+(.*)$ ^strongswan-tnc-server(?::\w+|)\s+(.*)$ ^strongswan-plugin-attr-sql(?::\w+|)\s+(.*)$ ^strongswan-tnc-base(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-peap(?::\w+|)\s+(.*)$ ^strongswan-starter(?::\w+|)\s+(.*)$ ^strongswan-plugin-curl(?::\w+|)\s+(.*)$ ^strongswan-plugin-radattr(?::\w+|)\s+(.*)$ ^strongswan-plugin-soup(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-dynamic(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-gtc(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-tls(?::\w+|)\s+(.*)$ ^strongswan-tnc-ifmap(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-tnc(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-radius(?::\w+|)\s+(.*)$ ^strongswan-ikev2(?::\w+|)\s+(.*)$ ^strongswan-plugin-mysql(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-simaka-reauth(?::\w+|)\s+(.*)$ ^strongswan-plugin-openssl(?::\w+|)\s+(.*)$ ^strongswan-plugin-dnscert(?::\w+|)\s+(.*)$ ^strongswan-plugin-xauth-pam(?::\w+|)\s+(.*)$ ^strongswan-plugin-pubkey(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-md5(?::\w+|)\s+(.*)$ ^charon-cmd(?::\w+|)\s+(.*)$ ^strongswan-plugin-whitelist(?::\w+|)\s+(.*)$ ^strongswan-plugin-fips-prf(?::\w+|)\s+(.*)$ ^strongswan-libcharon(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-mschapv2(?::\w+|)\s+(.*)$ ^strongswan-nm(?::\w+|)\s+(.*)$ ^strongswan-plugin-ldap(?::\w+|)\s+(.*)$ ^strongswan-plugin-certexpire(?::\w+|)\s+(.*)$ ^strongswan-tnc-pdp(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-sim(?::\w+|)\s+(.*)$ ^strongswan-plugin-kernel-libipsec(?::\w+|)\s+(.*)$ ^strongswan-plugin-ipseckey(?::\w+|)\s+(.*)$ ^strongswan-plugin-dhcp(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-sim-pcsc(?::\w+|)\s+(.*)$ ^strongswan-plugin-ntru(?::\w+|)\s+(.*)$ ^strongswan-plugin-gmp(?::\w+|)\s+(.*)$ ^strongswan-plugin-agent(?::\w+|)\s+(.*)$ ^strongswan-plugin-pgp(?::\w+|)\s+(.*)$ ^strongswan-tnc-client(?::\w+|)\s+(.*)$ ^strongswan-plugin-load-tester(?::\w+|)\s+(.*)$ ^strongswan-plugin-unity(?::\w+|)\s+(.*)$ ^strongswan-plugin-led(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-sim-file(?::\w+|)\s+(.*)$ ^strongswan-plugin-systime-fix(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^liblouis9(?::\w+|)\s+(.*)$ ^liblouis-bin(?::\w+|)\s+(.*)$ ^python-louis(?::\w+|)\s+(.*)$ ^liblouis-dev(?::\w+|)\s+(.*)$ ^python3-louis(?::\w+|)\s+(.*)$ ^liblouis-data(?::\w+|)\s+(.*)$ ^apparmor-docs(?::\w+|)\s+(.*)$ ^python-apparmor(?::\w+|)\s+(.*)$ ^libapparmor-dev(?::\w+|)\s+(.*)$ ^libapparmor-perl(?::\w+|)\s+(.*)$ ^libapparmor1(?::\w+|)\s+(.*)$ ^apparmor-notify(?::\w+|)\s+(.*)$ ^apparmor-profiles(?::\w+|)\s+(.*)$ ^python3-libapparmor(?::\w+|)\s+(.*)$ ^python-libapparmor(?::\w+|)\s+(.*)$ ^libpam-apparmor(?::\w+|)\s+(.*)$ ^apparmor-easyprof(?::\w+|)\s+(.*)$ ^apparmor(?::\w+|)\s+(.*)$ ^python3-apparmor(?::\w+|)\s+(.*)$ ^apparmor-utils(?::\w+|)\s+(.*)$ ^libapache2-mod-apparmor(?::\w+|)\s+(.*)$ ^dh-apparmor(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-5v5(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-2(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2-extra(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2(?::\w+|)\s+(.*)$ ^libxkbcommon-x11-dev(?::\w+|)\s+(.*)$ ^libxkbcommon-dev(?::\w+|)\s+(.*)$ ^libxkbcommon0(?::\w+|)\s+(.*)$ ^libxkbcommon-x11-0(?::\w+|)\s+(.*)$ ^tomcat8-docs(?::\w+|)\s+(.*)$ ^tomcat8-user(?::\w+|)\s+(.*)$ ^libservlet3.1-java(?::\w+|)\s+(.*)$ ^libservlet3.1-java-doc(?::\w+|)\s+(.*)$ ^tomcat8-examples(?::\w+|)\s+(.*)$ ^tomcat8-admin(?::\w+|)\s+(.*)$ ^libtomcat8-java(?::\w+|)\s+(.*)$ ^tomcat8-common(?::\w+|)\s+(.*)$ ^tomcat8(?::\w+|)\s+(.*)$ ^libptexenc-dev(?::\w+|)\s+(.*)$ ^libkpathsea-dev(?::\w+|)\s+(.*)$ ^libptexenc1(?::\w+|)\s+(.*)$ ^libtexluajit2(?::\w+|)\s+(.*)$ ^libtexluajit-dev(?::\w+|)\s+(.*)$ ^texlive-binaries(?::\w+|)\s+(.*)$ ^libtexlua52-dev(?::\w+|)\s+(.*)$ ^libtexlua52(?::\w+|)\s+(.*)$ ^libsynctex-dev(?::\w+|)\s+(.*)$ ^libkpathsea6(?::\w+|)\s+(.*)$ ^libsynctex1(?::\w+|)\s+(.*)$ ^libclamav-dev(?::\w+|)\s+(.*)$ ^clamav-testfiles(?::\w+|)\s+(.*)$ ^clamav-base(?::\w+|)\s+(.*)$ ^clamav(?::\w+|)\s+(.*)$ ^libclamav7(?::\w+|)\s+(.*)$ ^clamav-daemon(?::\w+|)\s+(.*)$ ^clamav-milter(?::\w+|)\s+(.*)$ ^clamav-docs(?::\w+|)\s+(.*)$ ^clamav-freshclam(?::\w+|)\s+(.*)$ ^clamdscan(?::\w+|)\s+(.*)$ ^python3-requests(?::\w+|)\s+(.*)$ ^python-requests(?::\w+|)\s+(.*)$ ^git(?::\w+|)\s+(.*)$ ^gitweb(?::\w+|)\s+(.*)$ ^git-gui(?::\w+|)\s+(.*)$ ^git-daemon-sysvinit(?::\w+|)\s+(.*)$ ^git-arch(?::\w+|)\s+(.*)$ ^git-el(?::\w+|)\s+(.*)$ ^gitk(?::\w+|)\s+(.*)$ ^git-all(?::\w+|)\s+(.*)$ ^git-mediawiki(?::\w+|)\s+(.*)$ ^git-daemon-run(?::\w+|)\s+(.*)$ ^git-man(?::\w+|)\s+(.*)$ ^git-doc(?::\w+|)\s+(.*)$ ^git-svn(?::\w+|)\s+(.*)$ ^git-cvs(?::\w+|)\s+(.*)$ ^git-core(?::\w+|)\s+(.*)$ ^git-email(?::\w+|)\s+(.*)$ ^snmptrapd(?::\w+|)\s+(.*)$ ^libsnmp-perl(?::\w+|)\s+(.*)$ ^libsnmp-dev(?::\w+|)\s+(.*)$ ^libsnmp-base(?::\w+|)\s+(.*)$ ^snmp(?::\w+|)\s+(.*)$ ^libsnmp30(?::\w+|)\s+(.*)$ ^tkmib(?::\w+|)\s+(.*)$ ^snmpd(?::\w+|)\s+(.*)$ ^python-netsnmp(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-globalmenu(?::\w+|)\s+(.*)$ ^thunderbird-testsuite(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^python-moinmoin(?::\w+|)\s+(.*)$ ^libssh-gcrypt-dev(?::\w+|)\s+(.*)$ ^libssh-doc(?::\w+|)\s+(.*)$ ^libssh-gcrypt-4(?::\w+|)\s+(.*)$ ^libssh-4(?::\w+|)\s+(.*)$ ^libssh-dev(?::\w+|)\s+(.*)$ ^libssh-gcrypt-dev(?::\w+|)\s+(.*)$ ^libssh-doc(?::\w+|)\s+(.*)$ ^libssh-gcrypt-4(?::\w+|)\s+(.*)$ ^libssh-4(?::\w+|)\s+(.*)$ ^libssh-dev(?::\w+|)\s+(.*)$ ^python3-paramiko(?::\w+|)\s+(.*)$ ^paramiko-doc(?::\w+|)\s+(.*)$ ^python-paramiko(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-common(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^xserver-xorg-dev-hwe-16.04(?::\w+|)\s+(.*)$ ^xorg-server-source-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xorg-core-hwe-16.04(?::\w+|)\s+(.*)$ ^xmir-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy-hwe-16.04(?::\w+|)\s+(.*)$ ^xwayland-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xephyr-hwe-16.04(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^openjdk-8-jre-jamvm(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl3(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^systemd-coredump(?::\w+|)\s+(.*)$ ^systemd(?::\w+|)\s+(.*)$ ^udev-udeb(?::\w+|)\s+(.*)$ ^libsystemd0(?::\w+|)\s+(.*)$ ^systemd-container(?::\w+|)\s+(.*)$ ^libnss-myhostname(?::\w+|)\s+(.*)$ ^libudev1-udeb(?::\w+|)\s+(.*)$ ^libudev1(?::\w+|)\s+(.*)$ ^libsystemd-dev(?::\w+|)\s+(.*)$ ^systemd-journal-remote(?::\w+|)\s+(.*)$ ^libpam-systemd(?::\w+|)\s+(.*)$ ^libnss-mymachines(?::\w+|)\s+(.*)$ ^libnss-resolve(?::\w+|)\s+(.*)$ ^systemd-sysv(?::\w+|)\s+(.*)$ ^udev(?::\w+|)\s+(.*)$ ^libudev-dev(?::\w+|)\s+(.*)$ ^libnm-glib-vpn-dev(?::\w+|)\s+(.*)$ ^libnm-util2(?::\w+|)\s+(.*)$ ^network-manager-dev(?::\w+|)\s+(.*)$ ^libnm-glib-dev(?::\w+|)\s+(.*)$ ^gir1.2-networkmanager-1.0(?::\w+|)\s+(.*)$ ^network-manager(?::\w+|)\s+(.*)$ ^libnm-glib4(?::\w+|)\s+(.*)$ ^libnm0(?::\w+|)\s+(.*)$ ^libnm-dev(?::\w+|)\s+(.*)$ ^libnm-glib-vpn1(?::\w+|)\s+(.*)$ ^libnm-util-dev(?::\w+|)\s+(.*)$ ^libruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3-tcltk(?::\w+|)\s+(.*)$ ^ruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3-dev(?::\w+|)\s+(.*)$ ^ruby2.3-doc(?::\w+|)\s+(.*)$ ^openssh-server-udeb(?::\w+|)\s+(.*)$ ^ssh-krb5(?::\w+|)\s+(.*)$ ^openssh-client(?::\w+|)\s+(.*)$ ^openssh-server(?::\w+|)\s+(.*)$ ^openssh-client-ssh1(?::\w+|)\s+(.*)$ ^ssh(?::\w+|)\s+(.*)$ ^ssh-askpass-gnome(?::\w+|)\s+(.*)$ ^openssh-client-udeb(?::\w+|)\s+(.*)$ ^openssh-sftp-server(?::\w+|)\s+(.*)$ ^ppp-udeb(?::\w+|)\s+(.*)$ ^ppp(?::\w+|)\s+(.*)$ ^ppp-dev(?::\w+|)\s+(.*)$ ^spamassassin(?::\w+|)\s+(.*)$ ^sa-compile(?::\w+|)\s+(.*)$ ^spamc(?::\w+|)\s+(.*)$ ^nginx-extras(?::\w+|)\s+(.*)$ ^nginx-core(?::\w+|)\s+(.*)$ ^nginx-common(?::\w+|)\s+(.*)$ ^nginx-full(?::\w+|)\s+(.*)$ ^nginx(?::\w+|)\s+(.*)$ ^nginx-doc(?::\w+|)\s+(.*)$ ^nginx-light(?::\w+|)\s+(.*)$ ^python3-openssl(?::\w+|)\s+(.*)$ ^python-openssl-doc(?::\w+|)\s+(.*)$ ^python-openssl(?::\w+|)\s+(.*)$ ^libmspack0(?::\w+|)\s+(.*)$ ^libmspack-dev(?::\w+|)\s+(.*)$ ^libmspack-doc(?::\w+|)\s+(.*)$ ^libasprintf-dev(?::\w+|)\s+(.*)$ ^gettext(?::\w+|)\s+(.*)$ ^gettext-el(?::\w+|)\s+(.*)$ ^libgettextpo0(?::\w+|)\s+(.*)$ ^gettext-base(?::\w+|)\s+(.*)$ ^libasprintf0v5(?::\w+|)\s+(.*)$ ^libgettextpo-dev(?::\w+|)\s+(.*)$ ^autopoint(?::\w+|)\s+(.*)$ ^gettext-doc(?::\w+|)\s+(.*)$ ^systemd-coredump(?::\w+|)\s+(.*)$ ^systemd(?::\w+|)\s+(.*)$ ^udev-udeb(?::\w+|)\s+(.*)$ ^libsystemd0(?::\w+|)\s+(.*)$ ^systemd-container(?::\w+|)\s+(.*)$ ^libnss-myhostname(?::\w+|)\s+(.*)$ ^libudev1-udeb(?::\w+|)\s+(.*)$ ^libudev1(?::\w+|)\s+(.*)$ ^libsystemd-dev(?::\w+|)\s+(.*)$ ^systemd-journal-remote(?::\w+|)\s+(.*)$ ^libpam-systemd(?::\w+|)\s+(.*)$ ^libnss-mymachines(?::\w+|)\s+(.*)$ ^libnss-resolve(?::\w+|)\s+(.*)$ ^systemd-sysv(?::\w+|)\s+(.*)$ ^udev(?::\w+|)\s+(.*)$ ^libudev-dev(?::\w+|)\s+(.*)$ ^systemd-coredump(?::\w+|)\s+(.*)$ ^systemd(?::\w+|)\s+(.*)$ ^udev-udeb(?::\w+|)\s+(.*)$ ^libsystemd0(?::\w+|)\s+(.*)$ ^systemd-container(?::\w+|)\s+(.*)$ ^libnss-myhostname(?::\w+|)\s+(.*)$ ^libudev1-udeb(?::\w+|)\s+(.*)$ ^libudev1(?::\w+|)\s+(.*)$ ^libsystemd-dev(?::\w+|)\s+(.*)$ ^systemd-journal-remote(?::\w+|)\s+(.*)$ ^libpam-systemd(?::\w+|)\s+(.*)$ ^libnss-mymachines(?::\w+|)\s+(.*)$ ^libnss-resolve(?::\w+|)\s+(.*)$ ^systemd-sysv(?::\w+|)\s+(.*)$ ^udev(?::\w+|)\s+(.*)$ ^libudev-dev(?::\w+|)\s+(.*)$ ^systemd-coredump(?::\w+|)\s+(.*)$ ^systemd(?::\w+|)\s+(.*)$ ^udev-udeb(?::\w+|)\s+(.*)$ ^libsystemd0(?::\w+|)\s+(.*)$ ^systemd-container(?::\w+|)\s+(.*)$ ^libnss-myhostname(?::\w+|)\s+(.*)$ ^libudev1-udeb(?::\w+|)\s+(.*)$ ^libudev1(?::\w+|)\s+(.*)$ ^libsystemd-dev(?::\w+|)\s+(.*)$ ^systemd-journal-remote(?::\w+|)\s+(.*)$ ^libpam-systemd(?::\w+|)\s+(.*)$ ^libnss-mymachines(?::\w+|)\s+(.*)$ ^libnss-resolve(?::\w+|)\s+(.*)$ ^systemd-sysv(?::\w+|)\s+(.*)$ ^udev(?::\w+|)\s+(.*)$ ^libudev-dev(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^libpython3.5-stdlib(?::\w+|)\s+(.*)$ ^python3.5-venv(?::\w+|)\s+(.*)$ ^python3.5-doc(?::\w+|)\s+(.*)$ ^python3.5-dev(?::\w+|)\s+(.*)$ ^libpython3.5-dev(?::\w+|)\s+(.*)$ ^libpython3.5-minimal(?::\w+|)\s+(.*)$ ^python3.5(?::\w+|)\s+(.*)$ ^idle-python3.5(?::\w+|)\s+(.*)$ ^libpython3.5-testsuite(?::\w+|)\s+(.*)$ ^python3.5-examples(?::\w+|)\s+(.*)$ ^python3.5-minimal(?::\w+|)\s+(.*)$ ^libpython3.5(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^libapache2-mod-perl2(?::\w+|)\s+(.*)$ ^libapache2-mod-perl2-doc(?::\w+|)\s+(.*)$ ^libapache2-mod-perl2-dev(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-aarch64(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^git(?::\w+|)\s+(.*)$ ^gitweb(?::\w+|)\s+(.*)$ ^git-gui(?::\w+|)\s+(.*)$ ^git-daemon-sysvinit(?::\w+|)\s+(.*)$ ^git-arch(?::\w+|)\s+(.*)$ ^git-el(?::\w+|)\s+(.*)$ ^gitk(?::\w+|)\s+(.*)$ ^git-all(?::\w+|)\s+(.*)$ ^git-mediawiki(?::\w+|)\s+(.*)$ ^git-daemon-run(?::\w+|)\s+(.*)$ ^git-man(?::\w+|)\s+(.*)$ ^git-doc(?::\w+|)\s+(.*)$ ^git-svn(?::\w+|)\s+(.*)$ ^git-cvs(?::\w+|)\s+(.*)$ ^git-core(?::\w+|)\s+(.*)$ ^git-email(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^openjdk-8-jre-jamvm(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^perl-modules-5.22(?::\w+|)\s+(.*)$ ^libperl-dev(?::\w+|)\s+(.*)$ ^perl-doc(?::\w+|)\s+(.*)$ ^perl(?::\w+|)\s+(.*)$ ^perl-base(?::\w+|)\s+(.*)$ ^perl-debug(?::\w+|)\s+(.*)$ ^libperl5.22(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^libpoppler58(?::\w+|)\s+(.*)$ ^poppler-utils(?::\w+|)\s+(.*)$ ^libpoppler-qt5-1(?::\w+|)\s+(.*)$ ^libpoppler-cpp-dev(?::\w+|)\s+(.*)$ ^libpoppler-cpp0(?::\w+|)\s+(.*)$ ^gir1.2-poppler-0.18(?::\w+|)\s+(.*)$ ^libpoppler-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib8(?::\w+|)\s+(.*)$ ^libpoppler-private-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt4-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt4-4(?::\w+|)\s+(.*)$ ^libpoppler-qt5-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-doc(?::\w+|)\s+(.*)$ ^libpoppler58(?::\w+|)\s+(.*)$ ^poppler-utils(?::\w+|)\s+(.*)$ ^libpoppler-qt5-1(?::\w+|)\s+(.*)$ ^libpoppler-cpp-dev(?::\w+|)\s+(.*)$ ^libpoppler-cpp0(?::\w+|)\s+(.*)$ ^gir1.2-poppler-0.18(?::\w+|)\s+(.*)$ ^libpoppler-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib8(?::\w+|)\s+(.*)$ ^libpoppler-private-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt4-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt4-4(?::\w+|)\s+(.*)$ ^libpoppler-qt5-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-doc(?::\w+|)\s+(.*)$ ^libraw-doc(?::\w+|)\s+(.*)$ ^libraw-bin(?::\w+|)\s+(.*)$ ^libraw-dev(?::\w+|)\s+(.*)$ ^libraw15(?::\w+|)\s+(.*)$ ^libwavpack1(?::\w+|)\s+(.*)$ ^libwavpack-dev(?::\w+|)\s+(.*)$ ^wavpack(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libcrypto1.0.0-udeb(?::\w+|)\s+(.*)$ ^libssl1.0.0-udeb(?::\w+|)\s+(.*)$ ^python3-lxml(?::\w+|)\s+(.*)$ ^python-lxml(?::\w+|)\s+(.*)$ ^python-lxml-doc(?::\w+|)\s+(.*)$ ^libcupscgi1(?::\w+|)\s+(.*)$ ^libcups2-dev(?::\w+|)\s+(.*)$ ^cups-bsd(?::\w+|)\s+(.*)$ ^libcupsmime1(?::\w+|)\s+(.*)$ ^cups-common(?::\w+|)\s+(.*)$ ^cups-core-drivers(?::\w+|)\s+(.*)$ ^cups-server-common(?::\w+|)\s+(.*)$ ^libcupsimage2(?::\w+|)\s+(.*)$ ^cups-client(?::\w+|)\s+(.*)$ ^libcupscgi1-dev(?::\w+|)\s+(.*)$ ^cups-ipp-utils(?::\w+|)\s+(.*)$ ^libcups2(?::\w+|)\s+(.*)$ ^libcupsmime1-dev(?::\w+|)\s+(.*)$ ^cups-ppdc(?::\w+|)\s+(.*)$ ^libcupsppdc1(?::\w+|)\s+(.*)$ ^cups(?::\w+|)\s+(.*)$ ^libcupsppdc1-dev(?::\w+|)\s+(.*)$ ^libcupsimage2-dev(?::\w+|)\s+(.*)$ ^cups-daemon(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^libfreerdp-common1.1.0(?::\w+|)\s+(.*)$ ^libwinpr-dev(?::\w+|)\s+(.*)$ ^libfreerdp-client1.1(?::\w+|)\s+(.*)$ ^libwinpr-crt0.1(?::\w+|)\s+(.*)$ ^libfreerdp-primitives1.1(?::\w+|)\s+(.*)$ ^libwinpr-pool0.1(?::\w+|)\s+(.*)$ ^libwinpr-library0.1(?::\w+|)\s+(.*)$ ^libwinpr-io0.1(?::\w+|)\s+(.*)$ ^libfreerdp-core1.1(?::\w+|)\s+(.*)$ ^libfreerdp-locale1.1(?::\w+|)\s+(.*)$ ^libfreerdp-gdi1.1(?::\w+|)\s+(.*)$ ^libwinpr-winhttp0.1(?::\w+|)\s+(.*)$ ^libwinpr-synch0.1(?::\w+|)\s+(.*)$ ^libwinpr-sysinfo0.1(?::\w+|)\s+(.*)$ ^libfreerdp-codec1.1(?::\w+|)\s+(.*)$ ^libwinpr-rpc0.1(?::\w+|)\s+(.*)$ ^libfreerdp-dev(?::\w+|)\s+(.*)$ ^libwinpr-environment0.1(?::\w+|)\s+(.*)$ ^libfreerdp-cache1.1(?::\w+|)\s+(.*)$ ^libwinpr-crypto0.1(?::\w+|)\s+(.*)$ ^libwinpr-sspi0.1(?::\w+|)\s+(.*)$ ^libfreerdp-utils1.1(?::\w+|)\s+(.*)$ ^libwinpr-credui0.1(?::\w+|)\s+(.*)$ ^freerdp-x11(?::\w+|)\s+(.*)$ ^libwinpr-heap0.1(?::\w+|)\s+(.*)$ ^libfreerdp-rail1.1(?::\w+|)\s+(.*)$ ^libwinpr-thread0.1(?::\w+|)\s+(.*)$ ^libwinpr-asn1-0.1(?::\w+|)\s+(.*)$ ^libwinpr-bcrypt0.1(?::\w+|)\s+(.*)$ ^libxfreerdp-client1.1(?::\w+|)\s+(.*)$ ^libwinpr-file0.1(?::\w+|)\s+(.*)$ ^libwinpr-handle0.1(?::\w+|)\s+(.*)$ ^libwinpr-interlocked0.1(?::\w+|)\s+(.*)$ ^libwinpr-sspicli0.1(?::\w+|)\s+(.*)$ ^libwinpr-utils0.1(?::\w+|)\s+(.*)$ ^libwinpr-path0.1(?::\w+|)\s+(.*)$ ^libwinpr-error0.1(?::\w+|)\s+(.*)$ ^libwinpr-dsparse0.1(?::\w+|)\s+(.*)$ ^libfreerdp-plugins-standard(?::\w+|)\s+(.*)$ ^libwinpr-timezone0.1(?::\w+|)\s+(.*)$ ^libfreerdp-crypto1.1(?::\w+|)\s+(.*)$ ^libwinpr-winsock0.1(?::\w+|)\s+(.*)$ ^libwinpr-pipe0.1(?::\w+|)\s+(.*)$ ^libwinpr-credentials0.1(?::\w+|)\s+(.*)$ ^libwinpr-registry0.1(?::\w+|)\s+(.*)$ ^libwinpr-input0.1(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^libnss3-nssdb(?::\w+|)\s+(.*)$ ^libnss3-dev(?::\w+|)\s+(.*)$ ^libnss3(?::\w+|)\s+(.*)$ ^libnss3-1d(?::\w+|)\s+(.*)$ ^libnss3-tools(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^exiv2(?::\w+|)\s+(.*)$ ^libexiv2-14(?::\w+|)\s+(.*)$ ^libexiv2-doc(?::\w+|)\s+(.*)$ ^libexiv2-dev(?::\w+|)\s+(.*)$ ^systemd-coredump(?::\w+|)\s+(.*)$ ^systemd(?::\w+|)\s+(.*)$ ^udev-udeb(?::\w+|)\s+(.*)$ ^libsystemd0(?::\w+|)\s+(.*)$ ^systemd-container(?::\w+|)\s+(.*)$ ^libnss-myhostname(?::\w+|)\s+(.*)$ ^libudev1-udeb(?::\w+|)\s+(.*)$ ^libudev1(?::\w+|)\s+(.*)$ ^libsystemd-dev(?::\w+|)\s+(.*)$ ^systemd-journal-remote(?::\w+|)\s+(.*)$ ^libpam-systemd(?::\w+|)\s+(.*)$ ^libnss-mymachines(?::\w+|)\s+(.*)$ ^libnss-resolve(?::\w+|)\s+(.*)$ ^systemd-sysv(?::\w+|)\s+(.*)$ ^udev(?::\w+|)\s+(.*)$ ^libudev-dev(?::\w+|)\s+(.*)$ ^php-pear(?::\w+|)\s+(.*)$ ^haproxy(?::\w+|)\s+(.*)$ ^haproxy-doc(?::\w+|)\s+(.*)$ ^vim-haproxy(?::\w+|)\s+(.*)$ ^bsdcpio(?::\w+|)\s+(.*)$ ^libarchive13(?::\w+|)\s+(.*)$ ^bsdtar(?::\w+|)\s+(.*)$ ^libarchive-dev(?::\w+|)\s+(.*)$ ^caca-utils(?::\w+|)\s+(.*)$ ^libcaca-dev(?::\w+|)\s+(.*)$ ^libcaca0(?::\w+|)\s+(.*)$ ^libpolkit-backend-1-0(?::\w+|)\s+(.*)$ ^policykit-1-doc(?::\w+|)\s+(.*)$ ^libpolkit-gobject-1-dev(?::\w+|)\s+(.*)$ ^libpolkit-agent-1-0(?::\w+|)\s+(.*)$ ^libpolkit-gobject-1-0(?::\w+|)\s+(.*)$ ^policykit-1(?::\w+|)\s+(.*)$ ^gir1.2-polkit-1.0(?::\w+|)\s+(.*)$ ^libpolkit-backend-1-dev(?::\w+|)\s+(.*)$ ^libpolkit-agent-1-dev(?::\w+|)\s+(.*)$ ^irssi-dev(?::\w+|)\s+(.*)$ ^irssi(?::\w+|)\s+(.*)$ ^apt-doc(?::\w+|)\s+(.*)$ ^apt-transport-https(?::\w+|)\s+(.*)$ ^libapt-pkg5.0(?::\w+|)\s+(.*)$ ^libapt-pkg-doc(?::\w+|)\s+(.*)$ ^apt(?::\w+|)\s+(.*)$ ^apt-utils(?::\w+|)\s+(.*)$ ^libapt-inst2.0(?::\w+|)\s+(.*)$ ^libapt-pkg-dev(?::\w+|)\s+(.*)$ ^libtiff-opengl(?::\w+|)\s+(.*)$ ^libtiffxx5(?::\w+|)\s+(.*)$ ^libtiff5-dev(?::\w+|)\s+(.*)$ ^libtiff5(?::\w+|)\s+(.*)$ ^libtiff-tools(?::\w+|)\s+(.*)$ ^libtiff-doc(?::\w+|)\s+(.*)$ ^libpoppler58(?::\w+|)\s+(.*)$ ^poppler-utils(?::\w+|)\s+(.*)$ ^libpoppler-qt5-1(?::\w+|)\s+(.*)$ ^libpoppler-cpp-dev(?::\w+|)\s+(.*)$ ^libpoppler-cpp0(?::\w+|)\s+(.*)$ ^gir1.2-poppler-0.18(?::\w+|)\s+(.*)$ ^libpoppler-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib8(?::\w+|)\s+(.*)$ ^libpoppler-private-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt4-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt4-4(?::\w+|)\s+(.*)$ ^libpoppler-qt5-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-doc(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-common(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-globalmenu(?::\w+|)\s+(.*)$ ^thunderbird-testsuite(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^libspice-server1(?::\w+|)\s+(.*)$ ^libspice-server-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^openvswitch-switch(?::\w+|)\s+(.*)$ ^openvswitch-pki(?::\w+|)\s+(.*)$ ^ovn-docker(?::\w+|)\s+(.*)$ ^openvswitch-common(?::\w+|)\s+(.*)$ ^openvswitch-testcontroller(?::\w+|)\s+(.*)$ ^openvswitch-vtep(?::\w+|)\s+(.*)$ ^python-openvswitch(?::\w+|)\s+(.*)$ ^openvswitch-ipsec(?::\w+|)\s+(.*)$ ^ovn-host(?::\w+|)\s+(.*)$ ^ovn-common(?::\w+|)\s+(.*)$ ^ovn-central(?::\w+|)\s+(.*)$ ^openvswitch-switch-dpdk(?::\w+|)\s+(.*)$ ^openvswitch-test(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^openjdk-8-jre-jamvm(?::\w+|)\s+(.*)$ ^libavahi-compat-libdnssd-dev(?::\w+|)\s+(.*)$ ^libavahi-ui-gtk3-0(?::\w+|)\s+(.*)$ ^libavahi-core7-udeb(?::\w+|)\s+(.*)$ ^libavahi-qt4-1(?::\w+|)\s+(.*)$ ^libavahi-core7(?::\w+|)\s+(.*)$ ^libavahi-client3(?::\w+|)\s+(.*)$ ^libavahi-core-dev(?::\w+|)\s+(.*)$ ^libavahi-client-dev(?::\w+|)\s+(.*)$ ^avahi-ui-utils(?::\w+|)\s+(.*)$ ^libavahi-gobject-dev(?::\w+|)\s+(.*)$ ^avahi-dnsconfd(?::\w+|)\s+(.*)$ ^libavahi-compat-libdnssd1(?::\w+|)\s+(.*)$ ^libavahi-common3(?::\w+|)\s+(.*)$ ^avahi-daemon(?::\w+|)\s+(.*)$ ^avahi-discover(?::\w+|)\s+(.*)$ ^libavahi-common-dev(?::\w+|)\s+(.*)$ ^libavahi-common-data(?::\w+|)\s+(.*)$ ^avahi-utils(?::\w+|)\s+(.*)$ ^libavahi-common3-udeb(?::\w+|)\s+(.*)$ ^libavahi-ui-gtk3-dev(?::\w+|)\s+(.*)$ ^libavahi-glib-dev(?::\w+|)\s+(.*)$ ^libavahi-ui-dev(?::\w+|)\s+(.*)$ ^libavahi-qt4-dev(?::\w+|)\s+(.*)$ ^libavahi-gobject0(?::\w+|)\s+(.*)$ ^avahi-autoipd(?::\w+|)\s+(.*)$ ^python-avahi(?::\w+|)\s+(.*)$ ^libavahi-glib1(?::\w+|)\s+(.*)$ ^libavahi-ui0(?::\w+|)\s+(.*)$ ^libvncserver-config(?::\w+|)\s+(.*)$ ^libvncserver-dev(?::\w+|)\s+(.*)$ ^libvncserver1(?::\w+|)\s+(.*)$ ^libvncclient1(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^dovecot-pgsql(?::\w+|)\s+(.*)$ ^dovecot-mysql(?::\w+|)\s+(.*)$ ^dovecot-sieve(?::\w+|)\s+(.*)$ ^dovecot-core(?::\w+|)\s+(.*)$ ^dovecot-ldap(?::\w+|)\s+(.*)$ ^dovecot-sqlite(?::\w+|)\s+(.*)$ ^dovecot-dev(?::\w+|)\s+(.*)$ ^dovecot-pop3d(?::\w+|)\s+(.*)$ ^dovecot-imapd(?::\w+|)\s+(.*)$ ^dovecot-managesieved(?::\w+|)\s+(.*)$ ^dovecot-lucene(?::\w+|)\s+(.*)$ ^mail-stack-delivery(?::\w+|)\s+(.*)$ ^dovecot-gssapi(?::\w+|)\s+(.*)$ ^dovecot-solr(?::\w+|)\s+(.*)$ ^dovecot-lmtpd(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl3(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^libreoffice-mysql-connector(?::\w+|)\s+(.*)$ ^libreoffice-wiki-publisher(?::\w+|)\s+(.*)$ ^libreoffice-impress(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-postgresql(?::\w+|)\s+(.*)$ ^libreoffice-officebean(?::\w+|)\s+(.*)$ ^libreoffice-base(?::\w+|)\s+(.*)$ ^libreoffice-librelogo(?::\w+|)\s+(.*)$ ^libreoffice-java-common(?::\w+|)\s+(.*)$ ^gir1.2-lokdocview-0.1(?::\w+|)\s+(.*)$ ^libreoffice-subsequentcheckbase(?::\w+|)\s+(.*)$ ^libreoffice-style-elementary(?::\w+|)\s+(.*)$ ^libreoffice-kde(?::\w+|)\s+(.*)$ ^libreoffice-style-galaxy(?::\w+|)\s+(.*)$ ^libreoffice-style-hicontrast(?::\w+|)\s+(.*)$ ^libreoffice-core(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-bsh(?::\w+|)\s+(.*)$ ^libreoffice-avmedia-backend-gstreamer(?::\w+|)\s+(.*)$ ^libreofficekit-dev(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-python(?::\w+|)\s+(.*)$ ^libreoffice-common(?::\w+|)\s+(.*)$ ^libreoffice-gnome(?::\w+|)\s+(.*)$ ^libreoffice-dev(?::\w+|)\s+(.*)$ ^libreoffice-gtk3(?::\w+|)\s+(.*)$ ^libreoffice-report-builder(?::\w+|)\s+(.*)$ ^libreoffice-base-core(?::\w+|)\s+(.*)$ ^libreoffice-draw(?::\w+|)\s+(.*)$ ^libreoffice-ogltrans(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-hsqldb(?::\w+|)\s+(.*)$ ^libreoffice-gtk(?::\w+|)\s+(.*)$ ^libreoffice-calc(?::\w+|)\s+(.*)$ ^libreoffice-base-drivers(?::\w+|)\s+(.*)$ ^libreoffice-style-oxygen(?::\w+|)\s+(.*)$ ^libreoffice-style-tango(?::\w+|)\s+(.*)$ ^libreoffice-style-human(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-firebird(?::\w+|)\s+(.*)$ ^libreoffice-pdfimport(?::\w+|)\s+(.*)$ ^libreoffice-math(?::\w+|)\s+(.*)$ ^libreoffice-writer(?::\w+|)\s+(.*)$ ^libreoffice-report-builder-bin(?::\w+|)\s+(.*)$ ^libreoffice-dev-doc(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-js(?::\w+|)\s+(.*)$ ^libreoffice(?::\w+|)\s+(.*)$ ^libreoffice-style-sifr(?::\w+|)\s+(.*)$ ^libreoffice-style-breeze(?::\w+|)\s+(.*)$ ^libreoffice-l10n-in(?::\w+|)\s+(.*)$ ^libreoffice-l10n-za(?::\w+|)\s+(.*)$ ^python3-uno(?::\w+|)\s+(.*)$ ^fonts-opensymbol(?::\w+|)\s+(.*)$ ^uno-libs3(?::\w+|)\s+(.*)$ ^ure(?::\w+|)\s+(.*)$ ^bsdcpio(?::\w+|)\s+(.*)$ ^libarchive13(?::\w+|)\s+(.*)$ ^bsdtar(?::\w+|)\s+(.*)$ ^libarchive-dev(?::\w+|)\s+(.*)$ ^openssh-server-udeb(?::\w+|)\s+(.*)$ ^openssh-client(?::\w+|)\s+(.*)$ ^ssh-askpass-gnome(?::\w+|)\s+(.*)$ ^openssh-server(?::\w+|)\s+(.*)$ ^openssh-client-ssh1(?::\w+|)\s+(.*)$ ^ssh(?::\w+|)\s+(.*)$ ^ssh-krb5(?::\w+|)\s+(.*)$ ^openssh-client-udeb(?::\w+|)\s+(.*)$ ^openssh-sftp-server(?::\w+|)\s+(.*)$ ^openssh-server-udeb(?::\w+|)\s+(.*)$ ^openssh-client(?::\w+|)\s+(.*)$ ^ssh-askpass-gnome(?::\w+|)\s+(.*)$ ^openssh-server(?::\w+|)\s+(.*)$ ^openssh-client-ssh1(?::\w+|)\s+(.*)$ ^ssh(?::\w+|)\s+(.*)$ ^ssh-krb5(?::\w+|)\s+(.*)$ ^openssh-client-udeb(?::\w+|)\s+(.*)$ ^openssh-sftp-server(?::\w+|)\s+(.*)$ ^libpoppler58(?::\w+|)\s+(.*)$ ^poppler-utils(?::\w+|)\s+(.*)$ ^libpoppler-qt5-1(?::\w+|)\s+(.*)$ ^libpoppler-cpp-dev(?::\w+|)\s+(.*)$ ^libpoppler-cpp0(?::\w+|)\s+(.*)$ ^gir1.2-poppler-0.18(?::\w+|)\s+(.*)$ ^libpoppler-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib8(?::\w+|)\s+(.*)$ ^libpoppler-private-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt4-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt4-4(?::\w+|)\s+(.*)$ ^libpoppler-qt5-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-doc(?::\w+|)\s+(.*)$ ^ubuntu-core-snapd-units(?::\w+|)\s+(.*)$ ^ubuntu-core-launcher(?::\w+|)\s+(.*)$ ^snap-confine(?::\w+|)\s+(.*)$ ^ubuntu-snappy-cli(?::\w+|)\s+(.*)$ ^golang-github-snapcore-snapd-dev(?::\w+|)\s+(.*)$ ^snapd-xdg-open(?::\w+|)\s+(.*)$ ^snapd(?::\w+|)\s+(.*)$ ^golang-github-ubuntu-core-snappy-dev(?::\w+|)\s+(.*)$ ^ubuntu-snappy(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^systemd-coredump(?::\w+|)\s+(.*)$ ^systemd(?::\w+|)\s+(.*)$ ^udev-udeb(?::\w+|)\s+(.*)$ ^libsystemd0(?::\w+|)\s+(.*)$ ^systemd-container(?::\w+|)\s+(.*)$ ^libnss-myhostname(?::\w+|)\s+(.*)$ ^libudev1-udeb(?::\w+|)\s+(.*)$ ^libudev1(?::\w+|)\s+(.*)$ ^libsystemd-dev(?::\w+|)\s+(.*)$ ^systemd-journal-remote(?::\w+|)\s+(.*)$ ^libpam-systemd(?::\w+|)\s+(.*)$ ^libnss-mymachines(?::\w+|)\s+(.*)$ ^libnss-resolve(?::\w+|)\s+(.*)$ ^systemd-sysv(?::\w+|)\s+(.*)$ ^udev(?::\w+|)\s+(.*)$ ^libudev-dev(?::\w+|)\s+(.*)$ ^libisccfg-export140-udeb(?::\w+|)\s+(.*)$ ^libisc160(?::\w+|)\s+(.*)$ ^libisccc-export140-udeb(?::\w+|)\s+(.*)$ ^libdns162(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^libisc-export160-udeb(?::\w+|)\s+(.*)$ ^liblwres141(?::\w+|)\s+(.*)$ ^libisccc-export140(?::\w+|)\s+(.*)$ ^libisccfg-export140(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^libisc-export160(?::\w+|)\s+(.*)$ ^libdns-export162-udeb(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libisccc140(?::\w+|)\s+(.*)$ ^host(?::\w+|)\s+(.*)$ ^libisccfg140(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^libdns-export162(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^libirs-export141-udeb(?::\w+|)\s+(.*)$ ^libbind9-140(?::\w+|)\s+(.*)$ ^libirs141(?::\w+|)\s+(.*)$ ^libirs-export141(?::\w+|)\s+(.*)$ ^lwresd(?::\w+|)\s+(.*)$ ^gnome-keyring(?::\w+|)\s+(.*)$ ^libpam-gnome-keyring(?::\w+|)\s+(.*)$ ^libp11-kit-gnome-keyring(?::\w+|)\s+(.*)$ ^python-ldb-dev(?::\w+|)\s+(.*)$ ^python-ldb(?::\w+|)\s+(.*)$ ^ldb-tools(?::\w+|)\s+(.*)$ ^python3-ldb(?::\w+|)\s+(.*)$ ^libldb-dev(?::\w+|)\s+(.*)$ ^libldb1(?::\w+|)\s+(.*)$ ^python3-ldb-dev(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-globalmenu(?::\w+|)\s+(.*)$ ^thunderbird-testsuite(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^libnss3-nssdb(?::\w+|)\s+(.*)$ ^libnss3-dev(?::\w+|)\s+(.*)$ ^libnss3(?::\w+|)\s+(.*)$ ^libnss3-1d(?::\w+|)\s+(.*)$ ^libnss3-tools(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libcrypto1.0.0-udeb(?::\w+|)\s+(.*)$ ^libssl1.0.0-udeb(?::\w+|)\s+(.*)$ ^libgd3(?::\w+|)\s+(.*)$ ^libgd-tools(?::\w+|)\s+(.*)$ ^libgd-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^php7.0-cgi(?::\w+|)\s+(.*)$ ^php7.0-mcrypt(?::\w+|)\s+(.*)$ ^php7.0-xsl(?::\w+|)\s+(.*)$ ^php7.0-fpm(?::\w+|)\s+(.*)$ ^libphp7.0-embed(?::\w+|)\s+(.*)$ ^php7.0-phpdbg(?::\w+|)\s+(.*)$ ^php7.0-curl(?::\w+|)\s+(.*)$ ^php7.0-ldap(?::\w+|)\s+(.*)$ ^php7.0-mbstring(?::\w+|)\s+(.*)$ ^php7.0-gmp(?::\w+|)\s+(.*)$ ^php7.0-sqlite3(?::\w+|)\s+(.*)$ ^php7.0-gd(?::\w+|)\s+(.*)$ ^php7.0-common(?::\w+|)\s+(.*)$ ^php7.0-enchant(?::\w+|)\s+(.*)$ ^php7.0-odbc(?::\w+|)\s+(.*)$ ^php7.0-cli(?::\w+|)\s+(.*)$ ^php7.0-json(?::\w+|)\s+(.*)$ ^php7.0-pgsql(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.0(?::\w+|)\s+(.*)$ ^php7.0-mysql(?::\w+|)\s+(.*)$ ^php7.0-dba(?::\w+|)\s+(.*)$ ^php7.0-sybase(?::\w+|)\s+(.*)$ ^php7.0-pspell(?::\w+|)\s+(.*)$ ^php7.0-interbase(?::\w+|)\s+(.*)$ ^php7.0-xml(?::\w+|)\s+(.*)$ ^php7.0-bz2(?::\w+|)\s+(.*)$ ^php7.0-recode(?::\w+|)\s+(.*)$ ^php7.0-zip(?::\w+|)\s+(.*)$ ^php7.0(?::\w+|)\s+(.*)$ ^php7.0-tidy(?::\w+|)\s+(.*)$ ^php7.0-soap(?::\w+|)\s+(.*)$ ^php7.0-opcache(?::\w+|)\s+(.*)$ ^php7.0-readline(?::\w+|)\s+(.*)$ ^php7.0-intl(?::\w+|)\s+(.*)$ ^php7.0-imap(?::\w+|)\s+(.*)$ ^php7.0-xmlrpc(?::\w+|)\s+(.*)$ ^php7.0-bcmath(?::\w+|)\s+(.*)$ ^php7.0-dev(?::\w+|)\s+(.*)$ ^php7.0-snmp(?::\w+|)\s+(.*)$ ^libpoppler58(?::\w+|)\s+(.*)$ ^poppler-utils(?::\w+|)\s+(.*)$ ^libpoppler-qt5-1(?::\w+|)\s+(.*)$ ^libpoppler-cpp-dev(?::\w+|)\s+(.*)$ ^libpoppler-cpp0(?::\w+|)\s+(.*)$ ^gir1.2-poppler-0.18(?::\w+|)\s+(.*)$ ^libpoppler-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib8(?::\w+|)\s+(.*)$ ^libpoppler-private-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt4-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt4-4(?::\w+|)\s+(.*)$ ^libpoppler-qt5-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-doc(?::\w+|)\s+(.*)$ ^libtiff-opengl(?::\w+|)\s+(.*)$ ^libtiffxx5(?::\w+|)\s+(.*)$ ^libtiff5-dev(?::\w+|)\s+(.*)$ ^libtiff5(?::\w+|)\s+(.*)$ ^libtiff-tools(?::\w+|)\s+(.*)$ ^libtiff-doc(?::\w+|)\s+(.*)$ ^walinuxagent(?::\w+|)\s+(.*)$ ^libvirt0(?::\w+|)\s+(.*)$ ^libvirt-dev(?::\w+|)\s+(.*)$ ^libvirt-doc(?::\w+|)\s+(.*)$ ^libvirt-bin(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^libmagic-dev(?::\w+|)\s+(.*)$ ^python-magic(?::\w+|)\s+(.*)$ ^libmagic1(?::\w+|)\s+(.*)$ ^python3-magic(?::\w+|)\s+(.*)$ ^file(?::\w+|)\s+(.*)$ ^libmagic-dev(?::\w+|)\s+(.*)$ ^python-magic(?::\w+|)\s+(.*)$ ^libmagic1(?::\w+|)\s+(.*)$ ^python3-magic(?::\w+|)\s+(.*)$ ^file(?::\w+|)\s+(.*)$ ^libgdk-pixbuf2.0-0(?::\w+|)\s+(.*)$ ^libgdk-pixbuf2.0-common(?::\w+|)\s+(.*)$ ^libgdk-pixbuf2.0-dev(?::\w+|)\s+(.*)$ ^libgdk-pixbuf2.0-0-udeb(?::\w+|)\s+(.*)$ ^libgdk-pixbuf2.0-doc(?::\w+|)\s+(.*)$ ^gir1.2-gdkpixbuf-2.0(?::\w+|)\s+(.*)$ ^p7zip-full(?::\w+|)\s+(.*)$ ^p7zip(?::\w+|)\s+(.*)$ ^ntfs-3g(?::\w+|)\s+(.*)$ ^ntfs-3g-udeb(?::\w+|)\s+(.*)$ ^ntfs-3g-dev(?::\w+|)\s+(.*)$ ^ntfs-3g(?::\w+|)\s+(.*)$ ^ntfs-3g-udeb(?::\w+|)\s+(.*)$ ^ntfs-3g-dev(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^ubuntu-core-snapd-units(?::\w+|)\s+(.*)$ ^ubuntu-core-launcher(?::\w+|)\s+(.*)$ ^snap-confine(?::\w+|)\s+(.*)$ ^ubuntu-snappy-cli(?::\w+|)\s+(.*)$ ^golang-github-snapcore-snapd-dev(?::\w+|)\s+(.*)$ ^snapd-xdg-open(?::\w+|)\s+(.*)$ ^snapd(?::\w+|)\s+(.*)$ ^golang-github-ubuntu-core-snappy-dev(?::\w+|)\s+(.*)$ ^ubuntu-snappy(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^xmltooling-schemas(?::\w+|)\s+(.*)$ ^libxmltooling6v5(?::\w+|)\s+(.*)$ ^libxmltooling-dev(?::\w+|)\s+(.*)$ ^libxmltooling-doc(?::\w+|)\s+(.*)$ ^php7.0-cgi(?::\w+|)\s+(.*)$ ^php7.0-mcrypt(?::\w+|)\s+(.*)$ ^php7.0-xsl(?::\w+|)\s+(.*)$ ^php7.0-fpm(?::\w+|)\s+(.*)$ ^libphp7.0-embed(?::\w+|)\s+(.*)$ ^php7.0-phpdbg(?::\w+|)\s+(.*)$ ^php7.0-curl(?::\w+|)\s+(.*)$ ^php7.0-ldap(?::\w+|)\s+(.*)$ ^php7.0-mbstring(?::\w+|)\s+(.*)$ ^php7.0-gmp(?::\w+|)\s+(.*)$ ^php7.0-sqlite3(?::\w+|)\s+(.*)$ ^php7.0-gd(?::\w+|)\s+(.*)$ ^php7.0-common(?::\w+|)\s+(.*)$ ^php7.0-enchant(?::\w+|)\s+(.*)$ ^php7.0-odbc(?::\w+|)\s+(.*)$ ^php7.0-cli(?::\w+|)\s+(.*)$ ^php7.0-json(?::\w+|)\s+(.*)$ ^php7.0-pgsql(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.0(?::\w+|)\s+(.*)$ ^php7.0-zip(?::\w+|)\s+(.*)$ ^php7.0-mysql(?::\w+|)\s+(.*)$ ^php7.0-dba(?::\w+|)\s+(.*)$ ^php7.0-sybase(?::\w+|)\s+(.*)$ ^php7.0-pspell(?::\w+|)\s+(.*)$ ^php7.0-xml(?::\w+|)\s+(.*)$ ^php7.0-bz2(?::\w+|)\s+(.*)$ ^php7.0-recode(?::\w+|)\s+(.*)$ ^php7.0-soap(?::\w+|)\s+(.*)$ ^php7.0(?::\w+|)\s+(.*)$ ^php7.0-tidy(?::\w+|)\s+(.*)$ ^php7.0-interbase(?::\w+|)\s+(.*)$ ^php7.0-opcache(?::\w+|)\s+(.*)$ ^php7.0-readline(?::\w+|)\s+(.*)$ ^php7.0-intl(?::\w+|)\s+(.*)$ ^php7.0-imap(?::\w+|)\s+(.*)$ ^php7.0-xmlrpc(?::\w+|)\s+(.*)$ ^php7.0-bcmath(?::\w+|)\s+(.*)$ ^php7.0-dev(?::\w+|)\s+(.*)$ ^php7.0-snmp(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-aarch64(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^libfreeimageplus-dev(?::\w+|)\s+(.*)$ ^libfreeimage-dev(?::\w+|)\s+(.*)$ ^libfreeimageplus3(?::\w+|)\s+(.*)$ ^libfreeimage3(?::\w+|)\s+(.*)$ ^libfreeimageplus-doc(?::\w+|)\s+(.*)$ ^gpac-modules-base(?::\w+|)\s+(.*)$ ^libgpac-dev(?::\w+|)\s+(.*)$ ^libgpac4(?::\w+|)\s+(.*)$ ^gpac(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-globalmenu(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^dovecot-pgsql(?::\w+|)\s+(.*)$ ^dovecot-mysql(?::\w+|)\s+(.*)$ ^dovecot-sieve(?::\w+|)\s+(.*)$ ^dovecot-core(?::\w+|)\s+(.*)$ ^dovecot-ldap(?::\w+|)\s+(.*)$ ^dovecot-sqlite(?::\w+|)\s+(.*)$ ^dovecot-dev(?::\w+|)\s+(.*)$ ^dovecot-pop3d(?::\w+|)\s+(.*)$ ^dovecot-imapd(?::\w+|)\s+(.*)$ ^dovecot-managesieved(?::\w+|)\s+(.*)$ ^dovecot-lucene(?::\w+|)\s+(.*)$ ^mail-stack-delivery(?::\w+|)\s+(.*)$ ^dovecot-gssapi(?::\w+|)\s+(.*)$ ^dovecot-solr(?::\w+|)\s+(.*)$ ^dovecot-lmtpd(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^libpolkit-backend-1-0(?::\w+|)\s+(.*)$ ^policykit-1-doc(?::\w+|)\s+(.*)$ ^libpolkit-gobject-1-dev(?::\w+|)\s+(.*)$ ^libpolkit-agent-1-0(?::\w+|)\s+(.*)$ ^libpolkit-gobject-1-0(?::\w+|)\s+(.*)$ ^policykit-1(?::\w+|)\s+(.*)$ ^gir1.2-polkit-1.0(?::\w+|)\s+(.*)$ ^libpolkit-backend-1-dev(?::\w+|)\s+(.*)$ ^libpolkit-agent-1-dev(?::\w+|)\s+(.*)$ ^busybox(?::\w+|)\s+(.*)$ ^udhcpc(?::\w+|)\s+(.*)$ ^busybox-syslogd(?::\w+|)\s+(.*)$ ^udhcpd(?::\w+|)\s+(.*)$ ^busybox-initramfs(?::\w+|)\s+(.*)$ ^busybox-udeb(?::\w+|)\s+(.*)$ ^busybox-static(?::\w+|)\s+(.*)$ ^advancecomp(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^systemd-coredump(?::\w+|)\s+(.*)$ ^systemd(?::\w+|)\s+(.*)$ ^udev-udeb(?::\w+|)\s+(.*)$ ^libsystemd0(?::\w+|)\s+(.*)$ ^systemd-container(?::\w+|)\s+(.*)$ ^libnss-myhostname(?::\w+|)\s+(.*)$ ^libudev1-udeb(?::\w+|)\s+(.*)$ ^libudev1(?::\w+|)\s+(.*)$ ^libsystemd-dev(?::\w+|)\s+(.*)$ ^systemd-journal-remote(?::\w+|)\s+(.*)$ ^libpam-systemd(?::\w+|)\s+(.*)$ ^libudev-dev(?::\w+|)\s+(.*)$ ^libnss-mymachines(?::\w+|)\s+(.*)$ ^libnss-resolve(?::\w+|)\s+(.*)$ ^systemd-sysv(?::\w+|)\s+(.*)$ ^udev(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^libclamav-dev(?::\w+|)\s+(.*)$ ^clamav-testfiles(?::\w+|)\s+(.*)$ ^clamav-base(?::\w+|)\s+(.*)$ ^clamav(?::\w+|)\s+(.*)$ ^libclamav7(?::\w+|)\s+(.*)$ ^clamav-daemon(?::\w+|)\s+(.*)$ ^clamav-docs(?::\w+|)\s+(.*)$ ^clamav-milter(?::\w+|)\s+(.*)$ ^clamav-freshclam(?::\w+|)\s+(.*)$ ^clamdscan(?::\w+|)\s+(.*)$ ^lua5.3(?::\w+|)\s+(.*)$ ^liblua5.3-dev(?::\w+|)\s+(.*)$ ^liblua5.3-0(?::\w+|)\s+(.*)$ ^wget(?::\w+|)\s+(.*)$ ^wget-udeb(?::\w+|)\s+(.*)$ ^hostapd(?::\w+|)\s+(.*)$ ^wpagui(?::\w+|)\s+(.*)$ ^wpasupplicant(?::\w+|)\s+(.*)$ ^wpasupplicant-udeb(?::\w+|)\s+(.*)$ ^libruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3-tcltk(?::\w+|)\s+(.*)$ ^ruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3-dev(?::\w+|)\s+(.*)$ ^ruby2.3-doc(?::\w+|)\s+(.*)$ ^rssh(?::\w+|)\s+(.*)$ ^python-libxslt1(?::\w+|)\s+(.*)$ ^libxslt1-dev(?::\w+|)\s+(.*)$ ^libxslt1.1(?::\w+|)\s+(.*)$ ^xsltproc(?::\w+|)\s+(.*)$ ^pacemaker-remote(?::\w+|)\s+(.*)$ ^libcrmcommon-dev(?::\w+|)\s+(.*)$ ^pacemaker-resource-agents(?::\w+|)\s+(.*)$ ^pacemaker-cli-utils(?::\w+|)\s+(.*)$ ^pacemaker-common(?::\w+|)\s+(.*)$ ^liblrmd1(?::\w+|)\s+(.*)$ ^libcrmcluster-dev(?::\w+|)\s+(.*)$ ^libstonithd-dev(?::\w+|)\s+(.*)$ ^libpe-status10(?::\w+|)\s+(.*)$ ^libtransitioner2(?::\w+|)\s+(.*)$ ^libstonithd2(?::\w+|)\s+(.*)$ ^libcrmservice3(?::\w+|)\s+(.*)$ ^libcrmcommon3(?::\w+|)\s+(.*)$ ^libcib-dev(?::\w+|)\s+(.*)$ ^pacemaker(?::\w+|)\s+(.*)$ ^libcrmservice-dev(?::\w+|)\s+(.*)$ ^libpe-rules2(?::\w+|)\s+(.*)$ ^liblrmd-dev(?::\w+|)\s+(.*)$ ^libpengine10(?::\w+|)\s+(.*)$ ^libpengine-dev(?::\w+|)\s+(.*)$ ^pacemaker-doc(?::\w+|)\s+(.*)$ ^libcrmcluster4(?::\w+|)\s+(.*)$ ^libcib4(?::\w+|)\s+(.*)$ ^php7.0-cgi(?::\w+|)\s+(.*)$ ^php7.0-mcrypt(?::\w+|)\s+(.*)$ ^php7.0-xsl(?::\w+|)\s+(.*)$ ^php7.0-fpm(?::\w+|)\s+(.*)$ ^libphp7.0-embed(?::\w+|)\s+(.*)$ ^php7.0-phpdbg(?::\w+|)\s+(.*)$ ^php7.0-curl(?::\w+|)\s+(.*)$ ^php7.0-ldap(?::\w+|)\s+(.*)$ ^php7.0-mbstring(?::\w+|)\s+(.*)$ ^php7.0-gmp(?::\w+|)\s+(.*)$ ^php7.0-sqlite3(?::\w+|)\s+(.*)$ ^php7.0-gd(?::\w+|)\s+(.*)$ ^php7.0-common(?::\w+|)\s+(.*)$ ^php7.0-enchant(?::\w+|)\s+(.*)$ ^php7.0-odbc(?::\w+|)\s+(.*)$ ^php7.0-cli(?::\w+|)\s+(.*)$ ^php7.0-json(?::\w+|)\s+(.*)$ ^php7.0-pgsql(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.0(?::\w+|)\s+(.*)$ ^php7.0-mysql(?::\w+|)\s+(.*)$ ^php7.0-dba(?::\w+|)\s+(.*)$ ^php7.0-sybase(?::\w+|)\s+(.*)$ ^php7.0-pspell(?::\w+|)\s+(.*)$ ^php7.0-interbase(?::\w+|)\s+(.*)$ ^php7.0-xml(?::\w+|)\s+(.*)$ ^php7.0-bz2(?::\w+|)\s+(.*)$ ^php7.0-recode(?::\w+|)\s+(.*)$ ^php7.0-zip(?::\w+|)\s+(.*)$ ^php7.0(?::\w+|)\s+(.*)$ ^php7.0-tidy(?::\w+|)\s+(.*)$ ^php7.0-soap(?::\w+|)\s+(.*)$ ^php7.0-opcache(?::\w+|)\s+(.*)$ ^php7.0-readline(?::\w+|)\s+(.*)$ ^php7.0-intl(?::\w+|)\s+(.*)$ ^php7.0-imap(?::\w+|)\s+(.*)$ ^php7.0-xmlrpc(?::\w+|)\s+(.*)$ ^php7.0-bcmath(?::\w+|)\s+(.*)$ ^php7.0-dev(?::\w+|)\s+(.*)$ ^php7.0-snmp(?::\w+|)\s+(.*)$ ^tcpflow-nox(?::\w+|)\s+(.*)$ ^tcpflow(?::\w+|)\s+(.*)$ ^libisccfg-export140-udeb(?::\w+|)\s+(.*)$ ^libisc160(?::\w+|)\s+(.*)$ ^libisccc-export140-udeb(?::\w+|)\s+(.*)$ ^libdns162(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^libisc-export160-udeb(?::\w+|)\s+(.*)$ ^liblwres141(?::\w+|)\s+(.*)$ ^libisccc-export140(?::\w+|)\s+(.*)$ ^libisccfg-export140(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^libisc-export160(?::\w+|)\s+(.*)$ ^libdns-export162-udeb(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libisccc140(?::\w+|)\s+(.*)$ ^host(?::\w+|)\s+(.*)$ ^libisccfg140(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^libdns-export162(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^libirs-export141-udeb(?::\w+|)\s+(.*)$ ^libbind9-140(?::\w+|)\s+(.*)$ ^libirs141(?::\w+|)\s+(.*)$ ^libirs-export141(?::\w+|)\s+(.*)$ ^lwresd(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-common(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^gstreamer0.10-plugins-base-apps(?::\w+|)\s+(.*)$ ^libgstreamer-plugins-base0.10-0(?::\w+|)\s+(.*)$ ^gir1.2-gst-plugins-base-0.10(?::\w+|)\s+(.*)$ ^gstreamer0.10-plugins-base(?::\w+|)\s+(.*)$ ^libgstreamer-plugins-base0.10-dev(?::\w+|)\s+(.*)$ ^gstreamer0.10-alsa(?::\w+|)\s+(.*)$ ^gstreamer0.10-x(?::\w+|)\s+(.*)$ ^gstreamer0.10-gnomevfs(?::\w+|)\s+(.*)$ ^gstreamer0.10-plugins-base-doc(?::\w+|)\s+(.*)$ ^libgstreamer-plugins-base1.0-dev(?::\w+|)\s+(.*)$ ^libgstreamer-plugins-base1.0-0(?::\w+|)\s+(.*)$ ^gstreamer1.0-x(?::\w+|)\s+(.*)$ ^gstreamer1.0-plugins-base-doc(?::\w+|)\s+(.*)$ ^gstreamer1.0-plugins-base(?::\w+|)\s+(.*)$ ^gir1.2-gst-plugins-base-1.0(?::\w+|)\s+(.*)$ ^gstreamer1.0-alsa(?::\w+|)\s+(.*)$ ^gstreamer1.0-plugins-base-apps(?::\w+|)\s+(.*)$ ^gir1.2-evince-3.0(?::\w+|)\s+(.*)$ ^libevview3-3(?::\w+|)\s+(.*)$ ^evince-common(?::\w+|)\s+(.*)$ ^libevince-dev(?::\w+|)\s+(.*)$ ^evince(?::\w+|)\s+(.*)$ ^libevdocument3-4(?::\w+|)\s+(.*)$ ^evince-gtk(?::\w+|)\s+(.*)$ ^sudo-ldap(?::\w+|)\s+(.*)$ ^sudo(?::\w+|)\s+(.*)$ ^hostapd(?::\w+|)\s+(.*)$ ^wpagui(?::\w+|)\s+(.*)$ ^wpasupplicant(?::\w+|)\s+(.*)$ ^wpasupplicant-udeb(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^postgresql-doc-9.5(?::\w+|)\s+(.*)$ ^postgresql-plperl-9.5(?::\w+|)\s+(.*)$ ^postgresql-server-dev-9.5(?::\w+|)\s+(.*)$ ^postgresql-9.5(?::\w+|)\s+(.*)$ ^postgresql-plpython-9.5(?::\w+|)\s+(.*)$ ^libecpg6(?::\w+|)\s+(.*)$ ^postgresql-client-9.5(?::\w+|)\s+(.*)$ ^libpq-dev(?::\w+|)\s+(.*)$ ^postgresql-contrib-9.5(?::\w+|)\s+(.*)$ ^libpgtypes3(?::\w+|)\s+(.*)$ ^libecpg-dev(?::\w+|)\s+(.*)$ ^postgresql-pltcl-9.5(?::\w+|)\s+(.*)$ ^libpq5(?::\w+|)\s+(.*)$ ^postgresql-plpython3-9.5(?::\w+|)\s+(.*)$ ^libecpg-compat3(?::\w+|)\s+(.*)$ ^vcftools(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^openjdk-8-jre-jamvm(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^intel-microcode(?::\w+|)\s+(.*)$ ^intel-microcode(?::\w+|)\s+(.*)$ ^intel-microcode(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-aarch64(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^libvirt0(?::\w+|)\s+(.*)$ ^libvirt-dev(?::\w+|)\s+(.*)$ ^libvirt-doc(?::\w+|)\s+(.*)$ ^libvirt-bin(?::\w+|)\s+(.*)$ ^libwsutil-dev(?::\w+|)\s+(.*)$ ^wireshark-dev(?::\w+|)\s+(.*)$ ^tshark(?::\w+|)\s+(.*)$ ^libwireshark-dev(?::\w+|)\s+(.*)$ ^libwiretap8(?::\w+|)\s+(.*)$ ^wireshark-qt(?::\w+|)\s+(.*)$ ^libwiretap-dev(?::\w+|)\s+(.*)$ ^libwscodecs2(?::\w+|)\s+(.*)$ ^wireshark-doc(?::\w+|)\s+(.*)$ ^wireshark-common(?::\w+|)\s+(.*)$ ^wireshark-gtk(?::\w+|)\s+(.*)$ ^libwireshark-data(?::\w+|)\s+(.*)$ ^libwireshark11(?::\w+|)\s+(.*)$ ^libwsutil9(?::\w+|)\s+(.*)$ ^wireshark(?::\w+|)\s+(.*)$ ^libraw-doc(?::\w+|)\s+(.*)$ ^libraw-bin(?::\w+|)\s+(.*)$ ^libraw-dev(?::\w+|)\s+(.*)$ ^libraw15(?::\w+|)\s+(.*)$ ^python-urllib3(?::\w+|)\s+(.*)$ ^python3-urllib3(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl3(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^keepalived(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-globalmenu(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^libecal1.2-dev(?::\w+|)\s+(.*)$ ^libedataserver-1.2-21(?::\w+|)\s+(.*)$ ^libebackend-1.2-10(?::\w+|)\s+(.*)$ ^libebook1.2-dev(?::\w+|)\s+(.*)$ ^libedata-cal1.2-dev(?::\w+|)\s+(.*)$ ^libcamel-1.2-54(?::\w+|)\s+(.*)$ ^libebook-contacts-1.2-2(?::\w+|)\s+(.*)$ ^libedata-book1.2-dev(?::\w+|)\s+(.*)$ ^libecal-1.2-19(?::\w+|)\s+(.*)$ ^evolution-data-server-online-accounts(?::\w+|)\s+(.*)$ ^libebackend1.2-dev(?::\w+|)\s+(.*)$ ^libcamel1.2-dev(?::\w+|)\s+(.*)$ ^libedataserverui-1.2-1(?::\w+|)\s+(.*)$ ^gir1.2-edataserver-1.2(?::\w+|)\s+(.*)$ ^libedataserver1.2-dev(?::\w+|)\s+(.*)$ ^libebook-contacts1.2-dev(?::\w+|)\s+(.*)$ ^gir1.2-ebookcontacts-1.2(?::\w+|)\s+(.*)$ ^libedata-book-1.2-25(?::\w+|)\s+(.*)$ ^evolution-data-server(?::\w+|)\s+(.*)$ ^evolution-data-server-common(?::\w+|)\s+(.*)$ ^libedataserverui1.2-dev(?::\w+|)\s+(.*)$ ^evolution-data-server-doc(?::\w+|)\s+(.*)$ ^libebook-1.2-16(?::\w+|)\s+(.*)$ ^evolution-data-server-dev(?::\w+|)\s+(.*)$ ^gir1.2-ebook-1.2(?::\w+|)\s+(.*)$ ^libedata-cal-1.2-28(?::\w+|)\s+(.*)$ ^libgnutls30(?::\w+|)\s+(.*)$ ^libgnutls28-dev(?::\w+|)\s+(.*)$ ^libgnutlsxx28(?::\w+|)\s+(.*)$ ^gnutls-doc(?::\w+|)\s+(.*)$ ^libgnutls-dev(?::\w+|)\s+(.*)$ ^gnutls-bin(?::\w+|)\s+(.*)$ ^guile-gnutls(?::\w+|)\s+(.*)$ ^libgnutls-openssl27(?::\w+|)\s+(.*)$ ^corosync-dev(?::\w+|)\s+(.*)$ ^corosync-notifyd(?::\w+|)\s+(.*)$ ^libcpg4(?::\w+|)\s+(.*)$ ^libcpg-dev(?::\w+|)\s+(.*)$ ^libsam4(?::\w+|)\s+(.*)$ ^libcmap4(?::\w+|)\s+(.*)$ ^libquorum-dev(?::\w+|)\s+(.*)$ ^libcorosync-common-dev(?::\w+|)\s+(.*)$ ^libsam-dev(?::\w+|)\s+(.*)$ ^libcmap-dev(?::\w+|)\s+(.*)$ ^libcfg-dev(?::\w+|)\s+(.*)$ ^libcfg6(?::\w+|)\s+(.*)$ ^corosync-doc(?::\w+|)\s+(.*)$ ^libvotequorum-dev(?::\w+|)\s+(.*)$ ^libvotequorum7(?::\w+|)\s+(.*)$ ^libcorosync-common4(?::\w+|)\s+(.*)$ ^libtotem-pg-dev(?::\w+|)\s+(.*)$ ^libquorum5(?::\w+|)\s+(.*)$ ^corosync(?::\w+|)\s+(.*)$ ^libtotem-pg5(?::\w+|)\s+(.*)$ ^libseccomp-dev(?::\w+|)\s+(.*)$ ^libseccomp2(?::\w+|)\s+(.*)$ ^seccomp(?::\w+|)\s+(.*)$ ^doxygen-gui(?::\w+|)\s+(.*)$ ^doxygen-latex(?::\w+|)\s+(.*)$ ^doxygen(?::\w+|)\s+(.*)$ ^doxygen-doc(?::\w+|)\s+(.*)$ ^libqt5libqgtk2(?::\w+|)\s+(.*)$ ^libqt5opengl5(?::\w+|)\s+(.*)$ ^libqt5widgets5(?::\w+|)\s+(.*)$ ^libqt5concurrent5(?::\w+|)\s+(.*)$ ^libqt5sql5-mysql(?::\w+|)\s+(.*)$ ^qtbase5-dev(?::\w+|)\s+(.*)$ ^libqt5sql5-sqlite(?::\w+|)\s+(.*)$ ^libqt5sql5-psql(?::\w+|)\s+(.*)$ ^libqt5core5a(?::\w+|)\s+(.*)$ ^libqt5network5(?::\w+|)\s+(.*)$ ^qt5-qmake-arm-linux-gnueabihf(?::\w+|)\s+(.*)$ ^libqt5sql5(?::\w+|)\s+(.*)$ ^libqt5dbus5(?::\w+|)\s+(.*)$ ^libqt5gui5(?::\w+|)\s+(.*)$ ^libqt5opengl5-dev(?::\w+|)\s+(.*)$ ^qtbase5-doc-html(?::\w+|)\s+(.*)$ ^qtbase5-dev-tools(?::\w+|)\s+(.*)$ ^qt5-qmake(?::\w+|)\s+(.*)$ ^libqt5sql5-tds(?::\w+|)\s+(.*)$ ^qtbase5-private-dev(?::\w+|)\s+(.*)$ ^libqt5printsupport5(?::\w+|)\s+(.*)$ ^libqt5xml5(?::\w+|)\s+(.*)$ ^qtbase5-examples(?::\w+|)\s+(.*)$ ^libqt5test5(?::\w+|)\s+(.*)$ ^libqt5sql5-odbc(?::\w+|)\s+(.*)$ ^qt5-default(?::\w+|)\s+(.*)$ ^db5.3-doc(?::\w+|)\s+(.*)$ ^libdb5.3-java-jni(?::\w+|)\s+(.*)$ ^libdb5.3-tcl(?::\w+|)\s+(.*)$ ^libdb5.3-java-dev(?::\w+|)\s+(.*)$ ^libdb5.3-dev(?::\w+|)\s+(.*)$ ^db5.3-util(?::\w+|)\s+(.*)$ ^libdb5.3-stl-dev(?::\w+|)\s+(.*)$ ^libdb5.3-sql(?::\w+|)\s+(.*)$ ^libdb5.3++-dev(?::\w+|)\s+(.*)$ ^db5.3-sql-util(?::\w+|)\s+(.*)$ ^libdb5.3(?::\w+|)\s+(.*)$ ^libdb5.3-stl(?::\w+|)\s+(.*)$ ^libdb5.3-java-gcj(?::\w+|)\s+(.*)$ ^libdb5.3-sql-dev(?::\w+|)\s+(.*)$ ^libdb5.3-java(?::\w+|)\s+(.*)$ ^libdb5.3++(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^apparmor-docs(?::\w+|)\s+(.*)$ ^python-apparmor(?::\w+|)\s+(.*)$ ^libapparmor-dev(?::\w+|)\s+(.*)$ ^libapparmor-perl(?::\w+|)\s+(.*)$ ^libapparmor1(?::\w+|)\s+(.*)$ ^apparmor-notify(?::\w+|)\s+(.*)$ ^apparmor-profiles(?::\w+|)\s+(.*)$ ^python3-libapparmor(?::\w+|)\s+(.*)$ ^python-libapparmor(?::\w+|)\s+(.*)$ ^libpam-apparmor(?::\w+|)\s+(.*)$ ^apparmor-easyprof(?::\w+|)\s+(.*)$ ^apparmor(?::\w+|)\s+(.*)$ ^python3-apparmor(?::\w+|)\s+(.*)$ ^apparmor-utils(?::\w+|)\s+(.*)$ ^libapache2-mod-apparmor(?::\w+|)\s+(.*)$ ^dh-apparmor(?::\w+|)\s+(.*)$ ^php7.0-cgi(?::\w+|)\s+(.*)$ ^php7.0-mcrypt(?::\w+|)\s+(.*)$ ^php7.0-xsl(?::\w+|)\s+(.*)$ ^php7.0-fpm(?::\w+|)\s+(.*)$ ^libphp7.0-embed(?::\w+|)\s+(.*)$ ^php7.0-cli(?::\w+|)\s+(.*)$ ^php7.0-curl(?::\w+|)\s+(.*)$ ^php7.0-ldap(?::\w+|)\s+(.*)$ ^php7.0-mbstring(?::\w+|)\s+(.*)$ ^php7.0-gmp(?::\w+|)\s+(.*)$ ^php7.0-sqlite3(?::\w+|)\s+(.*)$ ^php7.0-gd(?::\w+|)\s+(.*)$ ^php7.0-common(?::\w+|)\s+(.*)$ ^php7.0-enchant(?::\w+|)\s+(.*)$ ^php7.0-odbc(?::\w+|)\s+(.*)$ ^php7.0-phpdbg(?::\w+|)\s+(.*)$ ^php7.0-json(?::\w+|)\s+(.*)$ ^php7.0-pgsql(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.0(?::\w+|)\s+(.*)$ ^php7.0-imap(?::\w+|)\s+(.*)$ ^php7.0-dba(?::\w+|)\s+(.*)$ ^php7.0-sybase(?::\w+|)\s+(.*)$ ^php7.0-pspell(?::\w+|)\s+(.*)$ ^php7.0-interbase(?::\w+|)\s+(.*)$ ^php7.0-xml(?::\w+|)\s+(.*)$ ^php7.0-bz2(?::\w+|)\s+(.*)$ ^php7.0-recode(?::\w+|)\s+(.*)$ ^php7.0-zip(?::\w+|)\s+(.*)$ ^php7.0(?::\w+|)\s+(.*)$ ^php7.0-tidy(?::\w+|)\s+(.*)$ ^php7.0-soap(?::\w+|)\s+(.*)$ ^php7.0-opcache(?::\w+|)\s+(.*)$ ^php7.0-readline(?::\w+|)\s+(.*)$ ^php7.0-intl(?::\w+|)\s+(.*)$ ^php7.0-mysql(?::\w+|)\s+(.*)$ ^php7.0-xmlrpc(?::\w+|)\s+(.*)$ ^php7.0-bcmath(?::\w+|)\s+(.*)$ ^php7.0-dev(?::\w+|)\s+(.*)$ ^php7.0-snmp(?::\w+|)\s+(.*)$ ^python-jinja2(?::\w+|)\s+(.*)$ ^python-jinja2-doc(?::\w+|)\s+(.*)$ ^python3-jinja2(?::\w+|)\s+(.*)$ ^libasm1(?::\w+|)\s+(.*)$ ^libdw-dev(?::\w+|)\s+(.*)$ ^libelf1(?::\w+|)\s+(.*)$ ^libelf-dev(?::\w+|)\s+(.*)$ ^elfutils(?::\w+|)\s+(.*)$ ^libdw1(?::\w+|)\s+(.*)$ ^libasm-dev(?::\w+|)\s+(.*)$ ^libsndfile1(?::\w+|)\s+(.*)$ ^libsndfile1-dev(?::\w+|)\s+(.*)$ ^sndfile-programs(?::\w+|)\s+(.*)$ ^libglib2.0-0(?::\w+|)\s+(.*)$ ^libglib2.0-0-refdbg(?::\w+|)\s+(.*)$ ^libglib2.0-data(?::\w+|)\s+(.*)$ ^libglib2.0-udeb(?::\w+|)\s+(.*)$ ^libglib2.0-tests(?::\w+|)\s+(.*)$ ^libglib2.0-doc(?::\w+|)\s+(.*)$ ^libglib2.0-bin(?::\w+|)\s+(.*)$ ^libglib2.0-dev(?::\w+|)\s+(.*)$ ^dbus-1-doc(?::\w+|)\s+(.*)$ ^dbus(?::\w+|)\s+(.*)$ ^libdbus-1-dev(?::\w+|)\s+(.*)$ ^dbus-udeb(?::\w+|)\s+(.*)$ ^dbus-user-session(?::\w+|)\s+(.*)$ ^libdbus-1-3-udeb(?::\w+|)\s+(.*)$ ^dbus-x11(?::\w+|)\s+(.*)$ ^dbus-tests(?::\w+|)\s+(.*)$ ^libdbus-1-3(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-nox-py2(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-athena-py2(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-gtk3-py2(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-gtk-py2(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^vim-gnome-py2(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^lemon(?::\w+|)\s+(.*)$ ^sqlite3-doc(?::\w+|)\s+(.*)$ ^libsqlite3-0(?::\w+|)\s+(.*)$ ^libsqlite3-tcl(?::\w+|)\s+(.*)$ ^sqlite3(?::\w+|)\s+(.*)$ ^libsqlite3-dev(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^gunicorn3(?::\w+|)\s+(.*)$ ^gunicorn-examples(?::\w+|)\s+(.*)$ ^python3-gunicorn(?::\w+|)\s+(.*)$ ^python-gunicorn(?::\w+|)\s+(.*)$ ^gunicorn(?::\w+|)\s+(.*)$ ^mosquitto-dev(?::\w+|)\s+(.*)$ ^libmosquitto-dev(?::\w+|)\s+(.*)$ ^libmosquitto1(?::\w+|)\s+(.*)$ ^mosquitto(?::\w+|)\s+(.*)$ ^libmosquittopp1(?::\w+|)\s+(.*)$ ^libmosquittopp-dev(?::\w+|)\s+(.*)$ ^mosquitto-clients(?::\w+|)\s+(.*)$ ^gir1.2-evince-3.0(?::\w+|)\s+(.*)$ ^libevview3-3(?::\w+|)\s+(.*)$ ^evince-common(?::\w+|)\s+(.*)$ ^libevince-dev(?::\w+|)\s+(.*)$ ^evince(?::\w+|)\s+(.*)$ ^libevdocument3-4(?::\w+|)\s+(.*)$ ^evince-gtk(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-globalmenu(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^python-gluon(?::\w+|)\s+(.*)$ ^python-web2py(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-5v5(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2-extra(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-2(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2(?::\w+|)\s+(.*)$ ^ceph-fs-common(?::\w+|)\s+(.*)$ ^python-rbd(?::\w+|)\s+(.*)$ ^python-rados(?::\w+|)\s+(.*)$ ^ceph(?::\w+|)\s+(.*)$ ^ceph-test(?::\w+|)\s+(.*)$ ^rbd-mirror(?::\w+|)\s+(.*)$ ^rbd-nbd(?::\w+|)\s+(.*)$ ^librbd-dev(?::\w+|)\s+(.*)$ ^libradosstriper1(?::\w+|)\s+(.*)$ ^rbd-fuse(?::\w+|)\s+(.*)$ ^librados-dev(?::\w+|)\s+(.*)$ ^libcephfs-jni(?::\w+|)\s+(.*)$ ^libradosstriper-dev(?::\w+|)\s+(.*)$ ^librados2(?::\w+|)\s+(.*)$ ^libcephfs1(?::\w+|)\s+(.*)$ ^librgw2(?::\w+|)\s+(.*)$ ^ceph-mds(?::\w+|)\s+(.*)$ ^radosgw(?::\w+|)\s+(.*)$ ^librbd1(?::\w+|)\s+(.*)$ ^python-ceph(?::\w+|)\s+(.*)$ ^libcephfs-dev(?::\w+|)\s+(.*)$ ^librgw-dev(?::\w+|)\s+(.*)$ ^python-cephfs(?::\w+|)\s+(.*)$ ^ceph-fuse(?::\w+|)\s+(.*)$ ^ceph-common(?::\w+|)\s+(.*)$ ^libcephfs-java(?::\w+|)\s+(.*)$ ^ceph-resource-agents(?::\w+|)\s+(.*)$ ^neutron-plugin-linuxbridge-agent(?::\w+|)\s+(.*)$ ^neutron-linuxbridge-agent(?::\w+|)\s+(.*)$ ^neutron-bgp-dragent(?::\w+|)\s+(.*)$ ^neutron-metering-agent(?::\w+|)\s+(.*)$ ^neutron-plugin-ml2(?::\w+|)\s+(.*)$ ^neutron-server(?::\w+|)\s+(.*)$ ^neutron-plugin-openvswitch-agent(?::\w+|)\s+(.*)$ ^neutron-plugin-sriov-agent(?::\w+|)\s+(.*)$ ^neutron-l3-agent(?::\w+|)\s+(.*)$ ^neutron-dhcp-agent(?::\w+|)\s+(.*)$ ^neutron-sriov-agent(?::\w+|)\s+(.*)$ ^neutron-openvswitch-agent(?::\w+|)\s+(.*)$ ^neutron-metadata-agent(?::\w+|)\s+(.*)$ ^python-neutron(?::\w+|)\s+(.*)$ ^neutron-common(?::\w+|)\s+(.*)$ ^neutron-macvtap-agent(?::\w+|)\s+(.*)$ ^policykit-desktop-privileges(?::\w+|)\s+(.*)$ ^bzip2(?::\w+|)\s+(.*)$ ^bzip2-doc(?::\w+|)\s+(.*)$ ^libbz2-dev(?::\w+|)\s+(.*)$ ^libbz2-1.0(?::\w+|)\s+(.*)$ ^bzip2(?::\w+|)\s+(.*)$ ^bzip2-doc(?::\w+|)\s+(.*)$ ^libbz2-dev(?::\w+|)\s+(.*)$ ^libbz2-1.0(?::\w+|)\s+(.*)$ ^libexpat1(?::\w+|)\s+(.*)$ ^expat(?::\w+|)\s+(.*)$ ^libexpat1-dev(?::\w+|)\s+(.*)$ ^lib64expat1-dev(?::\w+|)\s+(.*)$ ^libexpat1-udeb(?::\w+|)\s+(.*)$ ^lib64expat1(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^libpoppler58(?::\w+|)\s+(.*)$ ^poppler-utils(?::\w+|)\s+(.*)$ ^libpoppler-qt5-1(?::\w+|)\s+(.*)$ ^libpoppler-cpp-dev(?::\w+|)\s+(.*)$ ^libpoppler-cpp0(?::\w+|)\s+(.*)$ ^gir1.2-poppler-0.18(?::\w+|)\s+(.*)$ ^libpoppler-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib8(?::\w+|)\s+(.*)$ ^libpoppler-private-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt4-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt4-4(?::\w+|)\s+(.*)$ ^libpoppler-qt5-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-doc(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^znc(?::\w+|)\s+(.*)$ ^znc-python(?::\w+|)\s+(.*)$ ^znc-tcl(?::\w+|)\s+(.*)$ ^znc-dev(?::\w+|)\s+(.*)$ ^znc-perl(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-globalmenu(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^irssi-dev(?::\w+|)\s+(.*)$ ^irssi(?::\w+|)\s+(.*)$ ^libvirt0(?::\w+|)\s+(.*)$ ^libvirt-dev(?::\w+|)\s+(.*)$ ^libvirt-doc(?::\w+|)\s+(.*)$ ^libvirt-bin(?::\w+|)\s+(.*)$ ^golang-github-docker-docker-dev(?::\w+|)\s+(.*)$ ^docker.io(?::\w+|)\s+(.*)$ ^golang-docker-dev(?::\w+|)\s+(.*)$ ^vim-syntax-docker(?::\w+|)\s+(.*)$ ^docker-doc(?::\w+|)\s+(.*)$ ^libglib2.0-0(?::\w+|)\s+(.*)$ ^libglib2.0-0-refdbg(?::\w+|)\s+(.*)$ ^libglib2.0-data(?::\w+|)\s+(.*)$ ^libglib2.0-udeb(?::\w+|)\s+(.*)$ ^libglib2.0-tests(?::\w+|)\s+(.*)$ ^libglib2.0-doc(?::\w+|)\s+(.*)$ ^libglib2.0-bin(?::\w+|)\s+(.*)$ ^libglib2.0-dev(?::\w+|)\s+(.*)$ ^libglib2.0-0(?::\w+|)\s+(.*)$ ^libglib2.0-0-refdbg(?::\w+|)\s+(.*)$ ^libglib2.0-data(?::\w+|)\s+(.*)$ ^libglib2.0-udeb(?::\w+|)\s+(.*)$ ^libglib2.0-tests(?::\w+|)\s+(.*)$ ^libglib2.0-doc(?::\w+|)\s+(.*)$ ^libglib2.0-bin(?::\w+|)\s+(.*)$ ^libglib2.0-dev(?::\w+|)\s+(.*)$ ^libzmq5(?::\w+|)\s+(.*)$ ^libzmq3-dev(?::\w+|)\s+(.*)$ ^python-apport(?::\w+|)\s+(.*)$ ^python3-problem-report(?::\w+|)\s+(.*)$ ^apport-kde(?::\w+|)\s+(.*)$ ^apport-retrace(?::\w+|)\s+(.*)$ ^apport-valgrind(?::\w+|)\s+(.*)$ ^python3-apport(?::\w+|)\s+(.*)$ ^dh-apport(?::\w+|)\s+(.*)$ ^apport-gtk(?::\w+|)\s+(.*)$ ^apport(?::\w+|)\s+(.*)$ ^python-problem-report(?::\w+|)\s+(.*)$ ^apport-noui(?::\w+|)\s+(.*)$ ^whoopsie(?::\w+|)\s+(.*)$ ^libwhoopsie0(?::\w+|)\s+(.*)$ ^libwhoopsie-dev(?::\w+|)\s+(.*)$ ^gvfs-backends(?::\w+|)\s+(.*)$ ^gvfs-libs(?::\w+|)\s+(.*)$ ^gvfs-daemons(?::\w+|)\s+(.*)$ ^gvfs-bin(?::\w+|)\s+(.*)$ ^gvfs-common(?::\w+|)\s+(.*)$ ^gvfs-fuse(?::\w+|)\s+(.*)$ ^gvfs(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^libflightcrew0v5(?::\w+|)\s+(.*)$ ^libflightcrew-dev(?::\w+|)\s+(.*)$ ^flightcrew(?::\w+|)\s+(.*)$ ^exiv2(?::\w+|)\s+(.*)$ ^libexiv2-14(?::\w+|)\s+(.*)$ ^libexiv2-doc(?::\w+|)\s+(.*)$ ^libexiv2-dev(?::\w+|)\s+(.*)$ ^libzipios++0v5(?::\w+|)\s+(.*)$ ^libzipios++-dev(?::\w+|)\s+(.*)$ ^libzipios++-doc(?::\w+|)\s+(.*)$ ^bash-builtins(?::\w+|)\s+(.*)$ ^bash-doc(?::\w+|)\s+(.*)$ ^bash(?::\w+|)\s+(.*)$ ^bash-static(?::\w+|)\s+(.*)$ ^squid-common(?::\w+|)\s+(.*)$ ^squid(?::\w+|)\s+(.*)$ ^squid-cgi(?::\w+|)\s+(.*)$ ^squid-purge(?::\w+|)\s+(.*)$ ^squidclient(?::\w+|)\s+(.*)$ ^squid3(?::\w+|)\s+(.*)$ ^libnss3-nssdb(?::\w+|)\s+(.*)$ ^libnss3-dev(?::\w+|)\s+(.*)$ ^libnss3(?::\w+|)\s+(.*)$ ^libnss3-1d(?::\w+|)\s+(.*)$ ^libnss3-tools(?::\w+|)\s+(.*)$ ^redis-tools(?::\w+|)\s+(.*)$ ^redis-server(?::\w+|)\s+(.*)$ ^redis-sentinel(?::\w+|)\s+(.*)$ ^libreoffice-mysql-connector(?::\w+|)\s+(.*)$ ^libreoffice-wiki-publisher(?::\w+|)\s+(.*)$ ^libreoffice-impress(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-postgresql(?::\w+|)\s+(.*)$ ^libreoffice-officebean(?::\w+|)\s+(.*)$ ^libreoffice-base(?::\w+|)\s+(.*)$ ^libreoffice-librelogo(?::\w+|)\s+(.*)$ ^libreoffice-java-common(?::\w+|)\s+(.*)$ ^gir1.2-lokdocview-0.1(?::\w+|)\s+(.*)$ ^libreoffice-subsequentcheckbase(?::\w+|)\s+(.*)$ ^libreoffice-style-elementary(?::\w+|)\s+(.*)$ ^libreoffice-kde(?::\w+|)\s+(.*)$ ^libreoffice-style-galaxy(?::\w+|)\s+(.*)$ ^libreoffice-style-hicontrast(?::\w+|)\s+(.*)$ ^libreoffice-core(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-bsh(?::\w+|)\s+(.*)$ ^libreoffice-avmedia-backend-gstreamer(?::\w+|)\s+(.*)$ ^libreofficekit-dev(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-python(?::\w+|)\s+(.*)$ ^libreoffice-common(?::\w+|)\s+(.*)$ ^libreoffice-gnome(?::\w+|)\s+(.*)$ ^libreoffice-dev(?::\w+|)\s+(.*)$ ^libreoffice-gtk3(?::\w+|)\s+(.*)$ ^libreoffice-report-builder(?::\w+|)\s+(.*)$ ^libreoffice-base-core(?::\w+|)\s+(.*)$ ^libreoffice-draw(?::\w+|)\s+(.*)$ ^libreoffice-ogltrans(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-hsqldb(?::\w+|)\s+(.*)$ ^libreoffice-gtk(?::\w+|)\s+(.*)$ ^libreoffice-calc(?::\w+|)\s+(.*)$ ^libreoffice-base-drivers(?::\w+|)\s+(.*)$ ^libreoffice-style-oxygen(?::\w+|)\s+(.*)$ ^libreoffice-style-tango(?::\w+|)\s+(.*)$ ^libreoffice-style-human(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-firebird(?::\w+|)\s+(.*)$ ^libreoffice-pdfimport(?::\w+|)\s+(.*)$ ^libreoffice-math(?::\w+|)\s+(.*)$ ^libreoffice-writer(?::\w+|)\s+(.*)$ ^libreoffice-report-builder-bin(?::\w+|)\s+(.*)$ ^libreoffice-dev-doc(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-js(?::\w+|)\s+(.*)$ ^libreoffice(?::\w+|)\s+(.*)$ ^libreoffice-style-sifr(?::\w+|)\s+(.*)$ ^libreoffice-style-breeze(?::\w+|)\s+(.*)$ ^libreoffice-l10n-in(?::\w+|)\s+(.*)$ ^libreoffice-l10n-za(?::\w+|)\s+(.*)$ ^python3-uno(?::\w+|)\s+(.*)$ ^fonts-opensymbol(?::\w+|)\s+(.*)$ ^uno-libs3(?::\w+|)\s+(.*)$ ^ure(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-globalmenu(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^squid-common(?::\w+|)\s+(.*)$ ^squid(?::\w+|)\s+(.*)$ ^squid-cgi(?::\w+|)\s+(.*)$ ^squid-purge(?::\w+|)\s+(.*)$ ^squidclient(?::\w+|)\s+(.*)$ ^squid3(?::\w+|)\s+(.*)$ ^libmspack0(?::\w+|)\s+(.*)$ ^libmspack-dev(?::\w+|)\s+(.*)$ ^libmspack-doc(?::\w+|)\s+(.*)$ ^gir1.2-evince-3.0(?::\w+|)\s+(.*)$ ^libevview3-3(?::\w+|)\s+(.*)$ ^evince-common(?::\w+|)\s+(.*)$ ^libevince-dev(?::\w+|)\s+(.*)$ ^evince(?::\w+|)\s+(.*)$ ^libevdocument3-4(?::\w+|)\s+(.*)$ ^evince-gtk(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-common(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^patch(?::\w+|)\s+(.*)$ ^ansible-node-fireball(?::\w+|)\s+(.*)$ ^ansible(?::\w+|)\s+(.*)$ ^ansible-fireball(?::\w+|)\s+(.*)$ ^libebml4v5(?::\w+|)\s+(.*)$ ^libebml-dev(?::\w+|)\s+(.*)$ ^exim4-dev(?::\w+|)\s+(.*)$ ^eximon4(?::\w+|)\s+(.*)$ ^exim4(?::\w+|)\s+(.*)$ ^exim4-daemon-light(?::\w+|)\s+(.*)$ ^exim4-config(?::\w+|)\s+(.*)$ ^exim4-daemon-heavy(?::\w+|)\s+(.*)$ ^exim4-base(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^tmpreaper(?::\w+|)\s+(.*)$ ^ldap-utils(?::\w+|)\s+(.*)$ ^libldap2-dev(?::\w+|)\s+(.*)$ ^libldap-2.4-2(?::\w+|)\s+(.*)$ ^slapd-smbk5pwd(?::\w+|)\s+(.*)$ ^slapd(?::\w+|)\s+(.*)$ ^libsox-fmt-mp3(?::\w+|)\s+(.*)$ ^libsox-fmt-pulse(?::\w+|)\s+(.*)$ ^libsox-fmt-ao(?::\w+|)\s+(.*)$ ^sox(?::\w+|)\s+(.*)$ ^libsox2(?::\w+|)\s+(.*)$ ^libsox-fmt-base(?::\w+|)\s+(.*)$ ^libsox-fmt-all(?::\w+|)\s+(.*)$ ^libsox-dev(?::\w+|)\s+(.*)$ ^libsox-fmt-alsa(?::\w+|)\s+(.*)$ ^libsox-fmt-oss(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^openjdk-8-jre-jamvm(?::\w+|)\s+(.*)$ ^libsvn-dev(?::\w+|)\s+(.*)$ ^ruby-svn(?::\w+|)\s+(.*)$ ^subversion-tools(?::\w+|)\s+(.*)$ ^libapache2-svn(?::\w+|)\s+(.*)$ ^libapache2-mod-svn(?::\w+|)\s+(.*)$ ^python-subversion(?::\w+|)\s+(.*)$ ^libsvn-java(?::\w+|)\s+(.*)$ ^subversion(?::\w+|)\s+(.*)$ ^libsvn-doc(?::\w+|)\s+(.*)$ ^libsvn1(?::\w+|)\s+(.*)$ ^libsvn-perl(?::\w+|)\s+(.*)$ ^libsvn-ruby1.8(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^sigil(?::\w+|)\s+(.*)$ ^sigil-data(?::\w+|)\s+(.*)$ ^ruby-rack(?::\w+|)\s+(.*)$ ^postgresql-doc-9.5(?::\w+|)\s+(.*)$ ^postgresql-plperl-9.5(?::\w+|)\s+(.*)$ ^postgresql-server-dev-9.5(?::\w+|)\s+(.*)$ ^postgresql-9.5(?::\w+|)\s+(.*)$ ^postgresql-plpython-9.5(?::\w+|)\s+(.*)$ ^libecpg6(?::\w+|)\s+(.*)$ ^postgresql-client-9.5(?::\w+|)\s+(.*)$ ^libpq5(?::\w+|)\s+(.*)$ ^postgresql-contrib-9.5(?::\w+|)\s+(.*)$ ^libpgtypes3(?::\w+|)\s+(.*)$ ^libecpg-dev(?::\w+|)\s+(.*)$ ^postgresql-pltcl-9.5(?::\w+|)\s+(.*)$ ^libpq-dev(?::\w+|)\s+(.*)$ ^postgresql-plpython3-9.5(?::\w+|)\s+(.*)$ ^libecpg-compat3(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^php7.0-cgi(?::\w+|)\s+(.*)$ ^php7.0-mcrypt(?::\w+|)\s+(.*)$ ^php7.0-xsl(?::\w+|)\s+(.*)$ ^php7.0-fpm(?::\w+|)\s+(.*)$ ^libphp7.0-embed(?::\w+|)\s+(.*)$ ^php7.0-phpdbg(?::\w+|)\s+(.*)$ ^php7.0-curl(?::\w+|)\s+(.*)$ ^php7.0-ldap(?::\w+|)\s+(.*)$ ^php7.0-mbstring(?::\w+|)\s+(.*)$ ^php7.0-gmp(?::\w+|)\s+(.*)$ ^php7.0-sqlite3(?::\w+|)\s+(.*)$ ^php7.0-gd(?::\w+|)\s+(.*)$ ^php7.0-common(?::\w+|)\s+(.*)$ ^php7.0-enchant(?::\w+|)\s+(.*)$ ^php7.0-odbc(?::\w+|)\s+(.*)$ ^php7.0-cli(?::\w+|)\s+(.*)$ ^php7.0-json(?::\w+|)\s+(.*)$ ^php7.0-pgsql(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.0(?::\w+|)\s+(.*)$ ^php7.0-mysql(?::\w+|)\s+(.*)$ ^php7.0-dba(?::\w+|)\s+(.*)$ ^php7.0-sybase(?::\w+|)\s+(.*)$ ^php7.0-pspell(?::\w+|)\s+(.*)$ ^php7.0-interbase(?::\w+|)\s+(.*)$ ^php7.0-xml(?::\w+|)\s+(.*)$ ^php7.0-bz2(?::\w+|)\s+(.*)$ ^php7.0-recode(?::\w+|)\s+(.*)$ ^php7.0-zip(?::\w+|)\s+(.*)$ ^php7.0(?::\w+|)\s+(.*)$ ^php7.0-tidy(?::\w+|)\s+(.*)$ ^php7.0-soap(?::\w+|)\s+(.*)$ ^php7.0-opcache(?::\w+|)\s+(.*)$ ^php7.0-readline(?::\w+|)\s+(.*)$ ^php7.0-intl(?::\w+|)\s+(.*)$ ^php7.0-imap(?::\w+|)\s+(.*)$ ^php7.0-xmlrpc(?::\w+|)\s+(.*)$ ^php7.0-bcmath(?::\w+|)\s+(.*)$ ^php7.0-dev(?::\w+|)\s+(.*)$ ^php7.0-snmp(?::\w+|)\s+(.*)$ ^nginx-extras(?::\w+|)\s+(.*)$ ^nginx-core(?::\w+|)\s+(.*)$ ^nginx-common(?::\w+|)\s+(.*)$ ^nginx-full(?::\w+|)\s+(.*)$ ^nginx(?::\w+|)\s+(.*)$ ^nginx-doc(?::\w+|)\s+(.*)$ ^nginx-light(?::\w+|)\s+(.*)$ ^libktexteditor4(?::\w+|)\s+(.*)$ ^libkde3support4(?::\w+|)\s+(.*)$ ^libkutils4(?::\w+|)\s+(.*)$ ^libkdeui5(?::\w+|)\s+(.*)$ ^libkprintutils4(?::\w+|)\s+(.*)$ ^kdelibs5-data(?::\w+|)\s+(.*)$ ^kdelibs-bin(?::\w+|)\s+(.*)$ ^libsolid4(?::\w+|)\s+(.*)$ ^libkdeclarative5(?::\w+|)\s+(.*)$ ^libknotifyconfig4(?::\w+|)\s+(.*)$ ^kdelibs5-plugins(?::\w+|)\s+(.*)$ ^libkdnssd4(?::\w+|)\s+(.*)$ ^libkhtml5(?::\w+|)\s+(.*)$ ^libkfile4(?::\w+|)\s+(.*)$ ^libkemoticons4(?::\w+|)\s+(.*)$ ^libkunitconversion4(?::\w+|)\s+(.*)$ ^libkidletime4(?::\w+|)\s+(.*)$ ^libkmediaplayer4(?::\w+|)\s+(.*)$ ^libplasma3(?::\w+|)\s+(.*)$ ^libkdecore5(?::\w+|)\s+(.*)$ ^libkntlm4(?::\w+|)\s+(.*)$ ^libkpty4(?::\w+|)\s+(.*)$ ^libknewstuff3-4(?::\w+|)\s+(.*)$ ^libkparts4(?::\w+|)\s+(.*)$ ^libkdewebkit5(?::\w+|)\s+(.*)$ ^libkrosscore4(?::\w+|)\s+(.*)$ ^kdelibs5-dev(?::\w+|)\s+(.*)$ ^libkio5(?::\w+|)\s+(.*)$ ^libkcmutils4(?::\w+|)\s+(.*)$ ^libknewstuff2-4(?::\w+|)\s+(.*)$ ^libkdesu5(?::\w+|)\s+(.*)$ ^libkrossui4(?::\w+|)\s+(.*)$ ^libkimproxy4(?::\w+|)\s+(.*)$ ^libthreadweaver4(?::\w+|)\s+(.*)$ ^libkjsembed4(?::\w+|)\s+(.*)$ ^kdoctools(?::\w+|)\s+(.*)$ ^libkjsapi4(?::\w+|)\s+(.*)$ ^libkf5configgui5(?::\w+|)\s+(.*)$ ^libkf5config-bin(?::\w+|)\s+(.*)$ ^libkf5config-bin-dev(?::\w+|)\s+(.*)$ ^libkf5configcore5(?::\w+|)\s+(.*)$ ^libkf5config-dev(?::\w+|)\s+(.*)$ ^libkf5config-data(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^libreoffice-mysql-connector(?::\w+|)\s+(.*)$ ^libreoffice-wiki-publisher(?::\w+|)\s+(.*)$ ^libreoffice-impress(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-postgresql(?::\w+|)\s+(.*)$ ^libreoffice-officebean(?::\w+|)\s+(.*)$ ^libreoffice-base(?::\w+|)\s+(.*)$ ^libreoffice-librelogo(?::\w+|)\s+(.*)$ ^libreoffice-java-common(?::\w+|)\s+(.*)$ ^gir1.2-lokdocview-0.1(?::\w+|)\s+(.*)$ ^libreoffice-subsequentcheckbase(?::\w+|)\s+(.*)$ ^libreoffice-style-elementary(?::\w+|)\s+(.*)$ ^libreoffice-kde(?::\w+|)\s+(.*)$ ^libreoffice-style-galaxy(?::\w+|)\s+(.*)$ ^libreoffice-style-hicontrast(?::\w+|)\s+(.*)$ ^libreoffice-core(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-bsh(?::\w+|)\s+(.*)$ ^libreoffice-avmedia-backend-gstreamer(?::\w+|)\s+(.*)$ ^libreofficekit-dev(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-python(?::\w+|)\s+(.*)$ ^libreoffice-common(?::\w+|)\s+(.*)$ ^libreoffice-gnome(?::\w+|)\s+(.*)$ ^libreoffice-dev(?::\w+|)\s+(.*)$ ^libreoffice-gtk3(?::\w+|)\s+(.*)$ ^libreoffice-report-builder(?::\w+|)\s+(.*)$ ^libreoffice-base-core(?::\w+|)\s+(.*)$ ^libreoffice-draw(?::\w+|)\s+(.*)$ ^libreoffice-ogltrans(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-hsqldb(?::\w+|)\s+(.*)$ ^libreoffice-gtk(?::\w+|)\s+(.*)$ ^libreoffice-calc(?::\w+|)\s+(.*)$ ^libreoffice-base-drivers(?::\w+|)\s+(.*)$ ^libreoffice-style-oxygen(?::\w+|)\s+(.*)$ ^libreoffice-style-tango(?::\w+|)\s+(.*)$ ^libreoffice-style-human(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-firebird(?::\w+|)\s+(.*)$ ^libreoffice-pdfimport(?::\w+|)\s+(.*)$ ^libreoffice-math(?::\w+|)\s+(.*)$ ^libreoffice-writer(?::\w+|)\s+(.*)$ ^libreoffice-report-builder-bin(?::\w+|)\s+(.*)$ ^libreoffice-dev-doc(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-js(?::\w+|)\s+(.*)$ ^libreoffice(?::\w+|)\s+(.*)$ ^libreoffice-style-sifr(?::\w+|)\s+(.*)$ ^libreoffice-style-breeze(?::\w+|)\s+(.*)$ ^libreoffice-l10n-in(?::\w+|)\s+(.*)$ ^libreoffice-l10n-za(?::\w+|)\s+(.*)$ ^python3-uno(?::\w+|)\s+(.*)$ ^fonts-opensymbol(?::\w+|)\s+(.*)$ ^uno-libs3(?::\w+|)\s+(.*)$ ^ure(?::\w+|)\s+(.*)$ ^golang-github-docker-docker-dev(?::\w+|)\s+(.*)$ ^docker.io(?::\w+|)\s+(.*)$ ^golang-docker-dev(?::\w+|)\s+(.*)$ ^vim-syntax-docker(?::\w+|)\s+(.*)$ ^docker-doc(?::\w+|)\s+(.*)$ ^nova-api(?::\w+|)\s+(.*)$ ^nova-common(?::\w+|)\s+(.*)$ ^nova-compute-xen(?::\w+|)\s+(.*)$ ^nova-api-os-compute(?::\w+|)\s+(.*)$ ^nova-novncproxy(?::\w+|)\s+(.*)$ ^nova-serialproxy(?::\w+|)\s+(.*)$ ^nova-api-os-volume(?::\w+|)\s+(.*)$ ^nova-compute-lxc(?::\w+|)\s+(.*)$ ^nova-consoleauth(?::\w+|)\s+(.*)$ ^python-nova(?::\w+|)\s+(.*)$ ^nova-network(?::\w+|)\s+(.*)$ ^nova-api-metadata(?::\w+|)\s+(.*)$ ^nova-compute-libvirt(?::\w+|)\s+(.*)$ ^nova-compute-kvm(?::\w+|)\s+(.*)$ ^nova-xvpvncproxy(?::\w+|)\s+(.*)$ ^nova-doc(?::\w+|)\s+(.*)$ ^nova-conductor(?::\w+|)\s+(.*)$ ^nova-volume(?::\w+|)\s+(.*)$ ^nova-compute-vmware(?::\w+|)\s+(.*)$ ^nova-spiceproxy(?::\w+|)\s+(.*)$ ^nova-scheduler(?::\w+|)\s+(.*)$ ^nova-console(?::\w+|)\s+(.*)$ ^nova-ajax-console-proxy(?::\w+|)\s+(.*)$ ^nova-cert(?::\w+|)\s+(.*)$ ^nova-compute(?::\w+|)\s+(.*)$ ^nova-compute-qemu(?::\w+|)\s+(.*)$ ^nova-cells(?::\w+|)\s+(.*)$ ^libcupscgi1(?::\w+|)\s+(.*)$ ^libcups2-dev(?::\w+|)\s+(.*)$ ^cups-bsd(?::\w+|)\s+(.*)$ ^cups-common(?::\w+|)\s+(.*)$ ^cups-core-drivers(?::\w+|)\s+(.*)$ ^cups-server-common(?::\w+|)\s+(.*)$ ^libcupsimage2(?::\w+|)\s+(.*)$ ^cups-client(?::\w+|)\s+(.*)$ ^libcupscgi1-dev(?::\w+|)\s+(.*)$ ^libcupsimage2-dev(?::\w+|)\s+(.*)$ ^cups-ipp-utils(?::\w+|)\s+(.*)$ ^libcups2(?::\w+|)\s+(.*)$ ^libcupsmime1-dev(?::\w+|)\s+(.*)$ ^cups-ppdc(?::\w+|)\s+(.*)$ ^libcupsppdc1(?::\w+|)\s+(.*)$ ^libcupsmime1(?::\w+|)\s+(.*)$ ^libcupsppdc1-dev(?::\w+|)\s+(.*)$ ^cups(?::\w+|)\s+(.*)$ ^cups-daemon(?::\w+|)\s+(.*)$ ^python-nltk(?::\w+|)\s+(.*)$ ^python3-nltk(?::\w+|)\s+(.*)$ ^libgif7(?::\w+|)\s+(.*)$ ^libgif-dev(?::\w+|)\s+(.*)$ ^giflib-tools(?::\w+|)\s+(.*)$ ^dovecot-pgsql(?::\w+|)\s+(.*)$ ^dovecot-mysql(?::\w+|)\s+(.*)$ ^dovecot-sieve(?::\w+|)\s+(.*)$ ^dovecot-core(?::\w+|)\s+(.*)$ ^dovecot-ldap(?::\w+|)\s+(.*)$ ^dovecot-sqlite(?::\w+|)\s+(.*)$ ^dovecot-dev(?::\w+|)\s+(.*)$ ^dovecot-pop3d(?::\w+|)\s+(.*)$ ^dovecot-imapd(?::\w+|)\s+(.*)$ ^dovecot-managesieved(?::\w+|)\s+(.*)$ ^dovecot-lucene(?::\w+|)\s+(.*)$ ^mail-stack-delivery(?::\w+|)\s+(.*)$ ^dovecot-gssapi(?::\w+|)\s+(.*)$ ^dovecot-solr(?::\w+|)\s+(.*)$ ^dovecot-lmtpd(?::\w+|)\s+(.*)$ ^dovecot-pgsql(?::\w+|)\s+(.*)$ ^dovecot-mysql(?::\w+|)\s+(.*)$ ^dovecot-sieve(?::\w+|)\s+(.*)$ ^dovecot-core(?::\w+|)\s+(.*)$ ^dovecot-ldap(?::\w+|)\s+(.*)$ ^dovecot-sqlite(?::\w+|)\s+(.*)$ ^dovecot-dev(?::\w+|)\s+(.*)$ ^dovecot-pop3d(?::\w+|)\s+(.*)$ ^dovecot-imapd(?::\w+|)\s+(.*)$ ^dovecot-managesieved(?::\w+|)\s+(.*)$ ^dovecot-lucene(?::\w+|)\s+(.*)$ ^mail-stack-delivery(?::\w+|)\s+(.*)$ ^dovecot-gssapi(?::\w+|)\s+(.*)$ ^dovecot-solr(?::\w+|)\s+(.*)$ ^dovecot-lmtpd(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^exim4-dev(?::\w+|)\s+(.*)$ ^eximon4(?::\w+|)\s+(.*)$ ^exim4(?::\w+|)\s+(.*)$ ^exim4-daemon-light(?::\w+|)\s+(.*)$ ^exim4-config(?::\w+|)\s+(.*)$ ^exim4-daemon-heavy(?::\w+|)\s+(.*)$ ^exim4-base(?::\w+|)\s+(.*)$ ^memcached(?::\w+|)\s+(.*)$ ^libfreetype6-dev(?::\w+|)\s+(.*)$ ^libfreetype6-udeb(?::\w+|)\s+(.*)$ ^freetype2-demos(?::\w+|)\s+(.*)$ ^libfreetype6(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^libpython3.5-stdlib(?::\w+|)\s+(.*)$ ^python3.5-venv(?::\w+|)\s+(.*)$ ^python3.5-doc(?::\w+|)\s+(.*)$ ^python3.5-dev(?::\w+|)\s+(.*)$ ^libpython3.5-dev(?::\w+|)\s+(.*)$ ^libpython3.5-minimal(?::\w+|)\s+(.*)$ ^python3.5(?::\w+|)\s+(.*)$ ^idle-python3.5(?::\w+|)\s+(.*)$ ^libpython3.5-testsuite(?::\w+|)\s+(.*)$ ^python3.5-examples(?::\w+|)\s+(.*)$ ^python3.5-minimal(?::\w+|)\s+(.*)$ ^libpython3.5(?::\w+|)\s+(.*)$ ^tomcat8-docs(?::\w+|)\s+(.*)$ ^tomcat8-user(?::\w+|)\s+(.*)$ ^libservlet3.1-java(?::\w+|)\s+(.*)$ ^libservlet3.1-java-doc(?::\w+|)\s+(.*)$ ^tomcat8-examples(?::\w+|)\s+(.*)$ ^tomcat8-admin(?::\w+|)\s+(.*)$ ^libtomcat8-java(?::\w+|)\s+(.*)$ ^tomcat8-common(?::\w+|)\s+(.*)$ ^tomcat8(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl3(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^libexpat1(?::\w+|)\s+(.*)$ ^expat(?::\w+|)\s+(.*)$ ^libexpat1-dev(?::\w+|)\s+(.*)$ ^lib64expat1-dev(?::\w+|)\s+(.*)$ ^libexpat1-udeb(?::\w+|)\s+(.*)$ ^lib64expat1(?::\w+|)\s+(.*)$ ^libwsutil-dev(?::\w+|)\s+(.*)$ ^wireshark-dev(?::\w+|)\s+(.*)$ ^tshark(?::\w+|)\s+(.*)$ ^libwireshark-dev(?::\w+|)\s+(.*)$ ^wireshark-qt(?::\w+|)\s+(.*)$ ^libwiretap-dev(?::\w+|)\s+(.*)$ ^wireshark-gtk(?::\w+|)\s+(.*)$ ^libwscodecs2(?::\w+|)\s+(.*)$ ^wireshark-doc(?::\w+|)\s+(.*)$ ^wireshark-common(?::\w+|)\s+(.*)$ ^libwiretap8(?::\w+|)\s+(.*)$ ^libwireshark-data(?::\w+|)\s+(.*)$ ^libwireshark11(?::\w+|)\s+(.*)$ ^libwsutil9(?::\w+|)\s+(.*)$ ^wireshark(?::\w+|)\s+(.*)$ ^ibus-wayland(?::\w+|)\s+(.*)$ ^ibus-doc(?::\w+|)\s+(.*)$ ^gir1.2-ibus-1.0(?::\w+|)\s+(.*)$ ^ibus(?::\w+|)\s+(.*)$ ^ibus-gtk(?::\w+|)\s+(.*)$ ^ibus-gtk3(?::\w+|)\s+(.*)$ ^libibus-1.0-5(?::\w+|)\s+(.*)$ ^libibus-1.0-dev(?::\w+|)\s+(.*)$ ^ibus-gtk(?::\w+|)\s+(.*)$ ^ibus-wayland(?::\w+|)\s+(.*)$ ^ibus(?::\w+|)\s+(.*)$ ^libibus-1.0-5(?::\w+|)\s+(.*)$ ^gir1.2-ibus-1.0(?::\w+|)\s+(.*)$ ^libibus-1.0-dev(?::\w+|)\s+(.*)$ ^ibus-gtk3(?::\w+|)\s+(.*)$ ^ibus-doc(?::\w+|)\s+(.*)$ ^ibus-wayland(?::\w+|)\s+(.*)$ ^ibus-doc(?::\w+|)\s+(.*)$ ^gir1.2-ibus-1.0(?::\w+|)\s+(.*)$ ^ibus(?::\w+|)\s+(.*)$ ^ibus-gtk(?::\w+|)\s+(.*)$ ^ibus-gtk3(?::\w+|)\s+(.*)$ ^libibus-1.0-5(?::\w+|)\s+(.*)$ ^libibus-1.0-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^hostapd(?::\w+|)\s+(.*)$ ^wpagui(?::\w+|)\s+(.*)$ ^wpasupplicant(?::\w+|)\s+(.*)$ ^wpasupplicant-udeb(?::\w+|)\s+(.*)$ ^libreoffice-mysql-connector(?::\w+|)\s+(.*)$ ^libreoffice-wiki-publisher(?::\w+|)\s+(.*)$ ^libreoffice-impress(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-postgresql(?::\w+|)\s+(.*)$ ^libreoffice-officebean(?::\w+|)\s+(.*)$ ^libreoffice-base(?::\w+|)\s+(.*)$ ^libreoffice-librelogo(?::\w+|)\s+(.*)$ ^libreoffice-java-common(?::\w+|)\s+(.*)$ ^gir1.2-lokdocview-0.1(?::\w+|)\s+(.*)$ ^libreoffice-subsequentcheckbase(?::\w+|)\s+(.*)$ ^libreoffice-style-elementary(?::\w+|)\s+(.*)$ ^libreoffice-kde(?::\w+|)\s+(.*)$ ^libreoffice-style-galaxy(?::\w+|)\s+(.*)$ ^libreoffice-style-hicontrast(?::\w+|)\s+(.*)$ ^libreoffice-core(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-bsh(?::\w+|)\s+(.*)$ ^libreoffice-avmedia-backend-gstreamer(?::\w+|)\s+(.*)$ ^libreofficekit-dev(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-python(?::\w+|)\s+(.*)$ ^libreoffice-common(?::\w+|)\s+(.*)$ ^libreoffice-gnome(?::\w+|)\s+(.*)$ ^libreoffice-dev(?::\w+|)\s+(.*)$ ^libreoffice-gtk3(?::\w+|)\s+(.*)$ ^libreoffice-report-builder(?::\w+|)\s+(.*)$ ^libreoffice-base-core(?::\w+|)\s+(.*)$ ^libreoffice-draw(?::\w+|)\s+(.*)$ ^libreoffice-ogltrans(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-hsqldb(?::\w+|)\s+(.*)$ ^libreoffice-gtk(?::\w+|)\s+(.*)$ ^libreoffice-calc(?::\w+|)\s+(.*)$ ^libreoffice-base-drivers(?::\w+|)\s+(.*)$ ^libreoffice-style-oxygen(?::\w+|)\s+(.*)$ ^libreoffice-style-tango(?::\w+|)\s+(.*)$ ^libreoffice-style-human(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-firebird(?::\w+|)\s+(.*)$ ^libreoffice-pdfimport(?::\w+|)\s+(.*)$ ^libreoffice-math(?::\w+|)\s+(.*)$ ^libreoffice-writer(?::\w+|)\s+(.*)$ ^libreoffice-report-builder-bin(?::\w+|)\s+(.*)$ ^libreoffice-dev-doc(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-js(?::\w+|)\s+(.*)$ ^libreoffice(?::\w+|)\s+(.*)$ ^libreoffice-style-sifr(?::\w+|)\s+(.*)$ ^libreoffice-style-breeze(?::\w+|)\s+(.*)$ ^libreoffice-l10n-in(?::\w+|)\s+(.*)$ ^libreoffice-l10n-za(?::\w+|)\s+(.*)$ ^python3-uno(?::\w+|)\s+(.*)$ ^fonts-opensymbol(?::\w+|)\s+(.*)$ ^uno-libs3(?::\w+|)\s+(.*)$ ^ure(?::\w+|)\s+(.*)$ ^file-roller(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^libss2(?::\w+|)\s+(.*)$ ^e2fslibs-dev(?::\w+|)\s+(.*)$ ^e2fsprogs(?::\w+|)\s+(.*)$ ^e2fsck-static(?::\w+|)\s+(.*)$ ^e2fslibs(?::\w+|)\s+(.*)$ ^e2fsprogs-udeb(?::\w+|)\s+(.*)$ ^libcomerr2(?::\w+|)\s+(.*)$ ^ss-dev(?::\w+|)\s+(.*)$ ^comerr-dev(?::\w+|)\s+(.*)$ ^libsdl2-dev(?::\w+|)\s+(.*)$ ^libsdl2-doc(?::\w+|)\s+(.*)$ ^libsdl2-2.0-0(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^libclamav-dev(?::\w+|)\s+(.*)$ ^clamav-testfiles(?::\w+|)\s+(.*)$ ^clamav-base(?::\w+|)\s+(.*)$ ^clamav(?::\w+|)\s+(.*)$ ^clamav-daemon(?::\w+|)\s+(.*)$ ^clamav-milter(?::\w+|)\s+(.*)$ ^clamav-docs(?::\w+|)\s+(.*)$ ^clamav-freshclam(?::\w+|)\s+(.*)$ ^libclamav9(?::\w+|)\s+(.*)$ ^clamdscan(?::\w+|)\s+(.*)$ ^libopenexr-dev(?::\w+|)\s+(.*)$ ^openexr(?::\w+|)\s+(.*)$ ^libopenexr22(?::\w+|)\s+(.*)$ ^openexr-doc(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-globalmenu(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^libpython3.5-stdlib(?::\w+|)\s+(.*)$ ^python3.5-venv(?::\w+|)\s+(.*)$ ^python3.5-doc(?::\w+|)\s+(.*)$ ^python3.5-dev(?::\w+|)\s+(.*)$ ^libpython3.5-dev(?::\w+|)\s+(.*)$ ^libpython3.5-minimal(?::\w+|)\s+(.*)$ ^python3.5(?::\w+|)\s+(.*)$ ^idle-python3.5(?::\w+|)\s+(.*)$ ^libpython3.5-testsuite(?::\w+|)\s+(.*)$ ^python3.5-examples(?::\w+|)\s+(.*)$ ^python3.5-minimal(?::\w+|)\s+(.*)$ ^libpython3.5(?::\w+|)\s+(.*)$ ^sudo-ldap(?::\w+|)\s+(.*)$ ^sudo(?::\w+|)\s+(.*)$ ^libaspell15(?::\w+|)\s+(.*)$ ^aspell-doc(?::\w+|)\s+(.*)$ ^aspell(?::\w+|)\s+(.*)$ ^libpspell-dev(?::\w+|)\s+(.*)$ ^libaspell-dev(?::\w+|)\s+(.*)$ ^libsdl1.2debian(?::\w+|)\s+(.*)$ ^libsdl1.2-dev(?::\w+|)\s+(.*)$ ^libtiff-opengl(?::\w+|)\s+(.*)$ ^libtiff-tools(?::\w+|)\s+(.*)$ ^libtiff5-dev(?::\w+|)\s+(.*)$ ^libtiff5(?::\w+|)\s+(.*)$ ^libtiffxx5(?::\w+|)\s+(.*)$ ^libtiff-doc(?::\w+|)\s+(.*)$ ^exiv2(?::\w+|)\s+(.*)$ ^libexiv2-14(?::\w+|)\s+(.*)$ ^libexiv2-doc(?::\w+|)\s+(.*)$ ^libexiv2-dev(?::\w+|)\s+(.*)$ ^libc-client2007e(?::\w+|)\s+(.*)$ ^uw-mailutils(?::\w+|)\s+(.*)$ ^libc-client2007e-dev(?::\w+|)\s+(.*)$ ^mlock(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^python-libxslt1(?::\w+|)\s+(.*)$ ^libxslt1-dev(?::\w+|)\s+(.*)$ ^libxslt1.1(?::\w+|)\s+(.*)$ ^xsltproc(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^php7.0-cgi(?::\w+|)\s+(.*)$ ^php7.0-mcrypt(?::\w+|)\s+(.*)$ ^php7.0-xsl(?::\w+|)\s+(.*)$ ^php7.0-fpm(?::\w+|)\s+(.*)$ ^libphp7.0-embed(?::\w+|)\s+(.*)$ ^php7.0-phpdbg(?::\w+|)\s+(.*)$ ^php7.0-curl(?::\w+|)\s+(.*)$ ^php7.0-ldap(?::\w+|)\s+(.*)$ ^php7.0-mbstring(?::\w+|)\s+(.*)$ ^php7.0-gmp(?::\w+|)\s+(.*)$ ^php7.0-sqlite3(?::\w+|)\s+(.*)$ ^php7.0-gd(?::\w+|)\s+(.*)$ ^php7.0-common(?::\w+|)\s+(.*)$ ^php7.0-enchant(?::\w+|)\s+(.*)$ ^php7.0-odbc(?::\w+|)\s+(.*)$ ^php7.0-cli(?::\w+|)\s+(.*)$ ^php7.0-json(?::\w+|)\s+(.*)$ ^php7.0-pgsql(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.0(?::\w+|)\s+(.*)$ ^php7.0-mysql(?::\w+|)\s+(.*)$ ^php7.0-dba(?::\w+|)\s+(.*)$ ^php7.0-sybase(?::\w+|)\s+(.*)$ ^php7.0-pspell(?::\w+|)\s+(.*)$ ^php7.0-interbase(?::\w+|)\s+(.*)$ ^php7.0-xml(?::\w+|)\s+(.*)$ ^php7.0-bz2(?::\w+|)\s+(.*)$ ^php7.0-recode(?::\w+|)\s+(.*)$ ^php7.0-zip(?::\w+|)\s+(.*)$ ^php7.0(?::\w+|)\s+(.*)$ ^php7.0-tidy(?::\w+|)\s+(.*)$ ^php7.0-soap(?::\w+|)\s+(.*)$ ^php7.0-opcache(?::\w+|)\s+(.*)$ ^php7.0-readline(?::\w+|)\s+(.*)$ ^php7.0-intl(?::\w+|)\s+(.*)$ ^php7.0-imap(?::\w+|)\s+(.*)$ ^php7.0-xmlrpc(?::\w+|)\s+(.*)$ ^php7.0-bcmath(?::\w+|)\s+(.*)$ ^php7.0-dev(?::\w+|)\s+(.*)$ ^php7.0-snmp(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^bsdcpio(?::\w+|)\s+(.*)$ ^libarchive13(?::\w+|)\s+(.*)$ ^bsdtar(?::\w+|)\s+(.*)$ ^libarchive-dev(?::\w+|)\s+(.*)$ ^whoopsie(?::\w+|)\s+(.*)$ ^libwhoopsie0(?::\w+|)\s+(.*)$ ^libwhoopsie-dev(?::\w+|)\s+(.*)$ ^whoopsie(?::\w+|)\s+(.*)$ ^libwhoopsie0(?::\w+|)\s+(.*)$ ^libwhoopsie-dev(?::\w+|)\s+(.*)$ ^whoopsie(?::\w+|)\s+(.*)$ ^libwhoopsie0(?::\w+|)\s+(.*)$ ^libwhoopsie-dev(?::\w+|)\s+(.*)$ ^python-apport(?::\w+|)\s+(.*)$ ^python3-problem-report(?::\w+|)\s+(.*)$ ^apport-kde(?::\w+|)\s+(.*)$ ^apport-retrace(?::\w+|)\s+(.*)$ ^apport-valgrind(?::\w+|)\s+(.*)$ ^python3-apport(?::\w+|)\s+(.*)$ ^dh-apport(?::\w+|)\s+(.*)$ ^apport-gtk(?::\w+|)\s+(.*)$ ^apport(?::\w+|)\s+(.*)$ ^python-problem-report(?::\w+|)\s+(.*)$ ^apport-noui(?::\w+|)\s+(.*)$ ^python-apport(?::\w+|)\s+(.*)$ ^python3-problem-report(?::\w+|)\s+(.*)$ ^apport-kde(?::\w+|)\s+(.*)$ ^apport-retrace(?::\w+|)\s+(.*)$ ^apport-valgrind(?::\w+|)\s+(.*)$ ^python3-apport(?::\w+|)\s+(.*)$ ^dh-apport(?::\w+|)\s+(.*)$ ^apport-gtk(?::\w+|)\s+(.*)$ ^apport(?::\w+|)\s+(.*)$ ^python-problem-report(?::\w+|)\s+(.*)$ ^apport-noui(?::\w+|)\s+(.*)$ ^python-apport(?::\w+|)\s+(.*)$ ^python3-problem-report(?::\w+|)\s+(.*)$ ^apport-kde(?::\w+|)\s+(.*)$ ^apport-retrace(?::\w+|)\s+(.*)$ ^apport-valgrind(?::\w+|)\s+(.*)$ ^python3-apport(?::\w+|)\s+(.*)$ ^dh-apport(?::\w+|)\s+(.*)$ ^apport-gtk(?::\w+|)\s+(.*)$ ^apport(?::\w+|)\s+(.*)$ ^python-problem-report(?::\w+|)\s+(.*)$ ^apport-noui(?::\w+|)\s+(.*)$ ^python-apport(?::\w+|)\s+(.*)$ ^python3-problem-report(?::\w+|)\s+(.*)$ ^apport-kde(?::\w+|)\s+(.*)$ ^apport-retrace(?::\w+|)\s+(.*)$ ^apport-valgrind(?::\w+|)\s+(.*)$ ^python3-apport(?::\w+|)\s+(.*)$ ^dh-apport(?::\w+|)\s+(.*)$ ^apport-gtk(?::\w+|)\s+(.*)$ ^apport(?::\w+|)\s+(.*)$ ^python-problem-report(?::\w+|)\s+(.*)$ ^apport-noui(?::\w+|)\s+(.*)$ ^libmagic-dev(?::\w+|)\s+(.*)$ ^python-magic(?::\w+|)\s+(.*)$ ^libmagic1(?::\w+|)\s+(.*)$ ^python3-magic(?::\w+|)\s+(.*)$ ^file(?::\w+|)\s+(.*)$ ^haproxy(?::\w+|)\s+(.*)$ ^haproxy-doc(?::\w+|)\s+(.*)$ ^vim-haproxy(?::\w+|)\s+(.*)$ ^ruby-nokogiri(?::\w+|)\s+(.*)$ ^cpio(?::\w+|)\s+(.*)$ ^intel-microcode(?::\w+|)\s+(.*)$ ^intel-microcode(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^libjpeg-turbo8(?::\w+|)\s+(.*)$ ^libjpeg-turbo-test(?::\w+|)\s+(.*)$ ^libjpeg-turbo8-dev(?::\w+|)\s+(.*)$ ^libturbojpeg(?::\w+|)\s+(.*)$ ^libjpeg-turbo-progs(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-aarch64(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-5v5(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2-extra(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-2(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^postgresql-server-dev-all(?::\w+|)\s+(.*)$ ^postgresql-client-common(?::\w+|)\s+(.*)$ ^postgresql-common(?::\w+|)\s+(.*)$ ^postgresql(?::\w+|)\s+(.*)$ ^postgresql-contrib(?::\w+|)\s+(.*)$ ^postgresql-doc(?::\w+|)\s+(.*)$ ^postgresql-client(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-common(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^python-ecdsa(?::\w+|)\s+(.*)$ ^python3-ecdsa(?::\w+|)\s+(.*)$ ^libdjvulibre21(?::\w+|)\s+(.*)$ ^libdjvulibre-text(?::\w+|)\s+(.*)$ ^djvulibre-desktop(?::\w+|)\s+(.*)$ ^djview3(?::\w+|)\s+(.*)$ ^djvuserve(?::\w+|)\s+(.*)$ ^libdjvulibre-dev(?::\w+|)\s+(.*)$ ^djview(?::\w+|)\s+(.*)$ ^djvulibre-bin(?::\w+|)\s+(.*)$ ^libvpx-dev(?::\w+|)\s+(.*)$ ^vpx-tools(?::\w+|)\s+(.*)$ ^libvpx-doc(?::\w+|)\s+(.*)$ ^libvpx3(?::\w+|)\s+(.*)$ ^redmine-sqlite(?::\w+|)\s+(.*)$ ^redmine(?::\w+|)\s+(.*)$ ^redmine-mysql(?::\w+|)\s+(.*)$ ^redmine-pgsql(?::\w+|)\s+(.*)$ ^libruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3-dev(?::\w+|)\s+(.*)$ ^ruby2.3-doc(?::\w+|)\s+(.*)$ ^ruby2.3-tcltk(?::\w+|)\s+(.*)$ ^libnss3-nssdb(?::\w+|)\s+(.*)$ ^libnss3-dev(?::\w+|)\s+(.*)$ ^libnss3(?::\w+|)\s+(.*)$ ^libnss3-1d(?::\w+|)\s+(.*)$ ^libnss3-tools(?::\w+|)\s+(.*)$ ^python-psutil-doc(?::\w+|)\s+(.*)$ ^python-psutil(?::\w+|)\s+(.*)$ ^python3-psutil(?::\w+|)\s+(.*)$ ^lemon(?::\w+|)\s+(.*)$ ^sqlite3-doc(?::\w+|)\s+(.*)$ ^libsqlite3-0(?::\w+|)\s+(.*)$ ^libsqlite3-tcl(?::\w+|)\s+(.*)$ ^sqlite3(?::\w+|)\s+(.*)$ ^libsqlite3-dev(?::\w+|)\s+(.*)$ ^libgraphics-magick-perl(?::\w+|)\s+(.*)$ ^libgraphicsmagick-q16-3(?::\w+|)\s+(.*)$ ^libgraphicsmagick1-dev(?::\w+|)\s+(.*)$ ^graphicsmagick(?::\w+|)\s+(.*)$ ^graphicsmagick-imagemagick-compat(?::\w+|)\s+(.*)$ ^graphicsmagick-libmagick-dev-compat(?::\w+|)\s+(.*)$ ^libgraphicsmagick++1-dev(?::\w+|)\s+(.*)$ ^libgraphicsmagick++-q16-12(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^squid-common(?::\w+|)\s+(.*)$ ^squid(?::\w+|)\s+(.*)$ ^squid-cgi(?::\w+|)\s+(.*)$ ^squid-purge(?::\w+|)\s+(.*)$ ^squidclient(?::\w+|)\s+(.*)$ ^squid3(?::\w+|)\s+(.*)$ ^librabbitmq4(?::\w+|)\s+(.*)$ ^amqp-tools(?::\w+|)\s+(.*)$ ^librabbitmq-dev(?::\w+|)\s+(.*)$ ^libnss3-nssdb(?::\w+|)\s+(.*)$ ^libnss3-dev(?::\w+|)\s+(.*)$ ^libnss3(?::\w+|)\s+(.*)$ ^libnss3-1d(?::\w+|)\s+(.*)$ ^libnss3-tools(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libssh-gcrypt-dev(?::\w+|)\s+(.*)$ ^libssh-doc(?::\w+|)\s+(.*)$ ^libssh-gcrypt-4(?::\w+|)\s+(.*)$ ^libssh-4(?::\w+|)\s+(.*)$ ^libssh-dev(?::\w+|)\s+(.*)$ ^git(?::\w+|)\s+(.*)$ ^gitweb(?::\w+|)\s+(.*)$ ^git-gui(?::\w+|)\s+(.*)$ ^git-daemon-sysvinit(?::\w+|)\s+(.*)$ ^git-arch(?::\w+|)\s+(.*)$ ^git-el(?::\w+|)\s+(.*)$ ^gitk(?::\w+|)\s+(.*)$ ^git-all(?::\w+|)\s+(.*)$ ^git-mediawiki(?::\w+|)\s+(.*)$ ^git-daemon-run(?::\w+|)\s+(.*)$ ^git-man(?::\w+|)\s+(.*)$ ^git-doc(?::\w+|)\s+(.*)$ ^git-svn(?::\w+|)\s+(.*)$ ^git-cvs(?::\w+|)\s+(.*)$ ^git-core(?::\w+|)\s+(.*)$ ^git-email(?::\w+|)\s+(.*)$ ^libpcap-dev(?::\w+|)\s+(.*)$ ^libpcap0.8-dev(?::\w+|)\s+(.*)$ ^libpcap0.8(?::\w+|)\s+(.*)$ ^libgraphics-magick-perl(?::\w+|)\s+(.*)$ ^libgraphicsmagick-q16-3(?::\w+|)\s+(.*)$ ^libgraphicsmagick1-dev(?::\w+|)\s+(.*)$ ^graphicsmagick(?::\w+|)\s+(.*)$ ^graphicsmagick-imagemagick-compat(?::\w+|)\s+(.*)$ ^graphicsmagick-libmagick-dev-compat(?::\w+|)\s+(.*)$ ^libgraphicsmagick++1-dev(?::\w+|)\s+(.*)$ ^libgraphicsmagick++-q16-12(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^openjdk-8-jre-jamvm(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^ntp(?::\w+|)\s+(.*)$ ^ntp-doc(?::\w+|)\s+(.*)$ ^ntpdate(?::\w+|)\s+(.*)$ ^libclamav-dev(?::\w+|)\s+(.*)$ ^clamav-testfiles(?::\w+|)\s+(.*)$ ^clamav-base(?::\w+|)\s+(.*)$ ^clamav(?::\w+|)\s+(.*)$ ^clamav-daemon(?::\w+|)\s+(.*)$ ^clamav-docs(?::\w+|)\s+(.*)$ ^clamav-milter(?::\w+|)\s+(.*)$ ^clamav-freshclam(?::\w+|)\s+(.*)$ ^libclamav9(?::\w+|)\s+(.*)$ ^clamdscan(?::\w+|)\s+(.*)$ ^libnss3-nssdb(?::\w+|)\s+(.*)$ ^libnss3-dev(?::\w+|)\s+(.*)$ ^libnss3(?::\w+|)\s+(.*)$ ^libnss3-1d(?::\w+|)\s+(.*)$ ^libnss3-tools(?::\w+|)\s+(.*)$ ^libgraphics-magick-perl(?::\w+|)\s+(.*)$ ^libgraphicsmagick-q16-3(?::\w+|)\s+(.*)$ ^libgraphicsmagick1-dev(?::\w+|)\s+(.*)$ ^graphicsmagick(?::\w+|)\s+(.*)$ ^graphicsmagick-imagemagick-compat(?::\w+|)\s+(.*)$ ^graphicsmagick-libmagick-dev-compat(?::\w+|)\s+(.*)$ ^libgraphicsmagick++-q16-12(?::\w+|)\s+(.*)$ ^libgraphicsmagick++1-dev(?::\w+|)\s+(.*)$ ^libgnutls30(?::\w+|)\s+(.*)$ ^libgnutls28-dev(?::\w+|)\s+(.*)$ ^libgnutlsxx28(?::\w+|)\s+(.*)$ ^gnutls-doc(?::\w+|)\s+(.*)$ ^libgnutls-dev(?::\w+|)\s+(.*)$ ^gnutls-bin(?::\w+|)\s+(.*)$ ^guile-gnutls(?::\w+|)\s+(.*)$ ^libgnutls-openssl27(?::\w+|)\s+(.*)$ ^libgnutls30(?::\w+|)\s+(.*)$ ^libgnutls28-dev(?::\w+|)\s+(.*)$ ^libgnutlsxx28(?::\w+|)\s+(.*)$ ^gnutls-doc(?::\w+|)\s+(.*)$ ^libgnutls-dev(?::\w+|)\s+(.*)$ ^gnutls-bin(?::\w+|)\s+(.*)$ ^guile-gnutls(?::\w+|)\s+(.*)$ ^libgnutls-openssl27(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^nginx-extras(?::\w+|)\s+(.*)$ ^nginx-core(?::\w+|)\s+(.*)$ ^nginx-common(?::\w+|)\s+(.*)$ ^nginx-full(?::\w+|)\s+(.*)$ ^nginx(?::\w+|)\s+(.*)$ ^nginx-doc(?::\w+|)\s+(.*)$ ^nginx-light(?::\w+|)\s+(.*)$ ^libgcrypt11-dev(?::\w+|)\s+(.*)$ ^libgcrypt20(?::\w+|)\s+(.*)$ ^libgcrypt20-doc(?::\w+|)\s+(.*)$ ^libgcrypt20-udeb(?::\w+|)\s+(.*)$ ^libgcrypt20-dev(?::\w+|)\s+(.*)$ ^spamassassin(?::\w+|)\s+(.*)$ ^sa-compile(?::\w+|)\s+(.*)$ ^spamc(?::\w+|)\s+(.*)$ ^libsdl-image1.2(?::\w+|)\s+(.*)$ ^libsdl-image1.2-dev(?::\w+|)\s+(.*)$ ^php7.0-cgi(?::\w+|)\s+(.*)$ ^php7.0-mcrypt(?::\w+|)\s+(.*)$ ^php7.0-xsl(?::\w+|)\s+(.*)$ ^php7.0-fpm(?::\w+|)\s+(.*)$ ^libphp7.0-embed(?::\w+|)\s+(.*)$ ^php7.0-phpdbg(?::\w+|)\s+(.*)$ ^php7.0-curl(?::\w+|)\s+(.*)$ ^php7.0-ldap(?::\w+|)\s+(.*)$ ^php7.0-mbstring(?::\w+|)\s+(.*)$ ^php7.0-gmp(?::\w+|)\s+(.*)$ ^php7.0-sqlite3(?::\w+|)\s+(.*)$ ^php7.0-gd(?::\w+|)\s+(.*)$ ^php7.0-common(?::\w+|)\s+(.*)$ ^php7.0-enchant(?::\w+|)\s+(.*)$ ^php7.0-odbc(?::\w+|)\s+(.*)$ ^php7.0-cli(?::\w+|)\s+(.*)$ ^php7.0-json(?::\w+|)\s+(.*)$ ^php7.0-pgsql(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.0(?::\w+|)\s+(.*)$ ^php7.0-zip(?::\w+|)\s+(.*)$ ^php7.0-mysql(?::\w+|)\s+(.*)$ ^php7.0-dba(?::\w+|)\s+(.*)$ ^php7.0-sybase(?::\w+|)\s+(.*)$ ^php7.0-pspell(?::\w+|)\s+(.*)$ ^php7.0-xml(?::\w+|)\s+(.*)$ ^php7.0-bz2(?::\w+|)\s+(.*)$ ^php7.0-recode(?::\w+|)\s+(.*)$ ^php7.0-soap(?::\w+|)\s+(.*)$ ^php7.0(?::\w+|)\s+(.*)$ ^php7.0-tidy(?::\w+|)\s+(.*)$ ^php7.0-interbase(?::\w+|)\s+(.*)$ ^php7.0-opcache(?::\w+|)\s+(.*)$ ^php7.0-readline(?::\w+|)\s+(.*)$ ^php7.0-intl(?::\w+|)\s+(.*)$ ^php7.0-imap(?::\w+|)\s+(.*)$ ^php7.0-xmlrpc(?::\w+|)\s+(.*)$ ^php7.0-bcmath(?::\w+|)\s+(.*)$ ^php7.0-dev(?::\w+|)\s+(.*)$ ^php7.0-snmp(?::\w+|)\s+(.*)$ ^kamailio-purple-modules(?::\w+|)\s+(.*)$ ^kamailio-lua-modules(?::\w+|)\s+(.*)$ ^kamailio-postgres-modules(?::\w+|)\s+(.*)$ ^kamailio-perl-modules(?::\w+|)\s+(.*)$ ^kamailio-mysql-modules(?::\w+|)\s+(.*)$ ^kamailio-radius-modules(?::\w+|)\s+(.*)$ ^kamailio-extra-modules(?::\w+|)\s+(.*)$ ^kamailio(?::\w+|)\s+(.*)$ ^kamailio-cpl-modules(?::\w+|)\s+(.*)$ ^kamailio-mono-modules(?::\w+|)\s+(.*)$ ^kamailio-kazoo-modules(?::\w+|)\s+(.*)$ ^kamailio-cnxcc-modules(?::\w+|)\s+(.*)$ ^kamailio-snmpstats-modules(?::\w+|)\s+(.*)$ ^kamailio-carrierroute-modules(?::\w+|)\s+(.*)$ ^kamailio-tls-modules(?::\w+|)\s+(.*)$ ^kamailio-xmpp-modules(?::\w+|)\s+(.*)$ ^kamailio-presence-modules(?::\w+|)\s+(.*)$ ^kamailio-json-modules(?::\w+|)\s+(.*)$ ^kamailio-dnssec-modules(?::\w+|)\s+(.*)$ ^kamailio-geoip-modules(?::\w+|)\s+(.*)$ ^kamailio-sqlite-modules(?::\w+|)\s+(.*)$ ^kamailio-ldap-modules(?::\w+|)\s+(.*)$ ^kamailio-websocket-modules(?::\w+|)\s+(.*)$ ^kamailio-ims-modules(?::\w+|)\s+(.*)$ ^kamailio-python-modules(?::\w+|)\s+(.*)$ ^kamailio-redis-modules(?::\w+|)\s+(.*)$ ^kamailio-erlang-modules(?::\w+|)\s+(.*)$ ^kamailio-autheph-modules(?::\w+|)\s+(.*)$ ^kamailio-outbound-modules(?::\w+|)\s+(.*)$ ^kamailio-java-modules(?::\w+|)\s+(.*)$ ^kamailio-berkeley-modules(?::\w+|)\s+(.*)$ ^kamailio-utils-modules(?::\w+|)\s+(.*)$ ^kamailio-unixodbc-modules(?::\w+|)\s+(.*)$ ^kamailio-sctp-modules(?::\w+|)\s+(.*)$ ^kamailio-xml-modules(?::\w+|)\s+(.*)$ ^kamailio-berkeley-bin(?::\w+|)\s+(.*)$ ^kamailio-memcached-modules(?::\w+|)\s+(.*)$ ^isag(?::\w+|)\s+(.*)$ ^sysstat(?::\w+|)\s+(.*)$ ^libbsd-dev(?::\w+|)\s+(.*)$ ^libbsd0-udeb(?::\w+|)\s+(.*)$ ^libbsd0(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^python-pysaml2-doc(?::\w+|)\s+(.*)$ ^python-pysaml2(?::\w+|)\s+(.*)$ ^python3-pysaml2(?::\w+|)\s+(.*)$ ^libx32z1-dev(?::\w+|)\s+(.*)$ ^lib64z1(?::\w+|)\s+(.*)$ ^zlib1g-udeb(?::\w+|)\s+(.*)$ ^libx32z1(?::\w+|)\s+(.*)$ ^lib64z1-dev(?::\w+|)\s+(.*)$ ^lib32z1(?::\w+|)\s+(.*)$ ^zlib1g(?::\w+|)\s+(.*)$ ^lib32z1-dev(?::\w+|)\s+(.*)$ ^zlib1g-dev(?::\w+|)\s+(.*)$ ^python3-apt(?::\w+|)\s+(.*)$ ^python-apt(?::\w+|)\s+(.*)$ ^python-apt-common(?::\w+|)\s+(.*)$ ^python-apt-dev(?::\w+|)\s+(.*)$ ^python-apt-doc(?::\w+|)\s+(.*)$ ^python3-apt(?::\w+|)\s+(.*)$ ^python-apt(?::\w+|)\s+(.*)$ ^python-apt-common(?::\w+|)\s+(.*)$ ^python-apt-dev(?::\w+|)\s+(.*)$ ^python-apt-doc(?::\w+|)\s+(.*)$ ^libgraphics-magick-perl(?::\w+|)\s+(.*)$ ^libgraphicsmagick-q16-3(?::\w+|)\s+(.*)$ ^libgraphicsmagick1-dev(?::\w+|)\s+(.*)$ ^graphicsmagick(?::\w+|)\s+(.*)$ ^graphicsmagick-imagemagick-compat(?::\w+|)\s+(.*)$ ^graphicsmagick-libmagick-dev-compat(?::\w+|)\s+(.*)$ ^libgraphicsmagick++1-dev(?::\w+|)\s+(.*)$ ^libgraphicsmagick++-q16-12(?::\w+|)\s+(.*)$ ^libss2(?::\w+|)\s+(.*)$ ^e2fslibs-dev(?::\w+|)\s+(.*)$ ^e2fsprogs(?::\w+|)\s+(.*)$ ^e2fsck-static(?::\w+|)\s+(.*)$ ^e2fslibs(?::\w+|)\s+(.*)$ ^e2fsprogs-udeb(?::\w+|)\s+(.*)$ ^libcomerr2(?::\w+|)\s+(.*)$ ^ss-dev(?::\w+|)\s+(.*)$ ^comerr-dev(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-common(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^tomcat8-docs(?::\w+|)\s+(.*)$ ^tomcat8-user(?::\w+|)\s+(.*)$ ^libservlet3.1-java(?::\w+|)\s+(.*)$ ^libservlet3.1-java-doc(?::\w+|)\s+(.*)$ ^tomcat8-examples(?::\w+|)\s+(.*)$ ^tomcat8-admin(?::\w+|)\s+(.*)$ ^libtomcat8-java(?::\w+|)\s+(.*)$ ^tomcat8-common(?::\w+|)\s+(.*)$ ^tomcat8(?::\w+|)\s+(.*)$ ^tcpdump(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^libsasl2-2(?::\w+|)\s+(.*)$ ^libsasl2-modules-gssapi-heimdal(?::\w+|)\s+(.*)$ ^sasl2-bin(?::\w+|)\s+(.*)$ ^libsasl2-modules-gssapi-mit(?::\w+|)\s+(.*)$ ^libsasl2-dev(?::\w+|)\s+(.*)$ ^libsasl2-modules-sql(?::\w+|)\s+(.*)$ ^cyrus-sasl2-doc(?::\w+|)\s+(.*)$ ^libsasl2-modules(?::\w+|)\s+(.*)$ ^libsasl2-modules-otp(?::\w+|)\s+(.*)$ ^libsasl2-modules-ldap(?::\w+|)\s+(.*)$ ^libsasl2-modules-db(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^openjdk-8-jre-jamvm(?::\w+|)\s+(.*)$ ^liblucene3-java-doc(?::\w+|)\s+(.*)$ ^solr-tomcat(?::\w+|)\s+(.*)$ ^libsolr-java(?::\w+|)\s+(.*)$ ^solr-jetty(?::\w+|)\s+(.*)$ ^liblucene3-contrib-java(?::\w+|)\s+(.*)$ ^liblucene3-java(?::\w+|)\s+(.*)$ ^solr-common(?::\w+|)\s+(.*)$ ^sudo-ldap(?::\w+|)\s+(.*)$ ^sudo(?::\w+|)\s+(.*)$ ^spamassassin(?::\w+|)\s+(.*)$ ^sa-compile(?::\w+|)\s+(.*)$ ^spamc(?::\w+|)\s+(.*)$ ^libgraphics-magick-perl(?::\w+|)\s+(.*)$ ^libgraphicsmagick-q16-3(?::\w+|)\s+(.*)$ ^libgraphicsmagick1-dev(?::\w+|)\s+(.*)$ ^graphicsmagick(?::\w+|)\s+(.*)$ ^graphicsmagick-imagemagick-compat(?::\w+|)\s+(.*)$ ^graphicsmagick-libmagick-dev-compat(?::\w+|)\s+(.*)$ ^libgraphicsmagick++1-dev(?::\w+|)\s+(.*)$ ^libgraphicsmagick++-q16-12(?::\w+|)\s+(.*)$ ^libmbedtls-doc(?::\w+|)\s+(.*)$ ^libmbedtls-dev(?::\w+|)\s+(.*)$ ^libmbedtls10(?::\w+|)\s+(.*)$ ^libmbedcrypto0(?::\w+|)\s+(.*)$ ^libmbedx509-0(?::\w+|)\s+(.*)$ ^systemd-coredump(?::\w+|)\s+(.*)$ ^systemd(?::\w+|)\s+(.*)$ ^udev-udeb(?::\w+|)\s+(.*)$ ^libsystemd0(?::\w+|)\s+(.*)$ ^systemd-container(?::\w+|)\s+(.*)$ ^libnss-myhostname(?::\w+|)\s+(.*)$ ^libudev1-udeb(?::\w+|)\s+(.*)$ ^libudev1(?::\w+|)\s+(.*)$ ^libsystemd-dev(?::\w+|)\s+(.*)$ ^systemd-journal-remote(?::\w+|)\s+(.*)$ ^libpam-systemd(?::\w+|)\s+(.*)$ ^libudev-dev(?::\w+|)\s+(.*)$ ^libnss-mymachines(?::\w+|)\s+(.*)$ ^libnss-resolve(?::\w+|)\s+(.*)$ ^systemd-sysv(?::\w+|)\s+(.*)$ ^udev(?::\w+|)\s+(.*)$ ^exiv2(?::\w+|)\s+(.*)$ ^libexiv2-14(?::\w+|)\s+(.*)$ ^libexiv2-doc(?::\w+|)\s+(.*)$ ^libexiv2-dev(?::\w+|)\s+(.*)$ ^python3-pil.imagetk(?::\w+|)\s+(.*)$ ^python-pil-doc(?::\w+|)\s+(.*)$ ^python3-pil(?::\w+|)\s+(.*)$ ^python-pil.imagetk(?::\w+|)\s+(.*)$ ^python-imaging(?::\w+|)\s+(.*)$ ^python-pil(?::\w+|)\s+(.*)$ ^python-reportlab-doc(?::\w+|)\s+(.*)$ ^python-reportlab-accel(?::\w+|)\s+(.*)$ ^python3-reportlab-accel(?::\w+|)\s+(.*)$ ^python3-reportlab(?::\w+|)\s+(.*)$ ^python-renderpm(?::\w+|)\s+(.*)$ ^python-reportlab(?::\w+|)\s+(.*)$ ^python3-renderpm(?::\w+|)\s+(.*)$ ^python-libxml2(?::\w+|)\s+(.*)$ ^libxml2-utils(?::\w+|)\s+(.*)$ ^libxml2(?::\w+|)\s+(.*)$ ^libxml2-udeb(?::\w+|)\s+(.*)$ ^libxml2-doc(?::\w+|)\s+(.*)$ ^libxml2-dev(?::\w+|)\s+(.*)$ ^libqt5libqgtk2(?::\w+|)\s+(.*)$ ^libqt5opengl5(?::\w+|)\s+(.*)$ ^libqt5widgets5(?::\w+|)\s+(.*)$ ^libqt5concurrent5(?::\w+|)\s+(.*)$ ^libqt5sql5-mysql(?::\w+|)\s+(.*)$ ^qtbase5-dev(?::\w+|)\s+(.*)$ ^libqt5sql5-sqlite(?::\w+|)\s+(.*)$ ^libqt5sql5-psql(?::\w+|)\s+(.*)$ ^libqt5core5a(?::\w+|)\s+(.*)$ ^libqt5network5(?::\w+|)\s+(.*)$ ^qt5-qmake-arm-linux-gnueabihf(?::\w+|)\s+(.*)$ ^libqt5sql5(?::\w+|)\s+(.*)$ ^libqt5dbus5(?::\w+|)\s+(.*)$ ^libqt5gui5(?::\w+|)\s+(.*)$ ^libqt5opengl5-dev(?::\w+|)\s+(.*)$ ^qtbase5-doc-html(?::\w+|)\s+(.*)$ ^qtbase5-dev-tools(?::\w+|)\s+(.*)$ ^qt5-qmake(?::\w+|)\s+(.*)$ ^libqt5sql5-tds(?::\w+|)\s+(.*)$ ^qtbase5-private-dev(?::\w+|)\s+(.*)$ ^libqt5printsupport5(?::\w+|)\s+(.*)$ ^libqt5xml5(?::\w+|)\s+(.*)$ ^qtbase5-examples(?::\w+|)\s+(.*)$ ^libqt5test5(?::\w+|)\s+(.*)$ ^libqt5sql5-odbc(?::\w+|)\s+(.*)$ ^qt5-default(?::\w+|)\s+(.*)$ ^libexif-dev(?::\w+|)\s+(.*)$ ^libexif12(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^php7.0-cgi(?::\w+|)\s+(.*)$ ^php7.0-mcrypt(?::\w+|)\s+(.*)$ ^php7.0-xsl(?::\w+|)\s+(.*)$ ^php7.0-fpm(?::\w+|)\s+(.*)$ ^libphp7.0-embed(?::\w+|)\s+(.*)$ ^php7.0-phpdbg(?::\w+|)\s+(.*)$ ^php7.0-curl(?::\w+|)\s+(.*)$ ^php7.0-ldap(?::\w+|)\s+(.*)$ ^php7.0-mbstring(?::\w+|)\s+(.*)$ ^php7.0-gmp(?::\w+|)\s+(.*)$ ^php7.0-sqlite3(?::\w+|)\s+(.*)$ ^php7.0-gd(?::\w+|)\s+(.*)$ ^php7.0-common(?::\w+|)\s+(.*)$ ^php7.0-enchant(?::\w+|)\s+(.*)$ ^php7.0-odbc(?::\w+|)\s+(.*)$ ^php7.0-cli(?::\w+|)\s+(.*)$ ^php7.0-json(?::\w+|)\s+(.*)$ ^php7.0-pgsql(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.0(?::\w+|)\s+(.*)$ ^php7.0-zip(?::\w+|)\s+(.*)$ ^php7.0-mysql(?::\w+|)\s+(.*)$ ^php7.0-dba(?::\w+|)\s+(.*)$ ^php7.0-sybase(?::\w+|)\s+(.*)$ ^php7.0-pspell(?::\w+|)\s+(.*)$ ^php7.0-xml(?::\w+|)\s+(.*)$ ^php7.0-bz2(?::\w+|)\s+(.*)$ ^php7.0-recode(?::\w+|)\s+(.*)$ ^php7.0-soap(?::\w+|)\s+(.*)$ ^php7.0(?::\w+|)\s+(.*)$ ^php7.0-tidy(?::\w+|)\s+(.*)$ ^php7.0-interbase(?::\w+|)\s+(.*)$ ^php7.0-opcache(?::\w+|)\s+(.*)$ ^php7.0-readline(?::\w+|)\s+(.*)$ ^php7.0-intl(?::\w+|)\s+(.*)$ ^php7.0-imap(?::\w+|)\s+(.*)$ ^php7.0-xmlrpc(?::\w+|)\s+(.*)$ ^php7.0-bcmath(?::\w+|)\s+(.*)$ ^php7.0-dev(?::\w+|)\s+(.*)$ ^php7.0-snmp(?::\w+|)\s+(.*)$ ^php7.0-cgi(?::\w+|)\s+(.*)$ ^php7.0-mcrypt(?::\w+|)\s+(.*)$ ^php7.0-xsl(?::\w+|)\s+(.*)$ ^php7.0-fpm(?::\w+|)\s+(.*)$ ^libphp7.0-embed(?::\w+|)\s+(.*)$ ^php7.0-phpdbg(?::\w+|)\s+(.*)$ ^php7.0-curl(?::\w+|)\s+(.*)$ ^php7.0-ldap(?::\w+|)\s+(.*)$ ^php7.0-mbstring(?::\w+|)\s+(.*)$ ^php7.0-gmp(?::\w+|)\s+(.*)$ ^php7.0-sqlite3(?::\w+|)\s+(.*)$ ^php7.0-gd(?::\w+|)\s+(.*)$ ^php7.0-common(?::\w+|)\s+(.*)$ ^php7.0-enchant(?::\w+|)\s+(.*)$ ^php7.0-soap(?::\w+|)\s+(.*)$ ^php7.0-odbc(?::\w+|)\s+(.*)$ ^php7.0-cli(?::\w+|)\s+(.*)$ ^php7.0-json(?::\w+|)\s+(.*)$ ^php7.0-pgsql(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.0(?::\w+|)\s+(.*)$ ^php7.0-mysql(?::\w+|)\s+(.*)$ ^php7.0-dba(?::\w+|)\s+(.*)$ ^php7.0-sybase(?::\w+|)\s+(.*)$ ^php7.0-pspell(?::\w+|)\s+(.*)$ ^php7.0-xml(?::\w+|)\s+(.*)$ ^php7.0-bz2(?::\w+|)\s+(.*)$ ^php7.0-recode(?::\w+|)\s+(.*)$ ^php7.0-zip(?::\w+|)\s+(.*)$ ^php7.0(?::\w+|)\s+(.*)$ ^php7.0-tidy(?::\w+|)\s+(.*)$ ^php7.0-interbase(?::\w+|)\s+(.*)$ ^php7.0-opcache(?::\w+|)\s+(.*)$ ^php7.0-readline(?::\w+|)\s+(.*)$ ^php7.0-intl(?::\w+|)\s+(.*)$ ^php7.0-imap(?::\w+|)\s+(.*)$ ^php7.0-xmlrpc(?::\w+|)\s+(.*)$ ^php7.0-bcmath(?::\w+|)\s+(.*)$ ^php7.0-dev(?::\w+|)\s+(.*)$ ^php7.0-snmp(?::\w+|)\s+(.*)$ ^libclamav-dev(?::\w+|)\s+(.*)$ ^clamav-testfiles(?::\w+|)\s+(.*)$ ^clamav-base(?::\w+|)\s+(.*)$ ^clamav(?::\w+|)\s+(.*)$ ^clamav-daemon(?::\w+|)\s+(.*)$ ^clamav-docs(?::\w+|)\s+(.*)$ ^clamav-milter(?::\w+|)\s+(.*)$ ^clamav-freshclam(?::\w+|)\s+(.*)$ ^libclamav9(?::\w+|)\s+(.*)$ ^clamdscan(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-aarch64(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^ppp-udeb(?::\w+|)\s+(.*)$ ^ppp(?::\w+|)\s+(.*)$ ^ppp-dev(?::\w+|)\s+(.*)$ ^squid-common(?::\w+|)\s+(.*)$ ^squid(?::\w+|)\s+(.*)$ ^squid-cgi(?::\w+|)\s+(.*)$ ^squid-purge(?::\w+|)\s+(.*)$ ^squidclient(?::\w+|)\s+(.*)$ ^squid3(?::\w+|)\s+(.*)$ ^libpam-radius-auth(?::\w+|)\s+(.*)$ ^rsync(?::\w+|)\s+(.*)$ ^bsdcpio(?::\w+|)\s+(.*)$ ^libarchive13(?::\w+|)\s+(.*)$ ^bsdtar(?::\w+|)\s+(.*)$ ^libarchive-dev(?::\w+|)\s+(.*)$ ^rake(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^lemon(?::\w+|)\s+(.*)$ ^sqlite3-doc(?::\w+|)\s+(.*)$ ^libsqlite3-0(?::\w+|)\s+(.*)$ ^libsqlite3-tcl(?::\w+|)\s+(.*)$ ^sqlite3(?::\w+|)\s+(.*)$ ^libsqlite3-dev(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^icu-devtools(?::\w+|)\s+(.*)$ ^libicu55(?::\w+|)\s+(.*)$ ^libicu-dev(?::\w+|)\s+(.*)$ ^icu-doc(?::\w+|)\s+(.*)$ ^twisted-doc(?::\w+|)\s+(.*)$ ^python-twisted-news(?::\w+|)\s+(.*)$ ^python3-twisted(?::\w+|)\s+(.*)$ ^python-twisted-names(?::\w+|)\s+(.*)$ ^python-twisted-words(?::\w+|)\s+(.*)$ ^python-twisted-runner(?::\w+|)\s+(.*)$ ^python-twisted-core(?::\w+|)\s+(.*)$ ^python-twisted-web(?::\w+|)\s+(.*)$ ^python-twisted(?::\w+|)\s+(.*)$ ^python-twisted-mail(?::\w+|)\s+(.*)$ ^python-twisted-bin(?::\w+|)\s+(.*)$ ^python-twisted-conch(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-nox-py2(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-athena-py2(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-gtk3-py2(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-gtk-py2(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^vim-gnome-py2(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^libbluetooth3(?::\w+|)\s+(.*)$ ^bluez-tests(?::\w+|)\s+(.*)$ ^bluez-obexd(?::\w+|)\s+(.*)$ ^bluetooth(?::\w+|)\s+(.*)$ ^bluez(?::\w+|)\s+(.*)$ ^bluez-hcidump(?::\w+|)\s+(.*)$ ^bluez-cups(?::\w+|)\s+(.*)$ ^libbluetooth-dev(?::\w+|)\s+(.*)$ ^libpam-heimdal(?::\w+|)\s+(.*)$ ^libpam-krb5(?::\w+|)\s+(.*)$ ^python-apport(?::\w+|)\s+(.*)$ ^python3-problem-report(?::\w+|)\s+(.*)$ ^apport-kde(?::\w+|)\s+(.*)$ ^apport-retrace(?::\w+|)\s+(.*)$ ^apport-valgrind(?::\w+|)\s+(.*)$ ^python3-apport(?::\w+|)\s+(.*)$ ^dh-apport(?::\w+|)\s+(.*)$ ^apport-gtk(?::\w+|)\s+(.*)$ ^apport(?::\w+|)\s+(.*)$ ^python-problem-report(?::\w+|)\s+(.*)$ ^apport-noui(?::\w+|)\s+(.*)$ ^libgd3(?::\w+|)\s+(.*)$ ^libgd-tools(?::\w+|)\s+(.*)$ ^libgd-dev(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^libiberty-dev(?::\w+|)\s+(.*)$ ^git(?::\w+|)\s+(.*)$ ^gitweb(?::\w+|)\s+(.*)$ ^git-all(?::\w+|)\s+(.*)$ ^git-daemon-sysvinit(?::\w+|)\s+(.*)$ ^git-arch(?::\w+|)\s+(.*)$ ^git-el(?::\w+|)\s+(.*)$ ^gitk(?::\w+|)\s+(.*)$ ^git-gui(?::\w+|)\s+(.*)$ ^git-mediawiki(?::\w+|)\s+(.*)$ ^git-daemon-run(?::\w+|)\s+(.*)$ ^git-man(?::\w+|)\s+(.*)$ ^git-doc(?::\w+|)\s+(.*)$ ^git-svn(?::\w+|)\s+(.*)$ ^git-cvs(?::\w+|)\s+(.*)$ ^git-core(?::\w+|)\s+(.*)$ ^git-email(?::\w+|)\s+(.*)$ ^php7.0-cgi(?::\w+|)\s+(.*)$ ^php7.0-mcrypt(?::\w+|)\s+(.*)$ ^php7.0-xsl(?::\w+|)\s+(.*)$ ^php7.0-fpm(?::\w+|)\s+(.*)$ ^libphp7.0-embed(?::\w+|)\s+(.*)$ ^php7.0-phpdbg(?::\w+|)\s+(.*)$ ^php7.0-curl(?::\w+|)\s+(.*)$ ^php7.0-ldap(?::\w+|)\s+(.*)$ ^php7.0-mbstring(?::\w+|)\s+(.*)$ ^php7.0-gmp(?::\w+|)\s+(.*)$ ^php7.0-sqlite3(?::\w+|)\s+(.*)$ ^php7.0-gd(?::\w+|)\s+(.*)$ ^php7.0-common(?::\w+|)\s+(.*)$ ^php7.0-enchant(?::\w+|)\s+(.*)$ ^php7.0-odbc(?::\w+|)\s+(.*)$ ^php7.0-cli(?::\w+|)\s+(.*)$ ^php7.0-json(?::\w+|)\s+(.*)$ ^php7.0-pgsql(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.0(?::\w+|)\s+(.*)$ ^php7.0-zip(?::\w+|)\s+(.*)$ ^php7.0-mysql(?::\w+|)\s+(.*)$ ^php7.0-dba(?::\w+|)\s+(.*)$ ^php7.0-sybase(?::\w+|)\s+(.*)$ ^php7.0-pspell(?::\w+|)\s+(.*)$ ^php7.0-xml(?::\w+|)\s+(.*)$ ^php7.0-bz2(?::\w+|)\s+(.*)$ ^php7.0-recode(?::\w+|)\s+(.*)$ ^php7.0-soap(?::\w+|)\s+(.*)$ ^php7.0(?::\w+|)\s+(.*)$ ^php7.0-tidy(?::\w+|)\s+(.*)$ ^php7.0-interbase(?::\w+|)\s+(.*)$ ^php7.0-opcache(?::\w+|)\s+(.*)$ ^php7.0-readline(?::\w+|)\s+(.*)$ ^php7.0-intl(?::\w+|)\s+(.*)$ ^php7.0-imap(?::\w+|)\s+(.*)$ ^php7.0-xmlrpc(?::\w+|)\s+(.*)$ ^php7.0-bcmath(?::\w+|)\s+(.*)$ ^php7.0-dev(?::\w+|)\s+(.*)$ ^php7.0-snmp(?::\w+|)\s+(.*)$ ^file-roller(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^libpython3.5-stdlib(?::\w+|)\s+(.*)$ ^python3.5-venv(?::\w+|)\s+(.*)$ ^python3.5-doc(?::\w+|)\s+(.*)$ ^python3.5-dev(?::\w+|)\s+(.*)$ ^libpython3.5-dev(?::\w+|)\s+(.*)$ ^libpython3.5-minimal(?::\w+|)\s+(.*)$ ^python3.5(?::\w+|)\s+(.*)$ ^idle-python3.5(?::\w+|)\s+(.*)$ ^libpython3.5-testsuite(?::\w+|)\s+(.*)$ ^python3.5-examples(?::\w+|)\s+(.*)$ ^python3.5-minimal(?::\w+|)\s+(.*)$ ^libpython3.5(?::\w+|)\s+(.*)$ ^git(?::\w+|)\s+(.*)$ ^gitweb(?::\w+|)\s+(.*)$ ^git-gui(?::\w+|)\s+(.*)$ ^git-daemon-sysvinit(?::\w+|)\s+(.*)$ ^git-arch(?::\w+|)\s+(.*)$ ^git-el(?::\w+|)\s+(.*)$ ^gitk(?::\w+|)\s+(.*)$ ^git-all(?::\w+|)\s+(.*)$ ^git-mediawiki(?::\w+|)\s+(.*)$ ^git-daemon-run(?::\w+|)\s+(.*)$ ^git-man(?::\w+|)\s+(.*)$ ^git-doc(?::\w+|)\s+(.*)$ ^git-svn(?::\w+|)\s+(.*)$ ^git-cvs(?::\w+|)\s+(.*)$ ^git-core(?::\w+|)\s+(.*)$ ^git-email(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-uz(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-cak(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^binutils-dev(?::\w+|)\s+(.*)$ ^binutils-arm-linux-gnueabihf(?::\w+|)\s+(.*)$ ^binutils-hppa64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-multiarch(?::\w+|)\s+(.*)$ ^binutils-powerpc64le-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mipsel-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-m68k-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-s390x-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-multiarch-dev(?::\w+|)\s+(.*)$ ^binutils-doc(?::\w+|)\s+(.*)$ ^binutils-sh4-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mips64-linux-gnuabi64(?::\w+|)\s+(.*)$ ^binutils-aarch64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-source(?::\w+|)\s+(.*)$ ^binutils-mips64el-linux-gnuabi64(?::\w+|)\s+(.*)$ ^binutils-mips-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-powerpc-linux-gnuspe(?::\w+|)\s+(.*)$ ^binutils-powerpc64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-hppa-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-sparc64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-arm-linux-gnueabi(?::\w+|)\s+(.*)$ ^binutils-alpha-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-powerpc-linux-gnu(?::\w+|)\s+(.*)$ ^binutils(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^openjdk-8-jre-jamvm(?::\w+|)\s+(.*)$ ^libopenexr-dev(?::\w+|)\s+(.*)$ ^openexr(?::\w+|)\s+(.*)$ ^libopenexr22(?::\w+|)\s+(.*)$ ^openexr-doc(?::\w+|)\s+(.*)$ ^libcupscgi1(?::\w+|)\s+(.*)$ ^libcups2-dev(?::\w+|)\s+(.*)$ ^cups-bsd(?::\w+|)\s+(.*)$ ^cups-common(?::\w+|)\s+(.*)$ ^cups-core-drivers(?::\w+|)\s+(.*)$ ^cups-server-common(?::\w+|)\s+(.*)$ ^libcupsimage2(?::\w+|)\s+(.*)$ ^cups-client(?::\w+|)\s+(.*)$ ^libcupscgi1-dev(?::\w+|)\s+(.*)$ ^libcupsimage2-dev(?::\w+|)\s+(.*)$ ^cups-ipp-utils(?::\w+|)\s+(.*)$ ^libcups2(?::\w+|)\s+(.*)$ ^libcupsmime1-dev(?::\w+|)\s+(.*)$ ^cups-ppdc(?::\w+|)\s+(.*)$ ^libcupsppdc1(?::\w+|)\s+(.*)$ ^libcupsmime1(?::\w+|)\s+(.*)$ ^libcupsppdc1-dev(?::\w+|)\s+(.*)$ ^cups(?::\w+|)\s+(.*)$ ^cups-daemon(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^mailman(?::\w+|)\s+(.*)$ ^qemu-efi(?::\w+|)\s+(.*)$ ^ovmf(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-common(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^scsi-firmware(?::\w+|)\s+(.*)$ ^nic-firmware(?::\w+|)\s+(.*)$ ^linux-firmware(?::\w+|)\s+(.*)$ ^ldap-utils(?::\w+|)\s+(.*)$ ^libldap2-dev(?::\w+|)\s+(.*)$ ^libldap-2.4-2(?::\w+|)\s+(.*)$ ^slapd-smbk5pwd(?::\w+|)\s+(.*)$ ^slapd(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^mailman(?::\w+|)\s+(.*)$ ^libpulse0(?::\w+|)\s+(.*)$ ^pulseaudio-module-zeroconf(?::\w+|)\s+(.*)$ ^pulseaudio-module-bluetooth(?::\w+|)\s+(.*)$ ^libpulse-dev(?::\w+|)\s+(.*)$ ^pulseaudio-utils(?::\w+|)\s+(.*)$ ^pulseaudio-module-raop(?::\w+|)\s+(.*)$ ^pulseaudio-module-trust-store(?::\w+|)\s+(.*)$ ^pulseaudio(?::\w+|)\s+(.*)$ ^libpulsedsp(?::\w+|)\s+(.*)$ ^pulseaudio-module-x11(?::\w+|)\s+(.*)$ ^pulseaudio-esound-compat(?::\w+|)\s+(.*)$ ^libpulse-mainloop-glib0(?::\w+|)\s+(.*)$ ^pulseaudio-module-gconf(?::\w+|)\s+(.*)$ ^pulseaudio-module-droid(?::\w+|)\s+(.*)$ ^pulseaudio-module-lirc(?::\w+|)\s+(.*)$ ^pulseaudio-module-jack(?::\w+|)\s+(.*)$ ^squid-common(?::\w+|)\s+(.*)$ ^squid(?::\w+|)\s+(.*)$ ^squid-cgi(?::\w+|)\s+(.*)$ ^squid-purge(?::\w+|)\s+(.*)$ ^squidclient(?::\w+|)\s+(.*)$ ^squid3(?::\w+|)\s+(.*)$ ^libexif-dev(?::\w+|)\s+(.*)$ ^libexif12(?::\w+|)\s+(.*)$ ^apt-doc(?::\w+|)\s+(.*)$ ^apt-transport-https(?::\w+|)\s+(.*)$ ^libapt-pkg5.0(?::\w+|)\s+(.*)$ ^libapt-pkg-doc(?::\w+|)\s+(.*)$ ^apt(?::\w+|)\s+(.*)$ ^apt-utils(?::\w+|)\s+(.*)$ ^libapt-inst2.0(?::\w+|)\s+(.*)$ ^libapt-pkg-dev(?::\w+|)\s+(.*)$ ^libjson-c2(?::\w+|)\s+(.*)$ ^libjson-c-doc(?::\w+|)\s+(.*)$ ^libjson-c-dev(?::\w+|)\s+(.*)$ ^libjson0(?::\w+|)\s+(.*)$ ^libjson0-dev(?::\w+|)\s+(.*)$ ^libjson-c2(?::\w+|)\s+(.*)$ ^libjson-c-doc(?::\w+|)\s+(.*)$ ^libjson-c-dev(?::\w+|)\s+(.*)$ ^libjson0(?::\w+|)\s+(.*)$ ^libjson0-dev(?::\w+|)\s+(.*)$ ^libjson-c2(?::\w+|)\s+(.*)$ ^libjson-c-doc(?::\w+|)\s+(.*)$ ^libjson-c-dev(?::\w+|)\s+(.*)$ ^libjson0(?::\w+|)\s+(.*)$ ^libjson0-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^libisccfg-export140-udeb(?::\w+|)\s+(.*)$ ^libisc160(?::\w+|)\s+(.*)$ ^libisccc-export140-udeb(?::\w+|)\s+(.*)$ ^libdns162(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^libisc-export160-udeb(?::\w+|)\s+(.*)$ ^liblwres141(?::\w+|)\s+(.*)$ ^libisccc-export140(?::\w+|)\s+(.*)$ ^libisccfg-export140(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^libisc-export160(?::\w+|)\s+(.*)$ ^libdns-export162-udeb(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libisccc140(?::\w+|)\s+(.*)$ ^host(?::\w+|)\s+(.*)$ ^libisccfg140(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^libdns-export162(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^libirs-export141-udeb(?::\w+|)\s+(.*)$ ^libbind9-140(?::\w+|)\s+(.*)$ ^libirs141(?::\w+|)\s+(.*)$ ^libirs-export141(?::\w+|)\s+(.*)$ ^lwresd(?::\w+|)\s+(.*)$ ^exim4-dev(?::\w+|)\s+(.*)$ ^eximon4(?::\w+|)\s+(.*)$ ^exim4(?::\w+|)\s+(.*)$ ^exim4-daemon-light(?::\w+|)\s+(.*)$ ^exim4-config(?::\w+|)\s+(.*)$ ^exim4-daemon-heavy(?::\w+|)\s+(.*)$ ^exim4-base(?::\w+|)\s+(.*)$ ^libclamav-dev(?::\w+|)\s+(.*)$ ^clamav-testfiles(?::\w+|)\s+(.*)$ ^clamav-base(?::\w+|)\s+(.*)$ ^clamav(?::\w+|)\s+(.*)$ ^clamav-daemon(?::\w+|)\s+(.*)$ ^clamav-milter(?::\w+|)\s+(.*)$ ^clamav-docs(?::\w+|)\s+(.*)$ ^clamav-freshclam(?::\w+|)\s+(.*)$ ^libclamav9(?::\w+|)\s+(.*)$ ^clamdscan(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-aarch64(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-uz(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-cak(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^php7.0-cgi(?::\w+|)\s+(.*)$ ^php7.0-mcrypt(?::\w+|)\s+(.*)$ ^php7.0-xsl(?::\w+|)\s+(.*)$ ^php7.0-fpm(?::\w+|)\s+(.*)$ ^libphp7.0-embed(?::\w+|)\s+(.*)$ ^php7.0-phpdbg(?::\w+|)\s+(.*)$ ^php7.0-curl(?::\w+|)\s+(.*)$ ^php7.0-ldap(?::\w+|)\s+(.*)$ ^php7.0-mbstring(?::\w+|)\s+(.*)$ ^php7.0-gmp(?::\w+|)\s+(.*)$ ^php7.0-sqlite3(?::\w+|)\s+(.*)$ ^php7.0-gd(?::\w+|)\s+(.*)$ ^php7.0-common(?::\w+|)\s+(.*)$ ^php7.0-enchant(?::\w+|)\s+(.*)$ ^php7.0-odbc(?::\w+|)\s+(.*)$ ^php7.0-cli(?::\w+|)\s+(.*)$ ^php7.0-json(?::\w+|)\s+(.*)$ ^php7.0-pgsql(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.0(?::\w+|)\s+(.*)$ ^php7.0-zip(?::\w+|)\s+(.*)$ ^php7.0-mysql(?::\w+|)\s+(.*)$ ^php7.0-dba(?::\w+|)\s+(.*)$ ^php7.0-sybase(?::\w+|)\s+(.*)$ ^php7.0-pspell(?::\w+|)\s+(.*)$ ^php7.0-xml(?::\w+|)\s+(.*)$ ^php7.0-bz2(?::\w+|)\s+(.*)$ ^php7.0-recode(?::\w+|)\s+(.*)$ ^php7.0-soap(?::\w+|)\s+(.*)$ ^php7.0(?::\w+|)\s+(.*)$ ^php7.0-tidy(?::\w+|)\s+(.*)$ ^php7.0-interbase(?::\w+|)\s+(.*)$ ^php7.0-opcache(?::\w+|)\s+(.*)$ ^php7.0-readline(?::\w+|)\s+(.*)$ ^php7.0-intl(?::\w+|)\s+(.*)$ ^php7.0-imap(?::\w+|)\s+(.*)$ ^php7.0-xmlrpc(?::\w+|)\s+(.*)$ ^php7.0-bcmath(?::\w+|)\s+(.*)$ ^php7.0-dev(?::\w+|)\s+(.*)$ ^php7.0-snmp(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libcrypto1.0.0-udeb(?::\w+|)\s+(.*)$ ^libssl1.0.0-udeb(?::\w+|)\s+(.*)$ ^ca-certificates-udeb(?::\w+|)\s+(.*)$ ^ca-certificates(?::\w+|)\s+(.*)$ ^python-flask-doc(?::\w+|)\s+(.*)$ ^python-flask(?::\w+|)\s+(.*)$ ^python3-flask(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^libfreerdp-common1.1.0(?::\w+|)\s+(.*)$ ^libwinpr-dev(?::\w+|)\s+(.*)$ ^libfreerdp-client1.1(?::\w+|)\s+(.*)$ ^libwinpr-crt0.1(?::\w+|)\s+(.*)$ ^libfreerdp-primitives1.1(?::\w+|)\s+(.*)$ ^libwinpr-pool0.1(?::\w+|)\s+(.*)$ ^libwinpr-library0.1(?::\w+|)\s+(.*)$ ^libwinpr-io0.1(?::\w+|)\s+(.*)$ ^libfreerdp-core1.1(?::\w+|)\s+(.*)$ ^libfreerdp-locale1.1(?::\w+|)\s+(.*)$ ^libfreerdp-gdi1.1(?::\w+|)\s+(.*)$ ^libwinpr-winhttp0.1(?::\w+|)\s+(.*)$ ^libwinpr-synch0.1(?::\w+|)\s+(.*)$ ^libwinpr-sysinfo0.1(?::\w+|)\s+(.*)$ ^libfreerdp-codec1.1(?::\w+|)\s+(.*)$ ^libwinpr-rpc0.1(?::\w+|)\s+(.*)$ ^libfreerdp-dev(?::\w+|)\s+(.*)$ ^libwinpr-environment0.1(?::\w+|)\s+(.*)$ ^libfreerdp-cache1.1(?::\w+|)\s+(.*)$ ^libwinpr-crypto0.1(?::\w+|)\s+(.*)$ ^libwinpr-sspi0.1(?::\w+|)\s+(.*)$ ^libfreerdp-utils1.1(?::\w+|)\s+(.*)$ ^libwinpr-credui0.1(?::\w+|)\s+(.*)$ ^freerdp-x11(?::\w+|)\s+(.*)$ ^libwinpr-heap0.1(?::\w+|)\s+(.*)$ ^libfreerdp-rail1.1(?::\w+|)\s+(.*)$ ^libwinpr-thread0.1(?::\w+|)\s+(.*)$ ^libwinpr-asn1-0.1(?::\w+|)\s+(.*)$ ^libwinpr-bcrypt0.1(?::\w+|)\s+(.*)$ ^libxfreerdp-client1.1(?::\w+|)\s+(.*)$ ^libwinpr-file0.1(?::\w+|)\s+(.*)$ ^libwinpr-handle0.1(?::\w+|)\s+(.*)$ ^libwinpr-interlocked0.1(?::\w+|)\s+(.*)$ ^libwinpr-sspicli0.1(?::\w+|)\s+(.*)$ ^libwinpr-utils0.1(?::\w+|)\s+(.*)$ ^libwinpr-path0.1(?::\w+|)\s+(.*)$ ^libwinpr-error0.1(?::\w+|)\s+(.*)$ ^libwinpr-dsparse0.1(?::\w+|)\s+(.*)$ ^libfreerdp-plugins-standard(?::\w+|)\s+(.*)$ ^libwinpr-timezone0.1(?::\w+|)\s+(.*)$ ^libfreerdp-crypto1.1(?::\w+|)\s+(.*)$ ^libwinpr-winsock0.1(?::\w+|)\s+(.*)$ ^libwinpr-pipe0.1(?::\w+|)\s+(.*)$ ^libwinpr-credentials0.1(?::\w+|)\s+(.*)$ ^libwinpr-registry0.1(?::\w+|)\s+(.*)$ ^libwinpr-input0.1(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^intel-microcode(?::\w+|)\s+(.*)$ ^intel-microcode(?::\w+|)\s+(.*)$ ^libjpeg-turbo8(?::\w+|)\s+(.*)$ ^libjpeg-turbo-test(?::\w+|)\s+(.*)$ ^libjpeg-turbo8-dev(?::\w+|)\s+(.*)$ ^libturbojpeg(?::\w+|)\s+(.*)$ ^libjpeg-turbo-progs(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^lemon(?::\w+|)\s+(.*)$ ^sqlite3-doc(?::\w+|)\s+(.*)$ ^libsqlite3-0(?::\w+|)\s+(.*)$ ^libsqlite3-tcl(?::\w+|)\s+(.*)$ ^sqlite3(?::\w+|)\s+(.*)$ ^libsqlite3-dev(?::\w+|)\s+(.*)$ ^libdfu-dev(?::\w+|)\s+(.*)$ ^fwupd(?::\w+|)\s+(.*)$ ^libfwupd-dev(?::\w+|)\s+(.*)$ ^libdfu1(?::\w+|)\s+(.*)$ ^libfwupd1(?::\w+|)\s+(.*)$ ^libexif-dev(?::\w+|)\s+(.*)$ ^libexif12(?::\w+|)\s+(.*)$ ^libnss3-nssdb(?::\w+|)\s+(.*)$ ^libnss3-dev(?::\w+|)\s+(.*)$ ^libnss3(?::\w+|)\s+(.*)$ ^libnss3-1d(?::\w+|)\s+(.*)$ ^libnss3-tools(?::\w+|)\s+(.*)$ ^dbus-1-doc(?::\w+|)\s+(.*)$ ^dbus(?::\w+|)\s+(.*)$ ^libdbus-1-dev(?::\w+|)\s+(.*)$ ^dbus-udeb(?::\w+|)\s+(.*)$ ^dbus-user-session(?::\w+|)\s+(.*)$ ^libdbus-1-3-udeb(?::\w+|)\s+(.*)$ ^dbus-x11(?::\w+|)\s+(.*)$ ^dbus-tests(?::\w+|)\s+(.*)$ ^libdbus-1-3(?::\w+|)\s+(.*)$ ^nfs-kernel-server(?::\w+|)\s+(.*)$ ^nfs-common(?::\w+|)\s+(.*)$ ^mutt-patched(?::\w+|)\s+(.*)$ ^mutt(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl3(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^mutt-patched(?::\w+|)\s+(.*)$ ^mutt(?::\w+|)\s+(.*)$ ^glib-networking(?::\w+|)\s+(.*)$ ^glib-networking-services(?::\w+|)\s+(.*)$ ^glib-networking-tests(?::\w+|)\s+(.*)$ ^glib-networking-common(?::\w+|)\s+(.*)$ ^mailman(?::\w+|)\s+(.*)$ ^libvncserver-config(?::\w+|)\s+(.*)$ ^libvncserver-dev(?::\w+|)\s+(.*)$ ^libvncserver1(?::\w+|)\s+(.*)$ ^libvncclient1(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^coturn(?::\w+|)\s+(.*)$ ^libc6-i386(?::\w+|)\s+(.*)$ ^libc6-ppc64(?::\w+|)\s+(.*)$ ^libc6-dev-s390(?::\w+|)\s+(.*)$ ^glibc-source(?::\w+|)\s+(.*)$ ^libc-bin(?::\w+|)\s+(.*)$ ^libc6-x32(?::\w+|)\s+(.*)$ ^libc6-s390(?::\w+|)\s+(.*)$ ^libc6-armel(?::\w+|)\s+(.*)$ ^libc6-pic(?::\w+|)\s+(.*)$ ^libc6-dev-ppc64(?::\w+|)\s+(.*)$ ^libc6-dev-armel(?::\w+|)\s+(.*)$ ^glibc-doc(?::\w+|)\s+(.*)$ ^multiarch-support(?::\w+|)\s+(.*)$ ^libc6-dev(?::\w+|)\s+(.*)$ ^libc6-amd64(?::\w+|)\s+(.*)$ ^libc6-dev-amd64(?::\w+|)\s+(.*)$ ^libc6(?::\w+|)\s+(.*)$ ^locales-all(?::\w+|)\s+(.*)$ ^libc6-dev-x32(?::\w+|)\s+(.*)$ ^locales(?::\w+|)\s+(.*)$ ^libc6-udeb(?::\w+|)\s+(.*)$ ^libc6-dev-i386(?::\w+|)\s+(.*)$ ^libc-dev-bin(?::\w+|)\s+(.*)$ ^nscd(?::\w+|)\s+(.*)$ ^libnss3-nssdb(?::\w+|)\s+(.*)$ ^libnss3-dev(?::\w+|)\s+(.*)$ ^libnss3(?::\w+|)\s+(.*)$ ^libnss3-1d(?::\w+|)\s+(.*)$ ^libnss3-tools(?::\w+|)\s+(.*)$ ^libopenexr-dev(?::\w+|)\s+(.*)$ ^openexr(?::\w+|)\s+(.*)$ ^libopenexr22(?::\w+|)\s+(.*)$ ^openexr-doc(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-uz(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-cak(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^ubuntu-core-snapd-units(?::\w+|)\s+(.*)$ ^ubuntu-core-launcher(?::\w+|)\s+(.*)$ ^snap-confine(?::\w+|)\s+(.*)$ ^ubuntu-snappy-cli(?::\w+|)\s+(.*)$ ^golang-github-snapcore-snapd-dev(?::\w+|)\s+(.*)$ ^snapd-xdg-open(?::\w+|)\s+(.*)$ ^snapd(?::\w+|)\s+(.*)$ ^golang-github-ubuntu-core-snappy-dev(?::\w+|)\s+(.*)$ ^ubuntu-snappy(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^libpython3.5-stdlib(?::\w+|)\s+(.*)$ ^python3.5-venv(?::\w+|)\s+(.*)$ ^python3.5-doc(?::\w+|)\s+(.*)$ ^python3.5-dev(?::\w+|)\s+(.*)$ ^libpython3.5-dev(?::\w+|)\s+(.*)$ ^libpython3.5-minimal(?::\w+|)\s+(.*)$ ^python3.5(?::\w+|)\s+(.*)$ ^idle-python3.5(?::\w+|)\s+(.*)$ ^libpython3.5-testsuite(?::\w+|)\s+(.*)$ ^python3.5-examples(?::\w+|)\s+(.*)$ ^python3.5-minimal(?::\w+|)\s+(.*)$ ^libpython3.5(?::\w+|)\s+(.*)$ ^libecal1.2-dev(?::\w+|)\s+(.*)$ ^libedataserver-1.2-21(?::\w+|)\s+(.*)$ ^libebackend-1.2-10(?::\w+|)\s+(.*)$ ^libebook1.2-dev(?::\w+|)\s+(.*)$ ^libedata-cal1.2-dev(?::\w+|)\s+(.*)$ ^libcamel-1.2-54(?::\w+|)\s+(.*)$ ^libebook-contacts-1.2-2(?::\w+|)\s+(.*)$ ^libedata-book1.2-dev(?::\w+|)\s+(.*)$ ^libecal-1.2-19(?::\w+|)\s+(.*)$ ^evolution-data-server-online-accounts(?::\w+|)\s+(.*)$ ^libebackend1.2-dev(?::\w+|)\s+(.*)$ ^libcamel1.2-dev(?::\w+|)\s+(.*)$ ^libedataserverui-1.2-1(?::\w+|)\s+(.*)$ ^gir1.2-edataserver-1.2(?::\w+|)\s+(.*)$ ^libedataserver1.2-dev(?::\w+|)\s+(.*)$ ^libebook-contacts1.2-dev(?::\w+|)\s+(.*)$ ^gir1.2-ebookcontacts-1.2(?::\w+|)\s+(.*)$ ^libedata-book-1.2-25(?::\w+|)\s+(.*)$ ^evolution-data-server(?::\w+|)\s+(.*)$ ^evolution-data-server-common(?::\w+|)\s+(.*)$ ^libedataserverui1.2-dev(?::\w+|)\s+(.*)$ ^evolution-data-server-doc(?::\w+|)\s+(.*)$ ^libebook-1.2-16(?::\w+|)\s+(.*)$ ^evolution-data-server-dev(?::\w+|)\s+(.*)$ ^gir1.2-ebook-1.2(?::\w+|)\s+(.*)$ ^libedata-cal-1.2-28(?::\w+|)\s+(.*)$ ^python3-pil.imagetk(?::\w+|)\s+(.*)$ ^python-pil-doc(?::\w+|)\s+(.*)$ ^python3-pil(?::\w+|)\s+(.*)$ ^python-pil.imagetk(?::\w+|)\s+(.*)$ ^python-imaging(?::\w+|)\s+(.*)$ ^python-pil(?::\w+|)\s+(.*)$ ^libavresample-dev(?::\w+|)\s+(.*)$ ^libswresample-ffmpeg1(?::\w+|)\s+(.*)$ ^libavresample-ffmpeg2(?::\w+|)\s+(.*)$ ^libavcodec-extra(?::\w+|)\s+(.*)$ ^libswscale-ffmpeg3(?::\w+|)\s+(.*)$ ^libavcodec-dev(?::\w+|)\s+(.*)$ ^libavutil-dev(?::\w+|)\s+(.*)$ ^libavfilter-ffmpeg5(?::\w+|)\s+(.*)$ ^libpostproc-ffmpeg53(?::\w+|)\s+(.*)$ ^libavcodec-ffmpeg56(?::\w+|)\s+(.*)$ ^libswscale-dev(?::\w+|)\s+(.*)$ ^libavformat-ffmpeg56(?::\w+|)\s+(.*)$ ^libswresample-dev(?::\w+|)\s+(.*)$ ^libavdevice-dev(?::\w+|)\s+(.*)$ ^libavcodec-ffmpeg-extra56(?::\w+|)\s+(.*)$ ^libavfilter-dev(?::\w+|)\s+(.*)$ ^libpostproc-dev(?::\w+|)\s+(.*)$ ^libavformat-dev(?::\w+|)\s+(.*)$ ^ffmpeg(?::\w+|)\s+(.*)$ ^libavutil-ffmpeg54(?::\w+|)\s+(.*)$ ^ffmpeg-doc(?::\w+|)\s+(.*)$ ^libav-tools(?::\w+|)\s+(.*)$ ^libavdevice-ffmpeg56(?::\w+|)\s+(.*)$ ^grub-efi-amd64-signed(?::\w+|)\s+(.*)$ ^grub-efi-arm64-signed(?::\w+|)\s+(.*)$ ^grub-firmware-qemu(?::\w+|)\s+(.*)$ ^grub-ieee1275(?::\w+|)\s+(.*)$ ^grub-efi-amd64(?::\w+|)\s+(.*)$ ^grub2-common(?::\w+|)\s+(.*)$ ^grub-uboot-bin(?::\w+|)\s+(.*)$ ^grub-common(?::\w+|)\s+(.*)$ ^grub-efi-amd64-bin(?::\w+|)\s+(.*)$ ^grub-pc-bin(?::\w+|)\s+(.*)$ ^grub-theme-starfield(?::\w+|)\s+(.*)$ ^grub-efi-arm(?::\w+|)\s+(.*)$ ^grub2(?::\w+|)\s+(.*)$ ^grub-xen-host(?::\w+|)\s+(.*)$ ^grub-efi-arm64-bin(?::\w+|)\s+(.*)$ ^grub-pc(?::\w+|)\s+(.*)$ ^grub-emu(?::\w+|)\s+(.*)$ ^grub-efi-arm-bin(?::\w+|)\s+(.*)$ ^grub-linuxbios(?::\w+|)\s+(.*)$ ^grub-xen(?::\w+|)\s+(.*)$ ^grub-uboot(?::\w+|)\s+(.*)$ ^grub-efi-ia32(?::\w+|)\s+(.*)$ ^grub-coreboot(?::\w+|)\s+(.*)$ ^grub-efi-ia32-bin(?::\w+|)\s+(.*)$ ^grub-ieee1275-bin(?::\w+|)\s+(.*)$ ^grub-xen-bin(?::\w+|)\s+(.*)$ ^grub-rescue-pc(?::\w+|)\s+(.*)$ ^grub-mount-udeb(?::\w+|)\s+(.*)$ ^grub-coreboot-bin(?::\w+|)\s+(.*)$ ^grub-efi-arm64(?::\w+|)\s+(.*)$ ^grub-efi(?::\w+|)\s+(.*)$ ^grub-efi-amd64-signed(?::\w+|)\s+(.*)$ ^grub-efi-arm64-signed(?::\w+|)\s+(.*)$ ^grub-firmware-qemu(?::\w+|)\s+(.*)$ ^grub-ieee1275(?::\w+|)\s+(.*)$ ^grub-efi-amd64(?::\w+|)\s+(.*)$ ^grub2-common(?::\w+|)\s+(.*)$ ^grub-uboot-bin(?::\w+|)\s+(.*)$ ^grub-common(?::\w+|)\s+(.*)$ ^grub-efi-amd64-bin(?::\w+|)\s+(.*)$ ^grub-pc-bin(?::\w+|)\s+(.*)$ ^grub-theme-starfield(?::\w+|)\s+(.*)$ ^grub-efi-arm(?::\w+|)\s+(.*)$ ^grub2(?::\w+|)\s+(.*)$ ^grub-xen-host(?::\w+|)\s+(.*)$ ^grub-efi-arm64-bin(?::\w+|)\s+(.*)$ ^grub-pc(?::\w+|)\s+(.*)$ ^grub-emu(?::\w+|)\s+(.*)$ ^grub-efi-arm-bin(?::\w+|)\s+(.*)$ ^grub-linuxbios(?::\w+|)\s+(.*)$ ^grub-xen(?::\w+|)\s+(.*)$ ^grub-uboot(?::\w+|)\s+(.*)$ ^grub-efi-ia32(?::\w+|)\s+(.*)$ ^grub-coreboot(?::\w+|)\s+(.*)$ ^grub-efi-ia32-bin(?::\w+|)\s+(.*)$ ^grub-ieee1275-bin(?::\w+|)\s+(.*)$ ^grub-xen-bin(?::\w+|)\s+(.*)$ ^grub-rescue-pc(?::\w+|)\s+(.*)$ ^grub-mount-udeb(?::\w+|)\s+(.*)$ ^grub-coreboot-bin(?::\w+|)\s+(.*)$ ^grub-efi-arm64(?::\w+|)\s+(.*)$ ^grub-efi(?::\w+|)\s+(.*)$ ^libvncserver-config(?::\w+|)\s+(.*)$ ^libvncserver-dev(?::\w+|)\s+(.*)$ ^libvncserver1(?::\w+|)\s+(.*)$ ^libvncclient1(?::\w+|)\s+(.*)$ ^libclamav-dev(?::\w+|)\s+(.*)$ ^clamav-testfiles(?::\w+|)\s+(.*)$ ^clamav-base(?::\w+|)\s+(.*)$ ^clamav(?::\w+|)\s+(.*)$ ^clamav-daemon(?::\w+|)\s+(.*)$ ^clamav-milter(?::\w+|)\s+(.*)$ ^clamav-docs(?::\w+|)\s+(.*)$ ^clamav-freshclam(?::\w+|)\s+(.*)$ ^libclamav9(?::\w+|)\s+(.*)$ ^clamdscan(?::\w+|)\s+(.*)$ ^librsvg2-common(?::\w+|)\s+(.*)$ ^gir1.2-rsvg-2.0(?::\w+|)\s+(.*)$ ^librsvg2-doc(?::\w+|)\s+(.*)$ ^librsvg2-bin(?::\w+|)\s+(.*)$ ^librsvg2-2(?::\w+|)\s+(.*)$ ^librsvg2-dev(?::\w+|)\s+(.*)$ ^librsvg2-common(?::\w+|)\s+(.*)$ ^gir1.2-rsvg-2.0(?::\w+|)\s+(.*)$ ^librsvg2-doc(?::\w+|)\s+(.*)$ ^librsvg2-bin(?::\w+|)\s+(.*)$ ^librsvg2-2(?::\w+|)\s+(.*)$ ^librsvg2-dev(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-common(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^sympa(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^squid-common(?::\w+|)\s+(.*)$ ^squid(?::\w+|)\s+(.*)$ ^squid-cgi(?::\w+|)\s+(.*)$ ^squid-purge(?::\w+|)\s+(.*)$ ^squidclient(?::\w+|)\s+(.*)$ ^squid3(?::\w+|)\s+(.*)$ ^squid-common(?::\w+|)\s+(.*)$ ^squid(?::\w+|)\s+(.*)$ ^squid-cgi(?::\w+|)\s+(.*)$ ^squid-purge(?::\w+|)\s+(.*)$ ^squidclient(?::\w+|)\s+(.*)$ ^squid3(?::\w+|)\s+(.*)$ ^libssh-gcrypt-dev(?::\w+|)\s+(.*)$ ^libssh-doc(?::\w+|)\s+(.*)$ ^libssh-gcrypt-4(?::\w+|)\s+(.*)$ ^libssh-4(?::\w+|)\s+(.*)$ ^libssh-dev(?::\w+|)\s+(.*)$ ^tomcat8-docs(?::\w+|)\s+(.*)$ ^tomcat8-user(?::\w+|)\s+(.*)$ ^libservlet3.1-java(?::\w+|)\s+(.*)$ ^libservlet3.1-java-doc(?::\w+|)\s+(.*)$ ^tomcat8-examples(?::\w+|)\s+(.*)$ ^tomcat8-admin(?::\w+|)\s+(.*)$ ^libtomcat8-java(?::\w+|)\s+(.*)$ ^tomcat8-common(?::\w+|)\s+(.*)$ ^tomcat8(?::\w+|)\s+(.*)$ ^python-apport(?::\w+|)\s+(.*)$ ^python3-problem-report(?::\w+|)\s+(.*)$ ^apport-kde(?::\w+|)\s+(.*)$ ^apport-retrace(?::\w+|)\s+(.*)$ ^apport-valgrind(?::\w+|)\s+(.*)$ ^python3-apport(?::\w+|)\s+(.*)$ ^dh-apport(?::\w+|)\s+(.*)$ ^apport-gtk(?::\w+|)\s+(.*)$ ^apport(?::\w+|)\s+(.*)$ ^python-problem-report(?::\w+|)\s+(.*)$ ^apport-noui(?::\w+|)\s+(.*)$ ^whoopsie(?::\w+|)\s+(.*)$ ^libwhoopsie0(?::\w+|)\s+(.*)$ ^libwhoopsie-dev(?::\w+|)\s+(.*)$ ^ppp-udeb(?::\w+|)\s+(.*)$ ^ppp(?::\w+|)\s+(.*)$ ^ppp-dev(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^openjdk-8-jre-jamvm(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^libnss3-nssdb(?::\w+|)\s+(.*)$ ^libnss3-dev(?::\w+|)\s+(.*)$ ^libnss3(?::\w+|)\s+(.*)$ ^libnss3-1d(?::\w+|)\s+(.*)$ ^libnss3-tools(?::\w+|)\s+(.*)$ ^dovecot-pgsql(?::\w+|)\s+(.*)$ ^dovecot-mysql(?::\w+|)\s+(.*)$ ^dovecot-sieve(?::\w+|)\s+(.*)$ ^dovecot-core(?::\w+|)\s+(.*)$ ^dovecot-ldap(?::\w+|)\s+(.*)$ ^dovecot-sqlite(?::\w+|)\s+(.*)$ ^dovecot-dev(?::\w+|)\s+(.*)$ ^dovecot-pop3d(?::\w+|)\s+(.*)$ ^dovecot-imapd(?::\w+|)\s+(.*)$ ^dovecot-managesieved(?::\w+|)\s+(.*)$ ^dovecot-lucene(?::\w+|)\s+(.*)$ ^mail-stack-delivery(?::\w+|)\s+(.*)$ ^dovecot-gssapi(?::\w+|)\s+(.*)$ ^dovecot-solr(?::\w+|)\s+(.*)$ ^dovecot-lmtpd(?::\w+|)\s+(.*)$ ^python-software-properties(?::\w+|)\s+(.*)$ ^software-properties-common(?::\w+|)\s+(.*)$ ^software-properties-kde(?::\w+|)\s+(.*)$ ^python3-software-properties(?::\w+|)\s+(.*)$ ^software-properties-gtk(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^salt-doc(?::\w+|)\s+(.*)$ ^salt-minion(?::\w+|)\s+(.*)$ ^salt-proxy(?::\w+|)\s+(.*)$ ^salt-api(?::\w+|)\s+(.*)$ ^salt-syndic(?::\w+|)\s+(.*)$ ^salt-ssh(?::\w+|)\s+(.*)$ ^salt-common(?::\w+|)\s+(.*)$ ^salt-master(?::\w+|)\s+(.*)$ ^salt-cloud(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl3(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-aarch64(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-aarch64(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^libisccfg-export140-udeb(?::\w+|)\s+(.*)$ ^libisc160(?::\w+|)\s+(.*)$ ^libisccc-export140-udeb(?::\w+|)\s+(.*)$ ^libdns162(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^libisc-export160-udeb(?::\w+|)\s+(.*)$ ^liblwres141(?::\w+|)\s+(.*)$ ^libisccc-export140(?::\w+|)\s+(.*)$ ^libisccfg-export140(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^libisc-export160(?::\w+|)\s+(.*)$ ^libdns-export162-udeb(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libisccc140(?::\w+|)\s+(.*)$ ^host(?::\w+|)\s+(.*)$ ^libisccfg140(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^libdns-export162(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^libirs-export141-udeb(?::\w+|)\s+(.*)$ ^libbind9-140(?::\w+|)\s+(.*)$ ^libirs141(?::\w+|)\s+(.*)$ ^libirs-export141(?::\w+|)\s+(.*)$ ^lwresd(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^libsane(?::\w+|)\s+(.*)$ ^libsane-common(?::\w+|)\s+(.*)$ ^sane-utils(?::\w+|)\s+(.*)$ ^libsane-dev(?::\w+|)\s+(.*)$ ^snmptrapd(?::\w+|)\s+(.*)$ ^libsnmp-perl(?::\w+|)\s+(.*)$ ^libsnmp-dev(?::\w+|)\s+(.*)$ ^libsnmp-base(?::\w+|)\s+(.*)$ ^snmp(?::\w+|)\s+(.*)$ ^libsnmp30(?::\w+|)\s+(.*)$ ^tkmib(?::\w+|)\s+(.*)$ ^snmpd(?::\w+|)\s+(.*)$ ^python-netsnmp(?::\w+|)\s+(.*)$ ^snmptrapd(?::\w+|)\s+(.*)$ ^libsnmp-perl(?::\w+|)\s+(.*)$ ^libsnmp-dev(?::\w+|)\s+(.*)$ ^libsnmp-base(?::\w+|)\s+(.*)$ ^snmp(?::\w+|)\s+(.*)$ ^libsnmp30(?::\w+|)\s+(.*)$ ^tkmib(?::\w+|)\s+(.*)$ ^snmpd(?::\w+|)\s+(.*)$ ^python-netsnmp(?::\w+|)\s+(.*)$ ^postgresql-doc-9.5(?::\w+|)\s+(.*)$ ^postgresql-plperl-9.5(?::\w+|)\s+(.*)$ ^postgresql-server-dev-9.5(?::\w+|)\s+(.*)$ ^postgresql-9.5(?::\w+|)\s+(.*)$ ^postgresql-plpython-9.5(?::\w+|)\s+(.*)$ ^libecpg6(?::\w+|)\s+(.*)$ ^postgresql-client-9.5(?::\w+|)\s+(.*)$ ^libpq5(?::\w+|)\s+(.*)$ ^postgresql-contrib-9.5(?::\w+|)\s+(.*)$ ^libpgtypes3(?::\w+|)\s+(.*)$ ^libecpg-dev(?::\w+|)\s+(.*)$ ^postgresql-pltcl-9.5(?::\w+|)\s+(.*)$ ^libpq-dev(?::\w+|)\s+(.*)$ ^postgresql-plpython3-9.5(?::\w+|)\s+(.*)$ ^libecpg-compat3(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^libnss3-nssdb(?::\w+|)\s+(.*)$ ^libnss3-dev(?::\w+|)\s+(.*)$ ^libnss3(?::\w+|)\s+(.*)$ ^libnss3-1d(?::\w+|)\s+(.*)$ ^libnss3-tools(?::\w+|)\s+(.*)$ ^python-rsa(?::\w+|)\s+(.*)$ ^python3-rsa(?::\w+|)\s+(.*)$ ^ark(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^libx11-6(?::\w+|)\s+(.*)$ ^libx11-data(?::\w+|)\s+(.*)$ ^libx11-xcb-dev(?::\w+|)\s+(.*)$ ^libx11-xcb1(?::\w+|)\s+(.*)$ ^libx11-doc(?::\w+|)\s+(.*)$ ^libx11-6-udeb(?::\w+|)\s+(.*)$ ^libx11-dev(?::\w+|)\s+(.*)$ ^xserver-xorg-core(?::\w+|)\s+(.*)$ ^xmir(?::\w+|)\s+(.*)$ ^xwayland(?::\w+|)\s+(.*)$ ^xorg-server-source(?::\w+|)\s+(.*)$ ^xdmx(?::\w+|)\s+(.*)$ ^xserver-xorg-xmir(?::\w+|)\s+(.*)$ ^xserver-xorg-dev(?::\w+|)\s+(.*)$ ^xdmx-tools(?::\w+|)\s+(.*)$ ^xvfb(?::\w+|)\s+(.*)$ ^xnest(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy(?::\w+|)\s+(.*)$ ^xserver-common(?::\w+|)\s+(.*)$ ^xserver-xephyr(?::\w+|)\s+(.*)$ ^xserver-xorg-core-udeb(?::\w+|)\s+(.*)$ ^xorg-server-source-hwe-16.04(?::\w+|)\s+(.*)$ ^xmir-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xorg-dev-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xorg-core-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy-hwe-16.04(?::\w+|)\s+(.*)$ ^xwayland-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xephyr-hwe-16.04(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^xserver-xorg-core(?::\w+|)\s+(.*)$ ^xmir(?::\w+|)\s+(.*)$ ^xwayland(?::\w+|)\s+(.*)$ ^xorg-server-source(?::\w+|)\s+(.*)$ ^xdmx(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy(?::\w+|)\s+(.*)$ ^xserver-xorg-xmir(?::\w+|)\s+(.*)$ ^xvfb(?::\w+|)\s+(.*)$ ^xserver-xorg-dev(?::\w+|)\s+(.*)$ ^xserver-xorg-core-udeb(?::\w+|)\s+(.*)$ ^xnest(?::\w+|)\s+(.*)$ ^xserver-xephyr(?::\w+|)\s+(.*)$ ^xserver-common(?::\w+|)\s+(.*)$ ^xdmx-tools(?::\w+|)\s+(.*)$ ^xorg-server-source-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xephyr-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xorg-core-hwe-16.04(?::\w+|)\s+(.*)$ ^xmir-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy-hwe-16.04(?::\w+|)\s+(.*)$ ^xwayland-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xorg-dev-hwe-16.04(?::\w+|)\s+(.*)$ ^libxmlrpc3-common-java(?::\w+|)\s+(.*)$ ^libxmlrpc3-server-java(?::\w+|)\s+(.*)$ ^libxmlrpc3-java-doc(?::\w+|)\s+(.*)$ ^libxmlrpc3-client-java(?::\w+|)\s+(.*)$ ^libopenjp2-tools(?::\w+|)\s+(.*)$ ^libopenjpip-server(?::\w+|)\s+(.*)$ ^libopenjp3d7(?::\w+|)\s+(.*)$ ^libopenjp3d-tools(?::\w+|)\s+(.*)$ ^libopenjpip7(?::\w+|)\s+(.*)$ ^libopenjp2-7(?::\w+|)\s+(.*)$ ^libopenjp2-7-dev(?::\w+|)\s+(.*)$ ^libopenjpip-viewer(?::\w+|)\s+(.*)$ ^libopenjpip-dec-server(?::\w+|)\s+(.*)$ ^ruby-loofah(?::\w+|)\s+(.*)$ ^milkytracker(?::\w+|)\s+(.*)$ ^bsdiff(?::\w+|)\s+(.*)$ ^libluajit-5.1-dev(?::\w+|)\s+(.*)$ ^libluajit-5.1-2(?::\w+|)\s+(.*)$ ^libluajit-5.1-common(?::\w+|)\s+(.*)$ ^luajit(?::\w+|)\s+(.*)$ ^ruby-websocket-extensions(?::\w+|)\s+(.*)$ ^libdbi-perl(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libcrypto1.0.0-udeb(?::\w+|)\s+(.*)$ ^libssl1.0.0-udeb(?::\w+|)\s+(.*)$ ^mcabber(?::\w+|)\s+(.*)$ ^ncmpc(?::\w+|)\s+(.*)$ ^ncmpc-lyrics(?::\w+|)\s+(.*)$ ^storebackup(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-aarch64(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^apng2gif(?::\w+|)\s+(.*)$ ^libproxy-cil-dev(?::\w+|)\s+(.*)$ ^python-libproxy(?::\w+|)\s+(.*)$ ^libproxy1v5(?::\w+|)\s+(.*)$ ^libproxy0.4-cil(?::\w+|)\s+(.*)$ ^libproxy1-plugin-gsettings(?::\w+|)\s+(.*)$ ^libproxy-dev(?::\w+|)\s+(.*)$ ^libproxy1-plugin-webkit(?::\w+|)\s+(.*)$ ^libproxy1-plugin-kconfig(?::\w+|)\s+(.*)$ ^libproxy1-plugin-networkmanager(?::\w+|)\s+(.*)$ ^libproxy-tools(?::\w+|)\s+(.*)$ ^pure-ftpd-postgresql(?::\w+|)\s+(.*)$ ^pure-ftpd-ldap(?::\w+|)\s+(.*)$ ^pure-ftpd(?::\w+|)\s+(.*)$ ^pure-ftpd-common(?::\w+|)\s+(.*)$ ^pure-ftpd-mysql(?::\w+|)\s+(.*)$ ^libemail-address-list-perl(?::\w+|)\s+(.*)$ ^webcam(?::\w+|)\s+(.*)$ ^xawtv(?::\w+|)\s+(.*)$ ^scantv(?::\w+|)\s+(.*)$ ^pia(?::\w+|)\s+(.*)$ ^xawtv-tools(?::\w+|)\s+(.*)$ ^xawtv-plugins(?::\w+|)\s+(.*)$ ^ttv(?::\w+|)\s+(.*)$ ^radio(?::\w+|)\s+(.*)$ ^v4l-conf(?::\w+|)\s+(.*)$ ^alevtd(?::\w+|)\s+(.*)$ ^xawtv-plugin-qt(?::\w+|)\s+(.*)$ ^fbtv(?::\w+|)\s+(.*)$ ^streamer(?::\w+|)\s+(.*)$ ^libpulse0(?::\w+|)\s+(.*)$ ^pulseaudio-module-lirc(?::\w+|)\s+(.*)$ ^pulseaudio-module-bluetooth(?::\w+|)\s+(.*)$ ^libpulse-dev(?::\w+|)\s+(.*)$ ^pulseaudio-utils(?::\w+|)\s+(.*)$ ^pulseaudio-module-raop(?::\w+|)\s+(.*)$ ^pulseaudio-module-trust-store(?::\w+|)\s+(.*)$ ^pulseaudio(?::\w+|)\s+(.*)$ ^libpulsedsp(?::\w+|)\s+(.*)$ ^pulseaudio-module-x11(?::\w+|)\s+(.*)$ ^pulseaudio-esound-compat(?::\w+|)\s+(.*)$ ^libpulse-mainloop-glib0(?::\w+|)\s+(.*)$ ^pulseaudio-module-gconf(?::\w+|)\s+(.*)$ ^pulseaudio-module-droid(?::\w+|)\s+(.*)$ ^pulseaudio-module-zeroconf(?::\w+|)\s+(.*)$ ^pulseaudio-module-jack(?::\w+|)\s+(.*)$ ^sa-exim(?::\w+|)\s+(.*)$ ^libpam-tacplus(?::\w+|)\s+(.*)$ ^novnc(?::\w+|)\s+(.*)$ ^python-novnc(?::\w+|)\s+(.*)$ ^libofx-doc(?::\w+|)\s+(.*)$ ^libofx-dev(?::\w+|)\s+(.*)$ ^ofx(?::\w+|)\s+(.*)$ ^libofx6(?::\w+|)\s+(.*)$ ^tnef(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^ceph-fs-common(?::\w+|)\s+(.*)$ ^ceph-fuse(?::\w+|)\s+(.*)$ ^python-rados(?::\w+|)\s+(.*)$ ^ceph(?::\w+|)\s+(.*)$ ^ceph-test(?::\w+|)\s+(.*)$ ^rbd-mirror(?::\w+|)\s+(.*)$ ^rbd-nbd(?::\w+|)\s+(.*)$ ^librbd-dev(?::\w+|)\s+(.*)$ ^libradosstriper1(?::\w+|)\s+(.*)$ ^rbd-fuse(?::\w+|)\s+(.*)$ ^librados-dev(?::\w+|)\s+(.*)$ ^libcephfs-jni(?::\w+|)\s+(.*)$ ^radosgw(?::\w+|)\s+(.*)$ ^librados2(?::\w+|)\s+(.*)$ ^libcephfs1(?::\w+|)\s+(.*)$ ^librgw2(?::\w+|)\s+(.*)$ ^ceph-mds(?::\w+|)\s+(.*)$ ^libradosstriper-dev(?::\w+|)\s+(.*)$ ^librbd1(?::\w+|)\s+(.*)$ ^python-ceph(?::\w+|)\s+(.*)$ ^libcephfs-dev(?::\w+|)\s+(.*)$ ^librgw-dev(?::\w+|)\s+(.*)$ ^python-cephfs(?::\w+|)\s+(.*)$ ^python-rbd(?::\w+|)\s+(.*)$ ^ceph-common(?::\w+|)\s+(.*)$ ^libcephfs-java(?::\w+|)\s+(.*)$ ^ceph-resource-agents(?::\w+|)\s+(.*)$ ^libdbi-perl(?::\w+|)\s+(.*)$ ^python3-rdflib(?::\w+|)\s+(.*)$ ^python-rdflib-doc(?::\w+|)\s+(.*)$ ^python-rdflib-tools(?::\w+|)\s+(.*)$ ^python-rdflib(?::\w+|)\s+(.*)$ ^python3-aptdaemon.gtk3widgets(?::\w+|)\s+(.*)$ ^python-aptdaemon(?::\w+|)\s+(.*)$ ^aptdaemon-data(?::\w+|)\s+(.*)$ ^python3-aptdaemon.test(?::\w+|)\s+(.*)$ ^aptdaemon(?::\w+|)\s+(.*)$ ^python3-aptdaemon.pkcompat(?::\w+|)\s+(.*)$ ^python-aptdaemon.gtk3widgets(?::\w+|)\s+(.*)$ ^python3-aptdaemon(?::\w+|)\s+(.*)$ ^libpackagekit-glib2-16(?::\w+|)\s+(.*)$ ^packagekit-docs(?::\w+|)\s+(.*)$ ^libpackagekit-glib2-dev(?::\w+|)\s+(.*)$ ^packagekit(?::\w+|)\s+(.*)$ ^packagekit-tools(?::\w+|)\s+(.*)$ ^python3-packagekit(?::\w+|)\s+(.*)$ ^packagekit-backend-smart(?::\w+|)\s+(.*)$ ^gir1.2-packagekitglib-1.0(?::\w+|)\s+(.*)$ ^packagekit-backend-aptcc(?::\w+|)\s+(.*)$ ^gstreamer1.0-packagekit(?::\w+|)\s+(.*)$ ^packagekit-gtk3-module(?::\w+|)\s+(.*)$ ^gnuplot(?::\w+|)\s+(.*)$ ^gnuplot-doc(?::\w+|)\s+(.*)$ ^gnuplot-tex(?::\w+|)\s+(.*)$ ^gnuplot-qt(?::\w+|)\s+(.*)$ ^gnuplot-data(?::\w+|)\s+(.*)$ ^gnuplot-nox(?::\w+|)\s+(.*)$ ^gnuplot-x11(?::\w+|)\s+(.*)$ ^miniupnpd(?::\w+|)\s+(.*)$ ^quicktime-x11utils(?::\w+|)\s+(.*)$ ^libquicktime2(?::\w+|)\s+(.*)$ ^libquicktime-dev(?::\w+|)\s+(.*)$ ^libquicktime-doc(?::\w+|)\s+(.*)$ ^quicktime-utils(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^ssvnc(?::\w+|)\s+(.*)$ ^squid-common(?::\w+|)\s+(.*)$ ^squid(?::\w+|)\s+(.*)$ ^squid-cgi(?::\w+|)\s+(.*)$ ^squid-purge(?::\w+|)\s+(.*)$ ^squidclient(?::\w+|)\s+(.*)$ ^squid3(?::\w+|)\s+(.*)$ ^libpam-python(?::\w+|)\s+(.*)$ ^libpam-python-doc(?::\w+|)\s+(.*)$ ^libpam-python(?::\w+|)\s+(.*)$ ^libpam-python-doc(?::\w+|)\s+(.*)$ ^libpgf-dev(?::\w+|)\s+(.*)$ ^libpgf6(?::\w+|)\s+(.*)$ ^libservlet2.5-java(?::\w+|)\s+(.*)$ ^libservlet2.5-java-doc(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^ruby-rack(?::\w+|)\s+(.*)$ ^libtika-java(?::\w+|)\s+(.*)$ ^libbrotli1(?::\w+|)\s+(.*)$ ^python-brotli(?::\w+|)\s+(.*)$ ^python3-brotli(?::\w+|)\s+(.*)$ ^brotli(?::\w+|)\s+(.*)$ ^libbrotli-dev(?::\w+|)\s+(.*)$ ^python-urllib3(?::\w+|)\s+(.*)$ ^python3-urllib3(?::\w+|)\s+(.*)$ ^ruby-rack-cors(?::\w+|)\s+(.*)$ ^libspice-server1(?::\w+|)\s+(.*)$ ^libspice-server-dev(?::\w+|)\s+(.*)$ ^vino(?::\w+|)\s+(.*)$ ^golang-github-seccomp-libseccomp-golang-dev(?::\w+|)\s+(.*)$ ^libdom4j-java(?::\w+|)\s+(.*)$ ^libdom4j-java-doc(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^libpython3.5-stdlib(?::\w+|)\s+(.*)$ ^python3.5-venv(?::\w+|)\s+(.*)$ ^python3.5-doc(?::\w+|)\s+(.*)$ ^python3.5-dev(?::\w+|)\s+(.*)$ ^libpython3.5-dev(?::\w+|)\s+(.*)$ ^libpython3.5-minimal(?::\w+|)\s+(.*)$ ^python3.5(?::\w+|)\s+(.*)$ ^idle-python3.5(?::\w+|)\s+(.*)$ ^libpython3.5-testsuite(?::\w+|)\s+(.*)$ ^python3.5-examples(?::\w+|)\s+(.*)$ ^python3.5-minimal(?::\w+|)\s+(.*)$ ^libpython3.5(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-nox-py2(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-athena-py2(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-gtk3-py2(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-gtk-py2(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^vim-gnome-py2(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^php7.0-cgi(?::\w+|)\s+(.*)$ ^php7.0-mcrypt(?::\w+|)\s+(.*)$ ^php7.0-xsl(?::\w+|)\s+(.*)$ ^php7.0-fpm(?::\w+|)\s+(.*)$ ^libphp7.0-embed(?::\w+|)\s+(.*)$ ^php7.0-phpdbg(?::\w+|)\s+(.*)$ ^php7.0-curl(?::\w+|)\s+(.*)$ ^php7.0-ldap(?::\w+|)\s+(.*)$ ^php7.0-mbstring(?::\w+|)\s+(.*)$ ^php7.0-gmp(?::\w+|)\s+(.*)$ ^php7.0-sqlite3(?::\w+|)\s+(.*)$ ^php7.0-gd(?::\w+|)\s+(.*)$ ^php7.0-common(?::\w+|)\s+(.*)$ ^php7.0-enchant(?::\w+|)\s+(.*)$ ^php7.0-odbc(?::\w+|)\s+(.*)$ ^php7.0-cli(?::\w+|)\s+(.*)$ ^php7.0-json(?::\w+|)\s+(.*)$ ^php7.0-pgsql(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.0(?::\w+|)\s+(.*)$ ^php7.0-zip(?::\w+|)\s+(.*)$ ^php7.0-mysql(?::\w+|)\s+(.*)$ ^php7.0-dba(?::\w+|)\s+(.*)$ ^php7.0-sybase(?::\w+|)\s+(.*)$ ^php7.0-pspell(?::\w+|)\s+(.*)$ ^php7.0-xml(?::\w+|)\s+(.*)$ ^php7.0-bz2(?::\w+|)\s+(.*)$ ^php7.0-recode(?::\w+|)\s+(.*)$ ^php7.0-soap(?::\w+|)\s+(.*)$ ^php7.0(?::\w+|)\s+(.*)$ ^php7.0-tidy(?::\w+|)\s+(.*)$ ^php7.0-interbase(?::\w+|)\s+(.*)$ ^php7.0-opcache(?::\w+|)\s+(.*)$ ^php7.0-readline(?::\w+|)\s+(.*)$ ^php7.0-intl(?::\w+|)\s+(.*)$ ^php7.0-imap(?::\w+|)\s+(.*)$ ^php7.0-xmlrpc(?::\w+|)\s+(.*)$ ^php7.0-bcmath(?::\w+|)\s+(.*)$ ^php7.0-dev(?::\w+|)\s+(.*)$ ^php7.0-snmp(?::\w+|)\s+(.*)$ ^libhtmlunit-java(?::\w+|)\s+(.*)$ ^newsbeuter(?::\w+|)\s+(.*)$ ^php-imagick(?::\w+|)\s+(.*)$ ^italc-master(?::\w+|)\s+(.*)$ ^italc-client(?::\w+|)\s+(.*)$ ^libitalccore(?::\w+|)\s+(.*)$ ^italc-management-console(?::\w+|)\s+(.*)$ ^flightgear(?::\w+|)\s+(.*)$ ^containerd(?::\w+|)\s+(.*)$ ^golang-github-docker-containerd-dev(?::\w+|)\s+(.*)$ ^golang-github-docker-docker-dev(?::\w+|)\s+(.*)$ ^docker.io(?::\w+|)\s+(.*)$ ^golang-docker-dev(?::\w+|)\s+(.*)$ ^vim-syntax-docker(?::\w+|)\s+(.*)$ ^docker-doc(?::\w+|)\s+(.*)$ ^collabtive(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^libfreetype6-dev(?::\w+|)\s+(.*)$ ^libfreetype6-udeb(?::\w+|)\s+(.*)$ ^freetype2-demos(?::\w+|)\s+(.*)$ ^libfreetype6(?::\w+|)\s+(.*)$ ^libapache2-mod-auth-mellon(?::\w+|)\s+(.*)$ ^libetpan-dev(?::\w+|)\s+(.*)$ ^libetpan-doc(?::\w+|)\s+(.*)$ ^libetpan17(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^libnetty-3.9-java(?::\w+|)\s+(.*)$ ^perl-modules-5.22(?::\w+|)\s+(.*)$ ^libperl-dev(?::\w+|)\s+(.*)$ ^perl-doc(?::\w+|)\s+(.*)$ ^perl(?::\w+|)\s+(.*)$ ^perl-base(?::\w+|)\s+(.*)$ ^perl-debug(?::\w+|)\s+(.*)$ ^libperl5.22(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-common(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^blueman(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^openjdk-8-jre-jamvm(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^openjdk-8-jre-jamvm(?::\w+|)\s+(.*)$ ^ca-certificates-udeb(?::\w+|)\s+(.*)$ ^ca-certificates(?::\w+|)\s+(.*)$ ^gosa-plugin-phpscheduleit(?::\w+|)\s+(.*)$ ^gosa-help-de(?::\w+|)\s+(.*)$ ^gosa-plugin-sudo(?::\w+|)\s+(.*)$ ^gosa-plugin-openxchange-schema(?::\w+|)\s+(.*)$ ^gosa-plugin-dns-schema(?::\w+|)\s+(.*)$ ^gosa-plugin-dhcp(?::\w+|)\s+(.*)$ ^gosa-help-fr(?::\w+|)\s+(.*)$ ^gosa-plugin-mit-krb5(?::\w+|)\s+(.*)$ ^gosa(?::\w+|)\s+(.*)$ ^gosa-desktop(?::\w+|)\s+(.*)$ ^gosa-plugin-systems(?::\w+|)\s+(.*)$ ^gosa-plugin-pptp-schema(?::\w+|)\s+(.*)$ ^gosa-plugin-ssh(?::\w+|)\s+(.*)$ ^gosa-plugin-uw-imap(?::\w+|)\s+(.*)$ ^gosa-plugin-mail(?::\w+|)\s+(.*)$ ^gosa-plugin-kolab(?::\w+|)\s+(.*)$ ^gosa-dev(?::\w+|)\s+(.*)$ ^gosa-plugin-fai(?::\w+|)\s+(.*)$ ^gosa-plugin-squid(?::\w+|)\s+(.*)$ ^gosa-plugin-pptp(?::\w+|)\s+(.*)$ ^gosa-plugin-mit-krb5-schema(?::\w+|)\s+(.*)$ ^gosa-help-nl(?::\w+|)\s+(.*)$ ^gosa-plugin-ssh-schema(?::\w+|)\s+(.*)$ ^gosa-plugin-goto(?::\w+|)\s+(.*)$ ^gosa-plugin-opengroupware(?::\w+|)\s+(.*)$ ^gosa-help-en(?::\w+|)\s+(.*)$ ^gosa-plugin-pureftpd(?::\w+|)\s+(.*)$ ^gosa-plugin-kolab-schema(?::\w+|)\s+(.*)$ ^gosa-plugin-phpscheduleit-schema(?::\w+|)\s+(.*)$ ^gosa-plugin-gofax(?::\w+|)\s+(.*)$ ^gosa-plugin-scalix(?::\w+|)\s+(.*)$ ^gosa-plugin-netatalk(?::\w+|)\s+(.*)$ ^gosa-plugin-rolemanagement(?::\w+|)\s+(.*)$ ^gosa-plugin-ldapmanager(?::\w+|)\s+(.*)$ ^gosa-plugin-dns(?::\w+|)\s+(.*)$ ^gosa-plugin-phpgw(?::\w+|)\s+(.*)$ ^gosa-plugin-connectivity(?::\w+|)\s+(.*)$ ^gosa-plugin-fai-schema(?::\w+|)\s+(.*)$ ^gosa-plugin-samba(?::\w+|)\s+(.*)$ ^gosa-plugin-sudo-schema(?::\w+|)\s+(.*)$ ^gosa-plugin-opsi(?::\w+|)\s+(.*)$ ^gosa-plugin-pureftpd-schema(?::\w+|)\s+(.*)$ ^gosa-plugin-gofon(?::\w+|)\s+(.*)$ ^gosa-schema(?::\w+|)\s+(.*)$ ^gosa-plugin-openxchange(?::\w+|)\s+(.*)$ ^gosa-plugin-webdav(?::\w+|)\s+(.*)$ ^gosa-plugin-nagios-schema(?::\w+|)\s+(.*)$ ^gosa-plugin-nagios(?::\w+|)\s+(.*)$ ^gosa-plugin-phpgw-schema(?::\w+|)\s+(.*)$ ^gosa-plugin-rsyslog(?::\w+|)\s+(.*)$ ^gosa-plugin-dhcp-schema(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^python3-cryptography(?::\w+|)\s+(.*)$ ^python-cryptography(?::\w+|)\s+(.*)$ ^python-cryptography-doc(?::\w+|)\s+(.*)$ ^libytnef0-dev(?::\w+|)\s+(.*)$ ^libytnef0(?::\w+|)\s+(.*)$ ^accountsservice(?::\w+|)\s+(.*)$ ^gir1.2-accountsservice-1.0(?::\w+|)\s+(.*)$ ^libaccountsservice-doc(?::\w+|)\s+(.*)$ ^libaccountsservice-dev(?::\w+|)\s+(.*)$ ^libaccountsservice0(?::\w+|)\s+(.*)$ ^libdom4j-java(?::\w+|)\s+(.*)$ ^libdom4j-java-doc(?::\w+|)\s+(.*)$ ^qmail(?::\w+|)\s+(.*)$ ^qmail-uids-gids(?::\w+|)\s+(.*)$ ^ldap-utils(?::\w+|)\s+(.*)$ ^libldap2-dev(?::\w+|)\s+(.*)$ ^libldap-2.4-2(?::\w+|)\s+(.*)$ ^slapd-smbk5pwd(?::\w+|)\s+(.*)$ ^slapd(?::\w+|)\s+(.*)$ ^pacemaker-remote(?::\w+|)\s+(.*)$ ^libcrmcommon-dev(?::\w+|)\s+(.*)$ ^pacemaker-resource-agents(?::\w+|)\s+(.*)$ ^pacemaker-cli-utils(?::\w+|)\s+(.*)$ ^pacemaker-common(?::\w+|)\s+(.*)$ ^liblrmd1(?::\w+|)\s+(.*)$ ^libcrmcluster-dev(?::\w+|)\s+(.*)$ ^libstonithd-dev(?::\w+|)\s+(.*)$ ^libpe-status10(?::\w+|)\s+(.*)$ ^libtransitioner2(?::\w+|)\s+(.*)$ ^libstonithd2(?::\w+|)\s+(.*)$ ^libcrmservice3(?::\w+|)\s+(.*)$ ^libcrmcommon3(?::\w+|)\s+(.*)$ ^libcib-dev(?::\w+|)\s+(.*)$ ^pacemaker(?::\w+|)\s+(.*)$ ^libcrmservice-dev(?::\w+|)\s+(.*)$ ^libpe-rules2(?::\w+|)\s+(.*)$ ^liblrmd-dev(?::\w+|)\s+(.*)$ ^libpengine10(?::\w+|)\s+(.*)$ ^libpengine-dev(?::\w+|)\s+(.*)$ ^pacemaker-doc(?::\w+|)\s+(.*)$ ^libcrmcluster4(?::\w+|)\s+(.*)$ ^libcib4(?::\w+|)\s+(.*)$ ^libexif-dev(?::\w+|)\s+(.*)$ ^libexif12(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^intel-microcode(?::\w+|)\s+(.*)$ ^intel-microcode(?::\w+|)\s+(.*)$ ^python-moinmoin(?::\w+|)\s+(.*)$ ^libraptor2-doc(?::\w+|)\s+(.*)$ ^raptor2-utils(?::\w+|)\s+(.*)$ ^libraptor2-dev(?::\w+|)\s+(.*)$ ^libraptor2-0(?::\w+|)\s+(.*)$ ^slirp(?::\w+|)\s+(.*)$ ^postgresql-doc-9.5(?::\w+|)\s+(.*)$ ^postgresql-plperl-9.5(?::\w+|)\s+(.*)$ ^postgresql-server-dev-9.5(?::\w+|)\s+(.*)$ ^postgresql-9.5(?::\w+|)\s+(.*)$ ^postgresql-plpython-9.5(?::\w+|)\s+(.*)$ ^libecpg6(?::\w+|)\s+(.*)$ ^postgresql-client-9.5(?::\w+|)\s+(.*)$ ^libpq-dev(?::\w+|)\s+(.*)$ ^postgresql-contrib-9.5(?::\w+|)\s+(.*)$ ^libpgtypes3(?::\w+|)\s+(.*)$ ^libecpg-dev(?::\w+|)\s+(.*)$ ^postgresql-pltcl-9.5(?::\w+|)\s+(.*)$ ^libpq5(?::\w+|)\s+(.*)$ ^postgresql-plpython3-9.5(?::\w+|)\s+(.*)$ ^libecpg-compat3(?::\w+|)\s+(.*)$ ^ldap-utils(?::\w+|)\s+(.*)$ ^libldap2-dev(?::\w+|)\s+(.*)$ ^libldap-2.4-2(?::\w+|)\s+(.*)$ ^slapd-smbk5pwd(?::\w+|)\s+(.*)$ ^slapd(?::\w+|)\s+(.*)$ ^libkadm5srv-mit9(?::\w+|)\s+(.*)$ ^libk5crypto3(?::\w+|)\s+(.*)$ ^krb5-user(?::\w+|)\s+(.*)$ ^libgssrpc4(?::\w+|)\s+(.*)$ ^libkrb5support0(?::\w+|)\s+(.*)$ ^krb5-doc(?::\w+|)\s+(.*)$ ^libkrb5-dev(?::\w+|)\s+(.*)$ ^krb5-pkinit(?::\w+|)\s+(.*)$ ^libkrb5-3(?::\w+|)\s+(.*)$ ^krb5-kdc-ldap(?::\w+|)\s+(.*)$ ^krb5-otp(?::\w+|)\s+(.*)$ ^libkadm5clnt-mit9(?::\w+|)\s+(.*)$ ^krb5-gss-samples(?::\w+|)\s+(.*)$ ^krb5-multidev(?::\w+|)\s+(.*)$ ^krb5-locales(?::\w+|)\s+(.*)$ ^libgssapi-krb5-2(?::\w+|)\s+(.*)$ ^krb5-kdc(?::\w+|)\s+(.*)$ ^libkrad-dev(?::\w+|)\s+(.*)$ ^libkdb5-8(?::\w+|)\s+(.*)$ ^krb5-k5tls(?::\w+|)\s+(.*)$ ^libkrad0(?::\w+|)\s+(.*)$ ^krb5-admin-server(?::\w+|)\s+(.*)$ ^libvncserver-config(?::\w+|)\s+(.*)$ ^libvncserver-dev(?::\w+|)\s+(.*)$ ^libvncserver1(?::\w+|)\s+(.*)$ ^libvncclient1(?::\w+|)\s+(.*)$ ^vino(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^libpulse0(?::\w+|)\s+(.*)$ ^pulseaudio-module-zeroconf(?::\w+|)\s+(.*)$ ^pulseaudio-module-bluetooth(?::\w+|)\s+(.*)$ ^libpulse-dev(?::\w+|)\s+(.*)$ ^pulseaudio-utils(?::\w+|)\s+(.*)$ ^pulseaudio-module-raop(?::\w+|)\s+(.*)$ ^pulseaudio-module-trust-store(?::\w+|)\s+(.*)$ ^pulseaudio(?::\w+|)\s+(.*)$ ^libpulsedsp(?::\w+|)\s+(.*)$ ^pulseaudio-module-x11(?::\w+|)\s+(.*)$ ^pulseaudio-esound-compat(?::\w+|)\s+(.*)$ ^libpulse-mainloop-glib0(?::\w+|)\s+(.*)$ ^pulseaudio-module-gconf(?::\w+|)\s+(.*)$ ^pulseaudio-module-droid(?::\w+|)\s+(.*)$ ^pulseaudio-module-lirc(?::\w+|)\s+(.*)$ ^pulseaudio-module-jack(?::\w+|)\s+(.*)$ ^libextractor-dev(?::\w+|)\s+(.*)$ ^extract(?::\w+|)\s+(.*)$ ^libextractor3(?::\w+|)\s+(.*)$ ^pdfresurrect(?::\w+|)\s+(.*)$ ^atftp(?::\w+|)\s+(.*)$ ^atftpd(?::\w+|)\s+(.*)$ ^libigraph0v5(?::\w+|)\s+(.*)$ ^libigraph0-dev(?::\w+|)\s+(.*)$ ^mutt-patched(?::\w+|)\s+(.*)$ ^mutt(?::\w+|)\s+(.*)$ ^libpoppler58(?::\w+|)\s+(.*)$ ^poppler-utils(?::\w+|)\s+(.*)$ ^libpoppler-qt5-1(?::\w+|)\s+(.*)$ ^libpoppler-cpp-dev(?::\w+|)\s+(.*)$ ^libpoppler-cpp0(?::\w+|)\s+(.*)$ ^gir1.2-poppler-0.18(?::\w+|)\s+(.*)$ ^libpoppler-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib8(?::\w+|)\s+(.*)$ ^libpoppler-private-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt4-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt4-4(?::\w+|)\s+(.*)$ ^libpoppler-qt5-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-doc(?::\w+|)\s+(.*)$ ^libpoppler58(?::\w+|)\s+(.*)$ ^poppler-utils(?::\w+|)\s+(.*)$ ^libpoppler-qt5-1(?::\w+|)\s+(.*)$ ^libpoppler-cpp-dev(?::\w+|)\s+(.*)$ ^libpoppler-cpp0(?::\w+|)\s+(.*)$ ^gir1.2-poppler-0.18(?::\w+|)\s+(.*)$ ^libpoppler-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib8(?::\w+|)\s+(.*)$ ^libpoppler-private-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt4-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt4-4(?::\w+|)\s+(.*)$ ^libpoppler-qt5-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-doc(?::\w+|)\s+(.*)$ ^xdg-utils(?::\w+|)\s+(.*)$ ^xdg-utils(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-aarch64(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^sniffit(?::\w+|)\s+(.*)$ ^containerd(?::\w+|)\s+(.*)$ ^golang-github-docker-containerd-dev(?::\w+|)\s+(.*)$ ^containerd(?::\w+|)\s+(.*)$ ^golang-github-docker-containerd-dev(?::\w+|)\s+(.*)$ ^php-pear(?::\w+|)\s+(.*)$ ^python3-werkzeug(?::\w+|)\s+(.*)$ ^python-werkzeug(?::\w+|)\s+(.*)$ ^python-werkzeug-doc(?::\w+|)\s+(.*)$ ^xserver-xorg-core(?::\w+|)\s+(.*)$ ^xmir(?::\w+|)\s+(.*)$ ^xwayland(?::\w+|)\s+(.*)$ ^xorg-server-source(?::\w+|)\s+(.*)$ ^xdmx(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy(?::\w+|)\s+(.*)$ ^xserver-xorg-xmir(?::\w+|)\s+(.*)$ ^xvfb(?::\w+|)\s+(.*)$ ^xserver-xorg-dev(?::\w+|)\s+(.*)$ ^xserver-xorg-core-udeb(?::\w+|)\s+(.*)$ ^xnest(?::\w+|)\s+(.*)$ ^xserver-xephyr(?::\w+|)\s+(.*)$ ^xserver-common(?::\w+|)\s+(.*)$ ^xdmx-tools(?::\w+|)\s+(.*)$ ^xorg-server-source-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xephyr-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xorg-core-hwe-16.04(?::\w+|)\s+(.*)$ ^xmir-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy-hwe-16.04(?::\w+|)\s+(.*)$ ^xwayland-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xorg-dev-hwe-16.04(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^snapcraft-parser(?::\w+|)\s+(.*)$ ^snapcraft(?::\w+|)\s+(.*)$ ^snapcraft-examples(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libcrypto1.0.0-udeb(?::\w+|)\s+(.*)$ ^libssl1.0.0-udeb(?::\w+|)\s+(.*)$ ^python3-aptdaemon.gtk3widgets(?::\w+|)\s+(.*)$ ^aptdaemon-data(?::\w+|)\s+(.*)$ ^python3-aptdaemon.test(?::\w+|)\s+(.*)$ ^python-aptdaemon(?::\w+|)\s+(.*)$ ^aptdaemon(?::\w+|)\s+(.*)$ ^python3-aptdaemon.pkcompat(?::\w+|)\s+(.*)$ ^python-aptdaemon.gtk3widgets(?::\w+|)\s+(.*)$ ^python3-aptdaemon(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl3(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^python3-lxml(?::\w+|)\s+(.*)$ ^python-lxml(?::\w+|)\s+(.*)$ ^python-lxml-doc(?::\w+|)\s+(.*)$ ^python3-lxml(?::\w+|)\s+(.*)$ ^python-lxml(?::\w+|)\s+(.*)$ ^python-lxml-doc(?::\w+|)\s+(.*)$ ^apt-doc(?::\w+|)\s+(.*)$ ^apt-transport-https(?::\w+|)\s+(.*)$ ^libapt-pkg5.0(?::\w+|)\s+(.*)$ ^libapt-pkg-doc(?::\w+|)\s+(.*)$ ^apt(?::\w+|)\s+(.*)$ ^apt-utils(?::\w+|)\s+(.*)$ ^libapt-inst2.0(?::\w+|)\s+(.*)$ ^libapt-pkg-dev(?::\w+|)\s+(.*)$ ^python3-apt(?::\w+|)\s+(.*)$ ^python-apt(?::\w+|)\s+(.*)$ ^python-apt-common(?::\w+|)\s+(.*)$ ^python-apt-dev(?::\w+|)\s+(.*)$ ^python-apt-doc(?::\w+|)\s+(.*)$ ^python3-apt(?::\w+|)\s+(.*)$ ^python-apt(?::\w+|)\s+(.*)$ ^python-apt-common(?::\w+|)\s+(.*)$ ^python-apt-dev(?::\w+|)\s+(.*)$ ^python-apt-doc(?::\w+|)\s+(.*)$ ^squirrelmail(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-5v5(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-2(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2-extra(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^unzip(?::\w+|)\s+(.*)$ ^libproxy-cil-dev(?::\w+|)\s+(.*)$ ^python-libproxy(?::\w+|)\s+(.*)$ ^libproxy1v5(?::\w+|)\s+(.*)$ ^libproxy0.4-cil(?::\w+|)\s+(.*)$ ^libproxy1-plugin-gsettings(?::\w+|)\s+(.*)$ ^libproxy-dev(?::\w+|)\s+(.*)$ ^libproxy1-plugin-webkit(?::\w+|)\s+(.*)$ ^libproxy1-plugin-kconfig(?::\w+|)\s+(.*)$ ^libproxy1-plugin-networkmanager(?::\w+|)\s+(.*)$ ^libproxy-tools(?::\w+|)\s+(.*)$ ^dovecot-pgsql(?::\w+|)\s+(.*)$ ^dovecot-mysql(?::\w+|)\s+(.*)$ ^dovecot-sieve(?::\w+|)\s+(.*)$ ^dovecot-core(?::\w+|)\s+(.*)$ ^dovecot-ldap(?::\w+|)\s+(.*)$ ^dovecot-sqlite(?::\w+|)\s+(.*)$ ^dovecot-dev(?::\w+|)\s+(.*)$ ^dovecot-pop3d(?::\w+|)\s+(.*)$ ^dovecot-imapd(?::\w+|)\s+(.*)$ ^dovecot-managesieved(?::\w+|)\s+(.*)$ ^dovecot-lucene(?::\w+|)\s+(.*)$ ^mail-stack-delivery(?::\w+|)\s+(.*)$ ^dovecot-gssapi(?::\w+|)\s+(.*)$ ^dovecot-solr(?::\w+|)\s+(.*)$ ^dovecot-lmtpd(?::\w+|)\s+(.*)$ ^openstack-dashboard(?::\w+|)\s+(.*)$ ^python-django-horizon(?::\w+|)\s+(.*)$ ^openstack-dashboard-ubuntu-theme(?::\w+|)\s+(.*)$ ^libopenexr-dev(?::\w+|)\s+(.*)$ ^openexr(?::\w+|)\s+(.*)$ ^libopenexr22(?::\w+|)\s+(.*)$ ^openexr-doc(?::\w+|)\s+(.*)$ ^libp11-kit0(?::\w+|)\s+(.*)$ ^libp11-kit-dev(?::\w+|)\s+(.*)$ ^p11-kit-modules(?::\w+|)\s+(.*)$ ^p11-kit(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^qemu-efi(?::\w+|)\s+(.*)$ ^ovmf(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^libjasper-runtime(?::\w+|)\s+(.*)$ ^libjasper-dev(?::\w+|)\s+(.*)$ ^libjasper1(?::\w+|)\s+(.*)$ ^coturn(?::\w+|)\s+(.*)$ ^openvswitch-switch(?::\w+|)\s+(.*)$ ^openvswitch-pki(?::\w+|)\s+(.*)$ ^ovn-docker(?::\w+|)\s+(.*)$ ^openvswitch-common(?::\w+|)\s+(.*)$ ^openvswitch-testcontroller(?::\w+|)\s+(.*)$ ^openvswitch-vtep(?::\w+|)\s+(.*)$ ^python-openvswitch(?::\w+|)\s+(.*)$ ^openvswitch-ipsec(?::\w+|)\s+(.*)$ ^ovn-host(?::\w+|)\s+(.*)$ ^ovn-common(?::\w+|)\s+(.*)$ ^ovn-central(?::\w+|)\s+(.*)$ ^openvswitch-switch-dpdk(?::\w+|)\s+(.*)$ ^openvswitch-test(?::\w+|)\s+(.*)$ ^tar-scripts(?::\w+|)\s+(.*)$ ^tar(?::\w+|)\s+(.*)$ ^ampache-common(?::\w+|)\s+(.*)$ ^ampache(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^icoutils(?::\w+|)\s+(.*)$ ^htmldoc(?::\w+|)\s+(.*)$ ^htmldoc-common(?::\w+|)\s+(.*)$ ^python3-pil.imagetk(?::\w+|)\s+(.*)$ ^python-pil-doc(?::\w+|)\s+(.*)$ ^python3-pil(?::\w+|)\s+(.*)$ ^python-pil.imagetk(?::\w+|)\s+(.*)$ ^python-imaging(?::\w+|)\s+(.*)$ ^python-pil(?::\w+|)\s+(.*)$ ^dnsmasq(?::\w+|)\s+(.*)$ ^dnsmasq-utils(?::\w+|)\s+(.*)$ ^dnsmasq-base(?::\w+|)\s+(.*)$ ^dnsmasq(?::\w+|)\s+(.*)$ ^dnsmasq-utils(?::\w+|)\s+(.*)$ ^dnsmasq-base(?::\w+|)\s+(.*)$ ^liblog4net1.2-cil(?::\w+|)\s+(.*)$ ^liblog4net-cil-dev(?::\w+|)\s+(.*)$ ^python3-xdg(?::\w+|)\s+(.*)$ ^python-xdg(?::\w+|)\s+(.*)$ ^pound(?::\w+|)\s+(.*)$ ^mutt-patched(?::\w+|)\s+(.*)$ ^mutt(?::\w+|)\s+(.*)$ ^libsndfile1(?::\w+|)\s+(.*)$ ^libsndfile1-dev(?::\w+|)\s+(.*)$ ^sndfile-programs(?::\w+|)\s+(.*)$ ^sudo-ldap(?::\w+|)\s+(.*)$ ^sudo(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-common(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^fastd(?::\w+|)\s+(.*)$ ^ca-certificates-udeb(?::\w+|)\s+(.*)$ ^ca-certificates(?::\w+|)\s+(.*)$ ^python-apport(?::\w+|)\s+(.*)$ ^python3-problem-report(?::\w+|)\s+(.*)$ ^apport-kde(?::\w+|)\s+(.*)$ ^apport-retrace(?::\w+|)\s+(.*)$ ^apport-valgrind(?::\w+|)\s+(.*)$ ^python3-apport(?::\w+|)\s+(.*)$ ^dh-apport(?::\w+|)\s+(.*)$ ^apport-gtk(?::\w+|)\s+(.*)$ ^apport(?::\w+|)\s+(.*)$ ^python-problem-report(?::\w+|)\s+(.*)$ ^apport-noui(?::\w+|)\s+(.*)$ ^minidlna(?::\w+|)\s+(.*)$ ^php-pear(?::\w+|)\s+(.*)$ ^ldap-utils(?::\w+|)\s+(.*)$ ^libldap2-dev(?::\w+|)\s+(.*)$ ^libldap-2.4-2(?::\w+|)\s+(.*)$ ^slapd-smbk5pwd(?::\w+|)\s+(.*)$ ^slapd(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-aarch64(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^openjdk-8-jre-jamvm(?::\w+|)\s+(.*)$ ^ubuntu-core-snapd-units(?::\w+|)\s+(.*)$ ^ubuntu-core-launcher(?::\w+|)\s+(.*)$ ^snap-confine(?::\w+|)\s+(.*)$ ^ubuntu-snappy-cli(?::\w+|)\s+(.*)$ ^golang-github-snapcore-snapd-dev(?::\w+|)\s+(.*)$ ^snapd-xdg-open(?::\w+|)\s+(.*)$ ^snapd(?::\w+|)\s+(.*)$ ^golang-github-ubuntu-core-snappy-dev(?::\w+|)\s+(.*)$ ^ubuntu-snappy(?::\w+|)\s+(.*)$ ^openvswitch-switch(?::\w+|)\s+(.*)$ ^openvswitch-pki(?::\w+|)\s+(.*)$ ^ovn-docker(?::\w+|)\s+(.*)$ ^openvswitch-common(?::\w+|)\s+(.*)$ ^openvswitch-testcontroller(?::\w+|)\s+(.*)$ ^openvswitch-vtep(?::\w+|)\s+(.*)$ ^python-openvswitch(?::\w+|)\s+(.*)$ ^openvswitch-ipsec(?::\w+|)\s+(.*)$ ^ovn-host(?::\w+|)\s+(.*)$ ^ovn-common(?::\w+|)\s+(.*)$ ^ovn-central(?::\w+|)\s+(.*)$ ^openvswitch-switch-dpdk(?::\w+|)\s+(.*)$ ^openvswitch-test(?::\w+|)\s+(.*)$ ^junit4(?::\w+|)\s+(.*)$ ^junit4-doc(?::\w+|)\s+(.*)$ ^hostapd(?::\w+|)\s+(.*)$ ^wpagui(?::\w+|)\s+(.*)$ ^wpasupplicant(?::\w+|)\s+(.*)$ ^wpasupplicant-udeb(?::\w+|)\s+(.*)$ ^libisccfg-export140-udeb(?::\w+|)\s+(.*)$ ^libisc160(?::\w+|)\s+(.*)$ ^libisccc-export140-udeb(?::\w+|)\s+(.*)$ ^libdns162(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^libisc-export160-udeb(?::\w+|)\s+(.*)$ ^liblwres141(?::\w+|)\s+(.*)$ ^libisccc-export140(?::\w+|)\s+(.*)$ ^libisccfg-export140(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^libisc-export160(?::\w+|)\s+(.*)$ ^libdns-export162-udeb(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libisccc140(?::\w+|)\s+(.*)$ ^host(?::\w+|)\s+(.*)$ ^libisccfg140(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^libdns-export162(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^libirs-export141-udeb(?::\w+|)\s+(.*)$ ^libbind9-140(?::\w+|)\s+(.*)$ ^libirs141(?::\w+|)\s+(.*)$ ^libirs-export141(?::\w+|)\s+(.*)$ ^lwresd(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libcrypto1.0.0-udeb(?::\w+|)\s+(.*)$ ^libssl1.0.0-udeb(?::\w+|)\s+(.*)$ ^libjackson-json-java(?::\w+|)\s+(.*)$ ^libjackson-json-java-doc(?::\w+|)\s+(.*)$ ^ldap-utils(?::\w+|)\s+(.*)$ ^libldap2-dev(?::\w+|)\s+(.*)$ ^libldap-2.4-2(?::\w+|)\s+(.*)$ ^slapd-smbk5pwd(?::\w+|)\s+(.*)$ ^slapd(?::\w+|)\s+(.*)$ ^xterm(?::\w+|)\s+(.*)$ ^screen(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^libpython3.5-stdlib(?::\w+|)\s+(.*)$ ^python3.5-venv(?::\w+|)\s+(.*)$ ^python3.5-doc(?::\w+|)\s+(.*)$ ^python3.5-dev(?::\w+|)\s+(.*)$ ^libpython3.5-dev(?::\w+|)\s+(.*)$ ^libpython3.5-minimal(?::\w+|)\s+(.*)$ ^python3.5(?::\w+|)\s+(.*)$ ^idle-python3.5(?::\w+|)\s+(.*)$ ^libpython3.5-testsuite(?::\w+|)\s+(.*)$ ^python3.5-examples(?::\w+|)\s+(.*)$ ^python3.5-minimal(?::\w+|)\s+(.*)$ ^libpython3.5(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^libtiff-opengl(?::\w+|)\s+(.*)$ ^libtiffxx5(?::\w+|)\s+(.*)$ ^libtiff5-dev(?::\w+|)\s+(.*)$ ^libtiff5(?::\w+|)\s+(.*)$ ^libtiff-tools(?::\w+|)\s+(.*)$ ^libtiff-doc(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^hostapd(?::\w+|)\s+(.*)$ ^wpagui(?::\w+|)\s+(.*)$ ^wpasupplicant(?::\w+|)\s+(.*)$ ^wpasupplicant-udeb(?::\w+|)\s+(.*)$ ^golang-1.10-go(?::\w+|)\s+(.*)$ ^golang-1.10-src(?::\w+|)\s+(.*)$ ^golang-1.10(?::\w+|)\s+(.*)$ ^golang-1.10-doc(?::\w+|)\s+(.*)$ ^libglib2.0-0(?::\w+|)\s+(.*)$ ^libglib2.0-0-refdbg(?::\w+|)\s+(.*)$ ^libglib2.0-data(?::\w+|)\s+(.*)$ ^libglib2.0-udeb(?::\w+|)\s+(.*)$ ^libglib2.0-tests(?::\w+|)\s+(.*)$ ^libglib2.0-doc(?::\w+|)\s+(.*)$ ^libglib2.0-bin(?::\w+|)\s+(.*)$ ^libglib2.0-dev(?::\w+|)\s+(.*)$ ^git(?::\w+|)\s+(.*)$ ^gitweb(?::\w+|)\s+(.*)$ ^git-gui(?::\w+|)\s+(.*)$ ^git-daemon-sysvinit(?::\w+|)\s+(.*)$ ^git-arch(?::\w+|)\s+(.*)$ ^git-el(?::\w+|)\s+(.*)$ ^gitk(?::\w+|)\s+(.*)$ ^git-all(?::\w+|)\s+(.*)$ ^git-mediawiki(?::\w+|)\s+(.*)$ ^git-daemon-run(?::\w+|)\s+(.*)$ ^git-man(?::\w+|)\s+(.*)$ ^git-doc(?::\w+|)\s+(.*)$ ^git-svn(?::\w+|)\s+(.*)$ ^git-cvs(?::\w+|)\s+(.*)$ ^git-core(?::\w+|)\s+(.*)$ ^git-email(?::\w+|)\s+(.*)$ ^python3-pil.imagetk(?::\w+|)\s+(.*)$ ^python-pil-doc(?::\w+|)\s+(.*)$ ^python3-pil(?::\w+|)\s+(.*)$ ^python-pil.imagetk(?::\w+|)\s+(.*)$ ^python-imaging(?::\w+|)\s+(.*)$ ^python-pil(?::\w+|)\s+(.*)$ ^libglib2.0-0(?::\w+|)\s+(.*)$ ^libglib2.0-0-refdbg(?::\w+|)\s+(.*)$ ^libglib2.0-data(?::\w+|)\s+(.*)$ ^libglib2.0-udeb(?::\w+|)\s+(.*)$ ^libglib2.0-tests(?::\w+|)\s+(.*)$ ^libglib2.0-doc(?::\w+|)\s+(.*)$ ^libglib2.0-bin(?::\w+|)\s+(.*)$ ^libglib2.0-dev(?::\w+|)\s+(.*)$ ^libtsk13(?::\w+|)\s+(.*)$ ^sleuthkit(?::\w+|)\s+(.*)$ ^libtsk-dev(?::\w+|)\s+(.*)$ ^libcommons-beanutils-java(?::\w+|)\s+(.*)$ ^libcommons-beanutils-java-doc(?::\w+|)\s+(.*)$ ^zabbix-java-gateway(?::\w+|)\s+(.*)$ ^zabbix-frontend-php(?::\w+|)\s+(.*)$ ^zabbix-proxy-mysql(?::\w+|)\s+(.*)$ ^zabbix-server-pgsql(?::\w+|)\s+(.*)$ ^zabbix-server-mysql(?::\w+|)\s+(.*)$ ^zabbix-proxy-pgsql(?::\w+|)\s+(.*)$ ^zabbix-proxy-sqlite3(?::\w+|)\s+(.*)$ ^zabbix-agent(?::\w+|)\s+(.*)$ ^musl-dev(?::\w+|)\s+(.*)$ ^musl-tools(?::\w+|)\s+(.*)$ ^musl(?::\w+|)\s+(.*)$ ^salt-doc(?::\w+|)\s+(.*)$ ^salt-minion(?::\w+|)\s+(.*)$ ^salt-proxy(?::\w+|)\s+(.*)$ ^salt-api(?::\w+|)\s+(.*)$ ^salt-syndic(?::\w+|)\s+(.*)$ ^salt-ssh(?::\w+|)\s+(.*)$ ^salt-common(?::\w+|)\s+(.*)$ ^salt-master(?::\w+|)\s+(.*)$ ^salt-cloud(?::\w+|)\s+(.*)$ ^glusterfs-client(?::\w+|)\s+(.*)$ ^glusterfs-server(?::\w+|)\s+(.*)$ ^glusterfs-common(?::\w+|)\s+(.*)$ ^condor-doc(?::\w+|)\s+(.*)$ ^libclassad7(?::\w+|)\s+(.*)$ ^htcondor-dev(?::\w+|)\s+(.*)$ ^condor-dev(?::\w+|)\s+(.*)$ ^condor(?::\w+|)\s+(.*)$ ^htcondor-doc(?::\w+|)\s+(.*)$ ^htcondor(?::\w+|)\s+(.*)$ ^libclassad-dev(?::\w+|)\s+(.*)$ ^xvnc4viewer(?::\w+|)\s+(.*)$ ^vnc4server(?::\w+|)\s+(.*)$ ^drupal7(?::\w+|)\s+(.*)$ ^libspring-aop-java(?::\w+|)\s+(.*)$ ^libspring-web-portlet-java(?::\w+|)\s+(.*)$ ^libspring-core-java(?::\w+|)\s+(.*)$ ^libspring-oxm-java(?::\w+|)\s+(.*)$ ^libspring-beans-java(?::\w+|)\s+(.*)$ ^libspring-jms-java(?::\w+|)\s+(.*)$ ^libspring-expression-java(?::\w+|)\s+(.*)$ ^libspring-transaction-java(?::\w+|)\s+(.*)$ ^libspring-orm-java(?::\w+|)\s+(.*)$ ^libspring-context-java(?::\w+|)\s+(.*)$ ^libspring-web-servlet-java(?::\w+|)\s+(.*)$ ^libspring-instrument-java(?::\w+|)\s+(.*)$ ^libspring-context-support-java(?::\w+|)\s+(.*)$ ^libspring-jdbc-java(?::\w+|)\s+(.*)$ ^libspring-web-java(?::\w+|)\s+(.*)$ ^lighttpd-mod-mysql-vhost(?::\w+|)\s+(.*)$ ^lighttpd-doc(?::\w+|)\s+(.*)$ ^lighttpd-mod-magnet(?::\w+|)\s+(.*)$ ^lighttpd-dev(?::\w+|)\s+(.*)$ ^lighttpd(?::\w+|)\s+(.*)$ ^lighttpd-mod-cml(?::\w+|)\s+(.*)$ ^lighttpd-mod-webdav(?::\w+|)\s+(.*)$ ^lighttpd-mod-trigger-b4-dl(?::\w+|)\s+(.*)$ ^libjs-semver(?::\w+|)\s+(.*)$ ^node-semver(?::\w+|)\s+(.*)$ ^node-tar(?::\w+|)\s+(.*)$ ^ocaml-mode(?::\w+|)\s+(.*)$ ^ocaml-base-nox(?::\w+|)\s+(.*)$ ^ocaml-nox(?::\w+|)\s+(.*)$ ^ocaml(?::\w+|)\s+(.*)$ ^ocaml-source(?::\w+|)\s+(.*)$ ^ocaml-native-compilers(?::\w+|)\s+(.*)$ ^ocaml-compiler-libs(?::\w+|)\s+(.*)$ ^ocaml-interp(?::\w+|)\s+(.*)$ ^ocaml-base(?::\w+|)\s+(.*)$ ^php-gettext(?::\w+|)\s+(.*)$ ^libmp3lame0(?::\w+|)\s+(.*)$ ^libmp3lame-dev(?::\w+|)\s+(.*)$ ^lame-doc(?::\w+|)\s+(.*)$ ^lame(?::\w+|)\s+(.*)$ ^libpmi0-dev(?::\w+|)\s+(.*)$ ^slurmctld(?::\w+|)\s+(.*)$ ^slurm-wlm-basic-plugins-dev(?::\w+|)\s+(.*)$ ^libslurmdb-perl(?::\w+|)\s+(.*)$ ^libpam-slurm(?::\w+|)\s+(.*)$ ^libpmi0(?::\w+|)\s+(.*)$ ^slurm-wlm(?::\w+|)\s+(.*)$ ^libslurm-dev(?::\w+|)\s+(.*)$ ^slurm-client(?::\w+|)\s+(.*)$ ^libslurm29(?::\w+|)\s+(.*)$ ^slurmd(?::\w+|)\s+(.*)$ ^slurm-wlm-torque(?::\w+|)\s+(.*)$ ^slurm-client-emulator(?::\w+|)\s+(.*)$ ^slurm-wlm-emulator(?::\w+|)\s+(.*)$ ^libslurmdb29(?::\w+|)\s+(.*)$ ^slurm-wlm-doc(?::\w+|)\s+(.*)$ ^slurm-llnl(?::\w+|)\s+(.*)$ ^slurm-llnl-slurmdbd(?::\w+|)\s+(.*)$ ^libslurm-perl(?::\w+|)\s+(.*)$ ^libslurmdb-dev(?::\w+|)\s+(.*)$ ^sview(?::\w+|)\s+(.*)$ ^slurm-wlm-basic-plugins(?::\w+|)\s+(.*)$ ^slurmdbd(?::\w+|)\s+(.*)$ ^libpmi0-dev(?::\w+|)\s+(.*)$ ^slurmctld(?::\w+|)\s+(.*)$ ^slurm-wlm-basic-plugins-dev(?::\w+|)\s+(.*)$ ^libslurm-perl(?::\w+|)\s+(.*)$ ^libslurm29(?::\w+|)\s+(.*)$ ^libpmi0(?::\w+|)\s+(.*)$ ^slurm-wlm(?::\w+|)\s+(.*)$ ^libslurm-dev(?::\w+|)\s+(.*)$ ^slurm-client(?::\w+|)\s+(.*)$ ^libpam-slurm(?::\w+|)\s+(.*)$ ^slurmd(?::\w+|)\s+(.*)$ ^slurm-wlm-torque(?::\w+|)\s+(.*)$ ^slurm-client-emulator(?::\w+|)\s+(.*)$ ^slurm-wlm-emulator(?::\w+|)\s+(.*)$ ^libslurmdb29(?::\w+|)\s+(.*)$ ^slurm-wlm-doc(?::\w+|)\s+(.*)$ ^slurm-llnl(?::\w+|)\s+(.*)$ ^slurmdbd(?::\w+|)\s+(.*)$ ^slurm-llnl-slurmdbd(?::\w+|)\s+(.*)$ ^libslurmdb-perl(?::\w+|)\s+(.*)$ ^libslurmdb-dev(?::\w+|)\s+(.*)$ ^sview(?::\w+|)\s+(.*)$ ^slurm-wlm-basic-plugins(?::\w+|)\s+(.*)$ ^libopenjp2-tools(?::\w+|)\s+(.*)$ ^libopenjpip-server(?::\w+|)\s+(.*)$ ^libopenjpip-viewer(?::\w+|)\s+(.*)$ ^libopenjp3d-tools(?::\w+|)\s+(.*)$ ^libopenjpip7(?::\w+|)\s+(.*)$ ^libopenjp2-7(?::\w+|)\s+(.*)$ ^libopenjp2-7-dev(?::\w+|)\s+(.*)$ ^libopenjp3d7(?::\w+|)\s+(.*)$ ^libopenjpip-dec-server(?::\w+|)\s+(.*)$ ^node-minimatch(?::\w+|)\s+(.*)$ ^libxerces-c-dev(?::\w+|)\s+(.*)$ ^libxerces-c3.1(?::\w+|)\s+(.*)$ ^libxerces-c-samples(?::\w+|)\s+(.*)$ ^libxerces-c-doc(?::\w+|)\s+(.*)$ ^npm(?::\w+|)\s+(.*)$ ^node-moment(?::\w+|)\s+(.*)$ ^libjs-moment(?::\w+|)\s+(.*)$ ^jq(?::\w+|)\s+(.*)$ ^iperf3(?::\w+|)\s+(.*)$ ^libiperf0(?::\w+|)\s+(.*)$ ^libiperf-dev(?::\w+|)\s+(.*)$ ^libzookeeper-java(?::\w+|)\s+(.*)$ ^libzookeeper-java-doc(?::\w+|)\s+(.*)$ ^libzookeeper2(?::\w+|)\s+(.*)$ ^zookeeper(?::\w+|)\s+(.*)$ ^zookeeperd(?::\w+|)\s+(.*)$ ^libzookeeper-st-dev(?::\w+|)\s+(.*)$ ^zookeeper-bin(?::\w+|)\s+(.*)$ ^libzookeeper-mt-dev(?::\w+|)\s+(.*)$ ^libzookeeper-mt2(?::\w+|)\s+(.*)$ ^libzookeeper-st2(?::\w+|)\s+(.*)$ ^python-zookeeper(?::\w+|)\s+(.*)$ ^libtorrent-rasterbar8(?::\w+|)\s+(.*)$ ^python3-libtorrent(?::\w+|)\s+(.*)$ ^libtorrent-rasterbar-doc(?::\w+|)\s+(.*)$ ^libtorrent-rasterbar-dev(?::\w+|)\s+(.*)$ ^python-libtorrent(?::\w+|)\s+(.*)$ ^tomcat7-common(?::\w+|)\s+(.*)$ ^libservlet3.0-java(?::\w+|)\s+(.*)$ ^tomcat7-docs(?::\w+|)\s+(.*)$ ^libservlet3.0-java-doc(?::\w+|)\s+(.*)$ ^tomcat7(?::\w+|)\s+(.*)$ ^libtomcat7-java(?::\w+|)\s+(.*)$ ^tomcat7-user(?::\w+|)\s+(.*)$ ^tomcat7-admin(?::\w+|)\s+(.*)$ ^tomcat7-examples(?::\w+|)\s+(.*)$ ^freeipa-tests(?::\w+|)\s+(.*)$ ^freeipa-admintools(?::\w+|)\s+(.*)$ ^freeipa-server-trust-ad(?::\w+|)\s+(.*)$ ^python-ipaclient(?::\w+|)\s+(.*)$ ^freeipa-common(?::\w+|)\s+(.*)$ ^freeipa-client(?::\w+|)\s+(.*)$ ^python-ipalib(?::\w+|)\s+(.*)$ ^freeipa-server(?::\w+|)\s+(.*)$ ^python-ipaserver(?::\w+|)\s+(.*)$ ^freeipa-server-dns(?::\w+|)\s+(.*)$ ^python-ipatests(?::\w+|)\s+(.*)$ ^libcollectdclient1(?::\w+|)\s+(.*)$ ^collectd(?::\w+|)\s+(.*)$ ^collectd-core(?::\w+|)\s+(.*)$ ^collectd-dev(?::\w+|)\s+(.*)$ ^collectd-utils(?::\w+|)\s+(.*)$ ^libcollectdclient-dev(?::\w+|)\s+(.*)$ ^libupnp6(?::\w+|)\s+(.*)$ ^libupnp6-dev(?::\w+|)\s+(.*)$ ^libupnp-dev(?::\w+|)\s+(.*)$ ^libupnp6-doc(?::\w+|)\s+(.*)$ ^groovy2-doc(?::\w+|)\s+(.*)$ ^groovy2(?::\w+|)\s+(.*)$ ^nodejs-dev(?::\w+|)\s+(.*)$ ^nodejs-legacy(?::\w+|)\s+(.*)$ ^nodejs(?::\w+|)\s+(.*)$ ^libass-dev(?::\w+|)\s+(.*)$ ^libass5(?::\w+|)\s+(.*)$ ^libgit2-24(?::\w+|)\s+(.*)$ ^libgit2-dev(?::\w+|)\s+(.*)$ ^r-base-html(?::\w+|)\s+(.*)$ ^r-base-core(?::\w+|)\s+(.*)$ ^r-doc-pdf(?::\w+|)\s+(.*)$ ^r-base(?::\w+|)\s+(.*)$ ^r-recommended(?::\w+|)\s+(.*)$ ^r-doc-html(?::\w+|)\s+(.*)$ ^r-doc-info(?::\w+|)\s+(.*)$ ^r-mathlib(?::\w+|)\s+(.*)$ ^r-base-dev(?::\w+|)\s+(.*)$ ^lynx-cur(?::\w+|)\s+(.*)$ ^lynx-common(?::\w+|)\s+(.*)$ ^lynx(?::\w+|)\s+(.*)$ ^libroot-misc-table-dev(?::\w+|)\s+(.*)$ ^libroot-misc-minicern-dev(?::\w+|)\s+(.*)$ ^libroot-graf2d-postscript5.34(?::\w+|)\s+(.*)$ ^root-plugin-sql-odbc(?::\w+|)\s+(.*)$ ^libroot-net-auth5.34(?::\w+|)\s+(.*)$ ^libroot-misc-memstat5.34(?::\w+|)\s+(.*)$ ^root-plugin-math-minuit2(?::\w+|)\s+(.*)$ ^libroot-core-dev(?::\w+|)\s+(.*)$ ^libroot-math-foam5.34(?::\w+|)\s+(.*)$ ^libroot-tree-treeplayer-dev(?::\w+|)\s+(.*)$ ^libroot-net5.34(?::\w+|)\s+(.*)$ ^libroot-core5.34(?::\w+|)\s+(.*)$ ^root-plugin-graf2d-asimage(?::\w+|)\s+(.*)$ ^root-plugin-hist-spectrumpainter(?::\w+|)\s+(.*)$ ^libroot-misc-memstat-dev(?::\w+|)\s+(.*)$ ^libroot-net-auth-dev(?::\w+|)\s+(.*)$ ^libroot-montecarlo-eg-dev(?::\w+|)\s+(.*)$ ^root-system-proofd(?::\w+|)\s+(.*)$ ^libroot-hist-spectrum-dev(?::\w+|)\s+(.*)$ ^libroot-hist-spectrum5.34(?::\w+|)\s+(.*)$ ^libroot-math-mathcore-dev(?::\w+|)\s+(.*)$ ^libroot-tree-dev(?::\w+|)\s+(.*)$ ^root-plugin-montecarlo-pythia8(?::\w+|)\s+(.*)$ ^libroot-math-mathmore-dev(?::\w+|)\s+(.*)$ ^root-plugin-gui-qt(?::\w+|)\s+(.*)$ ^libroot-math-mlp5.34(?::\w+|)\s+(.*)$ ^libroot-graf3d-gl-dev(?::\w+|)\s+(.*)$ ^libroot-net-ldap5.34(?::\w+|)\s+(.*)$ ^root-plugin-gui-fitpanel(?::\w+|)\s+(.*)$ ^libroot-math-mathcore5.34(?::\w+|)\s+(.*)$ ^libroot-net-bonjour-dev(?::\w+|)\s+(.*)$ ^libroot-tree-treeplayer5.34(?::\w+|)\s+(.*)$ ^libroot-html-dev(?::\w+|)\s+(.*)$ ^root-plugin-net-krb5(?::\w+|)\s+(.*)$ ^libroot-montecarlo-eg5.34(?::\w+|)\s+(.*)$ ^libroot-bindings-ruby-dev(?::\w+|)\s+(.*)$ ^libroot-proof-proofplayer5.34(?::\w+|)\s+(.*)$ ^root-plugin-sql-pgsql(?::\w+|)\s+(.*)$ ^libroot-montecarlo-vmc5.34(?::\w+|)\s+(.*)$ ^libroot-geom-dev(?::\w+|)\s+(.*)$ ^libroot-hist-dev(?::\w+|)\s+(.*)$ ^libroot-math-genvector-dev(?::\w+|)\s+(.*)$ ^libroot-math-mathmore5.34(?::\w+|)\s+(.*)$ ^libroot-montecarlo-vmc-dev(?::\w+|)\s+(.*)$ ^libroot-math-foam-dev(?::\w+|)\s+(.*)$ ^libroot-math-physics5.34(?::\w+|)\s+(.*)$ ^libroot-geom5.34(?::\w+|)\s+(.*)$ ^root-plugin-tree-treeviewer(?::\w+|)\s+(.*)$ ^libroot-io-xmlparser5.34(?::\w+|)\s+(.*)$ ^root-plugin-graf3d-x3d(?::\w+|)\s+(.*)$ ^libroot-graf3d-eve5.34(?::\w+|)\s+(.*)$ ^root-plugin-net-globus(?::\w+|)\s+(.*)$ ^libroot-math-minuit5.34(?::\w+|)\s+(.*)$ ^libroot-math-smatrix-dev(?::\w+|)\s+(.*)$ ^libroot-proof-proofplayer-dev(?::\w+|)\s+(.*)$ ^libroot-net-ldap-dev(?::\w+|)\s+(.*)$ ^root-plugin-io-xml(?::\w+|)\s+(.*)$ ^root-plugin-gui-sessionviewer(?::\w+|)\s+(.*)$ ^libroot-graf3d-eve-dev(?::\w+|)\s+(.*)$ ^root-system(?::\w+|)\s+(.*)$ ^libroot-misc-table5.34(?::\w+|)\s+(.*)$ ^root-system-rootd(?::\w+|)\s+(.*)$ ^root-plugin-graf2d-qt(?::\w+|)\s+(.*)$ ^libroot-net-dev(?::\w+|)\s+(.*)$ ^root-plugin-math-fumili(?::\w+|)\s+(.*)$ ^libroot-roofit-dev(?::\w+|)\s+(.*)$ ^libroot-gui5.34(?::\w+|)\s+(.*)$ ^root-plugin-geom-gdml(?::\w+|)\s+(.*)$ ^root-plugin-graf2d-x11(?::\w+|)\s+(.*)$ ^root-system-common(?::\w+|)\s+(.*)$ ^libroot-graf2d-graf-dev(?::\w+|)\s+(.*)$ ^libroot-math-matrix5.34(?::\w+|)\s+(.*)$ ^libroot-gui-dev(?::\w+|)\s+(.*)$ ^libroot-tree5.34(?::\w+|)\s+(.*)$ ^root-plugin-geom-geompainter(?::\w+|)\s+(.*)$ ^libroot-math-mlp-dev(?::\w+|)\s+(.*)$ ^libroot-bindings-python-dev(?::\w+|)\s+(.*)$ ^root-plugin-hist-histpainter(?::\w+|)\s+(.*)$ ^ttf-root-installer(?::\w+|)\s+(.*)$ ^libroot-roofit5.34(?::\w+|)\s+(.*)$ ^libroot-gui-ged5.34(?::\w+|)\s+(.*)$ ^root-system-doc(?::\w+|)\s+(.*)$ ^libroot-graf2d-postscript-dev(?::\w+|)\s+(.*)$ ^libroot-graf3d-g3d5.34(?::\w+|)\s+(.*)$ ^root-plugin-gui-guibuilder(?::\w+|)\s+(.*)$ ^root-plugin-io-sql(?::\w+|)\s+(.*)$ ^libroot-math-quadp5.34(?::\w+|)\s+(.*)$ ^libroot-tmva5.34(?::\w+|)\s+(.*)$ ^libroot-math-genvector5.34(?::\w+|)\s+(.*)$ ^libroot-bindings-ruby5.34(?::\w+|)\s+(.*)$ ^libroot-bindings-python5.34(?::\w+|)\s+(.*)$ ^libroot-gui-ged-dev(?::\w+|)\s+(.*)$ ^libroot-io-xmlparser-dev(?::\w+|)\s+(.*)$ ^libroot-graf2d-gpad5.34(?::\w+|)\s+(.*)$ ^libroot-graf3d-gl5.34(?::\w+|)\s+(.*)$ ^libroot-net-bonjour5.34(?::\w+|)\s+(.*)$ ^libroot-html5.34(?::\w+|)\s+(.*)$ ^libroot-math-unuran5.34(?::\w+|)\s+(.*)$ ^libroot-graf2d-gpad-dev(?::\w+|)\s+(.*)$ ^root-plugin-sql-mysql(?::\w+|)\s+(.*)$ ^libroot-math-matrix-dev(?::\w+|)\s+(.*)$ ^libroot-math-smatrix5.34(?::\w+|)\s+(.*)$ ^root-plugin-math-fftw3(?::\w+|)\s+(.*)$ ^libroot-graf2d-graf5.34(?::\w+|)\s+(.*)$ ^libroot-math-unuran-dev(?::\w+|)\s+(.*)$ ^libroot-math-physics-dev(?::\w+|)\s+(.*)$ ^libroot-math-splot5.34(?::\w+|)\s+(.*)$ ^root-plugin-hist-hbook(?::\w+|)\s+(.*)$ ^libroot-math-splot-dev(?::\w+|)\s+(.*)$ ^libroot-io-dev(?::\w+|)\s+(.*)$ ^libroot-misc-minicern5.34(?::\w+|)\s+(.*)$ ^libroot-proof5.34(?::\w+|)\s+(.*)$ ^libroot-graf3d-g3d-dev(?::\w+|)\s+(.*)$ ^libroot-math-minuit-dev(?::\w+|)\s+(.*)$ ^libroot-static(?::\w+|)\s+(.*)$ ^libroot-hist5.34(?::\w+|)\s+(.*)$ ^libroot-io5.34(?::\w+|)\s+(.*)$ ^libroot-tmva-dev(?::\w+|)\s+(.*)$ ^libroot-math-quadp-dev(?::\w+|)\s+(.*)$ ^root-system-bin(?::\w+|)\s+(.*)$ ^root-plugin-geom-geombuilder(?::\w+|)\s+(.*)$ ^libroot-proof-dev(?::\w+|)\s+(.*)$ ^libhts-dev(?::\w+|)\s+(.*)$ ^libhts1(?::\w+|)\s+(.*)$ ^htslib-test(?::\w+|)\s+(.*)$ ^tabix(?::\w+|)\s+(.*)$ ^gifsicle(?::\w+|)\s+(.*)$ ^puppetmaster-common(?::\w+|)\s+(.*)$ ^puppetmaster(?::\w+|)\s+(.*)$ ^puppet-testsuite(?::\w+|)\s+(.*)$ ^puppet(?::\w+|)\s+(.*)$ ^puppet-common(?::\w+|)\s+(.*)$ ^puppet-el(?::\w+|)\s+(.*)$ ^puppetmaster-passenger(?::\w+|)\s+(.*)$ ^vim-puppet(?::\w+|)\s+(.*)$ ^vlc-plugin-notify(?::\w+|)\s+(.*)$ ^vlc-plugin-svg(?::\w+|)\s+(.*)$ ^libvlc-dev(?::\w+|)\s+(.*)$ ^libvlccore8(?::\w+|)\s+(.*)$ ^vlc(?::\w+|)\s+(.*)$ ^vlc-data(?::\w+|)\s+(.*)$ ^vlc-plugin-fluidsynth(?::\w+|)\s+(.*)$ ^libvlc5(?::\w+|)\s+(.*)$ ^vlc-plugin-jack(?::\w+|)\s+(.*)$ ^vlc-plugin-samba(?::\w+|)\s+(.*)$ ^vlc-plugin-zvbi(?::\w+|)\s+(.*)$ ^libvlccore-dev(?::\w+|)\s+(.*)$ ^vlc-nox(?::\w+|)\s+(.*)$ ^vlc-plugin-sdl(?::\w+|)\s+(.*)$ ^mpg123(?::\w+|)\s+(.*)$ ^libmpg123-dev(?::\w+|)\s+(.*)$ ^libmpg123-0(?::\w+|)\s+(.*)$ ^wildmidi(?::\w+|)\s+(.*)$ ^libwildmidi-dev(?::\w+|)\s+(.*)$ ^libwildmidi-config(?::\w+|)\s+(.*)$ ^libwildmidi1(?::\w+|)\s+(.*)$ ^tinyproxy(?::\w+|)\s+(.*)$ ^x265(?::\w+|)\s+(.*)$ ^libx265-dev(?::\w+|)\s+(.*)$ ^libx265-doc(?::\w+|)\s+(.*)$ ^libx265-79(?::\w+|)\s+(.*)$ ^libzip-dev(?::\w+|)\s+(.*)$ ^zipmerge(?::\w+|)\s+(.*)$ ^libzip4(?::\w+|)\s+(.*)$ ^zipcmp(?::\w+|)\s+(.*)$ ^libbson-doc(?::\w+|)\s+(.*)$ ^libbson-1.0-0(?::\w+|)\s+(.*)$ ^libbson-dev(?::\w+|)\s+(.*)$ ^libjackson2-databind-java(?::\w+|)\s+(.*)$ ^libjackson2-databind-java-doc(?::\w+|)\s+(.*)$ ^asterisk-doc(?::\w+|)\s+(.*)$ ^asterisk-ooh323(?::\w+|)\s+(.*)$ ^asterisk-vpb(?::\w+|)\s+(.*)$ ^asterisk-config(?::\w+|)\s+(.*)$ ^asterisk-voicemail-imapstorage(?::\w+|)\s+(.*)$ ^asterisk-dev(?::\w+|)\s+(.*)$ ^asterisk(?::\w+|)\s+(.*)$ ^asterisk-dahdi(?::\w+|)\s+(.*)$ ^asterisk-mp3(?::\w+|)\s+(.*)$ ^asterisk-voicemail(?::\w+|)\s+(.*)$ ^asterisk-mobile(?::\w+|)\s+(.*)$ ^asterisk-mysql(?::\w+|)\s+(.*)$ ^asterisk-modules(?::\w+|)\s+(.*)$ ^asterisk-voicemail-odbcstorage(?::\w+|)\s+(.*)$ ^xrdp(?::\w+|)\s+(.*)$ ^libgme0(?::\w+|)\s+(.*)$ ^libgme-dev(?::\w+|)\s+(.*)$ ^libhdf5-doc(?::\w+|)\s+(.*)$ ^libhdf5-10(?::\w+|)\s+(.*)$ ^libhdf5-dev(?::\w+|)\s+(.*)$ ^libhdf5-cpp-11(?::\w+|)\s+(.*)$ ^hdf5-helpers(?::\w+|)\s+(.*)$ ^libhdf5-openmpi-dev(?::\w+|)\s+(.*)$ ^libhdf5-openmpi-10(?::\w+|)\s+(.*)$ ^libhdf5-mpich-10(?::\w+|)\s+(.*)$ ^libhdf5-mpich-dev(?::\w+|)\s+(.*)$ ^libhdf5-mpi-dev(?::\w+|)\s+(.*)$ ^libhdf5-serial-dev(?::\w+|)\s+(.*)$ ^hdf5-tools(?::\w+|)\s+(.*)$ ^libopencv-ocl-dev(?::\w+|)\s+(.*)$ ^libopencv-ml2.4v5(?::\w+|)\s+(.*)$ ^libopencv-features2d-dev(?::\w+|)\s+(.*)$ ^libopencv-photo-dev(?::\w+|)\s+(.*)$ ^libcv-dev(?::\w+|)\s+(.*)$ ^libopencv-flann-dev(?::\w+|)\s+(.*)$ ^libopencv-contrib2.4v5(?::\w+|)\s+(.*)$ ^libopencv-flann2.4v5(?::\w+|)\s+(.*)$ ^libopencv-ts-dev(?::\w+|)\s+(.*)$ ^libopencv-gpu-dev(?::\w+|)\s+(.*)$ ^libopencv-ml-dev(?::\w+|)\s+(.*)$ ^libopencv-highgui2.4v5(?::\w+|)\s+(.*)$ ^libcvaux-dev(?::\w+|)\s+(.*)$ ^libopencv-videostab-dev(?::\w+|)\s+(.*)$ ^libopencv-objdetect-dev(?::\w+|)\s+(.*)$ ^libcvaux2.4(?::\w+|)\s+(.*)$ ^libopencv-ocl2.4v5(?::\w+|)\s+(.*)$ ^libopencv-stitching-dev(?::\w+|)\s+(.*)$ ^libopencv-imgproc-dev(?::\w+|)\s+(.*)$ ^libopencv-photo2.4v5(?::\w+|)\s+(.*)$ ^python-opencv(?::\w+|)\s+(.*)$ ^libopencv-objdetect2.4v5(?::\w+|)\s+(.*)$ ^opencv-doc(?::\w+|)\s+(.*)$ ^libopencv-calib3d-dev(?::\w+|)\s+(.*)$ ^libopencv-superres2.4v5(?::\w+|)\s+(.*)$ ^libhighgui2.4(?::\w+|)\s+(.*)$ ^libopencv-video2.4v5(?::\w+|)\s+(.*)$ ^libopencv-features2d2.4v5(?::\w+|)\s+(.*)$ ^libopencv-videostab2.4v5(?::\w+|)\s+(.*)$ ^libopencv-ts2.4v5(?::\w+|)\s+(.*)$ ^opencv-data(?::\w+|)\s+(.*)$ ^libopencv-legacy2.4v5(?::\w+|)\s+(.*)$ ^libopencv-dev(?::\w+|)\s+(.*)$ ^libopencv-gpu2.4v5(?::\w+|)\s+(.*)$ ^libopencv-core2.4v5(?::\w+|)\s+(.*)$ ^libopencv-contrib-dev(?::\w+|)\s+(.*)$ ^libcv2.4(?::\w+|)\s+(.*)$ ^libopencv-video-dev(?::\w+|)\s+(.*)$ ^libopencv2.4-jni(?::\w+|)\s+(.*)$ ^libopencv2.4-java(?::\w+|)\s+(.*)$ ^libopencv-highgui-dev(?::\w+|)\s+(.*)$ ^libopencv-imgproc2.4v5(?::\w+|)\s+(.*)$ ^libopencv-stitching2.4v5(?::\w+|)\s+(.*)$ ^libopencv-calib3d2.4v5(?::\w+|)\s+(.*)$ ^libhighgui-dev(?::\w+|)\s+(.*)$ ^libopencv-core-dev(?::\w+|)\s+(.*)$ ^libopencv-superres-dev(?::\w+|)\s+(.*)$ ^libopencv-legacy-dev(?::\w+|)\s+(.*)$ ^leptonica-progs(?::\w+|)\s+(.*)$ ^libleptonica-dev(?::\w+|)\s+(.*)$ ^liblept5(?::\w+|)\s+(.*)$ ^heirloom-mailx(?::\w+|)\s+(.*)$ ^s-nail(?::\w+|)\s+(.*)$ ^python-openpyxl(?::\w+|)\s+(.*)$ ^python3-openpyxl(?::\w+|)\s+(.*)$ ^firebird2.5-doc(?::\w+|)\s+(.*)$ ^libfbclient2(?::\w+|)\s+(.*)$ ^firebird2.5-classic-common(?::\w+|)\s+(.*)$ ^libfbembed2.5(?::\w+|)\s+(.*)$ ^firebird2.5-server-common(?::\w+|)\s+(.*)$ ^firebird2.5-common(?::\w+|)\s+(.*)$ ^firebird2.5-classic(?::\w+|)\s+(.*)$ ^firebird2.5-common-doc(?::\w+|)\s+(.*)$ ^firebird2.5-superclassic(?::\w+|)\s+(.*)$ ^libib-util(?::\w+|)\s+(.*)$ ^firebird-dev(?::\w+|)\s+(.*)$ ^firebird2.5-examples(?::\w+|)\s+(.*)$ ^firebird2.5-super(?::\w+|)\s+(.*)$ ^mosquitto-dev(?::\w+|)\s+(.*)$ ^libmosquitto-dev(?::\w+|)\s+(.*)$ ^libmosquitto1(?::\w+|)\s+(.*)$ ^mosquitto(?::\w+|)\s+(.*)$ ^libmosquittopp1(?::\w+|)\s+(.*)$ ^libmosquittopp-dev(?::\w+|)\s+(.*)$ ^mosquitto-clients(?::\w+|)\s+(.*)$ ^varnish(?::\w+|)\s+(.*)$ ^varnish-doc(?::\w+|)\s+(.*)$ ^libvarnishapi-dev(?::\w+|)\s+(.*)$ ^libvarnishapi1(?::\w+|)\s+(.*)$ ^libcoin80-runtime(?::\w+|)\s+(.*)$ ^libcoin80-dev(?::\w+|)\s+(.*)$ ^libcoin80-doc(?::\w+|)\s+(.*)$ ^libcoin80v5(?::\w+|)\s+(.*)$ ^libsoundtouch-dev(?::\w+|)\s+(.*)$ ^soundstretch(?::\w+|)\s+(.*)$ ^libsoundtouch1(?::\w+|)\s+(.*)$ ^libcrypto++9v5(?::\w+|)\s+(.*)$ ^libcrypto++-dev(?::\w+|)\s+(.*)$ ^libcrypto++-doc(?::\w+|)\s+(.*)$ ^libcrypto++-utils(?::\w+|)\s+(.*)$ ^librelp0(?::\w+|)\s+(.*)$ ^librelp-dev(?::\w+|)\s+(.*)$ ^python3-gnupg(?::\w+|)\s+(.*)$ ^python-gnupg(?::\w+|)\s+(.*)$ ^ntopng(?::\w+|)\s+(.*)$ ^ntopng-data(?::\w+|)\s+(.*)$ ^phpmyadmin(?::\w+|)\s+(.*)$ ^cinnamon-common(?::\w+|)\s+(.*)$ ^cinnamon-doc(?::\w+|)\s+(.*)$ ^cinnamon(?::\w+|)\s+(.*)$ ^libcgroup-dev(?::\w+|)\s+(.*)$ ^libpam-cgroup(?::\w+|)\s+(.*)$ ^libcgroup1(?::\w+|)\s+(.*)$ ^cgroup-tools(?::\w+|)\s+(.*)$ ^cgroup-bin(?::\w+|)\s+(.*)$ ^libykpiv1(?::\w+|)\s+(.*)$ ^mini-httpd(?::\w+|)\s+(.*)$ ^python3-solv(?::\w+|)\s+(.*)$ ^libsolvext0-dev(?::\w+|)\s+(.*)$ ^libsolvext0(?::\w+|)\s+(.*)$ ^libsolv-doc(?::\w+|)\s+(.*)$ ^libsolv-tools(?::\w+|)\s+(.*)$ ^python-solv(?::\w+|)\s+(.*)$ ^libsolv-perl(?::\w+|)\s+(.*)$ ^libsolv0(?::\w+|)\s+(.*)$ ^libsolv0-dev(?::\w+|)\s+(.*)$ ^libvtk5.10(?::\w+|)\s+(.*)$ ^libvtk5-qt4-dev(?::\w+|)\s+(.*)$ ^libvtk5-dev(?::\w+|)\s+(.*)$ ^vtk-examples(?::\w+|)\s+(.*)$ ^libvtk-java(?::\w+|)\s+(.*)$ ^python-vtk(?::\w+|)\s+(.*)$ ^libvtk5.10-qt4(?::\w+|)\s+(.*)$ ^vtk-doc(?::\w+|)\s+(.*)$ ^tcl-vtk(?::\w+|)\s+(.*)$ ^libgroupsock8(?::\w+|)\s+(.*)$ ^liblivemedia-dev(?::\w+|)\s+(.*)$ ^libusageenvironment3(?::\w+|)\s+(.*)$ ^livemedia-utils(?::\w+|)\s+(.*)$ ^libbasicusageenvironment1(?::\w+|)\s+(.*)$ ^liblivemedia50(?::\w+|)\s+(.*)$ ^ipython3-notebook(?::\w+|)\s+(.*)$ ^ipython3(?::\w+|)\s+(.*)$ ^ipython-notebook-common(?::\w+|)\s+(.*)$ ^ipython-doc(?::\w+|)\s+(.*)$ ^ipython(?::\w+|)\s+(.*)$ ^ipython3-qtconsole(?::\w+|)\s+(.*)$ ^ipython-notebook(?::\w+|)\s+(.*)$ ^ipython-qtconsole(?::\w+|)\s+(.*)$ ^bwa(?::\w+|)\s+(.*)$ ^libbwa-dev(?::\w+|)\s+(.*)$ ^python-mediainfodll(?::\w+|)\s+(.*)$ ^libmediainfo-dev(?::\w+|)\s+(.*)$ ^python3-mediainfodll(?::\w+|)\s+(.*)$ ^libmediainfo0v5(?::\w+|)\s+(.*)$ ^libmediainfo-doc(?::\w+|)\s+(.*)$ ^monit(?::\w+|)\s+(.*)$ ^node-fstream(?::\w+|)\s+(.*)$ ^golang-github-opencontainers-runc-dev(?::\w+|)\s+(.*)$ ^runc(?::\w+|)\s+(.*)$ ^libtomcrypt-dev(?::\w+|)\s+(.*)$ ^libtomcrypt0(?::\w+|)\s+(.*)$ ^aria2(?::\w+|)\s+(.*)$ ^ant(?::\w+|)\s+(.*)$ ^ant-doc(?::\w+|)\s+(.*)$ ^ant-gcj(?::\w+|)\s+(.*)$ ^ant-optional(?::\w+|)\s+(.*)$ ^ant-optional-gcj(?::\w+|)\s+(.*)$ ^opensmtpd(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^libopenjp2-tools(?::\w+|)\s+(.*)$ ^libopenjpip-server(?::\w+|)\s+(.*)$ ^libopenjpip-viewer(?::\w+|)\s+(.*)$ ^libopenjp3d-tools(?::\w+|)\s+(.*)$ ^libopenjpip7(?::\w+|)\s+(.*)$ ^libopenjp2-7(?::\w+|)\s+(.*)$ ^libopenjp2-7-dev(?::\w+|)\s+(.*)$ ^libopenjp3d7(?::\w+|)\s+(.*)$ ^libopenjpip-dec-server(?::\w+|)\s+(.*)$ ^libruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3-tcltk(?::\w+|)\s+(.*)$ ^ruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3-dev(?::\w+|)\s+(.*)$ ^ruby2.3-doc(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^python-pygments-doc(?::\w+|)\s+(.*)$ ^python3-pygments(?::\w+|)\s+(.*)$ ^python-pygments(?::\w+|)\s+(.*)$ ^privoxy(?::\w+|)\s+(.*)$ ^python-ldb-dev(?::\w+|)\s+(.*)$ ^python-ldb(?::\w+|)\s+(.*)$ ^ldb-tools(?::\w+|)\s+(.*)$ ^python3-ldb(?::\w+|)\s+(.*)$ ^libldb-dev(?::\w+|)\s+(.*)$ ^libldb1(?::\w+|)\s+(.*)$ ^python3-ldb-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^openjdk-8-jre-jamvm(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^squid-common(?::\w+|)\s+(.*)$ ^squid(?::\w+|)\s+(.*)$ ^squid-cgi(?::\w+|)\s+(.*)$ ^squid-purge(?::\w+|)\s+(.*)$ ^squidclient(?::\w+|)\s+(.*)$ ^squid3(?::\w+|)\s+(.*)$ ^python3-lxml(?::\w+|)\s+(.*)$ ^python-lxml(?::\w+|)\s+(.*)$ ^python-lxml-doc(?::\w+|)\s+(.*)$ ^python-pygments-doc(?::\w+|)\s+(.*)$ ^python3-pygments(?::\w+|)\s+(.*)$ ^python-pygments(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl3(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^spamassassin(?::\w+|)\s+(.*)$ ^sa-compile(?::\w+|)\s+(.*)$ ^spamc(?::\w+|)\s+(.*)$ ^libopenexr-dev(?::\w+|)\s+(.*)$ ^openexr(?::\w+|)\s+(.*)$ ^libopenexr22(?::\w+|)\s+(.*)$ ^openexr-doc(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^xserver-xorg-core(?::\w+|)\s+(.*)$ ^xmir(?::\w+|)\s+(.*)$ ^xwayland(?::\w+|)\s+(.*)$ ^xorg-server-source(?::\w+|)\s+(.*)$ ^xdmx(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy(?::\w+|)\s+(.*)$ ^xserver-xorg-xmir(?::\w+|)\s+(.*)$ ^xvfb(?::\w+|)\s+(.*)$ ^xserver-xorg-dev(?::\w+|)\s+(.*)$ ^xserver-xorg-core-udeb(?::\w+|)\s+(.*)$ ^xnest(?::\w+|)\s+(.*)$ ^xserver-xephyr(?::\w+|)\s+(.*)$ ^xserver-common(?::\w+|)\s+(.*)$ ^xdmx-tools(?::\w+|)\s+(.*)$ ^xorg-server-source-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xephyr-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xorg-core-hwe-16.04(?::\w+|)\s+(.*)$ ^xmir-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy-hwe-16.04(?::\w+|)\s+(.*)$ ^xwayland-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xorg-dev-hwe-16.04(?::\w+|)\s+(.*)$ ^nettle-bin(?::\w+|)\s+(.*)$ ^libnettle6(?::\w+|)\s+(.*)$ ^libhogweed4(?::\w+|)\s+(.*)$ ^nettle-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^libjs-underscore(?::\w+|)\s+(.*)$ ^node-underscore(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-generic-lpae|-lowlatency|-powerpc-e500mc|-powerpc-smp|-powerpc64-emb|-powerpc64-smp)(?::\w+|)\s+(.*)$ ^libclamav-dev(?::\w+|)\s+(.*)$ ^clamav-testfiles(?::\w+|)\s+(.*)$ ^clamav-base(?::\w+|)\s+(.*)$ ^clamav(?::\w+|)\s+(.*)$ ^clamav-daemon(?::\w+|)\s+(.*)$ ^clamav-milter(?::\w+|)\s+(.*)$ ^clamav-docs(?::\w+|)\s+(.*)$ ^clamav-freshclam(?::\w+|)\s+(.*)$ ^libclamav9(?::\w+|)\s+(.*)$ ^clamdscan(?::\w+|)\s+(.*)$ ^libclamav-dev(?::\w+|)\s+(.*)$ ^clamav-testfiles(?::\w+|)\s+(.*)$ ^clamav-base(?::\w+|)\s+(.*)$ ^clamav(?::\w+|)\s+(.*)$ ^clamav-daemon(?::\w+|)\s+(.*)$ ^clamav-milter(?::\w+|)\s+(.*)$ ^clamav-docs(?::\w+|)\s+(.*)$ ^clamav-freshclam(?::\w+|)\s+(.*)$ ^libclamav9(?::\w+|)\s+(.*)$ ^clamdscan(?::\w+|)\s+(.*)$ ^libslp-dev(?::\w+|)\s+(.*)$ ^openslp-doc(?::\w+|)\s+(.*)$ ^slptool(?::\w+|)\s+(.*)$ ^slpd(?::\w+|)\s+(.*)$ ^libslp1(?::\w+|)\s+(.*)$ ^libzmq5(?::\w+|)\s+(.*)$ ^libzmq3-dev(?::\w+|)\s+(.*)$ ^caca-utils(?::\w+|)\s+(.*)$ ^libcaca-dev(?::\w+|)\s+(.*)$ ^libcaca0(?::\w+|)\s+(.*)$ ^libruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3-dev(?::\w+|)\s+(.*)$ ^ruby2.3-doc(?::\w+|)\s+(.*)$ ^ruby2.3-tcltk(?::\w+|)\s+(.*)$ ^dnsmasq(?::\w+|)\s+(.*)$ ^dnsmasq-utils(?::\w+|)\s+(.*)$ ^dnsmasq-base(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^file-roller(?::\w+|)\s+(.*)$ ^gstreamer1.0-plugins-good(?::\w+|)\s+(.*)$ ^gstreamer1.0-pulseaudio(?::\w+|)\s+(.*)$ ^gstreamer1.0-plugins-good-doc(?::\w+|)\s+(.*)$ ^libgstreamer-plugins-good1.0-0(?::\w+|)\s+(.*)$ ^libgstreamer-plugins-good1.0-dev(?::\w+|)\s+(.*)$ ^libisccfg-export140-udeb(?::\w+|)\s+(.*)$ ^libisc160(?::\w+|)\s+(.*)$ ^libisccc-export140-udeb(?::\w+|)\s+(.*)$ ^libdns162(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^libisc-export160-udeb(?::\w+|)\s+(.*)$ ^liblwres141(?::\w+|)\s+(.*)$ ^libisccc-export140(?::\w+|)\s+(.*)$ ^libisccfg-export140(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^libisc-export160(?::\w+|)\s+(.*)$ ^libdns-export162-udeb(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libisccc140(?::\w+|)\s+(.*)$ ^host(?::\w+|)\s+(.*)$ ^libisccfg140(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^libdns-export162(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^libirs-export141-udeb(?::\w+|)\s+(.*)$ ^libbind9-140(?::\w+|)\s+(.*)$ ^libirs141(?::\w+|)\s+(.*)$ ^libirs-export141(?::\w+|)\s+(.*)$ ^lwresd(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^exim4-dev(?::\w+|)\s+(.*)$ ^eximon4(?::\w+|)\s+(.*)$ ^exim4(?::\w+|)\s+(.*)$ ^exim4-base(?::\w+|)\s+(.*)$ ^exim4-config(?::\w+|)\s+(.*)$ ^exim4-daemon-heavy(?::\w+|)\s+(.*)$ ^exim4-daemon-light(?::\w+|)\s+(.*)$ ^exiv2(?::\w+|)\s+(.*)$ ^libexiv2-14(?::\w+|)\s+(.*)$ ^libexiv2-doc(?::\w+|)\s+(.*)$ ^libexiv2-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^awstats(?::\w+|)\s+(.*)$ ^libc6-i386(?::\w+|)\s+(.*)$ ^libc6-ppc64(?::\w+|)\s+(.*)$ ^libc6-dev-s390(?::\w+|)\s+(.*)$ ^glibc-source(?::\w+|)\s+(.*)$ ^libc-bin(?::\w+|)\s+(.*)$ ^libc6-x32(?::\w+|)\s+(.*)$ ^libc6-s390(?::\w+|)\s+(.*)$ ^libc6-armel(?::\w+|)\s+(.*)$ ^libc6-pic(?::\w+|)\s+(.*)$ ^libc6-dev-ppc64(?::\w+|)\s+(.*)$ ^libc6-dev-armel(?::\w+|)\s+(.*)$ ^glibc-doc(?::\w+|)\s+(.*)$ ^multiarch-support(?::\w+|)\s+(.*)$ ^libc6-dev(?::\w+|)\s+(.*)$ ^libc6-amd64(?::\w+|)\s+(.*)$ ^libc6-dev-amd64(?::\w+|)\s+(.*)$ ^libc6(?::\w+|)\s+(.*)$ ^locales-all(?::\w+|)\s+(.*)$ ^libc6-dev-x32(?::\w+|)\s+(.*)$ ^locales(?::\w+|)\s+(.*)$ ^libc6-udeb(?::\w+|)\s+(.*)$ ^libc6-dev-i386(?::\w+|)\s+(.*)$ ^libc-dev-bin(?::\w+|)\s+(.*)$ ^nscd(?::\w+|)\s+(.*)$ ^libdjvulibre21(?::\w+|)\s+(.*)$ ^libdjvulibre-text(?::\w+|)\s+(.*)$ ^djvulibre-desktop(?::\w+|)\s+(.*)$ ^djview3(?::\w+|)\s+(.*)$ ^djvuserve(?::\w+|)\s+(.*)$ ^libdjvulibre-dev(?::\w+|)\s+(.*)$ ^djview(?::\w+|)\s+(.*)$ ^djvulibre-bin(?::\w+|)\s+(.*)$ ^gstreamer1.0-plugins-base(?::\w+|)\s+(.*)$ ^libgstreamer-plugins-base1.0-0(?::\w+|)\s+(.*)$ ^gstreamer1.0-x(?::\w+|)\s+(.*)$ ^gstreamer1.0-alsa(?::\w+|)\s+(.*)$ ^libgstreamer-plugins-base1.0-dev(?::\w+|)\s+(.*)$ ^gir1.2-gst-plugins-base-1.0(?::\w+|)\s+(.*)$ ^gstreamer1.0-plugins-base-doc(?::\w+|)\s+(.*)$ ^gstreamer1.0-plugins-base-apps(?::\w+|)\s+(.*)$ ^python-pip(?::\w+|)\s+(.*)$ ^python-pip-whl(?::\w+|)\s+(.*)$ ^python3-pip(?::\w+|)\s+(.*)$ ^python-pybabel(?::\w+|)\s+(.*)$ ^python-babel-localedata(?::\w+|)\s+(.*)$ ^python-babel-doc(?::\w+|)\s+(.*)$ ^python-babel(?::\w+|)\s+(.*)$ ^python3-babel(?::\w+|)\s+(.*)$ ^exiv2(?::\w+|)\s+(.*)$ ^libexiv2-14(?::\w+|)\s+(.*)$ ^libexiv2-doc(?::\w+|)\s+(.*)$ ^libexiv2-dev(?::\w+|)\s+(.*)$ ^apport(?::\w+|)\s+(.*)$ ^python3-problem-report(?::\w+|)\s+(.*)$ ^apport-kde(?::\w+|)\s+(.*)$ ^apport-retrace(?::\w+|)\s+(.*)$ ^apport-valgrind(?::\w+|)\s+(.*)$ ^python3-apport(?::\w+|)\s+(.*)$ ^dh-apport(?::\w+|)\s+(.*)$ ^apport-gtk(?::\w+|)\s+(.*)$ ^python-apport(?::\w+|)\s+(.*)$ ^python-problem-report(?::\w+|)\s+(.*)$ ^apport-noui(?::\w+|)\s+(.*)$ ^libx11-6(?::\w+|)\s+(.*)$ ^libx11-data(?::\w+|)\s+(.*)$ ^libx11-xcb-dev(?::\w+|)\s+(.*)$ ^libx11-xcb1(?::\w+|)\s+(.*)$ ^libx11-doc(?::\w+|)\s+(.*)$ ^libx11-6-udeb(?::\w+|)\s+(.*)$ ^libx11-dev(?::\w+|)\s+(.*)$ ^nginx-extras(?::\w+|)\s+(.*)$ ^nginx-core(?::\w+|)\s+(.*)$ ^nginx-common(?::\w+|)\s+(.*)$ ^nginx-full(?::\w+|)\s+(.*)$ ^nginx(?::\w+|)\s+(.*)$ ^nginx-light(?::\w+|)\s+(.*)$ ^nginx-doc(?::\w+|)\s+(.*)$ ^liblz4-tool(?::\w+|)\s+(.*)$ ^liblz4-dev(?::\w+|)\s+(.*)$ ^liblz4-1(?::\w+|)\s+(.*)$ ^isc-dhcp-dev(?::\w+|)\s+(.*)$ ^isc-dhcp-client-ddns(?::\w+|)\s+(.*)$ ^isc-dhcp-relay(?::\w+|)\s+(.*)$ ^isc-dhcp-client(?::\w+|)\s+(.*)$ ^isc-dhcp-common(?::\w+|)\s+(.*)$ ^isc-dhcp-server(?::\w+|)\s+(.*)$ ^isc-dhcp-client-udeb(?::\w+|)\s+(.*)$ ^isc-dhcp-server-ldap(?::\w+|)\s+(.*)$ ^libwebp5(?::\w+|)\s+(.*)$ ^webp(?::\w+|)\s+(.*)$ ^libwebpdemux1(?::\w+|)\s+(.*)$ ^libwebp-dev(?::\w+|)\s+(.*)$ ^libwebpmux1(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^dnsmasq(?::\w+|)\s+(.*)$ ^dnsmasq-utils(?::\w+|)\s+(.*)$ ^dnsmasq-base-lua(?::\w+|)\s+(.*)$ ^dnsmasq-base(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^intel-microcode(?::\w+|)\s+(.*)$ ^rpcbind(?::\w+|)\s+(.*)$ ^rpcbind(?::\w+|)\s+(.*)$ ^libimage-exiftool-perl(?::\w+|)\s+(.*)$ ^libbluetooth3(?::\w+|)\s+(.*)$ ^bluez-tests(?::\w+|)\s+(.*)$ ^bluez-obexd(?::\w+|)\s+(.*)$ ^bluetooth(?::\w+|)\s+(.*)$ ^bluez(?::\w+|)\s+(.*)$ ^bluez-hcidump(?::\w+|)\s+(.*)$ ^bluez-cups(?::\w+|)\s+(.*)$ ^libbluetooth-dev(?::\w+|)\s+(.*)$ ^python-libxml2(?::\w+|)\s+(.*)$ ^libxml2-utils(?::\w+|)\s+(.*)$ ^libxml2(?::\w+|)\s+(.*)$ ^libxml2-udeb(?::\w+|)\s+(.*)$ ^libxml2-doc(?::\w+|)\s+(.*)$ ^libxml2-dev(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^libopenexr-dev(?::\w+|)\s+(.*)$ ^openexr(?::\w+|)\s+(.*)$ ^libopenexr22(?::\w+|)\s+(.*)$ ^openexr-doc(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^rabbitmq-server(?::\w+|)\s+(.*)$ ^libdjvulibre21(?::\w+|)\s+(.*)$ ^libdjvulibre-text(?::\w+|)\s+(.*)$ ^djvulibre-desktop(?::\w+|)\s+(.*)$ ^djview3(?::\w+|)\s+(.*)$ ^djvuserve(?::\w+|)\s+(.*)$ ^libdjvulibre-dev(?::\w+|)\s+(.*)$ ^djview(?::\w+|)\s+(.*)$ ^djvulibre-bin(?::\w+|)\s+(.*)$ ^php7.0-cgi(?::\w+|)\s+(.*)$ ^php7.0-mcrypt(?::\w+|)\s+(.*)$ ^php7.0-xsl(?::\w+|)\s+(.*)$ ^php7.0-fpm(?::\w+|)\s+(.*)$ ^libphp7.0-embed(?::\w+|)\s+(.*)$ ^php7.0-cli(?::\w+|)\s+(.*)$ ^php7.0-curl(?::\w+|)\s+(.*)$ ^php7.0-ldap(?::\w+|)\s+(.*)$ ^php7.0-mbstring(?::\w+|)\s+(.*)$ ^php7.0-gmp(?::\w+|)\s+(.*)$ ^php7.0-sqlite3(?::\w+|)\s+(.*)$ ^php7.0-gd(?::\w+|)\s+(.*)$ ^php7.0-common(?::\w+|)\s+(.*)$ ^php7.0-enchant(?::\w+|)\s+(.*)$ ^php7.0-soap(?::\w+|)\s+(.*)$ ^php7.0-odbc(?::\w+|)\s+(.*)$ ^php7.0-phpdbg(?::\w+|)\s+(.*)$ ^php7.0-json(?::\w+|)\s+(.*)$ ^php7.0-pgsql(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.0(?::\w+|)\s+(.*)$ ^php7.0-imap(?::\w+|)\s+(.*)$ ^php7.0-dba(?::\w+|)\s+(.*)$ ^php7.0-sybase(?::\w+|)\s+(.*)$ ^php7.0-pspell(?::\w+|)\s+(.*)$ ^php7.0-xml(?::\w+|)\s+(.*)$ ^php7.0-bz2(?::\w+|)\s+(.*)$ ^php7.0-recode(?::\w+|)\s+(.*)$ ^php7.0-zip(?::\w+|)\s+(.*)$ ^php7.0(?::\w+|)\s+(.*)$ ^php7.0-tidy(?::\w+|)\s+(.*)$ ^php7.0-interbase(?::\w+|)\s+(.*)$ ^php7.0-opcache(?::\w+|)\s+(.*)$ ^php7.0-readline(?::\w+|)\s+(.*)$ ^php7.0-intl(?::\w+|)\s+(.*)$ ^php7.0-mysql(?::\w+|)\s+(.*)$ ^php7.0-xmlrpc(?::\w+|)\s+(.*)$ ^php7.0-bcmath(?::\w+|)\s+(.*)$ ^php7.0-dev(?::\w+|)\s+(.*)$ ^php7.0-snmp(?::\w+|)\s+(.*)$ ^libavahi-compat-libdnssd-dev(?::\w+|)\s+(.*)$ ^libavahi-ui-gtk3-0(?::\w+|)\s+(.*)$ ^libavahi-core7-udeb(?::\w+|)\s+(.*)$ ^libavahi-qt4-1(?::\w+|)\s+(.*)$ ^libavahi-core7(?::\w+|)\s+(.*)$ ^libavahi-client3(?::\w+|)\s+(.*)$ ^libavahi-core-dev(?::\w+|)\s+(.*)$ ^libavahi-client-dev(?::\w+|)\s+(.*)$ ^avahi-ui-utils(?::\w+|)\s+(.*)$ ^libavahi-gobject-dev(?::\w+|)\s+(.*)$ ^avahi-dnsconfd(?::\w+|)\s+(.*)$ ^libavahi-compat-libdnssd1(?::\w+|)\s+(.*)$ ^libavahi-common3(?::\w+|)\s+(.*)$ ^avahi-daemon(?::\w+|)\s+(.*)$ ^avahi-discover(?::\w+|)\s+(.*)$ ^libavahi-common-dev(?::\w+|)\s+(.*)$ ^libavahi-common-data(?::\w+|)\s+(.*)$ ^avahi-utils(?::\w+|)\s+(.*)$ ^libavahi-ui0(?::\w+|)\s+(.*)$ ^libavahi-ui-gtk3-dev(?::\w+|)\s+(.*)$ ^libavahi-glib-dev(?::\w+|)\s+(.*)$ ^libavahi-ui-dev(?::\w+|)\s+(.*)$ ^libavahi-qt4-dev(?::\w+|)\s+(.*)$ ^libavahi-gobject0(?::\w+|)\s+(.*)$ ^avahi-autoipd(?::\w+|)\s+(.*)$ ^python-avahi(?::\w+|)\s+(.*)$ ^libavahi-glib1(?::\w+|)\s+(.*)$ ^libavahi-common3-udeb(?::\w+|)\s+(.*)$ ^systemd-coredump(?::\w+|)\s+(.*)$ ^systemd(?::\w+|)\s+(.*)$ ^udev-udeb(?::\w+|)\s+(.*)$ ^libsystemd0(?::\w+|)\s+(.*)$ ^systemd-container(?::\w+|)\s+(.*)$ ^libnss-myhostname(?::\w+|)\s+(.*)$ ^libudev1-udeb(?::\w+|)\s+(.*)$ ^libudev1(?::\w+|)\s+(.*)$ ^libsystemd-dev(?::\w+|)\s+(.*)$ ^systemd-journal-remote(?::\w+|)\s+(.*)$ ^libpam-systemd(?::\w+|)\s+(.*)$ ^libudev-dev(?::\w+|)\s+(.*)$ ^libnss-mymachines(?::\w+|)\s+(.*)$ ^libnss-resolve(?::\w+|)\s+(.*)$ ^systemd-sysv(?::\w+|)\s+(.*)$ ^udev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^libruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3-tcltk(?::\w+|)\s+(.*)$ ^ruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3-dev(?::\w+|)\s+(.*)$ ^ruby2.3-doc(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl3(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-common(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^libaspell15(?::\w+|)\s+(.*)$ ^aspell-doc(?::\w+|)\s+(.*)$ ^aspell(?::\w+|)\s+(.*)$ ^libpspell-dev(?::\w+|)\s+(.*)$ ^libaspell-dev(?::\w+|)\s+(.*)$ ^libsndfile1(?::\w+|)\s+(.*)$ ^libsndfile1-dev(?::\w+|)\s+(.*)$ ^sndfile-programs(?::\w+|)\s+(.*)$ ^libqpdf-dev(?::\w+|)\s+(.*)$ ^qpdf(?::\w+|)\s+(.*)$ ^libqpdf21(?::\w+|)\s+(.*)$ ^php-pear(?::\w+|)\s+(.*)$ ^exiv2(?::\w+|)\s+(.*)$ ^libexiv2-14(?::\w+|)\s+(.*)$ ^libexiv2-doc(?::\w+|)\s+(.*)$ ^libexiv2-dev(?::\w+|)\s+(.*)$ ^libdbi-perl(?::\w+|)\s+(.*)$ ^libc-ares2(?::\w+|)\s+(.*)$ ^libc-ares-dev(?::\w+|)\s+(.*)$ ^tor(?::\w+|)\s+(.*)$ ^tor-geoipdb(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^libapreq2-doc(?::\w+|)\s+(.*)$ ^libapache2-mod-apreq2(?::\w+|)\s+(.*)$ ^libapreq2-dev(?::\w+|)\s+(.*)$ ^libapache2-request-perl(?::\w+|)\s+(.*)$ ^libapreq2-3(?::\w+|)\s+(.*)$ ^exiv2(?::\w+|)\s+(.*)$ ^libexiv2-14(?::\w+|)\s+(.*)$ ^libexiv2-doc(?::\w+|)\s+(.*)$ ^libexiv2-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^inetutils-tools(?::\w+|)\s+(.*)$ ^inetutils-ftpd(?::\w+|)\s+(.*)$ ^inetutils-talkd(?::\w+|)\s+(.*)$ ^inetutils-traceroute(?::\w+|)\s+(.*)$ ^inetutils-talk(?::\w+|)\s+(.*)$ ^inetutils-telnetd(?::\w+|)\s+(.*)$ ^inetutils-inetd(?::\w+|)\s+(.*)$ ^inetutils-ping(?::\w+|)\s+(.*)$ ^inetutils-syslogd(?::\w+|)\s+(.*)$ ^inetutils-ftp(?::\w+|)\s+(.*)$ ^inetutils-telnet(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^libapache2-mod-uwsgi(?::\w+|)\s+(.*)$ ^uwsgi-plugin-rados(?::\w+|)\s+(.*)$ ^uwsgi-plugin-xslt(?::\w+|)\s+(.*)$ ^uwsgi-plugin-rack-ruby2.3(?::\w+|)\s+(.*)$ ^uwsgi-plugin-ring-openjdk-8(?::\w+|)\s+(.*)$ ^uwsgi-plugin-asyncio-python(?::\w+|)\s+(.*)$ ^uwsgi-plugin-curl-cron(?::\w+|)\s+(.*)$ ^uwsgi-infrastructure-plugins(?::\w+|)\s+(.*)$ ^uwsgi-plugin-gevent-python(?::\w+|)\s+(.*)$ ^python3-uwsgidecorators(?::\w+|)\s+(.*)$ ^uwsgi-plugin-jwsgi-openjdk-8(?::\w+|)\s+(.*)$ ^uwsgi-plugin-php(?::\w+|)\s+(.*)$ ^uwsgi-plugin-glusterfs(?::\w+|)\s+(.*)$ ^uwsgi-plugin-greenlet-python(?::\w+|)\s+(.*)$ ^uwsgi-plugin-v8(?::\w+|)\s+(.*)$ ^uwsgi-plugin-geoip(?::\w+|)\s+(.*)$ ^uwsgi-app-integration-plugins(?::\w+|)\s+(.*)$ ^uwsgi-plugin-alarm-curl(?::\w+|)\s+(.*)$ ^uwsgi-plugin-lua5.1(?::\w+|)\s+(.*)$ ^uwsgi-plugin-lua5.2(?::\w+|)\s+(.*)$ ^uwsgi-plugin-python(?::\w+|)\s+(.*)$ ^uwsgi-plugin-servlet-openjdk-8(?::\w+|)\s+(.*)$ ^uwsgi(?::\w+|)\s+(.*)$ ^uwsgi-plugin-emperor-pg(?::\w+|)\s+(.*)$ ^uwsgi-plugin-graylog2(?::\w+|)\s+(.*)$ ^uwsgi-plugin-asyncio-python3(?::\w+|)\s+(.*)$ ^uwsgi-emperor(?::\w+|)\s+(.*)$ ^uwsgi-plugin-fiber(?::\w+|)\s+(.*)$ ^uwsgi-plugins-all(?::\w+|)\s+(.*)$ ^libapache2-mod-proxy-uwsgi(?::\w+|)\s+(.*)$ ^libapache2-mod-ruwsgi(?::\w+|)\s+(.*)$ ^uwsgi-plugin-rbthreads(?::\w+|)\s+(.*)$ ^uwsgi-plugin-mono(?::\w+|)\s+(.*)$ ^python-uwsgidecorators(?::\w+|)\s+(.*)$ ^uwsgi-plugin-gccgo(?::\w+|)\s+(.*)$ ^uwsgi-plugin-alarm-xmpp(?::\w+|)\s+(.*)$ ^uwsgi-plugin-python3(?::\w+|)\s+(.*)$ ^uwsgi-plugin-router-access(?::\w+|)\s+(.*)$ ^uwsgi-core(?::\w+|)\s+(.*)$ ^uwsgi-extra(?::\w+|)\s+(.*)$ ^uwsgi-plugin-jvm-openjdk-8(?::\w+|)\s+(.*)$ ^uwsgi-plugin-sqlite3(?::\w+|)\s+(.*)$ ^uwsgi-plugin-tornado-python(?::\w+|)\s+(.*)$ ^uwsgi-plugin-luajit(?::\w+|)\s+(.*)$ ^uwsgi-src(?::\w+|)\s+(.*)$ ^uwsgi-plugin-psgi(?::\w+|)\s+(.*)$ ^uwsgi-plugin-ldap(?::\w+|)\s+(.*)$ ^gir1.2-grilo-0.2(?::\w+|)\s+(.*)$ ^libgrilo-0.2-doc(?::\w+|)\s+(.*)$ ^libgrilo-0.2-bin(?::\w+|)\s+(.*)$ ^libgrilo-0.2-dev(?::\w+|)\s+(.*)$ ^libgrilo-0.2-1(?::\w+|)\s+(.*)$ ^libapr1(?::\w+|)\s+(.*)$ ^libapr1-dev(?::\w+|)\s+(.*)$ ^ntfs-3g(?::\w+|)\s+(.*)$ ^ntfs-3g-dev(?::\w+|)\s+(.*)$ ^scilab-full-bin(?::\w+|)\s+(.*)$ ^scilab-minimal-bin(?::\w+|)\s+(.*)$ ^scilab-cli(?::\w+|)\s+(.*)$ ^scilab-doc-ja(?::\w+|)\s+(.*)$ ^scilab-include(?::\w+|)\s+(.*)$ ^scilab-test(?::\w+|)\s+(.*)$ ^scilab-doc(?::\w+|)\s+(.*)$ ^scilab(?::\w+|)\s+(.*)$ ^scilab-doc-pt-br(?::\w+|)\s+(.*)$ ^scilab-data(?::\w+|)\s+(.*)$ ^scilab-doc-fr(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^cpio(?::\w+|)\s+(.*)$ ^python-pysaml2-doc(?::\w+|)\s+(.*)$ ^python-pysaml2(?::\w+|)\s+(.*)$ ^python3-pysaml2(?::\w+|)\s+(.*)$ ^libgd3(?::\w+|)\s+(.*)$ ^libgd-tools(?::\w+|)\s+(.*)$ ^libgd-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^git(?::\w+|)\s+(.*)$ ^gitweb(?::\w+|)\s+(.*)$ ^git-gui(?::\w+|)\s+(.*)$ ^git-daemon-sysvinit(?::\w+|)\s+(.*)$ ^git-arch(?::\w+|)\s+(.*)$ ^git-el(?::\w+|)\s+(.*)$ ^gitk(?::\w+|)\s+(.*)$ ^git-all(?::\w+|)\s+(.*)$ ^git-mediawiki(?::\w+|)\s+(.*)$ ^git-daemon-run(?::\w+|)\s+(.*)$ ^git-man(?::\w+|)\s+(.*)$ ^git-doc(?::\w+|)\s+(.*)$ ^git-svn(?::\w+|)\s+(.*)$ ^git-cvs(?::\w+|)\s+(.*)$ ^git-core(?::\w+|)\s+(.*)$ ^git-email(?::\w+|)\s+(.*)$ ^python-apport(?::\w+|)\s+(.*)$ ^python3-problem-report(?::\w+|)\s+(.*)$ ^apport-kde(?::\w+|)\s+(.*)$ ^apport-retrace(?::\w+|)\s+(.*)$ ^apport-valgrind(?::\w+|)\s+(.*)$ ^python3-apport(?::\w+|)\s+(.*)$ ^dh-apport(?::\w+|)\s+(.*)$ ^apport-gtk(?::\w+|)\s+(.*)$ ^apport(?::\w+|)\s+(.*)$ ^python-problem-report(?::\w+|)\s+(.*)$ ^apport-noui(?::\w+|)\s+(.*)$ ^squashfs-tools(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl3(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl3(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^libgcrypt11-dev(?::\w+|)\s+(.*)$ ^libgcrypt20(?::\w+|)\s+(.*)$ ^libgcrypt20-doc(?::\w+|)\s+(.*)$ ^libgcrypt20-dev(?::\w+|)\s+(.*)$ ^libpython3.5-stdlib(?::\w+|)\s+(.*)$ ^libpython3.5-minimal(?::\w+|)\s+(.*)$ ^python3.5-venv(?::\w+|)\s+(.*)$ ^python3.5(?::\w+|)\s+(.*)$ ^python3.5-minimal(?::\w+|)\s+(.*)$ ^python3.5-doc(?::\w+|)\s+(.*)$ ^libpython3.5-testsuite(?::\w+|)\s+(.*)$ ^libpython3.5(?::\w+|)\s+(.*)$ ^libpython3.5-dev(?::\w+|)\s+(.*)$ ^python3.5-examples(?::\w+|)\s+(.*)$ ^python3.5-dev(?::\w+|)\s+(.*)$ ^idle-python3.5(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^ca-certificates(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-nox-py2(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-athena-py2(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-gtk3-py2(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-gtk-py2(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^vim-gnome-py2(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^mercurial(?::\w+|)\s+(.*)$ ^mercurial-common(?::\w+|)\s+(.*)$ ^golang-github-docker-docker-dev(?::\w+|)\s+(.*)$ ^docker.io(?::\w+|)\s+(.*)$ ^golang-docker-dev(?::\w+|)\s+(.*)$ ^vim-syntax-docker(?::\w+|)\s+(.*)$ ^docker-doc(?::\w+|)\s+(.*)$ ^libntlm0(?::\w+|)\s+(.*)$ ^libntlm0-dev(?::\w+|)\s+(.*)$ ^nginx-extras(?::\w+|)\s+(.*)$ ^nginx-core(?::\w+|)\s+(.*)$ ^nginx-common(?::\w+|)\s+(.*)$ ^nginx-full(?::\w+|)\s+(.*)$ ^nginx(?::\w+|)\s+(.*)$ ^nginx-light(?::\w+|)\s+(.*)$ ^nginx-doc(?::\w+|)\s+(.*)$ ^strongswan-plugin-xauth-pam(?::\w+|)\s+(.*)$ ^libcharon-extra-plugins(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-simaka-pseudonym(?::\w+|)\s+(.*)$ ^libstrongswan-extra-plugins(?::\w+|)\s+(.*)$ ^strongswan-plugin-xauth-noauth(?::\w+|)\s+(.*)$ ^strongswan-plugin-farp(?::\w+|)\s+(.*)$ ^strongswan-charon(?::\w+|)\s+(.*)$ ^strongswan-ikev1(?::\w+|)\s+(.*)$ ^strongswan-plugin-xauth-eap(?::\w+|)\s+(.*)$ ^strongswan-plugin-sshkey(?::\w+|)\s+(.*)$ ^strongswan-plugin-error-notify(?::\w+|)\s+(.*)$ ^strongswan-plugin-ipseckey(?::\w+|)\s+(.*)$ ^strongswan-plugin-sql(?::\w+|)\s+(.*)$ ^strongswan-plugin-coupling(?::\w+|)\s+(.*)$ ^strongswan-plugin-xauth-generic(?::\w+|)\s+(.*)$ ^strongswan-plugin-lookip(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-ttls(?::\w+|)\s+(.*)$ ^strongswan-plugin-af-alg(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-aka-3gpp2(?::\w+|)\s+(.*)$ ^strongswan-ike(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-sim-pcsc(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-aka(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-sim-file(?::\w+|)\s+(.*)$ ^strongswan-plugin-unbound(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-simaka-sql(?::\w+|)\s+(.*)$ ^libstrongswan-standard-plugins(?::\w+|)\s+(.*)$ ^strongswan-plugin-sqlite(?::\w+|)\s+(.*)$ ^strongswan-plugin-duplicheck(?::\w+|)\s+(.*)$ ^strongswan-plugin-ntru(?::\w+|)\s+(.*)$ ^strongswan-tnc-server(?::\w+|)\s+(.*)$ ^strongswan-plugin-attr-sql(?::\w+|)\s+(.*)$ ^strongswan-tnc-base(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-peap(?::\w+|)\s+(.*)$ ^strongswan-starter(?::\w+|)\s+(.*)$ ^strongswan-plugin-curl(?::\w+|)\s+(.*)$ ^strongswan-plugin-radattr(?::\w+|)\s+(.*)$ ^strongswan-plugin-soup(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-dynamic(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-gtc(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-tls(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-tnc(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-radius(?::\w+|)\s+(.*)$ ^strongswan-ikev2(?::\w+|)\s+(.*)$ ^strongswan-plugin-systime-fix(?::\w+|)\s+(.*)$ ^strongswan-plugin-mysql(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-simaka-reauth(?::\w+|)\s+(.*)$ ^strongswan-plugin-openssl(?::\w+|)\s+(.*)$ ^strongswan-plugin-dnscert(?::\w+|)\s+(.*)$ ^strongswan-plugin-pubkey(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-md5(?::\w+|)\s+(.*)$ ^charon-cmd(?::\w+|)\s+(.*)$ ^strongswan-plugin-whitelist(?::\w+|)\s+(.*)$ ^strongswan-plugin-fips-prf(?::\w+|)\s+(.*)$ ^strongswan-libcharon(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-mschapv2(?::\w+|)\s+(.*)$ ^strongswan-nm(?::\w+|)\s+(.*)$ ^strongswan-plugin-ldap(?::\w+|)\s+(.*)$ ^strongswan-plugin-certexpire(?::\w+|)\s+(.*)$ ^strongswan-tnc-pdp(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-sim(?::\w+|)\s+(.*)$ ^strongswan-tnc-client(?::\w+|)\s+(.*)$ ^strongswan-plugin-gcrypt(?::\w+|)\s+(.*)$ ^strongswan-plugin-led(?::\w+|)\s+(.*)$ ^strongswan-plugin-dhcp(?::\w+|)\s+(.*)$ ^strongswan-plugin-dnskey(?::\w+|)\s+(.*)$ ^strongswan-plugin-gmp(?::\w+|)\s+(.*)$ ^strongswan-plugin-agent(?::\w+|)\s+(.*)$ ^strongswan-plugin-pgp(?::\w+|)\s+(.*)$ ^strongswan-plugin-kernel-libipsec(?::\w+|)\s+(.*)$ ^strongswan-plugin-load-tester(?::\w+|)\s+(.*)$ ^strongswan-plugin-unity(?::\w+|)\s+(.*)$ ^strongswan(?::\w+|)\s+(.*)$ ^strongswan-plugin-pkcs11(?::\w+|)\s+(.*)$ ^strongswan-tnc-ifmap(?::\w+|)\s+(.*)$ ^libstrongswan(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^caca-utils(?::\w+|)\s+(.*)$ ^libcaca-dev(?::\w+|)\s+(.*)$ ^libcaca0(?::\w+|)\s+(.*)$ ^mailman(?::\w+|)\s+(.*)$ ^apport(?::\w+|)\s+(.*)$ ^python3-problem-report(?::\w+|)\s+(.*)$ ^apport-kde(?::\w+|)\s+(.*)$ ^apport-retrace(?::\w+|)\s+(.*)$ ^apport-valgrind(?::\w+|)\s+(.*)$ ^python3-apport(?::\w+|)\s+(.*)$ ^dh-apport(?::\w+|)\s+(.*)$ ^apport-gtk(?::\w+|)\s+(.*)$ ^python-apport(?::\w+|)\s+(.*)$ ^python-problem-report(?::\w+|)\s+(.*)$ ^apport-noui(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-common(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^php7.0-cgi(?::\w+|)\s+(.*)$ ^php7.0-mcrypt(?::\w+|)\s+(.*)$ ^php7.0-xsl(?::\w+|)\s+(.*)$ ^php7.0-fpm(?::\w+|)\s+(.*)$ ^libphp7.0-embed(?::\w+|)\s+(.*)$ ^php7.0-cli(?::\w+|)\s+(.*)$ ^php7.0-curl(?::\w+|)\s+(.*)$ ^php7.0-ldap(?::\w+|)\s+(.*)$ ^php7.0-mbstring(?::\w+|)\s+(.*)$ ^php7.0-gmp(?::\w+|)\s+(.*)$ ^php7.0-sqlite3(?::\w+|)\s+(.*)$ ^php7.0-gd(?::\w+|)\s+(.*)$ ^php7.0-common(?::\w+|)\s+(.*)$ ^php7.0-enchant(?::\w+|)\s+(.*)$ ^php7.0-odbc(?::\w+|)\s+(.*)$ ^php7.0-phpdbg(?::\w+|)\s+(.*)$ ^php7.0-json(?::\w+|)\s+(.*)$ ^php7.0-pgsql(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.0(?::\w+|)\s+(.*)$ ^php7.0-zip(?::\w+|)\s+(.*)$ ^php7.0-imap(?::\w+|)\s+(.*)$ ^php7.0-dba(?::\w+|)\s+(.*)$ ^php7.0-sybase(?::\w+|)\s+(.*)$ ^php7.0-pspell(?::\w+|)\s+(.*)$ ^php7.0-xml(?::\w+|)\s+(.*)$ ^php7.0-bz2(?::\w+|)\s+(.*)$ ^php7.0-recode(?::\w+|)\s+(.*)$ ^php7.0-soap(?::\w+|)\s+(.*)$ ^php7.0(?::\w+|)\s+(.*)$ ^php7.0-tidy(?::\w+|)\s+(.*)$ ^php7.0-interbase(?::\w+|)\s+(.*)$ ^php7.0-opcache(?::\w+|)\s+(.*)$ ^php7.0-readline(?::\w+|)\s+(.*)$ ^php7.0-intl(?::\w+|)\s+(.*)$ ^php7.0-mysql(?::\w+|)\s+(.*)$ ^php7.0-xmlrpc(?::\w+|)\s+(.*)$ ^php7.0-bcmath(?::\w+|)\s+(.*)$ ^php7.0-dev(?::\w+|)\s+(.*)$ ^php7.0-snmp(?::\w+|)\s+(.*)$ ^libisc160(?::\w+|)\s+(.*)$ ^libisccc-export140-udeb(?::\w+|)\s+(.*)$ ^libdns162(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^liblwres141(?::\w+|)\s+(.*)$ ^libisccc-export140(?::\w+|)\s+(.*)$ ^libisccfg-export140(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^libisc-export160(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libisccc140(?::\w+|)\s+(.*)$ ^host(?::\w+|)\s+(.*)$ ^libisccfg140(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^libdns-export162(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^libbind9-140(?::\w+|)\s+(.*)$ ^libirs141(?::\w+|)\s+(.*)$ ^libirs-export141(?::\w+|)\s+(.*)$ ^lwresd(?::\w+|)\s+(.*)$ ^icu-devtools(?::\w+|)\s+(.*)$ ^libicu55(?::\w+|)\s+(.*)$ ^libicu-dev(?::\w+|)\s+(.*)$ ^icu-doc(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^libopenexr-dev(?::\w+|)\s+(.*)$ ^openexr(?::\w+|)\s+(.*)$ ^libopenexr22(?::\w+|)\s+(.*)$ ^openexr-doc(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-nox-py2(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-athena-py2(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-gtk3-py2(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-gtk-py2(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^vim-gnome-py2(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^libhivex-bin(?::\w+|)\s+(.*)$ ^libhivex-ocaml-dev(?::\w+|)\s+(.*)$ ^libhivex-dev(?::\w+|)\s+(.*)$ ^libhivex0(?::\w+|)\s+(.*)$ ^python3-hivex(?::\w+|)\s+(.*)$ ^libwin-hivex-perl(?::\w+|)\s+(.*)$ ^libhivex-ocaml(?::\w+|)\s+(.*)$ ^python-hivex(?::\w+|)\s+(.*)$ ^ruby-hivex(?::\w+|)\s+(.*)$ ^libopenexr-dev(?::\w+|)\s+(.*)$ ^openexr(?::\w+|)\s+(.*)$ ^libopenexr22(?::\w+|)\s+(.*)$ ^openexr-doc(?::\w+|)\s+(.*)$ ^mailman(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-5v5(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-2(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2-extra(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2(?::\w+|)\s+(.*)$ ^node-bl(?::\w+|)\s+(.*)$ ^mc-data(?::\w+|)\s+(.*)$ ^mc(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^libavresample-dev(?::\w+|)\s+(.*)$ ^libswresample-ffmpeg1(?::\w+|)\s+(.*)$ ^libavresample-ffmpeg2(?::\w+|)\s+(.*)$ ^libavcodec-extra(?::\w+|)\s+(.*)$ ^libswscale-ffmpeg3(?::\w+|)\s+(.*)$ ^libavcodec-dev(?::\w+|)\s+(.*)$ ^libavutil-dev(?::\w+|)\s+(.*)$ ^libavfilter-ffmpeg5(?::\w+|)\s+(.*)$ ^libpostproc-ffmpeg53(?::\w+|)\s+(.*)$ ^libavcodec-ffmpeg56(?::\w+|)\s+(.*)$ ^libswscale-dev(?::\w+|)\s+(.*)$ ^libavformat-ffmpeg56(?::\w+|)\s+(.*)$ ^libswresample-dev(?::\w+|)\s+(.*)$ ^libavdevice-dev(?::\w+|)\s+(.*)$ ^libavcodec-ffmpeg-extra56(?::\w+|)\s+(.*)$ ^libavfilter-dev(?::\w+|)\s+(.*)$ ^libpostproc-dev(?::\w+|)\s+(.*)$ ^libavformat-dev(?::\w+|)\s+(.*)$ ^ffmpeg(?::\w+|)\s+(.*)$ ^libavutil-ffmpeg54(?::\w+|)\s+(.*)$ ^ffmpeg-doc(?::\w+|)\s+(.*)$ ^libav-tools(?::\w+|)\s+(.*)$ ^libavdevice-ffmpeg56(?::\w+|)\s+(.*)$ ^libnss3-nssdb(?::\w+|)\s+(.*)$ ^libnss3-dev(?::\w+|)\s+(.*)$ ^libnss3(?::\w+|)\s+(.*)$ ^libnss3-1d(?::\w+|)\s+(.*)$ ^libnss3-tools(?::\w+|)\s+(.*)$ ^libnss3-nssdb(?::\w+|)\s+(.*)$ ^libnss3-dev(?::\w+|)\s+(.*)$ ^libnss3(?::\w+|)\s+(.*)$ ^libnss3-1d(?::\w+|)\s+(.*)$ ^libnss3-tools(?::\w+|)\s+(.*)$ ^oddjob(?::\w+|)\s+(.*)$ ^oddjob-mkhomedir(?::\w+|)\s+(.*)$ ^lrzip(?::\w+|)\s+(.*)$ ^liburiparser-doc(?::\w+|)\s+(.*)$ ^liburiparser-dev(?::\w+|)\s+(.*)$ ^liburiparser1(?::\w+|)\s+(.*)$ ^libmodbus-dev(?::\w+|)\s+(.*)$ ^libmodbus5(?::\w+|)\s+(.*)$ ^inetutils-tools(?::\w+|)\s+(.*)$ ^inetutils-ftpd(?::\w+|)\s+(.*)$ ^inetutils-talkd(?::\w+|)\s+(.*)$ ^inetutils-traceroute(?::\w+|)\s+(.*)$ ^inetutils-talk(?::\w+|)\s+(.*)$ ^inetutils-telnetd(?::\w+|)\s+(.*)$ ^inetutils-inetd(?::\w+|)\s+(.*)$ ^inetutils-ping(?::\w+|)\s+(.*)$ ^inetutils-syslogd(?::\w+|)\s+(.*)$ ^inetutils-ftp(?::\w+|)\s+(.*)$ ^inetutils-telnet(?::\w+|)\s+(.*)$ ^busybox(?::\w+|)\s+(.*)$ ^busybox-syslogd(?::\w+|)\s+(.*)$ ^udhcpd(?::\w+|)\s+(.*)$ ^busybox-initramfs(?::\w+|)\s+(.*)$ ^udhcpc(?::\w+|)\s+(.*)$ ^busybox-static(?::\w+|)\s+(.*)$ ^roundcube-pgsql(?::\w+|)\s+(.*)$ ^roundcube-mysql(?::\w+|)\s+(.*)$ ^roundcube-plugins(?::\w+|)\s+(.*)$ ^roundcube(?::\w+|)\s+(.*)$ ^roundcube-core(?::\w+|)\s+(.*)$ ^roundcube-sqlite3(?::\w+|)\s+(.*)$ ^libmatio-doc(?::\w+|)\s+(.*)$ ^libmatio2(?::\w+|)\s+(.*)$ ^libmatio-dev(?::\w+|)\s+(.*)$ ^glances(?::\w+|)\s+(.*)$ ^libglib2.0-0(?::\w+|)\s+(.*)$ ^libglib2.0-0-refdbg(?::\w+|)\s+(.*)$ ^libglib2.0-data(?::\w+|)\s+(.*)$ ^libglib2.0-tests(?::\w+|)\s+(.*)$ ^libglib2.0-doc(?::\w+|)\s+(.*)$ ^libglib2.0-bin(?::\w+|)\s+(.*)$ ^libglib2.0-dev(?::\w+|)\s+(.*)$ ^libgraphics-magick-perl(?::\w+|)\s+(.*)$ ^libgraphicsmagick-q16-3(?::\w+|)\s+(.*)$ ^libgraphicsmagick1-dev(?::\w+|)\s+(.*)$ ^graphicsmagick(?::\w+|)\s+(.*)$ ^graphicsmagick-imagemagick-compat(?::\w+|)\s+(.*)$ ^graphicsmagick-libmagick-dev-compat(?::\w+|)\s+(.*)$ ^libgraphicsmagick++1-dev(?::\w+|)\s+(.*)$ ^libgraphicsmagick++-q16-12(?::\w+|)\s+(.*)$ ^liblog4j2-java(?::\w+|)\s+(.*)$ ^liblog4j2-java-doc(?::\w+|)\s+(.*)$ ^xserver-xorg-core(?::\w+|)\s+(.*)$ ^xmir(?::\w+|)\s+(.*)$ ^xorg-server-source(?::\w+|)\s+(.*)$ ^xwayland(?::\w+|)\s+(.*)$ ^xdmx(?::\w+|)\s+(.*)$ ^xserver-xorg-xmir(?::\w+|)\s+(.*)$ ^xserver-xorg-dev(?::\w+|)\s+(.*)$ ^xvfb(?::\w+|)\s+(.*)$ ^xnest(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy(?::\w+|)\s+(.*)$ ^xdmx-tools(?::\w+|)\s+(.*)$ ^xserver-xephyr(?::\w+|)\s+(.*)$ ^xserver-common(?::\w+|)\s+(.*)$ ^xmir-hwe-16.04(?::\w+|)\s+(.*)$ ^xorg-server-source-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xephyr-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xorg-core-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xorg-dev-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy-hwe-16.04(?::\w+|)\s+(.*)$ ^xwayland-hwe-16.04(?::\w+|)\s+(.*)$ ^mumble(?::\w+|)\s+(.*)$ ^mumble-server(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^openjdk-8-jre-jamvm(?::\w+|)\s+(.*)$ ^tcpreplay(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^cacti(?::\w+|)\s+(.*)$ ^python-nltk(?::\w+|)\s+(.*)$ ^python3-nltk(?::\w+|)\s+(.*)$ ^composer(?::\w+|)\s+(.*)$ ^redis-tools(?::\w+|)\s+(.*)$ ^redis-server(?::\w+|)\s+(.*)$ ^redis-sentinel(?::\w+|)\s+(.*)$ ^liblog4j1.2-java-doc(?::\w+|)\s+(.*)$ ^liblog4j1.2-java(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^python3-lxml(?::\w+|)\s+(.*)$ ^python-lxml(?::\w+|)\s+(.*)$ ^python-lxml-doc(?::\w+|)\s+(.*)$ ^python3-pil.imagetk(?::\w+|)\s+(.*)$ ^python-pil-doc(?::\w+|)\s+(.*)$ ^python3-pil(?::\w+|)\s+(.*)$ ^python-pil.imagetk(?::\w+|)\s+(.*)$ ^python-imaging(?::\w+|)\s+(.*)$ ^python-pil(?::\w+|)\s+(.*)$ ^cpanminus(?::\w+|)\s+(.*)$ ^389-ds-base(?::\w+|)\s+(.*)$ ^389-ds(?::\w+|)\s+(.*)$ ^389-ds-base-libs(?::\w+|)\s+(.*)$ ^389-ds-base-dev(?::\w+|)\s+(.*)$ ^fail2ban(?::\w+|)\s+(.*)$ ^libclamav-dev(?::\w+|)\s+(.*)$ ^clamav-testfiles(?::\w+|)\s+(.*)$ ^clamav-base(?::\w+|)\s+(.*)$ ^clamav(?::\w+|)\s+(.*)$ ^clamav-daemon(?::\w+|)\s+(.*)$ ^clamav-milter(?::\w+|)\s+(.*)$ ^clamav-docs(?::\w+|)\s+(.*)$ ^clamav-freshclam(?::\w+|)\s+(.*)$ ^libclamav9(?::\w+|)\s+(.*)$ ^clamdscan(?::\w+|)\s+(.*)$ ^byobu(?::\w+|)\s+(.*)$ ^libruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3-dev(?::\w+|)\s+(.*)$ ^ruby2.3-doc(?::\w+|)\s+(.*)$ ^ruby2.3-tcltk(?::\w+|)\s+(.*)$ ^pngcrush(?::\w+|)\s+(.*)$ ^python-mediainfodll(?::\w+|)\s+(.*)$ ^libmediainfo-dev(?::\w+|)\s+(.*)$ ^python3-mediainfodll(?::\w+|)\s+(.*)$ ^libmediainfo0v5(?::\w+|)\s+(.*)$ ^libmediainfo-doc(?::\w+|)\s+(.*)$ ^libhttpmime-java(?::\w+|)\s+(.*)$ ^libhttpclient-java(?::\w+|)\s+(.*)$ ^aide-dynamic(?::\w+|)\s+(.*)$ ^aide-common(?::\w+|)\s+(.*)$ ^aide-xen(?::\w+|)\s+(.*)$ ^aide(?::\w+|)\s+(.*)$ ^dbus-1-doc(?::\w+|)\s+(.*)$ ^dbus(?::\w+|)\s+(.*)$ ^libdbus-1-dev(?::\w+|)\s+(.*)$ ^dbus-user-session(?::\w+|)\s+(.*)$ ^dbus-x11(?::\w+|)\s+(.*)$ ^dbus-tests(?::\w+|)\s+(.*)$ ^libdbus-1-3(?::\w+|)\s+(.*)$ ^maven(?::\w+|)\s+(.*)$ ^libmaven3-core-java(?::\w+|)\s+(.*)$ ^strongswan-plugin-xauth-pam(?::\w+|)\s+(.*)$ ^libcharon-extra-plugins(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-simaka-pseudonym(?::\w+|)\s+(.*)$ ^libstrongswan-extra-plugins(?::\w+|)\s+(.*)$ ^strongswan-plugin-xauth-noauth(?::\w+|)\s+(.*)$ ^strongswan-plugin-farp(?::\w+|)\s+(.*)$ ^strongswan-charon(?::\w+|)\s+(.*)$ ^strongswan-ikev1(?::\w+|)\s+(.*)$ ^strongswan-plugin-xauth-eap(?::\w+|)\s+(.*)$ ^strongswan-plugin-sshkey(?::\w+|)\s+(.*)$ ^strongswan-plugin-error-notify(?::\w+|)\s+(.*)$ ^strongswan-plugin-ipseckey(?::\w+|)\s+(.*)$ ^strongswan-plugin-coupling(?::\w+|)\s+(.*)$ ^strongswan-plugin-xauth-generic(?::\w+|)\s+(.*)$ ^strongswan-plugin-lookip(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-ttls(?::\w+|)\s+(.*)$ ^strongswan-plugin-af-alg(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-aka-3gpp2(?::\w+|)\s+(.*)$ ^strongswan-ike(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-sim-pcsc(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-aka(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-sim-file(?::\w+|)\s+(.*)$ ^strongswan-plugin-unbound(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-simaka-sql(?::\w+|)\s+(.*)$ ^libstrongswan-standard-plugins(?::\w+|)\s+(.*)$ ^strongswan-plugin-sqlite(?::\w+|)\s+(.*)$ ^strongswan-plugin-duplicheck(?::\w+|)\s+(.*)$ ^strongswan-plugin-ntru(?::\w+|)\s+(.*)$ ^strongswan-tnc-server(?::\w+|)\s+(.*)$ ^strongswan-plugin-attr-sql(?::\w+|)\s+(.*)$ ^strongswan-tnc-base(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-peap(?::\w+|)\s+(.*)$ ^strongswan-starter(?::\w+|)\s+(.*)$ ^strongswan-plugin-curl(?::\w+|)\s+(.*)$ ^strongswan-plugin-radattr(?::\w+|)\s+(.*)$ ^strongswan-plugin-soup(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-dynamic(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-gtc(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-tls(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-tnc(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-radius(?::\w+|)\s+(.*)$ ^strongswan-plugin-mysql(?::\w+|)\s+(.*)$ ^strongswan-ikev2(?::\w+|)\s+(.*)$ ^strongswan-plugin-systime-fix(?::\w+|)\s+(.*)$ ^strongswan-plugin-sql(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-simaka-reauth(?::\w+|)\s+(.*)$ ^strongswan-plugin-openssl(?::\w+|)\s+(.*)$ ^strongswan-plugin-dnscert(?::\w+|)\s+(.*)$ ^strongswan-plugin-pubkey(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-md5(?::\w+|)\s+(.*)$ ^charon-cmd(?::\w+|)\s+(.*)$ ^strongswan-plugin-whitelist(?::\w+|)\s+(.*)$ ^strongswan-plugin-fips-prf(?::\w+|)\s+(.*)$ ^strongswan-libcharon(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-mschapv2(?::\w+|)\s+(.*)$ ^strongswan-nm(?::\w+|)\s+(.*)$ ^strongswan-plugin-ldap(?::\w+|)\s+(.*)$ ^strongswan-plugin-certexpire(?::\w+|)\s+(.*)$ ^strongswan-tnc-pdp(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-sim(?::\w+|)\s+(.*)$ ^strongswan-tnc-client(?::\w+|)\s+(.*)$ ^strongswan-plugin-gcrypt(?::\w+|)\s+(.*)$ ^strongswan-plugin-led(?::\w+|)\s+(.*)$ ^strongswan-plugin-dhcp(?::\w+|)\s+(.*)$ ^strongswan-plugin-dnskey(?::\w+|)\s+(.*)$ ^strongswan-plugin-gmp(?::\w+|)\s+(.*)$ ^strongswan-plugin-agent(?::\w+|)\s+(.*)$ ^strongswan-plugin-pgp(?::\w+|)\s+(.*)$ ^strongswan-plugin-kernel-libipsec(?::\w+|)\s+(.*)$ ^strongswan-plugin-load-tester(?::\w+|)\s+(.*)$ ^strongswan-plugin-unity(?::\w+|)\s+(.*)$ ^strongswan(?::\w+|)\s+(.*)$ ^strongswan-plugin-pkcs11(?::\w+|)\s+(.*)$ ^strongswan-tnc-ifmap(?::\w+|)\s+(.*)$ ^libstrongswan(?::\w+|)\s+(.*)$ ^libgegl-0.3-0(?::\w+|)\s+(.*)$ ^gegl(?::\w+|)\s+(.*)$ ^libgegl-doc(?::\w+|)\s+(.*)$ ^libgegl-dev(?::\w+|)\s+(.*)$ ^libpolkit-backend-1-0(?::\w+|)\s+(.*)$ ^policykit-1-doc(?::\w+|)\s+(.*)$ ^libpolkit-agent-1-0(?::\w+|)\s+(.*)$ ^libpolkit-gobject-1-dev(?::\w+|)\s+(.*)$ ^libpolkit-gobject-1-0(?::\w+|)\s+(.*)$ ^policykit-1(?::\w+|)\s+(.*)$ ^gir1.2-polkit-1.0(?::\w+|)\s+(.*)$ ^libpolkit-backend-1-dev(?::\w+|)\s+(.*)$ ^libpolkit-agent-1-dev(?::\w+|)\s+(.*)$ ^ruby-rack(?::\w+|)\s+(.*)$ ^passwd(?::\w+|)\s+(.*)$ ^login(?::\w+|)\s+(.*)$ ^uidmap(?::\w+|)\s+(.*)$ ^liburiparser-doc(?::\w+|)\s+(.*)$ ^liburiparser-dev(?::\w+|)\s+(.*)$ ^liburiparser1(?::\w+|)\s+(.*)$ ^libldns-dev(?::\w+|)\s+(.*)$ ^python-ldns(?::\w+|)\s+(.*)$ ^ldnsutils(?::\w+|)\s+(.*)$ ^libldns1(?::\w+|)\s+(.*)$ ^weechat-dev(?::\w+|)\s+(.*)$ ^weechat-core(?::\w+|)\s+(.*)$ ^weechat-curses(?::\w+|)\s+(.*)$ ^weechat-doc(?::\w+|)\s+(.*)$ ^weechat-plugins(?::\w+|)\s+(.*)$ ^weechat(?::\w+|)\s+(.*)$ ^cron(?::\w+|)\s+(.*)$ ^cron(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^ruby-passenger-doc(?::\w+|)\s+(.*)$ ^passenger(?::\w+|)\s+(.*)$ ^ruby-passenger(?::\w+|)\s+(.*)$ ^passenger-doc(?::\w+|)\s+(.*)$ ^libapache2-mod-passenger(?::\w+|)\s+(.*)$ ^gdisk(?::\w+|)\s+(.*)$ ^libgv-perl(?::\w+|)\s+(.*)$ ^libcgraph6(?::\w+|)\s+(.*)$ ^libgv-tcl(?::\w+|)\s+(.*)$ ^libgv-guile(?::\w+|)\s+(.*)$ ^libxdot4(?::\w+|)\s+(.*)$ ^libgvc6-plugins-gtk(?::\w+|)\s+(.*)$ ^libcdt5(?::\w+|)\s+(.*)$ ^graphviz(?::\w+|)\s+(.*)$ ^libgv-python(?::\w+|)\s+(.*)$ ^libgv-lua(?::\w+|)\s+(.*)$ ^libpathplan4(?::\w+|)\s+(.*)$ ^graphviz-doc(?::\w+|)\s+(.*)$ ^libgvpr2(?::\w+|)\s+(.*)$ ^libgraphviz-dev(?::\w+|)\s+(.*)$ ^graphviz-dev(?::\w+|)\s+(.*)$ ^libgvc6(?::\w+|)\s+(.*)$ ^libgv-ruby(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-common(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^adminer(?::\w+|)\s+(.*)$ ^libhdf5-doc(?::\w+|)\s+(.*)$ ^libhdf5-10(?::\w+|)\s+(.*)$ ^libhdf5-dev(?::\w+|)\s+(.*)$ ^libhdf5-cpp-11(?::\w+|)\s+(.*)$ ^hdf5-helpers(?::\w+|)\s+(.*)$ ^libhdf5-openmpi-dev(?::\w+|)\s+(.*)$ ^libhdf5-openmpi-10(?::\w+|)\s+(.*)$ ^libhdf5-mpich-10(?::\w+|)\s+(.*)$ ^libhdf5-mpich-dev(?::\w+|)\s+(.*)$ ^libhdf5-mpi-dev(?::\w+|)\s+(.*)$ ^libhdf5-serial-dev(?::\w+|)\s+(.*)$ ^hdf5-tools(?::\w+|)\s+(.*)$ ^debugedit(?::\w+|)\s+(.*)$ ^rpm-i18n(?::\w+|)\s+(.*)$ ^python-rpm(?::\w+|)\s+(.*)$ ^rpm-common(?::\w+|)\s+(.*)$ ^rpm(?::\w+|)\s+(.*)$ ^librpm-dev(?::\w+|)\s+(.*)$ ^librpmsign3(?::\w+|)\s+(.*)$ ^rpm2cpio(?::\w+|)\s+(.*)$ ^python3-rpm(?::\w+|)\s+(.*)$ ^librpmbuild3(?::\w+|)\s+(.*)$ ^librpm3(?::\w+|)\s+(.*)$ ^librpmio3(?::\w+|)\s+(.*)$ ^libbluetooth3(?::\w+|)\s+(.*)$ ^bluez-tests(?::\w+|)\s+(.*)$ ^bluez-obexd(?::\w+|)\s+(.*)$ ^bluetooth(?::\w+|)\s+(.*)$ ^bluez(?::\w+|)\s+(.*)$ ^bluez-hcidump(?::\w+|)\s+(.*)$ ^bluez-cups(?::\w+|)\s+(.*)$ ^libbluetooth-dev(?::\w+|)\s+(.*)$ ^speex(?::\w+|)\s+(.*)$ ^libspeexdsp-dev(?::\w+|)\s+(.*)$ ^libspeex-dev(?::\w+|)\s+(.*)$ ^libspeexdsp1(?::\w+|)\s+(.*)$ ^speex-doc(?::\w+|)\s+(.*)$ ^libspeex1(?::\w+|)\s+(.*)$ ^opensc-pkcs11(?::\w+|)\s+(.*)$ ^opensc(?::\w+|)\s+(.*)$ ^pdfresurrect(?::\w+|)\s+(.*)$ ^lib64expat1(?::\w+|)\s+(.*)$ ^lib64expat1-dev(?::\w+|)\s+(.*)$ ^expat(?::\w+|)\s+(.*)$ ^libexpat1-dev(?::\w+|)\s+(.*)$ ^libexpat1(?::\w+|)\s+(.*)$ ^ubuntu-core-snapd-units(?::\w+|)\s+(.*)$ ^ubuntu-core-launcher(?::\w+|)\s+(.*)$ ^snap-confine(?::\w+|)\s+(.*)$ ^ubuntu-snappy-cli(?::\w+|)\s+(.*)$ ^golang-github-snapcore-snapd-dev(?::\w+|)\s+(.*)$ ^snapd-xdg-open(?::\w+|)\s+(.*)$ ^snapd(?::\w+|)\s+(.*)$ ^golang-github-ubuntu-core-snappy-dev(?::\w+|)\s+(.*)$ ^ubuntu-snappy(?::\w+|)\s+(.*)$ ^ubuntu-core-snapd-units(?::\w+|)\s+(.*)$ ^ubuntu-core-launcher(?::\w+|)\s+(.*)$ ^snap-confine(?::\w+|)\s+(.*)$ ^ubuntu-snappy-cli(?::\w+|)\s+(.*)$ ^golang-github-snapcore-snapd-dev(?::\w+|)\s+(.*)$ ^snapd-xdg-open(?::\w+|)\s+(.*)$ ^snapd(?::\w+|)\s+(.*)$ ^golang-github-ubuntu-core-snappy-dev(?::\w+|)\s+(.*)$ ^ubuntu-snappy(?::\w+|)\s+(.*)$ ^libc3p0-java-doc(?::\w+|)\s+(.*)$ ^libc3p0-java(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^php7.0-cgi(?::\w+|)\s+(.*)$ ^php7.0-mcrypt(?::\w+|)\s+(.*)$ ^php7.0-xsl(?::\w+|)\s+(.*)$ ^php7.0-fpm(?::\w+|)\s+(.*)$ ^libphp7.0-embed(?::\w+|)\s+(.*)$ ^php7.0-cli(?::\w+|)\s+(.*)$ ^php7.0-curl(?::\w+|)\s+(.*)$ ^php7.0-ldap(?::\w+|)\s+(.*)$ ^php7.0-mbstring(?::\w+|)\s+(.*)$ ^php7.0-gmp(?::\w+|)\s+(.*)$ ^php7.0-sqlite3(?::\w+|)\s+(.*)$ ^php7.0-gd(?::\w+|)\s+(.*)$ ^php7.0-common(?::\w+|)\s+(.*)$ ^php7.0-enchant(?::\w+|)\s+(.*)$ ^php7.0-odbc(?::\w+|)\s+(.*)$ ^php7.0-phpdbg(?::\w+|)\s+(.*)$ ^php7.0-json(?::\w+|)\s+(.*)$ ^php7.0-pgsql(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.0(?::\w+|)\s+(.*)$ ^php7.0-zip(?::\w+|)\s+(.*)$ ^php7.0-imap(?::\w+|)\s+(.*)$ ^php7.0-dba(?::\w+|)\s+(.*)$ ^php7.0-sybase(?::\w+|)\s+(.*)$ ^php7.0-pspell(?::\w+|)\s+(.*)$ ^php7.0-xml(?::\w+|)\s+(.*)$ ^php7.0-bz2(?::\w+|)\s+(.*)$ ^php7.0-recode(?::\w+|)\s+(.*)$ ^php7.0-soap(?::\w+|)\s+(.*)$ ^php7.0(?::\w+|)\s+(.*)$ ^php7.0-tidy(?::\w+|)\s+(.*)$ ^php7.0-interbase(?::\w+|)\s+(.*)$ ^php7.0-opcache(?::\w+|)\s+(.*)$ ^php7.0-readline(?::\w+|)\s+(.*)$ ^php7.0-intl(?::\w+|)\s+(.*)$ ^php7.0-mysql(?::\w+|)\s+(.*)$ ^php7.0-xmlrpc(?::\w+|)\s+(.*)$ ^php7.0-bcmath(?::\w+|)\s+(.*)$ ^php7.0-dev(?::\w+|)\s+(.*)$ ^php7.0-snmp(?::\w+|)\s+(.*)$ ^libsasl2-2(?::\w+|)\s+(.*)$ ^libsasl2-modules-gssapi-heimdal(?::\w+|)\s+(.*)$ ^sasl2-bin(?::\w+|)\s+(.*)$ ^libsasl2-modules-db(?::\w+|)\s+(.*)$ ^libsasl2-modules-gssapi-mit(?::\w+|)\s+(.*)$ ^libsasl2-dev(?::\w+|)\s+(.*)$ ^libsasl2-modules-sql(?::\w+|)\s+(.*)$ ^libsasl2-modules(?::\w+|)\s+(.*)$ ^libsasl2-modules-otp(?::\w+|)\s+(.*)$ ^libsasl2-modules-ldap(?::\w+|)\s+(.*)$ ^cyrus-sasl2-doc(?::\w+|)\s+(.*)$ ^libssh2-1-dev(?::\w+|)\s+(.*)$ ^libssh2-1(?::\w+|)\s+(.*)$ ^libc-bin(?::\w+|)\s+(.*)$ ^glibc-doc(?::\w+|)\s+(.*)$ ^libc6-i386(?::\w+|)\s+(.*)$ ^libc6-s390(?::\w+|)\s+(.*)$ ^libc6-dev-i386(?::\w+|)\s+(.*)$ ^libc6-dev-s390(?::\w+|)\s+(.*)$ ^libc6-armel(?::\w+|)\s+(.*)$ ^libc6-dev-armel(?::\w+|)\s+(.*)$ ^multiarch-support(?::\w+|)\s+(.*)$ ^libc6-dev(?::\w+|)\s+(.*)$ ^libc6-amd64(?::\w+|)\s+(.*)$ ^libc6-x32(?::\w+|)\s+(.*)$ ^libc6-dev-amd64(?::\w+|)\s+(.*)$ ^libc-dev-bin(?::\w+|)\s+(.*)$ ^libc6(?::\w+|)\s+(.*)$ ^locales-all(?::\w+|)\s+(.*)$ ^libc6-pic(?::\w+|)\s+(.*)$ ^nscd(?::\w+|)\s+(.*)$ ^glibc-source(?::\w+|)\s+(.*)$ ^libc6-dev-x32(?::\w+|)\s+(.*)$ ^locales(?::\w+|)\s+(.*)$ ^ansible-node-fireball(?::\w+|)\s+(.*)$ ^ansible(?::\w+|)\s+(.*)$ ^ansible-fireball(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws|-aws-hwe)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^lib64expat1-dev(?::\w+|)\s+(.*)$ ^expat(?::\w+|)\s+(.*)$ ^libexpat1-dev(?::\w+|)\s+(.*)$ ^libexpat1(?::\w+|)\s+(.*)$ ^lib64expat1(?::\w+|)\s+(.*)$ ^libsvn-dev(?::\w+|)\s+(.*)$ ^ruby-svn(?::\w+|)\s+(.*)$ ^subversion-tools(?::\w+|)\s+(.*)$ ^libapache2-svn(?::\w+|)\s+(.*)$ ^libapache2-mod-svn(?::\w+|)\s+(.*)$ ^python-subversion(?::\w+|)\s+(.*)$ ^libsvn-java(?::\w+|)\s+(.*)$ ^subversion(?::\w+|)\s+(.*)$ ^libsvn-doc(?::\w+|)\s+(.*)$ ^libsvn1(?::\w+|)\s+(.*)$ ^libsvn-perl(?::\w+|)\s+(.*)$ ^libsvn-ruby1.8(?::\w+|)\s+(.*)$ ^zsh-static(?::\w+|)\s+(.*)$ ^zsh-common(?::\w+|)\s+(.*)$ ^zsh-dev(?::\w+|)\s+(.*)$ ^zsh(?::\w+|)\s+(.*)$ ^zsh-doc(?::\w+|)\s+(.*)$ ^libfuse2(?::\w+|)\s+(.*)$ ^fuse(?::\w+|)\s+(.*)$ ^libfuse-dev(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^tar-scripts(?::\w+|)\s+(.*)$ ^tar(?::\w+|)\s+(.*)$ ^tcpdump(?::\w+|)\s+(.*)$ ^libisc160(?::\w+|)\s+(.*)$ ^libisccc-export140-udeb(?::\w+|)\s+(.*)$ ^libdns162(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^liblwres141(?::\w+|)\s+(.*)$ ^libisccc-export140(?::\w+|)\s+(.*)$ ^libisccfg-export140(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^libisc-export160(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libisccc140(?::\w+|)\s+(.*)$ ^host(?::\w+|)\s+(.*)$ ^libisccfg140(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^libdns-export162(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^libbind9-140(?::\w+|)\s+(.*)$ ^libirs141(?::\w+|)\s+(.*)$ ^libirs-export141(?::\w+|)\s+(.*)$ ^lwresd(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^man-db(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-5v5(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-2(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2-extra(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2(?::\w+|)\s+(.*)$ ^libjpeg-progs(?::\w+|)\s+(.*)$ ^libjpeg9(?::\w+|)\s+(.*)$ ^libjpeg9-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws|-aws-hwe)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^ckeditor(?::\w+|)\s+(.*)$ ^binutils-dev(?::\w+|)\s+(.*)$ ^binutils-arm-linux-gnueabihf(?::\w+|)\s+(.*)$ ^binutils-hppa64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-multiarch(?::\w+|)\s+(.*)$ ^binutils-powerpc64le-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mipsel-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-m68k-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-s390x-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-multiarch-dev(?::\w+|)\s+(.*)$ ^binutils-doc(?::\w+|)\s+(.*)$ ^binutils-sh4-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mips64-linux-gnuabi64(?::\w+|)\s+(.*)$ ^binutils-aarch64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-source(?::\w+|)\s+(.*)$ ^binutils-mips64el-linux-gnuabi64(?::\w+|)\s+(.*)$ ^binutils-mips-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-powerpc-linux-gnuspe(?::\w+|)\s+(.*)$ ^binutils-powerpc64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-hppa-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-sparc64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-arm-linux-gnueabi(?::\w+|)\s+(.*)$ ^binutils-alpha-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-powerpc-linux-gnu(?::\w+|)\s+(.*)$ ^binutils(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^libpython3.5-stdlib(?::\w+|)\s+(.*)$ ^python3.5-venv(?::\w+|)\s+(.*)$ ^python3.5-doc(?::\w+|)\s+(.*)$ ^python3.5-dev(?::\w+|)\s+(.*)$ ^libpython3.5-dev(?::\w+|)\s+(.*)$ ^libpython3.5-minimal(?::\w+|)\s+(.*)$ ^python3.5(?::\w+|)\s+(.*)$ ^idle-python3.5(?::\w+|)\s+(.*)$ ^libpython3.5-testsuite(?::\w+|)\s+(.*)$ ^python3.5-examples(?::\w+|)\s+(.*)$ ^python3.5-minimal(?::\w+|)\s+(.*)$ ^libpython3.5(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^libdbd-mysql-perl(?::\w+|)\s+(.*)$ ^smarty3(?::\w+|)\s+(.*)$ ^binutils-dev(?::\w+|)\s+(.*)$ ^binutils-arm-linux-gnueabihf(?::\w+|)\s+(.*)$ ^binutils-hppa64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-multiarch(?::\w+|)\s+(.*)$ ^binutils-powerpc64le-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mipsel-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-m68k-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-s390x-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-multiarch-dev(?::\w+|)\s+(.*)$ ^binutils-doc(?::\w+|)\s+(.*)$ ^binutils-sh4-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mips64-linux-gnuabi64(?::\w+|)\s+(.*)$ ^binutils-aarch64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-source(?::\w+|)\s+(.*)$ ^binutils-mips64el-linux-gnuabi64(?::\w+|)\s+(.*)$ ^binutils-mips-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-powerpc-linux-gnuspe(?::\w+|)\s+(.*)$ ^binutils-powerpc64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-hppa-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-sparc64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-arm-linux-gnueabi(?::\w+|)\s+(.*)$ ^binutils-alpha-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-powerpc-linux-gnu(?::\w+|)\s+(.*)$ ^binutils(?::\w+|)\s+(.*)$ ^python3-paramiko(?::\w+|)\s+(.*)$ ^paramiko-doc(?::\w+|)\s+(.*)$ ^python-paramiko(?::\w+|)\s+(.*)$ ^libtasn1-6-dev(?::\w+|)\s+(.*)$ ^libtasn1-3-bin(?::\w+|)\s+(.*)$ ^libtasn1-doc(?::\w+|)\s+(.*)$ ^libtasn1-bin(?::\w+|)\s+(.*)$ ^libtasn1-6(?::\w+|)\s+(.*)$ ^twisted-doc(?::\w+|)\s+(.*)$ ^python-twisted-news(?::\w+|)\s+(.*)$ ^python-twisted-words(?::\w+|)\s+(.*)$ ^python-twisted-names(?::\w+|)\s+(.*)$ ^python3-twisted(?::\w+|)\s+(.*)$ ^python-twisted-runner(?::\w+|)\s+(.*)$ ^python-twisted-core(?::\w+|)\s+(.*)$ ^python-twisted-web(?::\w+|)\s+(.*)$ ^python-twisted(?::\w+|)\s+(.*)$ ^python-twisted-mail(?::\w+|)\s+(.*)$ ^python-twisted-bin(?::\w+|)\s+(.*)$ ^python-twisted-conch(?::\w+|)\s+(.*)$ ^libx32z1-dev(?::\w+|)\s+(.*)$ ^lib64z1(?::\w+|)\s+(.*)$ ^libx32z1(?::\w+|)\s+(.*)$ ^lib64z1-dev(?::\w+|)\s+(.*)$ ^lib32z1(?::\w+|)\s+(.*)$ ^zlib1g(?::\w+|)\s+(.*)$ ^lib32z1-dev(?::\w+|)\s+(.*)$ ^zlib1g-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws|-aws-hwe)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^rsync(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^python-oslo.utils(?::\w+|)\s+(.*)$ ^python-oslo.utils-doc(?::\w+|)\s+(.*)$ ^python3-oslo.utils(?::\w+|)\s+(.*)$ ^python-oslo-utils(?::\w+|)\s+(.*)$ ^python-oslo-utils-doc(?::\w+|)\s+(.*)$ ^python3-oslo-utils(?::\w+|)\s+(.*)$ ^nginx-extras(?::\w+|)\s+(.*)$ ^nginx-core(?::\w+|)\s+(.*)$ ^nginx-common(?::\w+|)\s+(.*)$ ^nginx-full(?::\w+|)\s+(.*)$ ^nginx(?::\w+|)\s+(.*)$ ^nginx-light(?::\w+|)\s+(.*)$ ^nginx-doc(?::\w+|)\s+(.*)$ ^nginx-extras(?::\w+|)\s+(.*)$ ^nginx-core(?::\w+|)\s+(.*)$ ^nginx-common(?::\w+|)\s+(.*)$ ^nginx-full(?::\w+|)\s+(.*)$ ^nginx(?::\w+|)\s+(.*)$ ^nginx-light(?::\w+|)\s+(.*)$ ^nginx-doc(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^cflow(?::\w+|)\s+(.*)$ ^liblzma5(?::\w+|)\s+(.*)$ ^liblzma-doc(?::\w+|)\s+(.*)$ ^liblzma-dev(?::\w+|)\s+(.*)$ ^xz-utils(?::\w+|)\s+(.*)$ ^xzdec(?::\w+|)\s+(.*)$ ^gzip(?::\w+|)\s+(.*)$ ^klibc-utils(?::\w+|)\s+(.*)$ ^libklibc(?::\w+|)\s+(.*)$ ^libklibc-dev(?::\w+|)\s+(.*)$ ^bash-builtins(?::\w+|)\s+(.*)$ ^bash-doc(?::\w+|)\s+(.*)$ ^bash(?::\w+|)\s+(.*)$ ^bash-static(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws|-aws-hwe)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^libcroco-tools(?::\w+|)\s+(.*)$ ^libcroco3(?::\w+|)\s+(.*)$ ^libcroco3-dev(?::\w+|)\s+(.*)$ ^libsepol1(?::\w+|)\s+(.*)$ ^libsepol1-dev(?::\w+|)\s+(.*)$ ^sepol-utils(?::\w+|)\s+(.*)$ ^mutt-patched(?::\w+|)\s+(.*)$ ^mutt(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^libsdl1.2debian(?::\w+|)\s+(.*)$ ^libsdl1.2-dev(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-common(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^rsyslog-pgsql(?::\w+|)\s+(.*)$ ^rsyslog-gssapi(?::\w+|)\s+(.*)$ ^rsyslog-mysql(?::\w+|)\s+(.*)$ ^rsyslog-relp(?::\w+|)\s+(.*)$ ^rsyslog(?::\w+|)\s+(.*)$ ^rsyslog-elasticsearch(?::\w+|)\s+(.*)$ ^rsyslog-gnutls(?::\w+|)\s+(.*)$ ^libjbig2dec0(?::\w+|)\s+(.*)$ ^jbig2dec(?::\w+|)\s+(.*)$ ^libjbig2dec0-dev(?::\w+|)\s+(.*)$ ^libcairo-script-interpreter2(?::\w+|)\s+(.*)$ ^cairo-perf-utils(?::\w+|)\s+(.*)$ ^libcairo2-dev(?::\w+|)\s+(.*)$ ^libcairo2(?::\w+|)\s+(.*)$ ^libcairo2-doc(?::\w+|)\s+(.*)$ ^libcairo-gobject2(?::\w+|)\s+(.*)$ ^dnsmasq(?::\w+|)\s+(.*)$ ^dnsmasq-utils(?::\w+|)\s+(.*)$ ^dnsmasq-base(?::\w+|)\s+(.*)$ ^libsndfile1(?::\w+|)\s+(.*)$ ^libsndfile1-dev(?::\w+|)\s+(.*)$ ^sndfile-programs(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws|-aws-hwe)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^rsyslog-pgsql(?::\w+|)\s+(.*)$ ^rsyslog-gssapi(?::\w+|)\s+(.*)$ ^rsyslog-mysql(?::\w+|)\s+(.*)$ ^rsyslog-relp(?::\w+|)\s+(.*)$ ^rsyslog(?::\w+|)\s+(.*)$ ^rsyslog-elasticsearch(?::\w+|)\s+(.*)$ ^rsyslog-gnutls(?::\w+|)\s+(.*)$ ^libvorbis0a(?::\w+|)\s+(.*)$ ^libvorbisfile3(?::\w+|)\s+(.*)$ ^libvorbisenc2(?::\w+|)\s+(.*)$ ^libvorbis-dev(?::\w+|)\s+(.*)$ ^libtiff-opengl(?::\w+|)\s+(.*)$ ^libtiffxx5(?::\w+|)\s+(.*)$ ^libtiff5-dev(?::\w+|)\s+(.*)$ ^libtiff5(?::\w+|)\s+(.*)$ ^libtiff-tools(?::\w+|)\s+(.*)$ ^libtiff-doc(?::\w+|)\s+(.*)$ ^libxml2(?::\w+|)\s+(.*)$ ^libxml2-dev(?::\w+|)\s+(.*)$ ^python-libxml2(?::\w+|)\s+(.*)$ ^libxml2-doc(?::\w+|)\s+(.*)$ ^libxml2-utils(?::\w+|)\s+(.*)$ ^libclamav-dev(?::\w+|)\s+(.*)$ ^clamav-testfiles(?::\w+|)\s+(.*)$ ^clamav-base(?::\w+|)\s+(.*)$ ^clamav(?::\w+|)\s+(.*)$ ^clamav-daemon(?::\w+|)\s+(.*)$ ^clamav-docs(?::\w+|)\s+(.*)$ ^clamav-milter(?::\w+|)\s+(.*)$ ^clamav-freshclam(?::\w+|)\s+(.*)$ ^libclamav9(?::\w+|)\s+(.*)$ ^clamdscan(?::\w+|)\s+(.*)$ ^ldap-utils(?::\w+|)\s+(.*)$ ^libldap2-dev(?::\w+|)\s+(.*)$ ^libldap-2.4-2(?::\w+|)\s+(.*)$ ^slapd-smbk5pwd(?::\w+|)\s+(.*)$ ^slapd(?::\w+|)\s+(.*)$ ^pcregrep(?::\w+|)\s+(.*)$ ^libpcre3-dev(?::\w+|)\s+(.*)$ ^libpcre3(?::\w+|)\s+(.*)$ ^libpcrecpp0v5(?::\w+|)\s+(.*)$ ^libpcre16-3(?::\w+|)\s+(.*)$ ^libpcre32-3(?::\w+|)\s+(.*)$ ^libxrandr-dev(?::\w+|)\s+(.*)$ ^libxrandr2(?::\w+|)\s+(.*)$ ^libpng3(?::\w+|)\s+(.*)$ ^libpng12-dev(?::\w+|)\s+(.*)$ ^libpng12-0(?::\w+|)\s+(.*)$ ^libpng16-dev(?::\w+|)\s+(.*)$ ^libpng16-16(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-nox-py2(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-athena-py2(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-gtk3-py2(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-gtk-py2(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^vim-gnome-py2(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^libxrender-dev(?::\w+|)\s+(.*)$ ^libxrender1(?::\w+|)\s+(.*)$ ^libxfixes-dev(?::\w+|)\s+(.*)$ ^libxfixes3(?::\w+|)\s+(.*)$ ^htmldoc(?::\w+|)\s+(.*)$ ^htmldoc-common(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws|-aws-hwe)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^dpkg-dev(?::\w+|)\s+(.*)$ ^dselect(?::\w+|)\s+(.*)$ ^dpkg(?::\w+|)\s+(.*)$ ^libdpkg-dev(?::\w+|)\s+(.*)$ ^libdpkg-perl(?::\w+|)\s+(.*)$ ^libx32ncurses5(?::\w+|)\s+(.*)$ ^lib32tinfo-dev(?::\w+|)\s+(.*)$ ^ncurses-examples(?::\w+|)\s+(.*)$ ^lib32ncurses5-dev(?::\w+|)\s+(.*)$ ^lib32ncursesw5(?::\w+|)\s+(.*)$ ^libtinfo-dev(?::\w+|)\s+(.*)$ ^libncursesw5(?::\w+|)\s+(.*)$ ^libtinfo5(?::\w+|)\s+(.*)$ ^lib32ncurses5(?::\w+|)\s+(.*)$ ^lib64tinfo5(?::\w+|)\s+(.*)$ ^ncurses-bin(?::\w+|)\s+(.*)$ ^lib64ncurses5(?::\w+|)\s+(.*)$ ^lib64ncurses5-dev(?::\w+|)\s+(.*)$ ^libncurses5(?::\w+|)\s+(.*)$ ^libncurses5-dev(?::\w+|)\s+(.*)$ ^libx32ncurses5-dev(?::\w+|)\s+(.*)$ ^lib32tinfo5(?::\w+|)\s+(.*)$ ^ncurses-base(?::\w+|)\s+(.*)$ ^lib32ncursesw5-dev(?::\w+|)\s+(.*)$ ^ncurses-doc(?::\w+|)\s+(.*)$ ^libx32ncursesw5(?::\w+|)\s+(.*)$ ^libx32ncursesw5-dev(?::\w+|)\s+(.*)$ ^libx32tinfo-dev(?::\w+|)\s+(.*)$ ^libx32tinfo5(?::\w+|)\s+(.*)$ ^libncursesw5-dev(?::\w+|)\s+(.*)$ ^ncurses-term(?::\w+|)\s+(.*)$ ^libxv-dev(?::\w+|)\s+(.*)$ ^libxv1(?::\w+|)\s+(.*)$ ^ntfs-3g(?::\w+|)\s+(.*)$ ^ntfs-3g-dev(?::\w+|)\s+(.*)$ ^libfreetype6-dev(?::\w+|)\s+(.*)$ ^freetype2-demos(?::\w+|)\s+(.*)$ ^libfreetype6(?::\w+|)\s+(.*)$ ^libcupscgi1(?::\w+|)\s+(.*)$ ^libcups2-dev(?::\w+|)\s+(.*)$ ^cups-bsd(?::\w+|)\s+(.*)$ ^cups-common(?::\w+|)\s+(.*)$ ^cups-core-drivers(?::\w+|)\s+(.*)$ ^cups-server-common(?::\w+|)\s+(.*)$ ^libcupsimage2(?::\w+|)\s+(.*)$ ^cups-client(?::\w+|)\s+(.*)$ ^libcupscgi1-dev(?::\w+|)\s+(.*)$ ^libcupsimage2-dev(?::\w+|)\s+(.*)$ ^cups-ipp-utils(?::\w+|)\s+(.*)$ ^libcups2(?::\w+|)\s+(.*)$ ^libcupsmime1-dev(?::\w+|)\s+(.*)$ ^cups-ppdc(?::\w+|)\s+(.*)$ ^libcupsppdc1(?::\w+|)\s+(.*)$ ^libcupsmime1(?::\w+|)\s+(.*)$ ^libcupsppdc1-dev(?::\w+|)\s+(.*)$ ^cups(?::\w+|)\s+(.*)$ ^cups-daemon(?::\w+|)\s+(.*)$ ^libxmltok1(?::\w+|)\s+(.*)$ ^libxmltok1-dev(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-5v5(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2-extra(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-2(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-nox-py2(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-athena-py2(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-gtk3-py2(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-gtk-py2(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^vim-gnome-py2(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-nox-py2(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-athena-py2(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-gtk3-py2(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-gtk-py2(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^vim-gnome-py2(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^libruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3-dev(?::\w+|)\s+(.*)$ ^ruby2.3-doc(?::\w+|)\s+(.*)$ ^ruby2.3-tcltk(?::\w+|)\s+(.*)$ ^ntfs-3g(?::\w+|)\s+(.*)$ ^ntfs-3g-dev(?::\w+|)\s+(.*)$ ^libss2(?::\w+|)\s+(.*)$ ^e2fslibs-dev(?::\w+|)\s+(.*)$ ^e2fsprogs(?::\w+|)\s+(.*)$ ^e2fsck-static(?::\w+|)\s+(.*)$ ^e2fslibs(?::\w+|)\s+(.*)$ ^libcomerr2(?::\w+|)\s+(.*)$ ^ss-dev(?::\w+|)\s+(.*)$ ^comerr-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws|-aws-hwe)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^ca-certificates(?::\w+|)\s+(.*)$ ^libx32ncurses5(?::\w+|)\s+(.*)$ ^lib32tinfo-dev(?::\w+|)\s+(.*)$ ^ncurses-examples(?::\w+|)\s+(.*)$ ^lib32ncurses5-dev(?::\w+|)\s+(.*)$ ^lib32ncursesw5(?::\w+|)\s+(.*)$ ^libtinfo-dev(?::\w+|)\s+(.*)$ ^libncursesw5(?::\w+|)\s+(.*)$ ^libtinfo5(?::\w+|)\s+(.*)$ ^lib32ncurses5(?::\w+|)\s+(.*)$ ^lib64tinfo5(?::\w+|)\s+(.*)$ ^ncurses-bin(?::\w+|)\s+(.*)$ ^lib64ncurses5(?::\w+|)\s+(.*)$ ^lib64ncurses5-dev(?::\w+|)\s+(.*)$ ^libncurses5(?::\w+|)\s+(.*)$ ^libncurses5-dev(?::\w+|)\s+(.*)$ ^libx32ncurses5-dev(?::\w+|)\s+(.*)$ ^lib32tinfo5(?::\w+|)\s+(.*)$ ^ncurses-base(?::\w+|)\s+(.*)$ ^lib32ncursesw5-dev(?::\w+|)\s+(.*)$ ^ncurses-doc(?::\w+|)\s+(.*)$ ^libx32ncursesw5(?::\w+|)\s+(.*)$ ^libx32ncursesw5-dev(?::\w+|)\s+(.*)$ ^libx32tinfo-dev(?::\w+|)\s+(.*)$ ^libx32tinfo5(?::\w+|)\s+(.*)$ ^libncursesw5-dev(?::\w+|)\s+(.*)$ ^ncurses-term(?::\w+|)\s+(.*)$ ^bsdutils(?::\w+|)\s+(.*)$ ^libmount1(?::\w+|)\s+(.*)$ ^util-linux(?::\w+|)\s+(.*)$ ^mount(?::\w+|)\s+(.*)$ ^libsmartcols1(?::\w+|)\s+(.*)$ ^util-linux-locales(?::\w+|)\s+(.*)$ ^libfdisk1(?::\w+|)\s+(.*)$ ^libfdisk-dev(?::\w+|)\s+(.*)$ ^libsmartcols-dev(?::\w+|)\s+(.*)$ ^uuid-dev(?::\w+|)\s+(.*)$ ^libmount-dev(?::\w+|)\s+(.*)$ ^libblkid-dev(?::\w+|)\s+(.*)$ ^uuid-runtime(?::\w+|)\s+(.*)$ ^libblkid1(?::\w+|)\s+(.*)$ ^libuuid1(?::\w+|)\s+(.*)$ ^php7.0-cgi(?::\w+|)\s+(.*)$ ^php7.0-mcrypt(?::\w+|)\s+(.*)$ ^php7.0-xsl(?::\w+|)\s+(.*)$ ^php7.0-fpm(?::\w+|)\s+(.*)$ ^libphp7.0-embed(?::\w+|)\s+(.*)$ ^php7.0-cli(?::\w+|)\s+(.*)$ ^php7.0-curl(?::\w+|)\s+(.*)$ ^php7.0-ldap(?::\w+|)\s+(.*)$ ^php7.0-mbstring(?::\w+|)\s+(.*)$ ^php7.0-gmp(?::\w+|)\s+(.*)$ ^php7.0-sqlite3(?::\w+|)\s+(.*)$ ^php7.0-gd(?::\w+|)\s+(.*)$ ^php7.0-common(?::\w+|)\s+(.*)$ ^php7.0-enchant(?::\w+|)\s+(.*)$ ^php7.0-odbc(?::\w+|)\s+(.*)$ ^php7.0-phpdbg(?::\w+|)\s+(.*)$ ^php7.0-json(?::\w+|)\s+(.*)$ ^php7.0-pgsql(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.0(?::\w+|)\s+(.*)$ ^php7.0-zip(?::\w+|)\s+(.*)$ ^php7.0-imap(?::\w+|)\s+(.*)$ ^php7.0-dba(?::\w+|)\s+(.*)$ ^php7.0-sybase(?::\w+|)\s+(.*)$ ^php7.0-pspell(?::\w+|)\s+(.*)$ ^php7.0-xml(?::\w+|)\s+(.*)$ ^php7.0-bz2(?::\w+|)\s+(.*)$ ^php7.0-recode(?::\w+|)\s+(.*)$ ^php7.0-soap(?::\w+|)\s+(.*)$ ^php7.0(?::\w+|)\s+(.*)$ ^php7.0-tidy(?::\w+|)\s+(.*)$ ^php7.0-interbase(?::\w+|)\s+(.*)$ ^php7.0-opcache(?::\w+|)\s+(.*)$ ^php7.0-readline(?::\w+|)\s+(.*)$ ^php7.0-intl(?::\w+|)\s+(.*)$ ^php7.0-mysql(?::\w+|)\s+(.*)$ ^php7.0-xmlrpc(?::\w+|)\s+(.*)$ ^php7.0-bcmath(?::\w+|)\s+(.*)$ ^php7.0-dev(?::\w+|)\s+(.*)$ ^php7.0-snmp(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws|-aws-hwe)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^libprotoc9v5(?::\w+|)\s+(.*)$ ^libprotoc-dev(?::\w+|)\s+(.*)$ ^libprotobuf-lite9v5(?::\w+|)\s+(.*)$ ^python-protobuf(?::\w+|)\s+(.*)$ ^libprotobuf-dev(?::\w+|)\s+(.*)$ ^libprotobuf9v5(?::\w+|)\s+(.*)$ ^libprotobuf-java(?::\w+|)\s+(.*)$ ^protobuf-compiler(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-nox-py2(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-athena-py2(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-gtk3-py2(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-gtk-py2(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^vim-gnome-py2(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^libjpeg62(?::\w+|)\s+(.*)$ ^libjpeg62-dev(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-nox-py2(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-athena-py2(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-gtk3-py2(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-gtk-py2(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^vim-gnome-py2(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl3(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^gpgv(?::\w+|)\s+(.*)$ ^gnupg(?::\w+|)\s+(.*)$ ^gnupg-curl(?::\w+|)\s+(.*)$ ^dirmngr(?::\w+|)\s+(.*)$ ^scdaemon(?::\w+|)\s+(.*)$ ^gpgsm(?::\w+|)\s+(.*)$ ^gnupg-agent(?::\w+|)\s+(.*)$ ^gnupg2(?::\w+|)\s+(.*)$ ^gpgv2(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-nox-py2(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-athena-py2(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-gtk3-py2(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-gtk-py2(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^vim-gnome-py2(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^xmir(?::\w+|)\s+(.*)$ ^xwayland(?::\w+|)\s+(.*)$ ^xorg-server-source(?::\w+|)\s+(.*)$ ^xserver-xorg-core(?::\w+|)\s+(.*)$ ^xdmx(?::\w+|)\s+(.*)$ ^xserver-xorg-xmir(?::\w+|)\s+(.*)$ ^xserver-xorg-dev(?::\w+|)\s+(.*)$ ^xdmx-tools(?::\w+|)\s+(.*)$ ^xvfb(?::\w+|)\s+(.*)$ ^xnest(?::\w+|)\s+(.*)$ ^xserver-common(?::\w+|)\s+(.*)$ ^xserver-xephyr(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy(?::\w+|)\s+(.*)$ ^xserver-xorg-dev-hwe-16.04(?::\w+|)\s+(.*)$ ^xorg-server-source-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xorg-core-hwe-16.04(?::\w+|)\s+(.*)$ ^xmir-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy-hwe-16.04(?::\w+|)\s+(.*)$ ^xwayland-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xephyr-hwe-16.04(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws|-aws-hwe)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-nox-py2(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-athena-py2(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-gtk3-py2(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-gtk-py2(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^vim-gnome-py2(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^libpython3.5-stdlib(?::\w+|)\s+(.*)$ ^python3.5-venv(?::\w+|)\s+(.*)$ ^python3.5-doc(?::\w+|)\s+(.*)$ ^python3.5-dev(?::\w+|)\s+(.*)$ ^libpython3.5-dev(?::\w+|)\s+(.*)$ ^libpython3.5-minimal(?::\w+|)\s+(.*)$ ^python3.5(?::\w+|)\s+(.*)$ ^idle-python3.5(?::\w+|)\s+(.*)$ ^libpython3.5-testsuite(?::\w+|)\s+(.*)$ ^python3.5-examples(?::\w+|)\s+(.*)$ ^python3.5-minimal(?::\w+|)\s+(.*)$ ^libpython3.5(?::\w+|)\s+(.*)$ ^libhttp-daemon-perl(?::\w+|)\s+(.*)$ ^containerd(?::\w+|)\s+(.*)$ ^golang-github-docker-containerd-dev(?::\w+|)\s+(.*)$ ^libtiff-opengl(?::\w+|)\s+(.*)$ ^libtiff-tools(?::\w+|)\s+(.*)$ ^libtiff5-dev(?::\w+|)\s+(.*)$ ^libtiff5(?::\w+|)\s+(.*)$ ^libtiffxx5(?::\w+|)\s+(.*)$ ^libtiff-doc(?::\w+|)\s+(.*)$ ^check-mk-config-icinga(?::\w+|)\s+(.*)$ ^check-mk-config-nagios3(?::\w+|)\s+(.*)$ ^check-mk-multisite(?::\w+|)\s+(.*)$ ^check-mk-server(?::\w+|)\s+(.*)$ ^check-mk-doc(?::\w+|)\s+(.*)$ ^check-mk-livestatus(?::\w+|)\s+(.*)$ ^check-mk-agent-logwatch(?::\w+|)\s+(.*)$ ^check-mk-agent(?::\w+|)\s+(.*)$ ^python3-bottle(?::\w+|)\s+(.*)$ ^python-bottle(?::\w+|)\s+(.*)$ ^python-bottle-doc(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-nox-py2(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-athena-py2(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-gtk3-py2(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-gtk-py2(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^vim-gnome-py2(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-5v5(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-2(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2-extra(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2(?::\w+|)\s+(.*)$ ^intel-microcode(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-common(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^openjdk-8-jre-jamvm(?::\w+|)\s+(.*)$ ^libxml2(?::\w+|)\s+(.*)$ ^libxml2-utils(?::\w+|)\s+(.*)$ ^python-libxml2(?::\w+|)\s+(.*)$ ^libxml2-doc(?::\w+|)\s+(.*)$ ^libxml2-dev(?::\w+|)\s+(.*)$ ^libjpeg-turbo8(?::\w+|)\s+(.*)$ ^libjpeg-turbo-test(?::\w+|)\s+(.*)$ ^libjpeg-turbo8-dev(?::\w+|)\s+(.*)$ ^libturbojpeg(?::\w+|)\s+(.*)$ ^libjpeg-turbo-progs(?::\w+|)\s+(.*)$ ^gstreamer1.0-plugins-good(?::\w+|)\s+(.*)$ ^gstreamer1.0-pulseaudio(?::\w+|)\s+(.*)$ ^gstreamer1.0-plugins-good-doc(?::\w+|)\s+(.*)$ ^libgstreamer-plugins-good1.0-0(?::\w+|)\s+(.*)$ ^libgstreamer-plugins-good1.0-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^libcdio-paranoia1(?::\w+|)\s+(.*)$ ^libcdio-cdda-dev(?::\w+|)\s+(.*)$ ^libcdio-paranoia-dev(?::\w+|)\s+(.*)$ ^libcdio-cdda1(?::\w+|)\s+(.*)$ ^libcdio-utils(?::\w+|)\s+(.*)$ ^libcdio13(?::\w+|)\s+(.*)$ ^libudf-dev(?::\w+|)\s+(.*)$ ^libiso9660-dev(?::\w+|)\s+(.*)$ ^libiso9660-8(?::\w+|)\s+(.*)$ ^libcdio-dev(?::\w+|)\s+(.*)$ ^libudf0(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws|-aws-hwe)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^libx32z1-dev(?::\w+|)\s+(.*)$ ^lib64z1(?::\w+|)\s+(.*)$ ^libx32z1(?::\w+|)\s+(.*)$ ^lib64z1-dev(?::\w+|)\s+(.*)$ ^lib32z1(?::\w+|)\s+(.*)$ ^zlib1g(?::\w+|)\s+(.*)$ ^lib32z1-dev(?::\w+|)\s+(.*)$ ^zlib1g-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^rsync(?::\w+|)\s+(.*)$ ^exim4-dev(?::\w+|)\s+(.*)$ ^eximon4(?::\w+|)\s+(.*)$ ^exim4(?::\w+|)\s+(.*)$ ^exim4-daemon-light(?::\w+|)\s+(.*)$ ^exim4-config(?::\w+|)\s+(.*)$ ^exim4-daemon-heavy(?::\w+|)\s+(.*)$ ^exim4-base(?::\w+|)\s+(.*)$ ^python-libxslt1(?::\w+|)\s+(.*)$ ^libxslt1-dev(?::\w+|)\s+(.*)$ ^libxslt1.1(?::\w+|)\s+(.*)$ ^xsltproc(?::\w+|)\s+(.*)$ ^open-vm-tools(?::\w+|)\s+(.*)$ ^open-vm-tools-desktop(?::\w+|)\s+(.*)$ ^open-vm-tools-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^dchroot-dsa(?::\w+|)\s+(.*)$ ^libsbuild-dev(?::\w+|)\s+(.*)$ ^dchroot(?::\w+|)\s+(.*)$ ^libsbuild-doc(?::\w+|)\s+(.*)$ ^schroot(?::\w+|)\s+(.*)$ ^schroot-common(?::\w+|)\s+(.*)$ ^libsdl1.2debian(?::\w+|)\s+(.*)$ ^libsdl1.2-dev(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl3(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws|-aws-hwe)(?::\w+|)\s+(.*)$ ^zstd(?::\w+|)\s+(.*)$ ^libzstd1-dev(?::\w+|)\s+(.*)$ ^libzstd1(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^libtiff-opengl(?::\w+|)\s+(.*)$ ^libtiff-tools(?::\w+|)\s+(.*)$ ^libtiff5-dev(?::\w+|)\s+(.*)$ ^libtiff5(?::\w+|)\s+(.*)$ ^libtiffxx5(?::\w+|)\s+(.*)$ ^libtiff-doc(?::\w+|)\s+(.*)$ ^libpoppler58(?::\w+|)\s+(.*)$ ^poppler-utils(?::\w+|)\s+(.*)$ ^libpoppler-cpp-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt5-1(?::\w+|)\s+(.*)$ ^gir1.2-poppler-0.18(?::\w+|)\s+(.*)$ ^libpoppler-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib8(?::\w+|)\s+(.*)$ ^libpoppler-private-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt4-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt4-4(?::\w+|)\s+(.*)$ ^libpoppler-cpp0(?::\w+|)\s+(.*)$ ^libpoppler-qt5-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-doc(?::\w+|)\s+(.*)$ ^libpoppler58(?::\w+|)\s+(.*)$ ^poppler-utils(?::\w+|)\s+(.*)$ ^libpoppler-cpp-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt5-1(?::\w+|)\s+(.*)$ ^gir1.2-poppler-0.18(?::\w+|)\s+(.*)$ ^libpoppler-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib8(?::\w+|)\s+(.*)$ ^libpoppler-private-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt4-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt4-4(?::\w+|)\s+(.*)$ ^libpoppler-cpp0(?::\w+|)\s+(.*)$ ^libpoppler-qt5-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-doc(?::\w+|)\s+(.*)$ ^libwayland-bin(?::\w+|)\s+(.*)$ ^libwayland-dev(?::\w+|)\s+(.*)$ ^libwayland-cursor0(?::\w+|)\s+(.*)$ ^libwayland-server0(?::\w+|)\s+(.*)$ ^libwayland-doc(?::\w+|)\s+(.*)$ ^libwayland-client0(?::\w+|)\s+(.*)$ ^lemon(?::\w+|)\s+(.*)$ ^sqlite3-doc(?::\w+|)\s+(.*)$ ^libsqlite3-0(?::\w+|)\s+(.*)$ ^libsqlite3-tcl(?::\w+|)\s+(.*)$ ^sqlite3(?::\w+|)\s+(.*)$ ^libsqlite3-dev(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^libtiff-opengl(?::\w+|)\s+(.*)$ ^libtiffxx5(?::\w+|)\s+(.*)$ ^libtiff5-dev(?::\w+|)\s+(.*)$ ^libtiff5(?::\w+|)\s+(.*)$ ^libtiff-tools(?::\w+|)\s+(.*)$ ^libtiff-doc(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws|-aws-hwe)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^python-mako(?::\w+|)\s+(.*)$ ^python-mako-doc(?::\w+|)\s+(.*)$ ^python3-mako(?::\w+|)\s+(.*)$ ^libisc160(?::\w+|)\s+(.*)$ ^libisccc-export140-udeb(?::\w+|)\s+(.*)$ ^libdns162(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^liblwres141(?::\w+|)\s+(.*)$ ^libisccc-export140(?::\w+|)\s+(.*)$ ^libisccfg-export140(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^libisc-export160(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libisccc140(?::\w+|)\s+(.*)$ ^host(?::\w+|)\s+(.*)$ ^libisccfg140(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^libdns-export162(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^libbind9-140(?::\w+|)\s+(.*)$ ^libirs141(?::\w+|)\s+(.*)$ ^libirs-export141(?::\w+|)\s+(.*)$ ^lwresd(?::\w+|)\s+(.*)$ ^libpython3.5-stdlib(?::\w+|)\s+(.*)$ ^libpython3.5-minimal(?::\w+|)\s+(.*)$ ^python3.5-venv(?::\w+|)\s+(.*)$ ^python3.5(?::\w+|)\s+(.*)$ ^python3.5-minimal(?::\w+|)\s+(.*)$ ^python3.5-doc(?::\w+|)\s+(.*)$ ^libpython3.5-testsuite(?::\w+|)\s+(.*)$ ^libpython3.5(?::\w+|)\s+(.*)$ ^python3.5-examples(?::\w+|)\s+(.*)$ ^python3.5-dev(?::\w+|)\s+(.*)$ ^idle-python3.5(?::\w+|)\s+(.*)$ ^libpython3.5-dev(?::\w+|)\s+(.*)$ ^sosreport(?::\w+|)\s+(.*)$ ^libvpx-dev(?::\w+|)\s+(.*)$ ^vpx-tools(?::\w+|)\s+(.*)$ ^libvpx-doc(?::\w+|)\s+(.*)$ ^libvpx3(?::\w+|)\s+(.*)$ ^lib64expat1-dev(?::\w+|)\s+(.*)$ ^expat(?::\w+|)\s+(.*)$ ^libexpat1-dev(?::\w+|)\s+(.*)$ ^libexpat1(?::\w+|)\s+(.*)$ ^lib64expat1(?::\w+|)\s+(.*)$ ^lib64expat1-dev(?::\w+|)\s+(.*)$ ^expat(?::\w+|)\s+(.*)$ ^libexpat1-dev(?::\w+|)\s+(.*)$ ^libexpat1(?::\w+|)\s+(.*)$ ^lib64expat1(?::\w+|)\s+(.*)$ ^postgresql-doc-9.5(?::\w+|)\s+(.*)$ ^postgresql-plperl-9.5(?::\w+|)\s+(.*)$ ^postgresql-server-dev-9.5(?::\w+|)\s+(.*)$ ^postgresql-9.5(?::\w+|)\s+(.*)$ ^postgresql-plpython-9.5(?::\w+|)\s+(.*)$ ^libecpg6(?::\w+|)\s+(.*)$ ^postgresql-client-9.5(?::\w+|)\s+(.*)$ ^libpq5(?::\w+|)\s+(.*)$ ^postgresql-contrib-9.5(?::\w+|)\s+(.*)$ ^libpgtypes3(?::\w+|)\s+(.*)$ ^libecpg-dev(?::\w+|)\s+(.*)$ ^postgresql-pltcl-9.5(?::\w+|)\s+(.*)$ ^libpq-dev(?::\w+|)\s+(.*)$ ^postgresql-plpython3-9.5(?::\w+|)\s+(.*)$ ^libecpg-compat3(?::\w+|)\s+(.*)$ ^libxi6(?::\w+|)\s+(.*)$ ^libxi-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^strongswan-plugin-xauth-pam(?::\w+|)\s+(.*)$ ^libcharon-extra-plugins(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-simaka-pseudonym(?::\w+|)\s+(.*)$ ^libstrongswan-extra-plugins(?::\w+|)\s+(.*)$ ^strongswan-plugin-xauth-noauth(?::\w+|)\s+(.*)$ ^strongswan-plugin-farp(?::\w+|)\s+(.*)$ ^strongswan-charon(?::\w+|)\s+(.*)$ ^strongswan-ikev1(?::\w+|)\s+(.*)$ ^strongswan-plugin-gcrypt(?::\w+|)\s+(.*)$ ^strongswan-plugin-sshkey(?::\w+|)\s+(.*)$ ^strongswan-plugin-error-notify(?::\w+|)\s+(.*)$ ^strongswan-plugin-ipseckey(?::\w+|)\s+(.*)$ ^strongswan-tnc-ifmap(?::\w+|)\s+(.*)$ ^strongswan-plugin-coupling(?::\w+|)\s+(.*)$ ^strongswan-plugin-xauth-generic(?::\w+|)\s+(.*)$ ^strongswan-plugin-lookip(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-ttls(?::\w+|)\s+(.*)$ ^strongswan-plugin-af-alg(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-aka-3gpp2(?::\w+|)\s+(.*)$ ^strongswan-ike(?::\w+|)\s+(.*)$ ^strongswan-plugin-dnskey(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-aka(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-sim-file(?::\w+|)\s+(.*)$ ^strongswan-plugin-unbound(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-simaka-sql(?::\w+|)\s+(.*)$ ^libstrongswan-standard-plugins(?::\w+|)\s+(.*)$ ^strongswan-plugin-sqlite(?::\w+|)\s+(.*)$ ^strongswan-plugin-duplicheck(?::\w+|)\s+(.*)$ ^strongswan-plugin-ntru(?::\w+|)\s+(.*)$ ^strongswan-tnc-server(?::\w+|)\s+(.*)$ ^strongswan-plugin-attr-sql(?::\w+|)\s+(.*)$ ^strongswan-tnc-base(?::\w+|)\s+(.*)$ ^strongswan(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-peap(?::\w+|)\s+(.*)$ ^strongswan-starter(?::\w+|)\s+(.*)$ ^strongswan-plugin-curl(?::\w+|)\s+(.*)$ ^strongswan-plugin-radattr(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-mschapv2(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-dynamic(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-gtc(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-tls(?::\w+|)\s+(.*)$ ^strongswan-nm(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-tnc(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-radius(?::\w+|)\s+(.*)$ ^strongswan-ikev2(?::\w+|)\s+(.*)$ ^strongswan-plugin-mysql(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-simaka-reauth(?::\w+|)\s+(.*)$ ^strongswan-plugin-openssl(?::\w+|)\s+(.*)$ ^strongswan-plugin-dnscert(?::\w+|)\s+(.*)$ ^strongswan-plugin-pubkey(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-md5(?::\w+|)\s+(.*)$ ^charon-cmd(?::\w+|)\s+(.*)$ ^strongswan-plugin-whitelist(?::\w+|)\s+(.*)$ ^strongswan-plugin-fips-prf(?::\w+|)\s+(.*)$ ^strongswan-libcharon(?::\w+|)\s+(.*)$ ^strongswan-plugin-soup(?::\w+|)\s+(.*)$ ^strongswan-plugin-sql(?::\w+|)\s+(.*)$ ^strongswan-plugin-ldap(?::\w+|)\s+(.*)$ ^strongswan-plugin-certexpire(?::\w+|)\s+(.*)$ ^strongswan-tnc-pdp(?::\w+|)\s+(.*)$ ^strongswan-plugin-unity(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-sim(?::\w+|)\s+(.*)$ ^strongswan-tnc-client(?::\w+|)\s+(.*)$ ^strongswan-plugin-xauth-eap(?::\w+|)\s+(.*)$ ^strongswan-plugin-dhcp(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-sim-pcsc(?::\w+|)\s+(.*)$ ^strongswan-plugin-gmp(?::\w+|)\s+(.*)$ ^strongswan-plugin-agent(?::\w+|)\s+(.*)$ ^strongswan-plugin-kernel-libipsec(?::\w+|)\s+(.*)$ ^strongswan-plugin-load-tester(?::\w+|)\s+(.*)$ ^strongswan-plugin-pgp(?::\w+|)\s+(.*)$ ^strongswan-plugin-led(?::\w+|)\s+(.*)$ ^strongswan-plugin-pkcs11(?::\w+|)\s+(.*)$ ^strongswan-plugin-systime-fix(?::\w+|)\s+(.*)$ ^libstrongswan(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^jackd2(?::\w+|)\s+(.*)$ ^jackd2-firewire(?::\w+|)\s+(.*)$ ^libjack-jackd2-0(?::\w+|)\s+(.*)$ ^libjack-jackd2-dev(?::\w+|)\s+(.*)$ ^libgraphite2-doc(?::\w+|)\s+(.*)$ ^libgraphite2-3(?::\w+|)\s+(.*)$ ^libgraphite2-dev(?::\w+|)\s+(.*)$ ^isc-dhcp-dev(?::\w+|)\s+(.*)$ ^isc-dhcp-client-ddns(?::\w+|)\s+(.*)$ ^isc-dhcp-relay(?::\w+|)\s+(.*)$ ^isc-dhcp-client(?::\w+|)\s+(.*)$ ^isc-dhcp-common(?::\w+|)\s+(.*)$ ^isc-dhcp-server(?::\w+|)\s+(.*)$ ^isc-dhcp-server-ldap(?::\w+|)\s+(.*)$ ^libonig2(?::\w+|)\s+(.*)$ ^libonig-dev(?::\w+|)\s+(.*)$ ^libopenjpeg-java(?::\w+|)\s+(.*)$ ^openjpip-dec-server(?::\w+|)\s+(.*)$ ^libopenjpeg-dev(?::\w+|)\s+(.*)$ ^libopenjpeg5(?::\w+|)\s+(.*)$ ^openjpip-server(?::\w+|)\s+(.*)$ ^openjpip-viewer-xerces(?::\w+|)\s+(.*)$ ^openjpeg-tools(?::\w+|)\s+(.*)$ ^openjpip-viewer(?::\w+|)\s+(.*)$ ^pcregrep(?::\w+|)\s+(.*)$ ^libpcre3-dev(?::\w+|)\s+(.*)$ ^libpcre3(?::\w+|)\s+(.*)$ ^libpcrecpp0v5(?::\w+|)\s+(.*)$ ^libpcre16-3(?::\w+|)\s+(.*)$ ^libpcre32-3(?::\w+|)\s+(.*)$ ^openssh-client(?::\w+|)\s+(.*)$ ^ssh-askpass-gnome(?::\w+|)\s+(.*)$ ^openssh-server(?::\w+|)\s+(.*)$ ^openssh-client-ssh1(?::\w+|)\s+(.*)$ ^ssh(?::\w+|)\s+(.*)$ ^ssh-krb5(?::\w+|)\s+(.*)$ ^openssh-sftp-server(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^advancecomp(?::\w+|)\s+(.*)$ ^libgmp10-doc(?::\w+|)\s+(.*)$ ^libgmpxx4ldbl(?::\w+|)\s+(.*)$ ^libgmp3-dev(?::\w+|)\s+(.*)$ ^libgmp10(?::\w+|)\s+(.*)$ ^libgmp-dev(?::\w+|)\s+(.*)$ ^unzip(?::\w+|)\s+(.*)$ ^libxmlsec1-nss(?::\w+|)\s+(.*)$ ^libxmlsec1-gnutls(?::\w+|)\s+(.*)$ ^libxmlsec1(?::\w+|)\s+(.*)$ ^libxmlsec1-openssl(?::\w+|)\s+(.*)$ ^xmlsec1(?::\w+|)\s+(.*)$ ^libxmlsec1-dev(?::\w+|)\s+(.*)$ ^libxmlsec1-gcrypt(?::\w+|)\s+(.*)$ ^libhcrypto4-heimdal(?::\w+|)\s+(.*)$ ^libwind0-heimdal(?::\w+|)\s+(.*)$ ^libroken18-heimdal(?::\w+|)\s+(.*)$ ^libgssapi3-heimdal(?::\w+|)\s+(.*)$ ^heimdal-kcm(?::\w+|)\s+(.*)$ ^libhdb9-heimdal(?::\w+|)\s+(.*)$ ^libasn1-8-heimdal(?::\w+|)\s+(.*)$ ^libsl0-heimdal(?::\w+|)\s+(.*)$ ^libkadm5clnt7-heimdal(?::\w+|)\s+(.*)$ ^heimdal-kdc(?::\w+|)\s+(.*)$ ^libkdc2-heimdal(?::\w+|)\s+(.*)$ ^heimdal-servers(?::\w+|)\s+(.*)$ ^libheimntlm0-heimdal(?::\w+|)\s+(.*)$ ^heimdal-docs(?::\w+|)\s+(.*)$ ^libheimbase1-heimdal(?::\w+|)\s+(.*)$ ^libkrb5-26-heimdal(?::\w+|)\s+(.*)$ ^libotp0-heimdal(?::\w+|)\s+(.*)$ ^heimdal-dev(?::\w+|)\s+(.*)$ ^libkafs0-heimdal(?::\w+|)\s+(.*)$ ^libhx509-5-heimdal(?::\w+|)\s+(.*)$ ^heimdal-multidev(?::\w+|)\s+(.*)$ ^libkadm5srv8-heimdal(?::\w+|)\s+(.*)$ ^heimdal-clients(?::\w+|)\s+(.*)$ ^postgresql-doc-9.5(?::\w+|)\s+(.*)$ ^postgresql-plperl-9.5(?::\w+|)\s+(.*)$ ^postgresql-server-dev-9.5(?::\w+|)\s+(.*)$ ^postgresql-9.5(?::\w+|)\s+(.*)$ ^postgresql-plpython-9.5(?::\w+|)\s+(.*)$ ^libecpg6(?::\w+|)\s+(.*)$ ^postgresql-client-9.5(?::\w+|)\s+(.*)$ ^libpq5(?::\w+|)\s+(.*)$ ^postgresql-contrib-9.5(?::\w+|)\s+(.*)$ ^libpgtypes3(?::\w+|)\s+(.*)$ ^libecpg-dev(?::\w+|)\s+(.*)$ ^postgresql-pltcl-9.5(?::\w+|)\s+(.*)$ ^libpq-dev(?::\w+|)\s+(.*)$ ^postgresql-plpython3-9.5(?::\w+|)\s+(.*)$ ^libecpg-compat3(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws|-aws-hwe)(?::\w+|)\s+(.*)$ ^gthumb-dev(?::\w+|)\s+(.*)$ ^gthumb-data(?::\w+|)\s+(.*)$ ^gthumb(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^git(?::\w+|)\s+(.*)$ ^gitweb(?::\w+|)\s+(.*)$ ^git-all(?::\w+|)\s+(.*)$ ^git-daemon-sysvinit(?::\w+|)\s+(.*)$ ^git-arch(?::\w+|)\s+(.*)$ ^git-el(?::\w+|)\s+(.*)$ ^gitk(?::\w+|)\s+(.*)$ ^git-gui(?::\w+|)\s+(.*)$ ^git-mediawiki(?::\w+|)\s+(.*)$ ^git-daemon-run(?::\w+|)\s+(.*)$ ^git-man(?::\w+|)\s+(.*)$ ^git-doc(?::\w+|)\s+(.*)$ ^git-svn(?::\w+|)\s+(.*)$ ^git-cvs(?::\w+|)\s+(.*)$ ^git-core(?::\w+|)\s+(.*)$ ^git-email(?::\w+|)\s+(.*)$ ^git(?::\w+|)\s+(.*)$ ^gitweb(?::\w+|)\s+(.*)$ ^git-gui(?::\w+|)\s+(.*)$ ^git-daemon-sysvinit(?::\w+|)\s+(.*)$ ^git-arch(?::\w+|)\s+(.*)$ ^git-el(?::\w+|)\s+(.*)$ ^gitk(?::\w+|)\s+(.*)$ ^git-all(?::\w+|)\s+(.*)$ ^git-mediawiki(?::\w+|)\s+(.*)$ ^git-daemon-run(?::\w+|)\s+(.*)$ ^git-man(?::\w+|)\s+(.*)$ ^git-doc(?::\w+|)\s+(.*)$ ^git-svn(?::\w+|)\s+(.*)$ ^git-cvs(?::\w+|)\s+(.*)$ ^git-core(?::\w+|)\s+(.*)$ ^git-email(?::\w+|)\s+(.*)$ ^libksba8(?::\w+|)\s+(.*)$ ^libksba-dev(?::\w+|)\s+(.*)$ ^perl-modules-5.22(?::\w+|)\s+(.*)$ ^libperl-dev(?::\w+|)\s+(.*)$ ^perl-doc(?::\w+|)\s+(.*)$ ^perl(?::\w+|)\s+(.*)$ ^perl-base(?::\w+|)\s+(.*)$ ^perl-debug(?::\w+|)\s+(.*)$ ^libperl5.22(?::\w+|)\s+(.*)$ ^libxdmcp-dev(?::\w+|)\s+(.*)$ ^libxdmcp6(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-common(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^openvswitch-switch(?::\w+|)\s+(.*)$ ^openvswitch-pki(?::\w+|)\s+(.*)$ ^openvswitch-common(?::\w+|)\s+(.*)$ ^ovn-docker(?::\w+|)\s+(.*)$ ^openvswitch-testcontroller(?::\w+|)\s+(.*)$ ^openvswitch-vtep(?::\w+|)\s+(.*)$ ^python-openvswitch(?::\w+|)\s+(.*)$ ^openvswitch-ipsec(?::\w+|)\s+(.*)$ ^ovn-host(?::\w+|)\s+(.*)$ ^ovn-common(?::\w+|)\s+(.*)$ ^ovn-central(?::\w+|)\s+(.*)$ ^openvswitch-switch-dpdk(?::\w+|)\s+(.*)$ ^openvswitch-test(?::\w+|)\s+(.*)$ ^libc-bin(?::\w+|)\s+(.*)$ ^glibc-doc(?::\w+|)\s+(.*)$ ^libc6-i386(?::\w+|)\s+(.*)$ ^libc6-s390(?::\w+|)\s+(.*)$ ^libc6-dev-i386(?::\w+|)\s+(.*)$ ^libc6-armel(?::\w+|)\s+(.*)$ ^libc6-dev-armel(?::\w+|)\s+(.*)$ ^multiarch-support(?::\w+|)\s+(.*)$ ^libc6-dev(?::\w+|)\s+(.*)$ ^libc6-amd64(?::\w+|)\s+(.*)$ ^libc6-x32(?::\w+|)\s+(.*)$ ^libc6-dev-amd64(?::\w+|)\s+(.*)$ ^nscd(?::\w+|)\s+(.*)$ ^libc-dev-bin(?::\w+|)\s+(.*)$ ^libc6(?::\w+|)\s+(.*)$ ^locales-all(?::\w+|)\s+(.*)$ ^libc6-pic(?::\w+|)\s+(.*)$ ^libc6-dev-s390(?::\w+|)\s+(.*)$ ^glibc-source(?::\w+|)\s+(.*)$ ^libc6-dev-x32(?::\w+|)\s+(.*)$ ^locales(?::\w+|)\s+(.*)$ ^python-jinja2(?::\w+|)\s+(.*)$ ^python-jinja2-doc(?::\w+|)\s+(.*)$ ^python3-jinja2(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl3(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^dbus-1-doc(?::\w+|)\s+(.*)$ ^dbus(?::\w+|)\s+(.*)$ ^libdbus-1-dev(?::\w+|)\s+(.*)$ ^dbus-user-session(?::\w+|)\s+(.*)$ ^dbus-x11(?::\w+|)\s+(.*)$ ^dbus-tests(?::\w+|)\s+(.*)$ ^libdbus-1-3(?::\w+|)\s+(.*)$ ^libtiff-opengl(?::\w+|)\s+(.*)$ ^libtiffxx5(?::\w+|)\s+(.*)$ ^libtiff5-dev(?::\w+|)\s+(.*)$ ^libtiff5(?::\w+|)\s+(.*)$ ^libtiff-tools(?::\w+|)\s+(.*)$ ^libtiff-doc(?::\w+|)\s+(.*)$ ^libtasn1-6-dev(?::\w+|)\s+(.*)$ ^libtasn1-3-bin(?::\w+|)\s+(.*)$ ^libtasn1-doc(?::\w+|)\s+(.*)$ ^libtasn1-bin(?::\w+|)\s+(.*)$ ^libtasn1-6(?::\w+|)\s+(.*)$ ^ntfs-3g(?::\w+|)\s+(.*)$ ^ntfs-3g-dev(?::\w+|)\s+(.*)$ ^lemon(?::\w+|)\s+(.*)$ ^sqlite3-doc(?::\w+|)\s+(.*)$ ^libsqlite3-0(?::\w+|)\s+(.*)$ ^libsqlite3-tcl(?::\w+|)\s+(.*)$ ^sqlite3(?::\w+|)\s+(.*)$ ^libsqlite3-dev(?::\w+|)\s+(.*)$ ^libtiff-opengl(?::\w+|)\s+(.*)$ ^libtiffxx5(?::\w+|)\s+(.*)$ ^libtiff5-dev(?::\w+|)\s+(.*)$ ^libtiff5(?::\w+|)\s+(.*)$ ^libtiff-tools(?::\w+|)\s+(.*)$ ^libtiff-doc(?::\w+|)\s+(.*)$ ^libpixman-1-0(?::\w+|)\s+(.*)$ ^libpixman-1-dev(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^openjdk-8-jre-jamvm(?::\w+|)\s+(.*)$ ^zstd(?::\w+|)\s+(.*)$ ^libzstd1-dev(?::\w+|)\s+(.*)$ ^libzstd1(?::\w+|)\s+(.*)$ ^libwavpack1(?::\w+|)\s+(.*)$ ^libwavpack-dev(?::\w+|)\s+(.*)$ ^wavpack(?::\w+|)\s+(.*)$ ^nginx-extras(?::\w+|)\s+(.*)$ ^nginx-core(?::\w+|)\s+(.*)$ ^nginx-common(?::\w+|)\s+(.*)$ ^nginx-full(?::\w+|)\s+(.*)$ ^nginx(?::\w+|)\s+(.*)$ ^nginx-light(?::\w+|)\s+(.*)$ ^nginx-doc(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-nox-py2(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-athena-py2(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-gtk3-py2(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-gtk-py2(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^vim-gnome-py2(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^golang-1.13-doc(?::\w+|)\s+(.*)$ ^golang-1.13-src(?::\w+|)\s+(.*)$ ^golang-1.13(?::\w+|)\s+(.*)$ ^golang-1.13-go(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws|-aws-hwe)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^libflac-doc(?::\w+|)\s+(.*)$ ^libflac-dev(?::\w+|)\s+(.*)$ ^libflac++-dev(?::\w+|)\s+(.*)$ ^flac(?::\w+|)\s+(.*)$ ^libflac++6v5(?::\w+|)\s+(.*)$ ^libflac8(?::\w+|)\s+(.*)$ ^isag(?::\w+|)\s+(.*)$ ^sysstat(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-5v5(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-2(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2-extra(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2(?::\w+|)\s+(.*)$ ^libaprutil1-dbd-odbc(?::\w+|)\s+(.*)$ ^libaprutil1(?::\w+|)\s+(.*)$ ^libaprutil1-dbd-mysql(?::\w+|)\s+(.*)$ ^libaprutil1-ldap(?::\w+|)\s+(.*)$ ^libaprutil1-dbd-sqlite3(?::\w+|)\s+(.*)$ ^libaprutil1-dbd-pgsql(?::\w+|)\s+(.*)$ ^libaprutil1-dev(?::\w+|)\s+(.*)$ ^xmir(?::\w+|)\s+(.*)$ ^xwayland(?::\w+|)\s+(.*)$ ^xorg-server-source(?::\w+|)\s+(.*)$ ^xserver-xorg-core(?::\w+|)\s+(.*)$ ^xdmx(?::\w+|)\s+(.*)$ ^xserver-xorg-xmir(?::\w+|)\s+(.*)$ ^xserver-xorg-dev(?::\w+|)\s+(.*)$ ^xdmx-tools(?::\w+|)\s+(.*)$ ^xvfb(?::\w+|)\s+(.*)$ ^xnest(?::\w+|)\s+(.*)$ ^xserver-common(?::\w+|)\s+(.*)$ ^xserver-xephyr(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy(?::\w+|)\s+(.*)$ ^xserver-xorg-dev-hwe-16.04(?::\w+|)\s+(.*)$ ^xorg-server-source-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xorg-core-hwe-16.04(?::\w+|)\s+(.*)$ ^xmir-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy-hwe-16.04(?::\w+|)\s+(.*)$ ^xwayland-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xephyr-hwe-16.04(?::\w+|)\s+(.*)$ ^jbigkit-bin(?::\w+|)\s+(.*)$ ^libjbig-dev(?::\w+|)\s+(.*)$ ^libjbig0(?::\w+|)\s+(.*)$ ^libtiff-opengl(?::\w+|)\s+(.*)$ ^libtiff-tools(?::\w+|)\s+(.*)$ ^libtiff5-dev(?::\w+|)\s+(.*)$ ^libtiff5(?::\w+|)\s+(.*)$ ^libtiffxx5(?::\w+|)\s+(.*)$ ^libtiff-doc(?::\w+|)\s+(.*)$ ^libice6(?::\w+|)\s+(.*)$ ^libice-doc(?::\w+|)\s+(.*)$ ^libice-dev(?::\w+|)\s+(.*)$ ^passwd(?::\w+|)\s+(.*)$ ^login(?::\w+|)\s+(.*)$ ^uidmap(?::\w+|)\s+(.*)$ ^passwd(?::\w+|)\s+(.*)$ ^login(?::\w+|)\s+(.*)$ ^uidmap(?::\w+|)\s+(.*)$ ^gir1.2-harfbuzz-0.0(?::\w+|)\s+(.*)$ ^libharfbuzz-gobject0(?::\w+|)\s+(.*)$ ^libharfbuzz-dev(?::\w+|)\s+(.*)$ ^libharfbuzz-icu0(?::\w+|)\s+(.*)$ ^libharfbuzz0b(?::\w+|)\s+(.*)$ ^libharfbuzz-bin(?::\w+|)\s+(.*)$ ^libharfbuzz-doc(?::\w+|)\s+(.*)$ ^libisc160(?::\w+|)\s+(.*)$ ^libisccc-export140-udeb(?::\w+|)\s+(.*)$ ^libdns162(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^liblwres141(?::\w+|)\s+(.*)$ ^libisccc-export140(?::\w+|)\s+(.*)$ ^libisccfg-export140(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^libisc-export160(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libisccc140(?::\w+|)\s+(.*)$ ^host(?::\w+|)\s+(.*)$ ^libisccfg140(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^libdns-export162(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^libbind9-140(?::\w+|)\s+(.*)$ ^libirs141(?::\w+|)\s+(.*)$ ^libirs-export141(?::\w+|)\s+(.*)$ ^lwresd(?::\w+|)\s+(.*)$ ^libsamplerate0(?::\w+|)\s+(.*)$ ^samplerate-programs(?::\w+|)\s+(.*)$ ^libsamplerate0-dev(?::\w+|)\s+(.*)$ ^gnutls-doc(?::\w+|)\s+(.*)$ ^libgnutls28-dev(?::\w+|)\s+(.*)$ ^libgnutls-openssl27(?::\w+|)\s+(.*)$ ^libgnutls30(?::\w+|)\s+(.*)$ ^libgnutls-dev(?::\w+|)\s+(.*)$ ^gnutls-bin(?::\w+|)\s+(.*)$ ^guile-gnutls(?::\w+|)\s+(.*)$ ^libgnutlsxx28(?::\w+|)\s+(.*)$ ^mmdb-bin(?::\w+|)\s+(.*)$ ^libmaxminddb-dev(?::\w+|)\s+(.*)$ ^libmaxminddb0(?::\w+|)\s+(.*)$ ^ubuntu-core-snapd-units(?::\w+|)\s+(.*)$ ^ubuntu-core-launcher(?::\w+|)\s+(.*)$ ^snap-confine(?::\w+|)\s+(.*)$ ^ubuntu-snappy-cli(?::\w+|)\s+(.*)$ ^golang-github-snapcore-snapd-dev(?::\w+|)\s+(.*)$ ^snapd-xdg-open(?::\w+|)\s+(.*)$ ^snapd(?::\w+|)\s+(.*)$ ^golang-github-ubuntu-core-snappy-dev(?::\w+|)\s+(.*)$ ^ubuntu-snappy(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws|-aws-hwe)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^libxml2(?::\w+|)\s+(.*)$ ^libxml2-utils(?::\w+|)\s+(.*)$ ^python-libxml2(?::\w+|)\s+(.*)$ ^libxml2-doc(?::\w+|)\s+(.*)$ ^libxml2-dev(?::\w+|)\s+(.*)$ ^ca-certificates(?::\w+|)\s+(.*)$ ^binutils-dev(?::\w+|)\s+(.*)$ ^binutils-arm-linux-gnueabihf(?::\w+|)\s+(.*)$ ^binutils-hppa64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-multiarch(?::\w+|)\s+(.*)$ ^binutils-powerpc64le-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mipsel-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-m68k-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-s390x-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-multiarch-dev(?::\w+|)\s+(.*)$ ^binutils-doc(?::\w+|)\s+(.*)$ ^binutils-sh4-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mips64-linux-gnuabi64(?::\w+|)\s+(.*)$ ^binutils-aarch64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-source(?::\w+|)\s+(.*)$ ^binutils-mips64el-linux-gnuabi64(?::\w+|)\s+(.*)$ ^binutils-mips-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-powerpc-linux-gnuspe(?::\w+|)\s+(.*)$ ^binutils-powerpc64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-hppa-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-sparc64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-arm-linux-gnueabi(?::\w+|)\s+(.*)$ ^binutils-alpha-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-powerpc-linux-gnu(?::\w+|)\s+(.*)$ ^binutils(?::\w+|)\s+(.*)$ ^postgresql-doc-9.5(?::\w+|)\s+(.*)$ ^postgresql-plperl-9.5(?::\w+|)\s+(.*)$ ^postgresql-server-dev-9.5(?::\w+|)\s+(.*)$ ^postgresql-9.5(?::\w+|)\s+(.*)$ ^postgresql-plpython-9.5(?::\w+|)\s+(.*)$ ^libecpg6(?::\w+|)\s+(.*)$ ^postgresql-client-9.5(?::\w+|)\s+(.*)$ ^libpq-dev(?::\w+|)\s+(.*)$ ^postgresql-contrib-9.5(?::\w+|)\s+(.*)$ ^libpgtypes3(?::\w+|)\s+(.*)$ ^libecpg-dev(?::\w+|)\s+(.*)$ ^postgresql-pltcl-9.5(?::\w+|)\s+(.*)$ ^libpq5(?::\w+|)\s+(.*)$ ^postgresql-plpython3-9.5(?::\w+|)\s+(.*)$ ^libecpg-compat3(?::\w+|)\s+(.*)$ ^libhcrypto4-heimdal(?::\w+|)\s+(.*)$ ^libwind0-heimdal(?::\w+|)\s+(.*)$ ^libroken18-heimdal(?::\w+|)\s+(.*)$ ^libgssapi3-heimdal(?::\w+|)\s+(.*)$ ^heimdal-kcm(?::\w+|)\s+(.*)$ ^libhdb9-heimdal(?::\w+|)\s+(.*)$ ^libasn1-8-heimdal(?::\w+|)\s+(.*)$ ^libsl0-heimdal(?::\w+|)\s+(.*)$ ^libkadm5clnt7-heimdal(?::\w+|)\s+(.*)$ ^heimdal-kdc(?::\w+|)\s+(.*)$ ^libkdc2-heimdal(?::\w+|)\s+(.*)$ ^heimdal-servers(?::\w+|)\s+(.*)$ ^libheimntlm0-heimdal(?::\w+|)\s+(.*)$ ^heimdal-docs(?::\w+|)\s+(.*)$ ^libheimbase1-heimdal(?::\w+|)\s+(.*)$ ^libkrb5-26-heimdal(?::\w+|)\s+(.*)$ ^libotp0-heimdal(?::\w+|)\s+(.*)$ ^heimdal-dev(?::\w+|)\s+(.*)$ ^libkafs0-heimdal(?::\w+|)\s+(.*)$ ^libhx509-5-heimdal(?::\w+|)\s+(.*)$ ^heimdal-multidev(?::\w+|)\s+(.*)$ ^libkadm5srv8-heimdal(?::\w+|)\s+(.*)$ ^heimdal-clients(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^libpython3.5-stdlib(?::\w+|)\s+(.*)$ ^python3.5-venv(?::\w+|)\s+(.*)$ ^python3.5-doc(?::\w+|)\s+(.*)$ ^python3.5-dev(?::\w+|)\s+(.*)$ ^libpython3.5-dev(?::\w+|)\s+(.*)$ ^libpython3.5-minimal(?::\w+|)\s+(.*)$ ^python3.5(?::\w+|)\s+(.*)$ ^idle-python3.5(?::\w+|)\s+(.*)$ ^libpython3.5-testsuite(?::\w+|)\s+(.*)$ ^python3.5-examples(?::\w+|)\s+(.*)$ ^python3.5-minimal(?::\w+|)\s+(.*)$ ^libpython3.5(?::\w+|)\s+(.*)$ ^libc-bin(?::\w+|)\s+(.*)$ ^glibc-doc(?::\w+|)\s+(.*)$ ^locales-all(?::\w+|)\s+(.*)$ ^libc6-i386(?::\w+|)\s+(.*)$ ^libc6-s390(?::\w+|)\s+(.*)$ ^libc6-dev-i386(?::\w+|)\s+(.*)$ ^libc6-armel(?::\w+|)\s+(.*)$ ^libc6-dev-armel(?::\w+|)\s+(.*)$ ^multiarch-support(?::\w+|)\s+(.*)$ ^libc6-dev(?::\w+|)\s+(.*)$ ^libc6-amd64(?::\w+|)\s+(.*)$ ^libc6-x32(?::\w+|)\s+(.*)$ ^libc6-dev-amd64(?::\w+|)\s+(.*)$ ^libc-dev-bin(?::\w+|)\s+(.*)$ ^libc6(?::\w+|)\s+(.*)$ ^nscd(?::\w+|)\s+(.*)$ ^libc6-pic(?::\w+|)\s+(.*)$ ^libc6-dev-s390(?::\w+|)\s+(.*)$ ^glibc-source(?::\w+|)\s+(.*)$ ^libc6-dev-x32(?::\w+|)\s+(.*)$ ^locales(?::\w+|)\s+(.*)$ ^libprotoc9v5(?::\w+|)\s+(.*)$ ^libprotoc-dev(?::\w+|)\s+(.*)$ ^libprotobuf-lite9v5(?::\w+|)\s+(.*)$ ^python-protobuf(?::\w+|)\s+(.*)$ ^libprotobuf-dev(?::\w+|)\s+(.*)$ ^libprotobuf9v5(?::\w+|)\s+(.*)$ ^libprotobuf-java(?::\w+|)\s+(.*)$ ^protobuf-compiler(?::\w+|)\s+(.*)$ ^fixincludes(?::\w+|)\s+(.*)$ ^libgcc1(?::\w+|)\s+(.*)$ ^libx32gcc1(?::\w+|)\s+(.*)$ ^libsfgcc1(?::\w+|)\s+(.*)$ ^lib64gcc1(?::\w+|)\s+(.*)$ ^lib32gcc1(?::\w+|)\s+(.*)$ ^libx32go7(?::\w+|)\s+(.*)$ ^libitm1(?::\w+|)\s+(.*)$ ^libstdc++-5-pic(?::\w+|)\s+(.*)$ ^lib64stdc++6(?::\w+|)\s+(.*)$ ^libubsan0(?::\w+|)\s+(.*)$ ^libsfphobos-5-dev(?::\w+|)\s+(.*)$ ^gcc-5-base(?::\w+|)\s+(.*)$ ^gccgo-5-multilib(?::\w+|)\s+(.*)$ ^gnat-5(?::\w+|)\s+(.*)$ ^libquadmath0(?::\w+|)\s+(.*)$ ^gcc-5-doc(?::\w+|)\s+(.*)$ ^gcc-5-multilib(?::\w+|)\s+(.*)$ ^lib32atomic1(?::\w+|)\s+(.*)$ ^lib64gcc-5-dev(?::\w+|)\s+(.*)$ ^libsfgfortran3(?::\w+|)\s+(.*)$ ^g++-5-multilib(?::\w+|)\s+(.*)$ ^gcc-5-source(?::\w+|)\s+(.*)$ ^gccgo-5-doc(?::\w+|)\s+(.*)$ ^lib32stdc++6(?::\w+|)\s+(.*)$ ^cpp-5-doc(?::\w+|)\s+(.*)$ ^libsfobjc-5-dev(?::\w+|)\s+(.*)$ ^lib32objc-5-dev(?::\w+|)\s+(.*)$ ^libgnat-5(?::\w+|)\s+(.*)$ ^lib64atomic1(?::\w+|)\s+(.*)$ ^libcc1-0(?::\w+|)\s+(.*)$ ^libgomp1(?::\w+|)\s+(.*)$ ^libx32gcc-5-dev(?::\w+|)\s+(.*)$ ^libobjc-5-dev(?::\w+|)\s+(.*)$ ^libx32lsan0(?::\w+|)\s+(.*)$ ^lib64mpx0(?::\w+|)\s+(.*)$ ^gcj-5-jdk(?::\w+|)\s+(.*)$ ^gobjc++-5-multilib(?::\w+|)\s+(.*)$ ^gcc-5(?::\w+|)\s+(.*)$ ^libatomic1(?::\w+|)\s+(.*)$ ^lib64cilkrts5(?::\w+|)\s+(.*)$ ^libsfstdc++-5-dev(?::\w+|)\s+(.*)$ ^libsfasan2(?::\w+|)\s+(.*)$ ^gfortran-5-multilib(?::\w+|)\s+(.*)$ ^libmpx0(?::\w+|)\s+(.*)$ ^libstdc++-5-dev(?::\w+|)\s+(.*)$ ^gcc-5-plugin-dev(?::\w+|)\s+(.*)$ ^gccgo-5(?::\w+|)\s+(.*)$ ^lib64gomp1(?::\w+|)\s+(.*)$ ^gcc-5-locales(?::\w+|)\s+(.*)$ ^libtsan0(?::\w+|)\s+(.*)$ ^libsfgomp1(?::\w+|)\s+(.*)$ ^libx32stdc++6(?::\w+|)\s+(.*)$ ^libx32objc4(?::\w+|)\s+(.*)$ ^libsfatomic1(?::\w+|)\s+(.*)$ ^libsfgfortran-5-dev(?::\w+|)\s+(.*)$ ^libx32asan2(?::\w+|)\s+(.*)$ ^gcj-5-source(?::\w+|)\s+(.*)$ ^cpp-5(?::\w+|)\s+(.*)$ ^lib32quadmath0(?::\w+|)\s+(.*)$ ^gcj-5-jre-headless(?::\w+|)\s+(.*)$ ^lib64itm1(?::\w+|)\s+(.*)$ ^gobjc-5-multilib(?::\w+|)\s+(.*)$ ^lib32ubsan0(?::\w+|)\s+(.*)$ ^gfortran-5(?::\w+|)\s+(.*)$ ^gobjc-5(?::\w+|)\s+(.*)$ ^libgcj-doc(?::\w+|)\s+(.*)$ ^g++-5(?::\w+|)\s+(.*)$ ^libx32gfortran-5-dev(?::\w+|)\s+(.*)$ ^libsfgcc-5-dev(?::\w+|)\s+(.*)$ ^libgfortran-5-dev(?::\w+|)\s+(.*)$ ^lib32objc4(?::\w+|)\s+(.*)$ ^libstdc++-5-doc(?::\w+|)\s+(.*)$ ^gcj-5-jre(?::\w+|)\s+(.*)$ ^lib64objc-5-dev(?::\w+|)\s+(.*)$ ^libx32cilkrts5(?::\w+|)\s+(.*)$ ^lib32lsan0(?::\w+|)\s+(.*)$ ^lib64ubsan0(?::\w+|)\s+(.*)$ ^libsfobjc4(?::\w+|)\s+(.*)$ ^libgccjit0(?::\w+|)\s+(.*)$ ^libx32atomic1(?::\w+|)\s+(.*)$ ^gfortran-5-doc(?::\w+|)\s+(.*)$ ^libsfubsan0(?::\w+|)\s+(.*)$ ^libgfortran3(?::\w+|)\s+(.*)$ ^gcj-5-jre-lib(?::\w+|)\s+(.*)$ ^lib32cilkrts5(?::\w+|)\s+(.*)$ ^lib32stdc++-5-dev(?::\w+|)\s+(.*)$ ^gcc-5-hppa64-linux-gnu(?::\w+|)\s+(.*)$ ^libx32objc-5-dev(?::\w+|)\s+(.*)$ ^lib64phobos-5-dev(?::\w+|)\s+(.*)$ ^libgcj16-dev(?::\w+|)\s+(.*)$ ^lib64gfortran3(?::\w+|)\s+(.*)$ ^libx32gfortran3(?::\w+|)\s+(.*)$ ^liblsan0(?::\w+|)\s+(.*)$ ^gnat-5-doc(?::\w+|)\s+(.*)$ ^libx32ubsan0(?::\w+|)\s+(.*)$ ^libgcc-5-dev(?::\w+|)\s+(.*)$ ^lib32gcc-5-dev(?::\w+|)\s+(.*)$ ^lib64stdc++-5-dev(?::\w+|)\s+(.*)$ ^libphobos-5-dev(?::\w+|)\s+(.*)$ ^libgnatvsn5(?::\w+|)\s+(.*)$ ^libx32quadmath0(?::\w+|)\s+(.*)$ ^gobjc++-5(?::\w+|)\s+(.*)$ ^libgccjit-5-dev(?::\w+|)\s+(.*)$ ^lib64asan2(?::\w+|)\s+(.*)$ ^gcj-5(?::\w+|)\s+(.*)$ ^gnat-5-sjlj(?::\w+|)\s+(.*)$ ^libsfstdc++6(?::\w+|)\s+(.*)$ ^gdc-5-multilib(?::\w+|)\s+(.*)$ ^lib64go7(?::\w+|)\s+(.*)$ ^lib32phobos-5-dev(?::\w+|)\s+(.*)$ ^libx32gomp1(?::\w+|)\s+(.*)$ ^libgnatvsn5-dev(?::\w+|)\s+(.*)$ ^libgnatprj5(?::\w+|)\s+(.*)$ ^gdc-5(?::\w+|)\s+(.*)$ ^libobjc4(?::\w+|)\s+(.*)$ ^lib64quadmath0(?::\w+|)\s+(.*)$ ^lib64objc4(?::\w+|)\s+(.*)$ ^libstdc++6(?::\w+|)\s+(.*)$ ^lib32asan2(?::\w+|)\s+(.*)$ ^lib32mpx0(?::\w+|)\s+(.*)$ ^libasan2(?::\w+|)\s+(.*)$ ^libx32itm1(?::\w+|)\s+(.*)$ ^gcc-5-test-results(?::\w+|)\s+(.*)$ ^libgo7(?::\w+|)\s+(.*)$ ^lib32gomp1(?::\w+|)\s+(.*)$ ^libcilkrts5(?::\w+|)\s+(.*)$ ^lib32go7(?::\w+|)\s+(.*)$ ^libgcj16(?::\w+|)\s+(.*)$ ^libgcj16-awt(?::\w+|)\s+(.*)$ ^lib32gfortran3(?::\w+|)\s+(.*)$ ^libgnatprj5-dev(?::\w+|)\s+(.*)$ ^libgccjit-5-doc(?::\w+|)\s+(.*)$ ^lib32gfortran-5-dev(?::\w+|)\s+(.*)$ ^lib64gfortran-5-dev(?::\w+|)\s+(.*)$ ^lib32itm1(?::\w+|)\s+(.*)$ ^libx32phobos-5-dev(?::\w+|)\s+(.*)$ ^libx32stdc++-5-dev(?::\w+|)\s+(.*)$ ^libx32go9(?::\w+|)\s+(.*)$ ^lib32go9(?::\w+|)\s+(.*)$ ^gcc-6-base(?::\w+|)\s+(.*)$ ^gccgo-6-doc(?::\w+|)\s+(.*)$ ^gccgo-6(?::\w+|)\s+(.*)$ ^gccgo-6-multilib(?::\w+|)\s+(.*)$ ^lib64go9(?::\w+|)\s+(.*)$ ^libgo9(?::\w+|)\s+(.*)$ ^squid-common(?::\w+|)\s+(.*)$ ^squid(?::\w+|)\s+(.*)$ ^squid-cgi(?::\w+|)\s+(.*)$ ^squid-purge(?::\w+|)\s+(.*)$ ^squidclient(?::\w+|)\s+(.*)$ ^squid3(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-aarch64(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-nox-py2(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-athena-py2(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-gtk3-py2(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-gtk-py2(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^vim-gnome-py2(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^xmir(?::\w+|)\s+(.*)$ ^xwayland(?::\w+|)\s+(.*)$ ^xorg-server-source(?::\w+|)\s+(.*)$ ^xserver-xorg-core(?::\w+|)\s+(.*)$ ^xdmx(?::\w+|)\s+(.*)$ ^xserver-xorg-xmir(?::\w+|)\s+(.*)$ ^xserver-xorg-dev(?::\w+|)\s+(.*)$ ^xdmx-tools(?::\w+|)\s+(.*)$ ^xvfb(?::\w+|)\s+(.*)$ ^xnest(?::\w+|)\s+(.*)$ ^xserver-common(?::\w+|)\s+(.*)$ ^xserver-xephyr(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy(?::\w+|)\s+(.*)$ ^xserver-xorg-dev-hwe-16.04(?::\w+|)\s+(.*)$ ^xorg-server-source-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xorg-core-hwe-16.04(?::\w+|)\s+(.*)$ ^xmir-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy-hwe-16.04(?::\w+|)\s+(.*)$ ^xwayland-hwe-16.04(?::\w+|)\s+(.*)$ ^xserver-xephyr-hwe-16.04(?::\w+|)\s+(.*)$ ^emacs24-bin-common(?::\w+|)\s+(.*)$ ^emacs24-lucid(?::\w+|)\s+(.*)$ ^emacs24(?::\w+|)\s+(.*)$ ^emacs24-el(?::\w+|)\s+(.*)$ ^emacs24-nox(?::\w+|)\s+(.*)$ ^emacs24-common(?::\w+|)\s+(.*)$ ^libusbredirparser-dev(?::\w+|)\s+(.*)$ ^libusbredirhost-dev(?::\w+|)\s+(.*)$ ^usbredirserver(?::\w+|)\s+(.*)$ ^libusbredirhost1(?::\w+|)\s+(.*)$ ^libusbredirparser1(?::\w+|)\s+(.*)$ ^freeradius-mysql(?::\w+|)\s+(.*)$ ^freeradius-ldap(?::\w+|)\s+(.*)$ ^libfreeradius2(?::\w+|)\s+(.*)$ ^libfreeradius-dev(?::\w+|)\s+(.*)$ ^freeradius-postgresql(?::\w+|)\s+(.*)$ ^freeradius-utils(?::\w+|)\s+(.*)$ ^freeradius(?::\w+|)\s+(.*)$ ^freeradius-iodbc(?::\w+|)\s+(.*)$ ^freeradius-common(?::\w+|)\s+(.*)$ ^freeradius-krb5(?::\w+|)\s+(.*)$ ^libksba8(?::\w+|)\s+(.*)$ ^libksba-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws|-aws-hwe)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^snmptrapd(?::\w+|)\s+(.*)$ ^libsnmp-perl(?::\w+|)\s+(.*)$ ^libsnmp-dev(?::\w+|)\s+(.*)$ ^libsnmp-base(?::\w+|)\s+(.*)$ ^snmp(?::\w+|)\s+(.*)$ ^libsnmp30(?::\w+|)\s+(.*)$ ^tkmib(?::\w+|)\s+(.*)$ ^snmpd(?::\w+|)\s+(.*)$ ^python-netsnmp(?::\w+|)\s+(.*)$ ^libhcrypto4-heimdal(?::\w+|)\s+(.*)$ ^libwind0-heimdal(?::\w+|)\s+(.*)$ ^libroken18-heimdal(?::\w+|)\s+(.*)$ ^libgssapi3-heimdal(?::\w+|)\s+(.*)$ ^heimdal-kcm(?::\w+|)\s+(.*)$ ^libhdb9-heimdal(?::\w+|)\s+(.*)$ ^libasn1-8-heimdal(?::\w+|)\s+(.*)$ ^libsl0-heimdal(?::\w+|)\s+(.*)$ ^libkadm5clnt7-heimdal(?::\w+|)\s+(.*)$ ^heimdal-kdc(?::\w+|)\s+(.*)$ ^libkdc2-heimdal(?::\w+|)\s+(.*)$ ^heimdal-servers(?::\w+|)\s+(.*)$ ^libheimntlm0-heimdal(?::\w+|)\s+(.*)$ ^heimdal-docs(?::\w+|)\s+(.*)$ ^libheimbase1-heimdal(?::\w+|)\s+(.*)$ ^libkrb5-26-heimdal(?::\w+|)\s+(.*)$ ^libotp0-heimdal(?::\w+|)\s+(.*)$ ^heimdal-dev(?::\w+|)\s+(.*)$ ^libkafs0-heimdal(?::\w+|)\s+(.*)$ ^libhx509-5-heimdal(?::\w+|)\s+(.*)$ ^heimdal-multidev(?::\w+|)\s+(.*)$ ^libkadm5srv8-heimdal(?::\w+|)\s+(.*)$ ^heimdal-clients(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws|-aws-hwe)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^libruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3-tcltk(?::\w+|)\s+(.*)$ ^ruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3-dev(?::\w+|)\s+(.*)$ ^ruby2.3-doc(?::\w+|)\s+(.*)$ ^xpmutils(?::\w+|)\s+(.*)$ ^libxpm-dev(?::\w+|)\s+(.*)$ ^libxpm4(?::\w+|)\s+(.*)$ ^git(?::\w+|)\s+(.*)$ ^gitweb(?::\w+|)\s+(.*)$ ^git-gui(?::\w+|)\s+(.*)$ ^git-daemon-sysvinit(?::\w+|)\s+(.*)$ ^git-arch(?::\w+|)\s+(.*)$ ^git-el(?::\w+|)\s+(.*)$ ^gitk(?::\w+|)\s+(.*)$ ^git-all(?::\w+|)\s+(.*)$ ^git-mediawiki(?::\w+|)\s+(.*)$ ^git-daemon-run(?::\w+|)\s+(.*)$ ^git-man(?::\w+|)\s+(.*)$ ^git-doc(?::\w+|)\s+(.*)$ ^git-svn(?::\w+|)\s+(.*)$ ^git-cvs(?::\w+|)\s+(.*)$ ^git-core(?::\w+|)\s+(.*)$ ^git-email(?::\w+|)\s+(.*)$ ^sudo-ldap(?::\w+|)\s+(.*)$ ^sudo(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^python-setuptools(?::\w+|)\s+(.*)$ ^python-setuptools-doc(?::\w+|)\s+(.*)$ ^python3-pkg-resources(?::\w+|)\s+(.*)$ ^pypy-setuptools(?::\w+|)\s+(.*)$ ^pypy-pkg-resources(?::\w+|)\s+(.*)$ ^python3-setuptools(?::\w+|)\s+(.*)$ ^python-pkg-resources(?::\w+|)\s+(.*)$ ^exuberant-ctags(?::\w+|)\s+(.*)$ ^python-wheel(?::\w+|)\s+(.*)$ ^python-wheel-common(?::\w+|)\s+(.*)$ ^python3-wheel(?::\w+|)\s+(.*)$ ^python-pip(?::\w+|)\s+(.*)$ ^python-pip-whl(?::\w+|)\s+(.*)$ ^python3-pip(?::\w+|)\s+(.*)$ ^python-pip(?::\w+|)\s+(.*)$ ^python-pip-whl(?::\w+|)\s+(.*)$ ^python3-pip(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-common(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^libpam-runtime(?::\w+|)\s+(.*)$ ^libpam0g-dev(?::\w+|)\s+(.*)$ ^libpam-modules(?::\w+|)\s+(.*)$ ^libpam-modules-bin(?::\w+|)\s+(.*)$ ^libpam-doc(?::\w+|)\s+(.*)$ ^libpam-cracklib(?::\w+|)\s+(.*)$ ^libpam0g(?::\w+|)\s+(.*)$ ^libpam-runtime(?::\w+|)\s+(.*)$ ^libpam0g-dev(?::\w+|)\s+(.*)$ ^libpam-modules(?::\w+|)\s+(.*)$ ^libpam-modules-bin(?::\w+|)\s+(.*)$ ^libpam-doc(?::\w+|)\s+(.*)$ ^libpam-cracklib(?::\w+|)\s+(.*)$ ^libpam0g(?::\w+|)\s+(.*)$ ^libkadm5srv-mit9(?::\w+|)\s+(.*)$ ^krb5-doc(?::\w+|)\s+(.*)$ ^krb5-user(?::\w+|)\s+(.*)$ ^libgssrpc4(?::\w+|)\s+(.*)$ ^libkrb5support0(?::\w+|)\s+(.*)$ ^libk5crypto3(?::\w+|)\s+(.*)$ ^libkrb5-dev(?::\w+|)\s+(.*)$ ^krb5-pkinit(?::\w+|)\s+(.*)$ ^libkrb5-3(?::\w+|)\s+(.*)$ ^krb5-kdc-ldap(?::\w+|)\s+(.*)$ ^krb5-otp(?::\w+|)\s+(.*)$ ^libkadm5clnt-mit9(?::\w+|)\s+(.*)$ ^krb5-gss-samples(?::\w+|)\s+(.*)$ ^krb5-multidev(?::\w+|)\s+(.*)$ ^krb5-locales(?::\w+|)\s+(.*)$ ^libgssapi-krb5-2(?::\w+|)\s+(.*)$ ^krb5-kdc(?::\w+|)\s+(.*)$ ^libkrad-dev(?::\w+|)\s+(.*)$ ^libkdb5-8(?::\w+|)\s+(.*)$ ^krb5-k5tls(?::\w+|)\s+(.*)$ ^libkrad0(?::\w+|)\s+(.*)$ ^krb5-admin-server(?::\w+|)\s+(.*)$ ^python-future-doc(?::\w+|)\s+(.*)$ ^python3-future(?::\w+|)\s+(.*)$ ^python-future(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-nox-py2(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-athena-py2(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-gtk3-py2(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-gtk-py2(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^vim-gnome-py2(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^advancecomp(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^lrzip(?::\w+|)\s+(.*)$ ^libtiff-opengl(?::\w+|)\s+(.*)$ ^libtiffxx5(?::\w+|)\s+(.*)$ ^libtiff5-dev(?::\w+|)\s+(.*)$ ^libtiff5(?::\w+|)\s+(.*)$ ^libtiff-tools(?::\w+|)\s+(.*)$ ^libtiff-doc(?::\w+|)\s+(.*)$ ^editorconfig-doc(?::\w+|)\s+(.*)$ ^libeditorconfig0(?::\w+|)\s+(.*)$ ^editorconfig(?::\w+|)\s+(.*)$ ^libeditorconfig-dev(?::\w+|)\s+(.*)$ ^tmux(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^libhcrypto4-heimdal(?::\w+|)\s+(.*)$ ^libwind0-heimdal(?::\w+|)\s+(.*)$ ^libroken18-heimdal(?::\w+|)\s+(.*)$ ^libgssapi3-heimdal(?::\w+|)\s+(.*)$ ^heimdal-kcm(?::\w+|)\s+(.*)$ ^libhdb9-heimdal(?::\w+|)\s+(.*)$ ^libasn1-8-heimdal(?::\w+|)\s+(.*)$ ^libsl0-heimdal(?::\w+|)\s+(.*)$ ^libkadm5clnt7-heimdal(?::\w+|)\s+(.*)$ ^heimdal-kdc(?::\w+|)\s+(.*)$ ^libkdc2-heimdal(?::\w+|)\s+(.*)$ ^heimdal-servers(?::\w+|)\s+(.*)$ ^libheimntlm0-heimdal(?::\w+|)\s+(.*)$ ^heimdal-docs(?::\w+|)\s+(.*)$ ^libheimbase1-heimdal(?::\w+|)\s+(.*)$ ^libkrb5-26-heimdal(?::\w+|)\s+(.*)$ ^libotp0-heimdal(?::\w+|)\s+(.*)$ ^heimdal-dev(?::\w+|)\s+(.*)$ ^libkafs0-heimdal(?::\w+|)\s+(.*)$ ^libhx509-5-heimdal(?::\w+|)\s+(.*)$ ^heimdal-multidev(?::\w+|)\s+(.*)$ ^libkadm5srv8-heimdal(?::\w+|)\s+(.*)$ ^heimdal-clients(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-5v5(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-2(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2-extra(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^nova-api(?::\w+|)\s+(.*)$ ^nova-common(?::\w+|)\s+(.*)$ ^nova-compute-xen(?::\w+|)\s+(.*)$ ^nova-api-os-compute(?::\w+|)\s+(.*)$ ^nova-novncproxy(?::\w+|)\s+(.*)$ ^nova-serialproxy(?::\w+|)\s+(.*)$ ^nova-api-os-volume(?::\w+|)\s+(.*)$ ^nova-compute-lxc(?::\w+|)\s+(.*)$ ^nova-consoleauth(?::\w+|)\s+(.*)$ ^python-nova(?::\w+|)\s+(.*)$ ^nova-network(?::\w+|)\s+(.*)$ ^nova-api-metadata(?::\w+|)\s+(.*)$ ^nova-ajax-console-proxy(?::\w+|)\s+(.*)$ ^nova-compute-kvm(?::\w+|)\s+(.*)$ ^nova-xvpvncproxy(?::\w+|)\s+(.*)$ ^nova-doc(?::\w+|)\s+(.*)$ ^nova-conductor(?::\w+|)\s+(.*)$ ^nova-volume(?::\w+|)\s+(.*)$ ^nova-compute-vmware(?::\w+|)\s+(.*)$ ^nova-spiceproxy(?::\w+|)\s+(.*)$ ^nova-scheduler(?::\w+|)\s+(.*)$ ^nova-console(?::\w+|)\s+(.*)$ ^nova-compute-libvirt(?::\w+|)\s+(.*)$ ^nova-cert(?::\w+|)\s+(.*)$ ^nova-compute(?::\w+|)\s+(.*)$ ^nova-compute-qemu(?::\w+|)\s+(.*)$ ^nova-cells(?::\w+|)\s+(.*)$ ^libaprutil1-dbd-odbc(?::\w+|)\s+(.*)$ ^libaprutil1(?::\w+|)\s+(.*)$ ^libaprutil1-dbd-mysql(?::\w+|)\s+(.*)$ ^libaprutil1-ldap(?::\w+|)\s+(.*)$ ^libaprutil1-dbd-sqlite3(?::\w+|)\s+(.*)$ ^libaprutil1-dbd-pgsql(?::\w+|)\s+(.*)$ ^libaprutil1-dev(?::\w+|)\s+(.*)$ ^git(?::\w+|)\s+(.*)$ ^gitweb(?::\w+|)\s+(.*)$ ^git-gui(?::\w+|)\s+(.*)$ ^git-daemon-sysvinit(?::\w+|)\s+(.*)$ ^git-arch(?::\w+|)\s+(.*)$ ^git-el(?::\w+|)\s+(.*)$ ^gitk(?::\w+|)\s+(.*)$ ^git-all(?::\w+|)\s+(.*)$ ^git-mediawiki(?::\w+|)\s+(.*)$ ^git-daemon-run(?::\w+|)\s+(.*)$ ^git-man(?::\w+|)\s+(.*)$ ^git-doc(?::\w+|)\s+(.*)$ ^git-svn(?::\w+|)\s+(.*)$ ^git-cvs(?::\w+|)\s+(.*)$ ^git-core(?::\w+|)\s+(.*)$ ^git-email(?::\w+|)\s+(.*)$ ^libnss3-nssdb(?::\w+|)\s+(.*)$ ^libnss3-dev(?::\w+|)\s+(.*)$ ^libnss3(?::\w+|)\s+(.*)$ ^libnss3-1d(?::\w+|)\s+(.*)$ ^libnss3-tools(?::\w+|)\s+(.*)$ ^libdcmtk5(?::\w+|)\s+(.*)$ ^dcmtk(?::\w+|)\s+(.*)$ ^dcmtk-doc(?::\w+|)\s+(.*)$ ^libdcmtk-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^intel-microcode(?::\w+|)\s+(.*)$ ^libclamav-dev(?::\w+|)\s+(.*)$ ^clamav-testfiles(?::\w+|)\s+(.*)$ ^clamav-base(?::\w+|)\s+(.*)$ ^clamav(?::\w+|)\s+(.*)$ ^clamav-daemon(?::\w+|)\s+(.*)$ ^clamav-milter(?::\w+|)\s+(.*)$ ^clamav-docs(?::\w+|)\s+(.*)$ ^clamav-freshclam(?::\w+|)\s+(.*)$ ^libclamav9(?::\w+|)\s+(.*)$ ^clamdscan(?::\w+|)\s+(.*)$ ^zoneminder-doc(?::\w+|)\s+(.*)$ ^zoneminder(?::\w+|)\s+(.*)$ ^libnss3-nssdb(?::\w+|)\s+(.*)$ ^libnss3-dev(?::\w+|)\s+(.*)$ ^libnss3(?::\w+|)\s+(.*)$ ^libnss3-1d(?::\w+|)\s+(.*)$ ^libnss3-tools(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl3(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^mplayer-doc(?::\w+|)\s+(.*)$ ^mplayer-gui(?::\w+|)\s+(.*)$ ^mplayer2(?::\w+|)\s+(.*)$ ^mplayer(?::\w+|)\s+(.*)$ ^mencoder(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^awstats(?::\w+|)\s+(.*)$ ^tar-scripts(?::\w+|)\s+(.*)$ ^tar(?::\w+|)\s+(.*)$ ^libsox-fmt-mp3(?::\w+|)\s+(.*)$ ^libsox-fmt-pulse(?::\w+|)\s+(.*)$ ^libsox-fmt-ao(?::\w+|)\s+(.*)$ ^sox(?::\w+|)\s+(.*)$ ^libsox2(?::\w+|)\s+(.*)$ ^libsox-fmt-base(?::\w+|)\s+(.*)$ ^libsox-fmt-all(?::\w+|)\s+(.*)$ ^libsox-dev(?::\w+|)\s+(.*)$ ^libsox-fmt-alsa(?::\w+|)\s+(.*)$ ^libsox-fmt-oss(?::\w+|)\s+(.*)$ ^libsox-fmt-mp3(?::\w+|)\s+(.*)$ ^libsox-fmt-pulse(?::\w+|)\s+(.*)$ ^libsox-fmt-ao(?::\w+|)\s+(.*)$ ^sox(?::\w+|)\s+(.*)$ ^libsox2(?::\w+|)\s+(.*)$ ^libsox-fmt-base(?::\w+|)\s+(.*)$ ^libsox-fmt-all(?::\w+|)\s+(.*)$ ^libsox-dev(?::\w+|)\s+(.*)$ ^libsox-fmt-alsa(?::\w+|)\s+(.*)$ ^libsox-fmt-oss(?::\w+|)\s+(.*)$ ^php7.0-cgi(?::\w+|)\s+(.*)$ ^php7.0-mcrypt(?::\w+|)\s+(.*)$ ^php7.0-xsl(?::\w+|)\s+(.*)$ ^php7.0-fpm(?::\w+|)\s+(.*)$ ^libphp7.0-embed(?::\w+|)\s+(.*)$ ^php7.0-phpdbg(?::\w+|)\s+(.*)$ ^php7.0-curl(?::\w+|)\s+(.*)$ ^php7.0-ldap(?::\w+|)\s+(.*)$ ^php7.0-mbstring(?::\w+|)\s+(.*)$ ^php7.0-gmp(?::\w+|)\s+(.*)$ ^php7.0-sqlite3(?::\w+|)\s+(.*)$ ^php7.0-gd(?::\w+|)\s+(.*)$ ^php7.0-common(?::\w+|)\s+(.*)$ ^php7.0-enchant(?::\w+|)\s+(.*)$ ^php7.0-soap(?::\w+|)\s+(.*)$ ^php7.0-odbc(?::\w+|)\s+(.*)$ ^php7.0-cli(?::\w+|)\s+(.*)$ ^php7.0-json(?::\w+|)\s+(.*)$ ^php7.0-pgsql(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.0(?::\w+|)\s+(.*)$ ^php7.0-mysql(?::\w+|)\s+(.*)$ ^php7.0-dba(?::\w+|)\s+(.*)$ ^php7.0-sybase(?::\w+|)\s+(.*)$ ^php7.0-pspell(?::\w+|)\s+(.*)$ ^php7.0-xml(?::\w+|)\s+(.*)$ ^php7.0-bz2(?::\w+|)\s+(.*)$ ^php7.0-recode(?::\w+|)\s+(.*)$ ^php7.0-zip(?::\w+|)\s+(.*)$ ^php7.0(?::\w+|)\s+(.*)$ ^php7.0-tidy(?::\w+|)\s+(.*)$ ^php7.0-interbase(?::\w+|)\s+(.*)$ ^php7.0-opcache(?::\w+|)\s+(.*)$ ^php7.0-readline(?::\w+|)\s+(.*)$ ^php7.0-intl(?::\w+|)\s+(.*)$ ^php7.0-imap(?::\w+|)\s+(.*)$ ^php7.0-xmlrpc(?::\w+|)\s+(.*)$ ^php7.0-bcmath(?::\w+|)\s+(.*)$ ^php7.0-dev(?::\w+|)\s+(.*)$ ^php7.0-snmp(?::\w+|)\s+(.*)$ ^ruby-rack(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^libfribidi-bin(?::\w+|)\s+(.*)$ ^libfribidi0(?::\w+|)\s+(.*)$ ^libfribidi-dev(?::\w+|)\s+(.*)$ ^libtiff-opengl(?::\w+|)\s+(.*)$ ^libtiffxx5(?::\w+|)\s+(.*)$ ^libtiff5-dev(?::\w+|)\s+(.*)$ ^libtiff5(?::\w+|)\s+(.*)$ ^libtiff-tools(?::\w+|)\s+(.*)$ ^libtiff-doc(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^systemd-coredump(?::\w+|)\s+(.*)$ ^systemd(?::\w+|)\s+(.*)$ ^libsystemd0(?::\w+|)\s+(.*)$ ^systemd-container(?::\w+|)\s+(.*)$ ^libnss-myhostname(?::\w+|)\s+(.*)$ ^libudev1(?::\w+|)\s+(.*)$ ^libsystemd-dev(?::\w+|)\s+(.*)$ ^systemd-journal-remote(?::\w+|)\s+(.*)$ ^libpam-systemd(?::\w+|)\s+(.*)$ ^libudev-dev(?::\w+|)\s+(.*)$ ^libnss-mymachines(?::\w+|)\s+(.*)$ ^libnss-resolve(?::\w+|)\s+(.*)$ ^systemd-sysv(?::\w+|)\s+(.*)$ ^udev(?::\w+|)\s+(.*)$ ^sofia-sip-doc(?::\w+|)\s+(.*)$ ^libsofia-sip-ua-glib3(?::\w+|)\s+(.*)$ ^libsofia-sip-ua0(?::\w+|)\s+(.*)$ ^sofia-sip-bin(?::\w+|)\s+(.*)$ ^libsofia-sip-ua-glib-dev(?::\w+|)\s+(.*)$ ^libsofia-sip-ua-dev(?::\w+|)\s+(.*)$ ^libopusfile-doc(?::\w+|)\s+(.*)$ ^libopusfile-dev(?::\w+|)\s+(.*)$ ^libopusfile0(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^libyaml-snake-java(?::\w+|)\s+(.*)$ ^libyaml-snake-java-doc(?::\w+|)\s+(.*)$ ^libxstream-java(?::\w+|)\s+(.*)$ ^php-twig-doc(?::\w+|)\s+(.*)$ ^php-twig(?::\w+|)\s+(.*)$ ^python3-werkzeug(?::\w+|)\s+(.*)$ ^python-werkzeug(?::\w+|)\s+(.*)$ ^python-werkzeug-doc(?::\w+|)\s+(.*)$ ^libopenjp2-tools(?::\w+|)\s+(.*)$ ^libopenjpip-server(?::\w+|)\s+(.*)$ ^libopenjpip-viewer(?::\w+|)\s+(.*)$ ^libopenjp3d-tools(?::\w+|)\s+(.*)$ ^libopenjpip7(?::\w+|)\s+(.*)$ ^libopenjp2-7(?::\w+|)\s+(.*)$ ^libopenjp2-7-dev(?::\w+|)\s+(.*)$ ^libopenjp3d7(?::\w+|)\s+(.*)$ ^libopenjpip-dec-server(?::\w+|)\s+(.*)$ ^emacs24-bin-common(?::\w+|)\s+(.*)$ ^emacs24-lucid(?::\w+|)\s+(.*)$ ^emacs24(?::\w+|)\s+(.*)$ ^emacs24-el(?::\w+|)\s+(.*)$ ^emacs24-nox(?::\w+|)\s+(.*)$ ^emacs24-common(?::\w+|)\s+(.*)$ ^libphp-phpmailer(?::\w+|)\s+(.*)$ ^libphp-phpmailer(?::\w+|)\s+(.*)$ ^librecad-data(?::\w+|)\s+(.*)$ ^librecad(?::\w+|)\s+(.*)$ ^ffmpeg(?::\w+|)\s+(.*)$ ^ffmpeg-doc(?::\w+|)\s+(.*)$ ^libav-tools(?::\w+|)\s+(.*)$ ^libavcodec-dev(?::\w+|)\s+(.*)$ ^libavcodec-extra(?::\w+|)\s+(.*)$ ^libavcodec-ffmpeg-extra56(?::\w+|)\s+(.*)$ ^libavcodec-ffmpeg56(?::\w+|)\s+(.*)$ ^libavdevice-dev(?::\w+|)\s+(.*)$ ^libavdevice-ffmpeg56(?::\w+|)\s+(.*)$ ^libavfilter-dev(?::\w+|)\s+(.*)$ ^libavfilter-ffmpeg5(?::\w+|)\s+(.*)$ ^libavformat-dev(?::\w+|)\s+(.*)$ ^libavformat-ffmpeg56(?::\w+|)\s+(.*)$ ^libavresample-dev(?::\w+|)\s+(.*)$ ^libavresample-ffmpeg2(?::\w+|)\s+(.*)$ ^libavutil-dev(?::\w+|)\s+(.*)$ ^libavutil-ffmpeg54(?::\w+|)\s+(.*)$ ^libpostproc-dev(?::\w+|)\s+(.*)$ ^libpostproc-ffmpeg53(?::\w+|)\s+(.*)$ ^libswresample-dev(?::\w+|)\s+(.*)$ ^libswresample-ffmpeg1(?::\w+|)\s+(.*)$ ^libswscale-dev(?::\w+|)\s+(.*)$ ^libswscale-ffmpeg3(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^libpython3.5-stdlib(?::\w+|)\s+(.*)$ ^python3.5-venv(?::\w+|)\s+(.*)$ ^python3.5-doc(?::\w+|)\s+(.*)$ ^python3.5-dev(?::\w+|)\s+(.*)$ ^libpython3.5-dev(?::\w+|)\s+(.*)$ ^libpython3.5-minimal(?::\w+|)\s+(.*)$ ^python3.5(?::\w+|)\s+(.*)$ ^idle-python3.5(?::\w+|)\s+(.*)$ ^libpython3.5-testsuite(?::\w+|)\s+(.*)$ ^python3.5-examples(?::\w+|)\s+(.*)$ ^python3.5-minimal(?::\w+|)\s+(.*)$ ^libpython3.5(?::\w+|)\s+(.*)$ ^abcm2ps(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-nox-py2(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-athena-py2(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-gtk3-py2(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-gtk-py2(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^vim-gnome-py2(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl3(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^amanda-client(?::\w+|)\s+(.*)$ ^amanda-common(?::\w+|)\s+(.*)$ ^amanda-server(?::\w+|)\s+(.*)$ ^amanda-client(?::\w+|)\s+(.*)$ ^amanda-common(?::\w+|)\s+(.*)$ ^amanda-server(?::\w+|)\s+(.*)$ ^python-git-doc(?::\w+|)\s+(.*)$ ^python-git(?::\w+|)\s+(.*)$ ^python3-git(?::\w+|)\s+(.*)$ ^gif2apng(?::\w+|)\s+(.*)$ ^node-url-parse(?::\w+|)\s+(.*)$ ^libgraphics-magick-perl(?::\w+|)\s+(.*)$ ^libgraphicsmagick-q16-3(?::\w+|)\s+(.*)$ ^libgraphicsmagick1-dev(?::\w+|)\s+(.*)$ ^graphicsmagick(?::\w+|)\s+(.*)$ ^graphicsmagick-imagemagick-compat(?::\w+|)\s+(.*)$ ^graphicsmagick-libmagick-dev-compat(?::\w+|)\s+(.*)$ ^libgraphicsmagick++-q16-12(?::\w+|)\s+(.*)$ ^libgraphicsmagick++1-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^php-nette(?::\w+|)\s+(.*)$ ^xcftools(?::\w+|)\s+(.*)$ ^glusterfs-client(?::\w+|)\s+(.*)$ ^glusterfs-server(?::\w+|)\s+(.*)$ ^glusterfs-common(?::\w+|)\s+(.*)$ ^musl-dev(?::\w+|)\s+(.*)$ ^musl-tools(?::\w+|)\s+(.*)$ ^musl(?::\w+|)\s+(.*)$ ^liblouis9(?::\w+|)\s+(.*)$ ^liblouis-bin(?::\w+|)\s+(.*)$ ^python-louis(?::\w+|)\s+(.*)$ ^liblouis-dev(?::\w+|)\s+(.*)$ ^python3-louis(?::\w+|)\s+(.*)$ ^liblouis-data(?::\w+|)\s+(.*)$ ^ipmitool(?::\w+|)\s+(.*)$ ^liblog4j1.2-java-doc(?::\w+|)\s+(.*)$ ^liblog4j1.2-java(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^emacs24-bin-common(?::\w+|)\s+(.*)$ ^emacs24-lucid(?::\w+|)\s+(.*)$ ^emacs24(?::\w+|)\s+(.*)$ ^emacs24-el(?::\w+|)\s+(.*)$ ^emacs24-nox(?::\w+|)\s+(.*)$ ^emacs24-common(?::\w+|)\s+(.*)$ ^sudo-ldap(?::\w+|)\s+(.*)$ ^sudo(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^libexo-common(?::\w+|)\s+(.*)$ ^libexo-1-dev(?::\w+|)\s+(.*)$ ^libexo-1-0(?::\w+|)\s+(.*)$ ^libexo-helpers(?::\w+|)\s+(.*)$ ^exo-utils(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^kamailio-purple-modules(?::\w+|)\s+(.*)$ ^kamailio-lua-modules(?::\w+|)\s+(.*)$ ^kamailio-postgres-modules(?::\w+|)\s+(.*)$ ^kamailio-perl-modules(?::\w+|)\s+(.*)$ ^kamailio-mysql-modules(?::\w+|)\s+(.*)$ ^kamailio-radius-modules(?::\w+|)\s+(.*)$ ^kamailio-extra-modules(?::\w+|)\s+(.*)$ ^kamailio(?::\w+|)\s+(.*)$ ^kamailio-cpl-modules(?::\w+|)\s+(.*)$ ^kamailio-mono-modules(?::\w+|)\s+(.*)$ ^kamailio-kazoo-modules(?::\w+|)\s+(.*)$ ^kamailio-cnxcc-modules(?::\w+|)\s+(.*)$ ^kamailio-snmpstats-modules(?::\w+|)\s+(.*)$ ^kamailio-java-modules(?::\w+|)\s+(.*)$ ^kamailio-carrierroute-modules(?::\w+|)\s+(.*)$ ^kamailio-tls-modules(?::\w+|)\s+(.*)$ ^kamailio-xmpp-modules(?::\w+|)\s+(.*)$ ^kamailio-presence-modules(?::\w+|)\s+(.*)$ ^kamailio-dnssec-modules(?::\w+|)\s+(.*)$ ^kamailio-json-modules(?::\w+|)\s+(.*)$ ^kamailio-geoip-modules(?::\w+|)\s+(.*)$ ^kamailio-sqlite-modules(?::\w+|)\s+(.*)$ ^kamailio-ldap-modules(?::\w+|)\s+(.*)$ ^kamailio-websocket-modules(?::\w+|)\s+(.*)$ ^kamailio-ims-modules(?::\w+|)\s+(.*)$ ^kamailio-redis-modules(?::\w+|)\s+(.*)$ ^kamailio-erlang-modules(?::\w+|)\s+(.*)$ ^kamailio-autheph-modules(?::\w+|)\s+(.*)$ ^kamailio-outbound-modules(?::\w+|)\s+(.*)$ ^kamailio-python-modules(?::\w+|)\s+(.*)$ ^kamailio-berkeley-modules(?::\w+|)\s+(.*)$ ^kamailio-utils-modules(?::\w+|)\s+(.*)$ ^kamailio-unixodbc-modules(?::\w+|)\s+(.*)$ ^kamailio-sctp-modules(?::\w+|)\s+(.*)$ ^kamailio-xml-modules(?::\w+|)\s+(.*)$ ^kamailio-berkeley-bin(?::\w+|)\s+(.*)$ ^kamailio-memcached-modules(?::\w+|)\s+(.*)$ ^libxml2(?::\w+|)\s+(.*)$ ^libxml2-dev(?::\w+|)\s+(.*)$ ^python-libxml2(?::\w+|)\s+(.*)$ ^libxml2-doc(?::\w+|)\s+(.*)$ ^libxml2-utils(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^dnsmasq(?::\w+|)\s+(.*)$ ^dnsmasq-base-lua(?::\w+|)\s+(.*)$ ^dnsmasq-utils(?::\w+|)\s+(.*)$ ^dnsmasq-base(?::\w+|)\s+(.*)$ ^libkf5auth-data(?::\w+|)\s+(.*)$ ^libkf5auth-bin-dev(?::\w+|)\s+(.*)$ ^libkf5auth-dev(?::\w+|)\s+(.*)$ ^libkf5auth5(?::\w+|)\s+(.*)$ ^libcommons-net-java-doc(?::\w+|)\s+(.*)$ ^libcommons-net-java(?::\w+|)\s+(.*)$ ^golang-1.13(?::\w+|)\s+(.*)$ ^golang-1.13-doc(?::\w+|)\s+(.*)$ ^golang-1.13-go(?::\w+|)\s+(.*)$ ^golang-1.13-src(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^cloud-init(?::\w+|)\s+(.*)$ ^ec2-init(?::\w+|)\s+(.*)$ ^grub-legacy-ec2(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^openssl-ibmca(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^libzen-dev(?::\w+|)\s+(.*)$ ^libzen-doc(?::\w+|)\s+(.*)$ ^libzen0v5(?::\w+|)\s+(.*)$ ^libnetty-java(?::\w+|)\s+(.*)$ ^git(?::\w+|)\s+(.*)$ ^gitweb(?::\w+|)\s+(.*)$ ^git-gui(?::\w+|)\s+(.*)$ ^git-daemon-sysvinit(?::\w+|)\s+(.*)$ ^git-arch(?::\w+|)\s+(.*)$ ^git-el(?::\w+|)\s+(.*)$ ^gitk(?::\w+|)\s+(.*)$ ^git-all(?::\w+|)\s+(.*)$ ^git-mediawiki(?::\w+|)\s+(.*)$ ^git-daemon-run(?::\w+|)\s+(.*)$ ^git-man(?::\w+|)\s+(.*)$ ^git-doc(?::\w+|)\s+(.*)$ ^git-svn(?::\w+|)\s+(.*)$ ^git-cvs(?::\w+|)\s+(.*)$ ^git-core(?::\w+|)\s+(.*)$ ^git-email(?::\w+|)\s+(.*)$ ^php7.0-cgi(?::\w+|)\s+(.*)$ ^php7.0-mcrypt(?::\w+|)\s+(.*)$ ^php7.0-xsl(?::\w+|)\s+(.*)$ ^php7.0-fpm(?::\w+|)\s+(.*)$ ^php7.0-phpdbg(?::\w+|)\s+(.*)$ ^php7.0-curl(?::\w+|)\s+(.*)$ ^php7.0-ldap(?::\w+|)\s+(.*)$ ^php7.0-mbstring(?::\w+|)\s+(.*)$ ^php7.0-gmp(?::\w+|)\s+(.*)$ ^libphp7.0-embed(?::\w+|)\s+(.*)$ ^php7.0-gd(?::\w+|)\s+(.*)$ ^php7.0-common(?::\w+|)\s+(.*)$ ^php7.0-enchant(?::\w+|)\s+(.*)$ ^php7.0-soap(?::\w+|)\s+(.*)$ ^php7.0-odbc(?::\w+|)\s+(.*)$ ^php7.0-cli(?::\w+|)\s+(.*)$ ^php7.0-json(?::\w+|)\s+(.*)$ ^php7.0-pgsql(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.0(?::\w+|)\s+(.*)$ ^php7.0-zip(?::\w+|)\s+(.*)$ ^php7.0-mysql(?::\w+|)\s+(.*)$ ^php7.0-dba(?::\w+|)\s+(.*)$ ^php7.0-sqlite3(?::\w+|)\s+(.*)$ ^php7.0-sybase(?::\w+|)\s+(.*)$ ^php7.0-pspell(?::\w+|)\s+(.*)$ ^php7.0-xml(?::\w+|)\s+(.*)$ ^php7.0-bz2(?::\w+|)\s+(.*)$ ^php7.0-recode(?::\w+|)\s+(.*)$ ^php7.0-dev(?::\w+|)\s+(.*)$ ^php7.0(?::\w+|)\s+(.*)$ ^php7.0-tidy(?::\w+|)\s+(.*)$ ^php7.0-interbase(?::\w+|)\s+(.*)$ ^php7.0-opcache(?::\w+|)\s+(.*)$ ^php7.0-readline(?::\w+|)\s+(.*)$ ^php7.0-intl(?::\w+|)\s+(.*)$ ^php7.0-imap(?::\w+|)\s+(.*)$ ^php7.0-xmlrpc(?::\w+|)\s+(.*)$ ^php7.0-bcmath(?::\w+|)\s+(.*)$ ^php7.0-snmp(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^libruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3-tcltk(?::\w+|)\s+(.*)$ ^ruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3-dev(?::\w+|)\s+(.*)$ ^ruby2.3-doc(?::\w+|)\s+(.*)$ ^libruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3-tcltk(?::\w+|)\s+(.*)$ ^ruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3-dev(?::\w+|)\s+(.*)$ ^ruby2.3-doc(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-common(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^node-css-what(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^openjdk-8-jre-jamvm(?::\w+|)\s+(.*)$ ^libwebp-dev(?::\w+|)\s+(.*)$ ^libwebp5(?::\w+|)\s+(.*)$ ^libwebpdemux1(?::\w+|)\s+(.*)$ ^libwebpmux1(?::\w+|)\s+(.*)$ ^webp(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^node-eventsource(?::\w+|)\s+(.*)$ ^libfontembed-dev(?::\w+|)\s+(.*)$ ^libfontembed1(?::\w+|)\s+(.*)$ ^libcupsfilters-dev(?::\w+|)\s+(.*)$ ^cups-filters(?::\w+|)\s+(.*)$ ^cups-browsed(?::\w+|)\s+(.*)$ ^cups-filters-core-drivers(?::\w+|)\s+(.*)$ ^libcupsfilters1(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^libruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3-tcltk(?::\w+|)\s+(.*)$ ^ruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3-dev(?::\w+|)\s+(.*)$ ^ruby2.3-doc(?::\w+|)\s+(.*)$ ^golang-github-opencontainers-runc-dev(?::\w+|)\s+(.*)$ ^runc(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linuxptp(?::\w+|)\s+(.*)$ ^jhead(?::\w+|)\s+(.*)$ ^libx32ncurses5(?::\w+|)\s+(.*)$ ^lib32tinfo-dev(?::\w+|)\s+(.*)$ ^ncurses-examples(?::\w+|)\s+(.*)$ ^ncurses-bin(?::\w+|)\s+(.*)$ ^lib32ncurses5-dev(?::\w+|)\s+(.*)$ ^lib32ncursesw5(?::\w+|)\s+(.*)$ ^libtinfo-dev(?::\w+|)\s+(.*)$ ^lib32ncursesw5-dev(?::\w+|)\s+(.*)$ ^lib32tinfo5(?::\w+|)\s+(.*)$ ^libtinfo5(?::\w+|)\s+(.*)$ ^lib32ncurses5(?::\w+|)\s+(.*)$ ^lib64tinfo5(?::\w+|)\s+(.*)$ ^libncurses5-dev(?::\w+|)\s+(.*)$ ^lib64ncurses5(?::\w+|)\s+(.*)$ ^lib64ncurses5-dev(?::\w+|)\s+(.*)$ ^libncurses5(?::\w+|)\s+(.*)$ ^libx32ncurses5-dev(?::\w+|)\s+(.*)$ ^libncursesw5(?::\w+|)\s+(.*)$ ^ncurses-base(?::\w+|)\s+(.*)$ ^libx32tinfo-dev(?::\w+|)\s+(.*)$ ^ncurses-doc(?::\w+|)\s+(.*)$ ^libx32ncursesw5(?::\w+|)\s+(.*)$ ^libx32ncursesw5-dev(?::\w+|)\s+(.*)$ ^libx32tinfo5(?::\w+|)\s+(.*)$ ^libncursesw5-dev(?::\w+|)\s+(.*)$ ^ncurses-term(?::\w+|)\s+(.*)$ ^libhtml-stripscripts-perl(?::\w+|)\s+(.*)$ ^binutils-dev(?::\w+|)\s+(.*)$ ^binutils-powerpc-linux-gnuspe(?::\w+|)\s+(.*)$ ^binutils-arm-linux-gnueabihf(?::\w+|)\s+(.*)$ ^binutils-hppa64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-multiarch(?::\w+|)\s+(.*)$ ^binutils-mipsel-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-m68k-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-s390x-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-multiarch-dev(?::\w+|)\s+(.*)$ ^binutils-doc(?::\w+|)\s+(.*)$ ^binutils-sh4-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mips64-linux-gnuabi64(?::\w+|)\s+(.*)$ ^binutils-aarch64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-source(?::\w+|)\s+(.*)$ ^binutils-mips64el-linux-gnuabi64(?::\w+|)\s+(.*)$ ^binutils-mips-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-powerpc64le-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-powerpc64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-hppa-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-sparc64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-arm-linux-gnueabi(?::\w+|)\s+(.*)$ ^binutils-alpha-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-powerpc-linux-gnu(?::\w+|)\s+(.*)$ ^binutils(?::\w+|)\s+(.*)$ ^ca-certificates(?::\w+|)\s+(.*)$ ^jhead(?::\w+|)\s+(.*)$ ^jhead(?::\w+|)\s+(.*)$ ^perl-modules-5.22(?::\w+|)\s+(.*)$ ^libperl-dev(?::\w+|)\s+(.*)$ ^perl-doc(?::\w+|)\s+(.*)$ ^perl(?::\w+|)\s+(.*)$ ^perl-base(?::\w+|)\s+(.*)$ ^perl-debug(?::\w+|)\s+(.*)$ ^libperl5.22(?::\w+|)\s+(.*)$ ^jhead(?::\w+|)\s+(.*)$ ^libbatik-java(?::\w+|)\s+(.*)$ ^ubuntu-core-snapd-units(?::\w+|)\s+(.*)$ ^ubuntu-core-launcher(?::\w+|)\s+(.*)$ ^snap-confine(?::\w+|)\s+(.*)$ ^ubuntu-snappy-cli(?::\w+|)\s+(.*)$ ^golang-github-snapcore-snapd-dev(?::\w+|)\s+(.*)$ ^snapd-xdg-open(?::\w+|)\s+(.*)$ ^snapd(?::\w+|)\s+(.*)$ ^golang-github-ubuntu-core-snappy-dev(?::\w+|)\s+(.*)$ ^ubuntu-snappy(?::\w+|)\s+(.*)$ ^libcupscgi1(?::\w+|)\s+(.*)$ ^libcups2-dev(?::\w+|)\s+(.*)$ ^cups-bsd(?::\w+|)\s+(.*)$ ^libcupsmime1(?::\w+|)\s+(.*)$ ^cups-common(?::\w+|)\s+(.*)$ ^cups-core-drivers(?::\w+|)\s+(.*)$ ^cups-server-common(?::\w+|)\s+(.*)$ ^libcupsimage2(?::\w+|)\s+(.*)$ ^cups-client(?::\w+|)\s+(.*)$ ^libcupscgi1-dev(?::\w+|)\s+(.*)$ ^cups-ipp-utils(?::\w+|)\s+(.*)$ ^libcups2(?::\w+|)\s+(.*)$ ^libcupsmime1-dev(?::\w+|)\s+(.*)$ ^cups-ppdc(?::\w+|)\s+(.*)$ ^libcupsppdc1(?::\w+|)\s+(.*)$ ^cups(?::\w+|)\s+(.*)$ ^libcupsppdc1-dev(?::\w+|)\s+(.*)$ ^libcupsimage2-dev(?::\w+|)\s+(.*)$ ^cups-daemon(?::\w+|)\s+(.*)$ ^avahi-autoipd(?::\w+|)\s+(.*)$ ^avahi-daemon(?::\w+|)\s+(.*)$ ^avahi-discover(?::\w+|)\s+(.*)$ ^avahi-dnsconfd(?::\w+|)\s+(.*)$ ^avahi-ui-utils(?::\w+|)\s+(.*)$ ^avahi-utils(?::\w+|)\s+(.*)$ ^libavahi-client-dev(?::\w+|)\s+(.*)$ ^libavahi-client3(?::\w+|)\s+(.*)$ ^libavahi-common-data(?::\w+|)\s+(.*)$ ^libavahi-common-dev(?::\w+|)\s+(.*)$ ^libavahi-common3(?::\w+|)\s+(.*)$ ^libavahi-compat-libdnssd-dev(?::\w+|)\s+(.*)$ ^libavahi-compat-libdnssd1(?::\w+|)\s+(.*)$ ^libavahi-core-dev(?::\w+|)\s+(.*)$ ^libavahi-core7(?::\w+|)\s+(.*)$ ^libavahi-glib-dev(?::\w+|)\s+(.*)$ ^libavahi-glib1(?::\w+|)\s+(.*)$ ^libavahi-gobject-dev(?::\w+|)\s+(.*)$ ^libavahi-gobject0(?::\w+|)\s+(.*)$ ^libavahi-qt4-1(?::\w+|)\s+(.*)$ ^libavahi-qt4-dev(?::\w+|)\s+(.*)$ ^libavahi-ui-dev(?::\w+|)\s+(.*)$ ^libavahi-ui-gtk3-0(?::\w+|)\s+(.*)$ ^libavahi-ui-gtk3-dev(?::\w+|)\s+(.*)$ ^libavahi-ui0(?::\w+|)\s+(.*)$ ^python-avahi(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^libpython3.5-stdlib(?::\w+|)\s+(.*)$ ^python3.5-venv(?::\w+|)\s+(.*)$ ^python3.5-doc(?::\w+|)\s+(.*)$ ^python3.5-dev(?::\w+|)\s+(.*)$ ^libpython3.5-dev(?::\w+|)\s+(.*)$ ^libpython3.5-minimal(?::\w+|)\s+(.*)$ ^python3.5(?::\w+|)\s+(.*)$ ^idle-python3.5(?::\w+|)\s+(.*)$ ^libpython3.5-testsuite(?::\w+|)\s+(.*)$ ^python3.5-examples(?::\w+|)\s+(.*)$ ^python3.5-minimal(?::\w+|)\s+(.*)$ ^libpython3.5(?::\w+|)\s+(.*)$ ^libnghttp2-14(?::\w+|)\s+(.*)$ ^libnghttp2-doc(?::\w+|)\s+(.*)$ ^libnghttp2-dev(?::\w+|)\s+(.*)$ ^nghttp2-proxy(?::\w+|)\s+(.*)$ ^nghttp2(?::\w+|)\s+(.*)$ ^nghttp2-client(?::\w+|)\s+(.*)$ ^nghttp2-server(?::\w+|)\s+(.*)$ ^isag(?::\w+|)\s+(.*)$ ^sysstat(?::\w+|)\s+(.*)$ ^netatalk(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-nox-py2(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-athena-py2(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-gtk3-py2(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-gtk-py2(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^vim-gnome-py2(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^python3-requests(?::\w+|)\s+(.*)$ ^python-requests(?::\w+|)\s+(.*)$ ^python-tornado(?::\w+|)\s+(.*)$ ^python3-tornado(?::\w+|)\s+(.*)$ ^libpano13-dev(?::\w+|)\s+(.*)$ ^libpano13-bin(?::\w+|)\s+(.*)$ ^libpano13-3(?::\w+|)\s+(.*)$ ^libc-ares-dev(?::\w+|)\s+(.*)$ ^libc-ares2(?::\w+|)\s+(.*)$ ^libglib2.0-0(?::\w+|)\s+(.*)$ ^libglib2.0-0-refdbg(?::\w+|)\s+(.*)$ ^libglib2.0-bin(?::\w+|)\s+(.*)$ ^libglib2.0-data(?::\w+|)\s+(.*)$ ^libglib2.0-dev(?::\w+|)\s+(.*)$ ^libglib2.0-doc(?::\w+|)\s+(.*)$ ^libglib2.0-tests(?::\w+|)\s+(.*)$ ^libcap2(?::\w+|)\s+(.*)$ ^libcap2-bin(?::\w+|)\s+(.*)$ ^libpam-cap(?::\w+|)\s+(.*)$ ^libcap-dev(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-aarch64(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^libx11-6(?::\w+|)\s+(.*)$ ^libx11-data(?::\w+|)\s+(.*)$ ^libx11-dev(?::\w+|)\s+(.*)$ ^libx11-doc(?::\w+|)\s+(.*)$ ^libx11-xcb-dev(?::\w+|)\s+(.*)$ ^libx11-xcb1(?::\w+|)\s+(.*)$ ^libgsasl7(?::\w+|)\s+(.*)$ ^libgsasl7-dev(?::\w+|)\s+(.*)$ ^gsasl(?::\w+|)\s+(.*)$ ^python3-pypdf2(?::\w+|)\s+(.*)$ ^python-pypdf2(?::\w+|)\s+(.*)$ ^libjettison-java(?::\w+|)\s+(.*)$ ^libjettison-java(?::\w+|)\s+(.*)$ ^libvlc-dev(?::\w+|)\s+(.*)$ ^libvlc5(?::\w+|)\s+(.*)$ ^libvlccore-dev(?::\w+|)\s+(.*)$ ^libvlccore8(?::\w+|)\s+(.*)$ ^vlc(?::\w+|)\s+(.*)$ ^vlc-data(?::\w+|)\s+(.*)$ ^vlc-nox(?::\w+|)\s+(.*)$ ^vlc-plugin-fluidsynth(?::\w+|)\s+(.*)$ ^vlc-plugin-jack(?::\w+|)\s+(.*)$ ^vlc-plugin-notify(?::\w+|)\s+(.*)$ ^vlc-plugin-samba(?::\w+|)\s+(.*)$ ^vlc-plugin-sdl(?::\w+|)\s+(.*)$ ^vlc-plugin-svg(?::\w+|)\s+(.*)$ ^vlc-plugin-zvbi(?::\w+|)\s+(.*)$ ^pngcheck(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^host(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libbind9-140(?::\w+|)\s+(.*)$ ^libdns-export162(?::\w+|)\s+(.*)$ ^libdns162(?::\w+|)\s+(.*)$ ^libirs-export141(?::\w+|)\s+(.*)$ ^libirs141(?::\w+|)\s+(.*)$ ^libisc-export160(?::\w+|)\s+(.*)$ ^libisc160(?::\w+|)\s+(.*)$ ^libisccc-export140(?::\w+|)\s+(.*)$ ^libisccc-export140-udeb(?::\w+|)\s+(.*)$ ^libisccc140(?::\w+|)\s+(.*)$ ^libisccfg-export140(?::\w+|)\s+(.*)$ ^libisccfg140(?::\w+|)\s+(.*)$ ^liblwres141(?::\w+|)\s+(.*)$ ^lwresd(?::\w+|)\s+(.*)$ ^cups(?::\w+|)\s+(.*)$ ^cups-bsd(?::\w+|)\s+(.*)$ ^cups-client(?::\w+|)\s+(.*)$ ^cups-common(?::\w+|)\s+(.*)$ ^cups-core-drivers(?::\w+|)\s+(.*)$ ^cups-daemon(?::\w+|)\s+(.*)$ ^cups-ipp-utils(?::\w+|)\s+(.*)$ ^cups-ppdc(?::\w+|)\s+(.*)$ ^cups-server-common(?::\w+|)\s+(.*)$ ^libcups2(?::\w+|)\s+(.*)$ ^libcups2-dev(?::\w+|)\s+(.*)$ ^libcupscgi1(?::\w+|)\s+(.*)$ ^libcupscgi1-dev(?::\w+|)\s+(.*)$ ^libcupsimage2(?::\w+|)\s+(.*)$ ^libcupsimage2-dev(?::\w+|)\s+(.*)$ ^libcupsmime1(?::\w+|)\s+(.*)$ ^libcupsmime1-dev(?::\w+|)\s+(.*)$ ^libcupsppdc1(?::\w+|)\s+(.*)$ ^libcupsppdc1-dev(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^accountsservice(?::\w+|)\s+(.*)$ ^gir1.2-accountsservice-1.0(?::\w+|)\s+(.*)$ ^libaccountsservice-dev(?::\w+|)\s+(.*)$ ^libaccountsservice-doc(?::\w+|)\s+(.*)$ ^libaccountsservice0(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^ldap-utils(?::\w+|)\s+(.*)$ ^libldap-2.4-2(?::\w+|)\s+(.*)$ ^libldap2-dev(?::\w+|)\s+(.*)$ ^slapd(?::\w+|)\s+(.*)$ ^slapd-smbk5pwd(?::\w+|)\s+(.*)$ ^screen(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.0(?::\w+|)\s+(.*)$ ^libphp7.0-embed(?::\w+|)\s+(.*)$ ^php7.0(?::\w+|)\s+(.*)$ ^php7.0-bcmath(?::\w+|)\s+(.*)$ ^php7.0-bz2(?::\w+|)\s+(.*)$ ^php7.0-cgi(?::\w+|)\s+(.*)$ ^php7.0-cli(?::\w+|)\s+(.*)$ ^php7.0-common(?::\w+|)\s+(.*)$ ^php7.0-curl(?::\w+|)\s+(.*)$ ^php7.0-dba(?::\w+|)\s+(.*)$ ^php7.0-dev(?::\w+|)\s+(.*)$ ^php7.0-enchant(?::\w+|)\s+(.*)$ ^php7.0-fpm(?::\w+|)\s+(.*)$ ^php7.0-gd(?::\w+|)\s+(.*)$ ^php7.0-gmp(?::\w+|)\s+(.*)$ ^php7.0-imap(?::\w+|)\s+(.*)$ ^php7.0-interbase(?::\w+|)\s+(.*)$ ^php7.0-intl(?::\w+|)\s+(.*)$ ^php7.0-json(?::\w+|)\s+(.*)$ ^php7.0-ldap(?::\w+|)\s+(.*)$ ^php7.0-mbstring(?::\w+|)\s+(.*)$ ^php7.0-mcrypt(?::\w+|)\s+(.*)$ ^php7.0-mysql(?::\w+|)\s+(.*)$ ^php7.0-odbc(?::\w+|)\s+(.*)$ ^php7.0-opcache(?::\w+|)\s+(.*)$ ^php7.0-pgsql(?::\w+|)\s+(.*)$ ^php7.0-phpdbg(?::\w+|)\s+(.*)$ ^php7.0-pspell(?::\w+|)\s+(.*)$ ^php7.0-readline(?::\w+|)\s+(.*)$ ^php7.0-recode(?::\w+|)\s+(.*)$ ^php7.0-snmp(?::\w+|)\s+(.*)$ ^php7.0-soap(?::\w+|)\s+(.*)$ ^php7.0-sqlite3(?::\w+|)\s+(.*)$ ^php7.0-sybase(?::\w+|)\s+(.*)$ ^php7.0-tidy(?::\w+|)\s+(.*)$ ^php7.0-xml(?::\w+|)\s+(.*)$ ^php7.0-xmlrpc(?::\w+|)\s+(.*)$ ^php7.0-xsl(?::\w+|)\s+(.*)$ ^php7.0-zip(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-5v5(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2-extra(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-2(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^containerd(?::\w+|)\s+(.*)$ ^golang-github-docker-containerd-dev(?::\w+|)\s+(.*)$ ^golang-websocket-dev(?::\w+|)\s+(.*)$ ^gerbv(?::\w+|)\s+(.*)$ ^ruby-doorkeeper(?::\w+|)\s+(.*)$ ^libruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3(?::\w+|)\s+(.*)$ ^ruby2.3-dev(?::\w+|)\s+(.*)$ ^ruby2.3-doc(?::\w+|)\s+(.*)$ ^ruby2.3-tcltk(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^knot-resolver(?::\w+|)\s+(.*)$ ^libtiff-doc(?::\w+|)\s+(.*)$ ^libtiff-opengl(?::\w+|)\s+(.*)$ ^libtiff-tools(?::\w+|)\s+(.*)$ ^libtiff5(?::\w+|)\s+(.*)$ ^libtiff5-dev(?::\w+|)\s+(.*)$ ^libtiffxx5(?::\w+|)\s+(.*)$ ^libecpg-compat3(?::\w+|)\s+(.*)$ ^libecpg-dev(?::\w+|)\s+(.*)$ ^libecpg6(?::\w+|)\s+(.*)$ ^libpgtypes3(?::\w+|)\s+(.*)$ ^libpq-dev(?::\w+|)\s+(.*)$ ^libpq5(?::\w+|)\s+(.*)$ ^postgresql-9.5(?::\w+|)\s+(.*)$ ^postgresql-client-9.5(?::\w+|)\s+(.*)$ ^postgresql-contrib-9.5(?::\w+|)\s+(.*)$ ^postgresql-doc-9.5(?::\w+|)\s+(.*)$ ^postgresql-plperl-9.5(?::\w+|)\s+(.*)$ ^postgresql-plpython-9.5(?::\w+|)\s+(.*)$ ^postgresql-plpython3-9.5(?::\w+|)\s+(.*)$ ^postgresql-pltcl-9.5(?::\w+|)\s+(.*)$ ^postgresql-server-dev-9.5(?::\w+|)\s+(.*)$ ^wkhtmltopdf(?::\w+|)\s+(.*)$ ^libyajl-dev(?::\w+|)\s+(.*)$ ^libyajl-doc(?::\w+|)\s+(.*)$ ^libyajl2(?::\w+|)\s+(.*)$ ^yajl-tools(?::\w+|)\s+(.*)$ ^connman(?::\w+|)\s+(.*)$ ^connman-dev(?::\w+|)\s+(.*)$ ^connman-doc(?::\w+|)\s+(.*)$ ^connman-vpn(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^libcurl3(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^ecdsautils(?::\w+|)\s+(.*)$ ^openssh-client(?::\w+|)\s+(.*)$ ^openssh-client-ssh1(?::\w+|)\s+(.*)$ ^openssh-server(?::\w+|)\s+(.*)$ ^openssh-sftp-server(?::\w+|)\s+(.*)$ ^ssh(?::\w+|)\s+(.*)$ ^ssh-askpass-gnome(?::\w+|)\s+(.*)$ ^ssh-krb5(?::\w+|)\s+(.*)$ ^graphite-web(?::\w+|)\s+(.*)$ ^amd64-microcode(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^open-vm-tools(?::\w+|)\s+(.*)$ ^open-vm-tools-desktop(?::\w+|)\s+(.*)$ ^open-vm-tools-dev(?::\w+|)\s+(.*)$ ^open-iscsi(?::\w+|)\s+(.*)$ ^libwireshark-data(?::\w+|)\s+(.*)$ ^libwireshark-dev(?::\w+|)\s+(.*)$ ^libwireshark11(?::\w+|)\s+(.*)$ ^libwiretap-dev(?::\w+|)\s+(.*)$ ^libwiretap8(?::\w+|)\s+(.*)$ ^libwscodecs2(?::\w+|)\s+(.*)$ ^libwsutil-dev(?::\w+|)\s+(.*)$ ^libwsutil9(?::\w+|)\s+(.*)$ ^tshark(?::\w+|)\s+(.*)$ ^wireshark(?::\w+|)\s+(.*)$ ^wireshark-common(?::\w+|)\s+(.*)$ ^wireshark-dev(?::\w+|)\s+(.*)$ ^wireshark-doc(?::\w+|)\s+(.*)$ ^wireshark-gtk(?::\w+|)\s+(.*)$ ^wireshark-qt(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre-jamvm(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^rabbitmq-server(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^vim-athena-py2(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-gnome-py2(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gtk-py2(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-gtk3-py2(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^vim-nox-py2(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^duende(?::\w+|)\s+(.*)$ ^maradns(?::\w+|)\s+(.*)$ ^maradns-deadwood(?::\w+|)\s+(.*)$ ^maradns-docs(?::\w+|)\s+(.*)$ ^maradns-zoneserver(?::\w+|)\s+(.*)$ ^libxmltooling-dev(?::\w+|)\s+(.*)$ ^libxmltooling-doc(?::\w+|)\s+(.*)$ ^libxmltooling6v5(?::\w+|)\s+(.*)$ ^xmltooling-schemas(?::\w+|)\s+(.*)$ ^cargo(?::\w+|)\s+(.*)$ ^cargo-doc(?::\w+|)\s+(.*)$ ^libodbc1(?::\w+|)\s+(.*)$ ^odbcinst(?::\w+|)\s+(.*)$ ^odbcinst1debian2(?::\w+|)\s+(.*)$ ^unixodbc(?::\w+|)\s+(.*)$ ^unixodbc-dev(?::\w+|)\s+(.*)$ ^php-dompdf(?::\w+|)\s+(.*)$ ^openssh-client(?::\w+|)\s+(.*)$ ^openssh-client-ssh1(?::\w+|)\s+(.*)$ ^openssh-server(?::\w+|)\s+(.*)$ ^openssh-sftp-server(?::\w+|)\s+(.*)$ ^ssh(?::\w+|)\s+(.*)$ ^ssh-askpass-gnome(?::\w+|)\s+(.*)$ ^ssh-krb5(?::\w+|)\s+(.*)$ ^python-pypdf2(?::\w+|)\s+(.*)$ ^python3-pypdf2(?::\w+|)\s+(.*)$ ^velocity(?::\w+|)\s+(.*)$ ^velocity-doc(?::\w+|)\s+(.*)$ ^libvelocity-tools-java(?::\w+|)\s+(.*)$ ^libvelocity-tools-java-doc(?::\w+|)\s+(.*)$ ^intel-microcode(?::\w+|)\s+(.*)$ ^golang-yaml.v2-dev(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-common(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^libtiff-doc(?::\w+|)\s+(.*)$ ^libtiff-opengl(?::\w+|)\s+(.*)$ ^libtiff-tools(?::\w+|)\s+(.*)$ ^libtiff5(?::\w+|)\s+(.*)$ ^libtiff5-dev(?::\w+|)\s+(.*)$ ^libtiffxx5(?::\w+|)\s+(.*)$ ^gir1.2-gstreamer-1.0(?::\w+|)\s+(.*)$ ^gstreamer1.0-doc(?::\w+|)\s+(.*)$ ^gstreamer1.0-tools(?::\w+|)\s+(.*)$ ^libgstreamer1.0-0(?::\w+|)\s+(.*)$ ^libgstreamer1.0-dev(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^libzzip-0-13(?::\w+|)\s+(.*)$ ^libzzip-dev(?::\w+|)\s+(.*)$ ^zziplib-bin(?::\w+|)\s+(.*)$ ^gir1.2-poppler-0.18(?::\w+|)\s+(.*)$ ^libpoppler-cpp-dev(?::\w+|)\s+(.*)$ ^libpoppler-cpp0(?::\w+|)\s+(.*)$ ^libpoppler-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-doc(?::\w+|)\s+(.*)$ ^libpoppler-glib8(?::\w+|)\s+(.*)$ ^libpoppler-private-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt4-4(?::\w+|)\s+(.*)$ ^libpoppler-qt4-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt5-1(?::\w+|)\s+(.*)$ ^libpoppler-qt5-dev(?::\w+|)\s+(.*)$ ^libpoppler58(?::\w+|)\s+(.*)$ ^poppler-utils(?::\w+|)\s+(.*)$ ^clamav(?::\w+|)\s+(.*)$ ^clamav-base(?::\w+|)\s+(.*)$ ^clamav-daemon(?::\w+|)\s+(.*)$ ^clamav-docs(?::\w+|)\s+(.*)$ ^clamav-freshclam(?::\w+|)\s+(.*)$ ^clamav-milter(?::\w+|)\s+(.*)$ ^clamav-testfiles(?::\w+|)\s+(.*)$ ^clamdscan(?::\w+|)\s+(.*)$ ^libclamav-dev(?::\w+|)\s+(.*)$ ^libclamav9(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.0(?::\w+|)\s+(.*)$ ^libphp7.0-embed(?::\w+|)\s+(.*)$ ^php7.0(?::\w+|)\s+(.*)$ ^php7.0-bcmath(?::\w+|)\s+(.*)$ ^php7.0-bz2(?::\w+|)\s+(.*)$ ^php7.0-cgi(?::\w+|)\s+(.*)$ ^php7.0-cli(?::\w+|)\s+(.*)$ ^php7.0-common(?::\w+|)\s+(.*)$ ^php7.0-curl(?::\w+|)\s+(.*)$ ^php7.0-dba(?::\w+|)\s+(.*)$ ^php7.0-dev(?::\w+|)\s+(.*)$ ^php7.0-enchant(?::\w+|)\s+(.*)$ ^php7.0-fpm(?::\w+|)\s+(.*)$ ^php7.0-gd(?::\w+|)\s+(.*)$ ^php7.0-gmp(?::\w+|)\s+(.*)$ ^php7.0-imap(?::\w+|)\s+(.*)$ ^php7.0-interbase(?::\w+|)\s+(.*)$ ^php7.0-intl(?::\w+|)\s+(.*)$ ^php7.0-json(?::\w+|)\s+(.*)$ ^php7.0-ldap(?::\w+|)\s+(.*)$ ^php7.0-mbstring(?::\w+|)\s+(.*)$ ^php7.0-mcrypt(?::\w+|)\s+(.*)$ ^php7.0-mysql(?::\w+|)\s+(.*)$ ^php7.0-odbc(?::\w+|)\s+(.*)$ ^php7.0-opcache(?::\w+|)\s+(.*)$ ^php7.0-pgsql(?::\w+|)\s+(.*)$ ^php7.0-phpdbg(?::\w+|)\s+(.*)$ ^php7.0-pspell(?::\w+|)\s+(.*)$ ^php7.0-readline(?::\w+|)\s+(.*)$ ^php7.0-recode(?::\w+|)\s+(.*)$ ^php7.0-snmp(?::\w+|)\s+(.*)$ ^php7.0-soap(?::\w+|)\s+(.*)$ ^php7.0-sqlite3(?::\w+|)\s+(.*)$ ^php7.0-sybase(?::\w+|)\s+(.*)$ ^php7.0-tidy(?::\w+|)\s+(.*)$ ^php7.0-xml(?::\w+|)\s+(.*)$ ^php7.0-xmlrpc(?::\w+|)\s+(.*)$ ^php7.0-xsl(?::\w+|)\s+(.*)$ ^php7.0-zip(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^faad(?::\w+|)\s+(.*)$ ^libfaad-dev(?::\w+|)\s+(.*)$ ^libfaad2(?::\w+|)\s+(.*)$ ^amd64-microcode(?::\w+|)\s+(.*)$ ^elfutils(?::\w+|)\s+(.*)$ ^libasm-dev(?::\w+|)\s+(.*)$ ^libasm1(?::\w+|)\s+(.*)$ ^libdw-dev(?::\w+|)\s+(.*)$ ^libdw1(?::\w+|)\s+(.*)$ ^libelf-dev(?::\w+|)\s+(.*)$ ^libelf1(?::\w+|)\s+(.*)$ ^python-git(?::\w+|)\s+(.*)$ ^python-git-doc(?::\w+|)\s+(.*)$ ^python3-git(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^atftp(?::\w+|)\s+(.*)$ ^atftpd(?::\w+|)\s+(.*)$ ^busybox(?::\w+|)\s+(.*)$ ^busybox-initramfs(?::\w+|)\s+(.*)$ ^busybox-static(?::\w+|)\s+(.*)$ ^busybox-syslogd(?::\w+|)\s+(.*)$ ^udhcpc(?::\w+|)\s+(.*)$ ^udhcpd(?::\w+|)\s+(.*)$ ^docker-registry(?::\w+|)\s+(.*)$ ^golang-github-docker-distribution-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^libsox-dev(?::\w+|)\s+(.*)$ ^libsox-fmt-all(?::\w+|)\s+(.*)$ ^libsox-fmt-alsa(?::\w+|)\s+(.*)$ ^libsox-fmt-ao(?::\w+|)\s+(.*)$ ^libsox-fmt-base(?::\w+|)\s+(.*)$ ^libsox-fmt-mp3(?::\w+|)\s+(.*)$ ^libsox-fmt-oss(?::\w+|)\s+(.*)$ ^libsox-fmt-pulse(?::\w+|)\s+(.*)$ ^libsox2(?::\w+|)\s+(.*)$ ^sox(?::\w+|)\s+(.*)$ ^libplib-dev(?::\w+|)\s+(.*)$ ^libplib1(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^idle-python3.5(?::\w+|)\s+(.*)$ ^libpython3.5(?::\w+|)\s+(.*)$ ^libpython3.5-dev(?::\w+|)\s+(.*)$ ^libpython3.5-minimal(?::\w+|)\s+(.*)$ ^libpython3.5-stdlib(?::\w+|)\s+(.*)$ ^libpython3.5-testsuite(?::\w+|)\s+(.*)$ ^python3.5(?::\w+|)\s+(.*)$ ^python3.5-dev(?::\w+|)\s+(.*)$ ^python3.5-doc(?::\w+|)\s+(.*)$ ^python3.5-examples(?::\w+|)\s+(.*)$ ^python3.5-minimal(?::\w+|)\s+(.*)$ ^python3.5-venv(?::\w+|)\s+(.*)$ ^libopendmarc-dev(?::\w+|)\s+(.*)$ ^libopendmarc2(?::\w+|)\s+(.*)$ ^opendmarc(?::\w+|)\s+(.*)$ ^rddmarc(?::\w+|)\s+(.*)$ ^ruby-redcloth(?::\w+|)\s+(.*)$ ^flac(?::\w+|)\s+(.*)$ ^libflac++-dev(?::\w+|)\s+(.*)$ ^libflac++6v5(?::\w+|)\s+(.*)$ ^libflac-dev(?::\w+|)\s+(.*)$ ^libflac-doc(?::\w+|)\s+(.*)$ ^libflac8(?::\w+|)\s+(.*)$ ^cups(?::\w+|)\s+(.*)$ ^cups-bsd(?::\w+|)\s+(.*)$ ^cups-client(?::\w+|)\s+(.*)$ ^cups-common(?::\w+|)\s+(.*)$ ^cups-core-drivers(?::\w+|)\s+(.*)$ ^cups-daemon(?::\w+|)\s+(.*)$ ^cups-ipp-utils(?::\w+|)\s+(.*)$ ^cups-ppdc(?::\w+|)\s+(.*)$ ^cups-server-common(?::\w+|)\s+(.*)$ ^libcups2(?::\w+|)\s+(.*)$ ^libcups2-dev(?::\w+|)\s+(.*)$ ^libcupscgi1(?::\w+|)\s+(.*)$ ^libcupscgi1-dev(?::\w+|)\s+(.*)$ ^libcupsimage2(?::\w+|)\s+(.*)$ ^libcupsimage2-dev(?::\w+|)\s+(.*)$ ^libcupsmime1(?::\w+|)\s+(.*)$ ^libcupsmime1-dev(?::\w+|)\s+(.*)$ ^libcupsppdc1(?::\w+|)\s+(.*)$ ^libcupsppdc1-dev(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^open-vm-tools(?::\w+|)\s+(.*)$ ^open-vm-tools-desktop(?::\w+|)\s+(.*)$ ^open-vm-tools-dev(?::\w+|)\s+(.*)$ ^libecpg-compat3(?::\w+|)\s+(.*)$ ^libecpg-dev(?::\w+|)\s+(.*)$ ^libecpg6(?::\w+|)\s+(.*)$ ^libpgtypes3(?::\w+|)\s+(.*)$ ^libpq-dev(?::\w+|)\s+(.*)$ ^libpq5(?::\w+|)\s+(.*)$ ^postgresql-9.5(?::\w+|)\s+(.*)$ ^postgresql-client-9.5(?::\w+|)\s+(.*)$ ^postgresql-contrib-9.5(?::\w+|)\s+(.*)$ ^postgresql-doc-9.5(?::\w+|)\s+(.*)$ ^postgresql-plperl-9.5(?::\w+|)\s+(.*)$ ^postgresql-plpython-9.5(?::\w+|)\s+(.*)$ ^postgresql-plpython3-9.5(?::\w+|)\s+(.*)$ ^postgresql-pltcl-9.5(?::\w+|)\s+(.*)$ ^postgresql-server-dev-9.5(?::\w+|)\s+(.*)$ ^libapache2-mod-security2(?::\w+|)\s+(.*)$ ^libapache2-modsecurity(?::\w+|)\s+(.*)$ ^libssh2-1(?::\w+|)\s+(.*)$ ^libssh2-1-dev(?::\w+|)\s+(.*)$ ^dbus(?::\w+|)\s+(.*)$ ^dbus-1-doc(?::\w+|)\s+(.*)$ ^dbus-tests(?::\w+|)\s+(.*)$ ^dbus-user-session(?::\w+|)\s+(.*)$ ^dbus-x11(?::\w+|)\s+(.*)$ ^libdbus-1-3(?::\w+|)\s+(.*)$ ^libdbus-1-dev(?::\w+|)\s+(.*)$ ^gawk(?::\w+|)\s+(.*)$ ^mutt(?::\w+|)\s+(.*)$ ^mutt-patched(?::\w+|)\s+(.*)$ ^nodejs(?::\w+|)\s+(.*)$ ^nodejs-dev(?::\w+|)\s+(.*)$ ^nodejs-legacy(?::\w+|)\s+(.*)$ ^binutils(?::\w+|)\s+(.*)$ ^binutils-aarch64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-alpha-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-arm-linux-gnueabi(?::\w+|)\s+(.*)$ ^binutils-arm-linux-gnueabihf(?::\w+|)\s+(.*)$ ^binutils-dev(?::\w+|)\s+(.*)$ ^binutils-doc(?::\w+|)\s+(.*)$ ^binutils-hppa-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-hppa64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-m68k-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mips-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mips64-linux-gnuabi64(?::\w+|)\s+(.*)$ ^binutils-mips64el-linux-gnuabi64(?::\w+|)\s+(.*)$ ^binutils-mipsel-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-multiarch(?::\w+|)\s+(.*)$ ^binutils-multiarch-dev(?::\w+|)\s+(.*)$ ^binutils-powerpc-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-powerpc-linux-gnuspe(?::\w+|)\s+(.*)$ ^binutils-powerpc64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-powerpc64le-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-s390x-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-sh4-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-source(?::\w+|)\s+(.*)$ ^binutils-sparc64-linux-gnu(?::\w+|)\s+(.*)$ ^memcached(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^cups(?::\w+|)\s+(.*)$ ^cups-bsd(?::\w+|)\s+(.*)$ ^cups-client(?::\w+|)\s+(.*)$ ^cups-common(?::\w+|)\s+(.*)$ ^cups-core-drivers(?::\w+|)\s+(.*)$ ^cups-daemon(?::\w+|)\s+(.*)$ ^cups-ipp-utils(?::\w+|)\s+(.*)$ ^cups-ppdc(?::\w+|)\s+(.*)$ ^cups-server-common(?::\w+|)\s+(.*)$ ^libcups2(?::\w+|)\s+(.*)$ ^libcups2-dev(?::\w+|)\s+(.*)$ ^libcupscgi1(?::\w+|)\s+(.*)$ ^libcupscgi1-dev(?::\w+|)\s+(.*)$ ^libcupsimage2(?::\w+|)\s+(.*)$ ^libcupsimage2-dev(?::\w+|)\s+(.*)$ ^libcupsmime1(?::\w+|)\s+(.*)$ ^libcupsmime1-dev(?::\w+|)\s+(.*)$ ^libcupsppdc1(?::\w+|)\s+(.*)$ ^libcupsppdc1-dev(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-5v5(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2-extra(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-2(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^idle-python3.5(?::\w+|)\s+(.*)$ ^libpython3.5(?::\w+|)\s+(.*)$ ^libpython3.5-dev(?::\w+|)\s+(.*)$ ^libpython3.5-minimal(?::\w+|)\s+(.*)$ ^libpython3.5-stdlib(?::\w+|)\s+(.*)$ ^libpython3.5-testsuite(?::\w+|)\s+(.*)$ ^python3.5(?::\w+|)\s+(.*)$ ^python3.5-dev(?::\w+|)\s+(.*)$ ^python3.5-doc(?::\w+|)\s+(.*)$ ^python3.5-examples(?::\w+|)\s+(.*)$ ^python3.5-minimal(?::\w+|)\s+(.*)$ ^python3.5-venv(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^minidlna(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^idle-python3.5(?::\w+|)\s+(.*)$ ^libpython3.5(?::\w+|)\s+(.*)$ ^libpython3.5-dev(?::\w+|)\s+(.*)$ ^libpython3.5-minimal(?::\w+|)\s+(.*)$ ^libpython3.5-stdlib(?::\w+|)\s+(.*)$ ^libpython3.5-testsuite(?::\w+|)\s+(.*)$ ^python3.5(?::\w+|)\s+(.*)$ ^python3.5-dev(?::\w+|)\s+(.*)$ ^python3.5-doc(?::\w+|)\s+(.*)$ ^python3.5-examples(?::\w+|)\s+(.*)$ ^python3.5-minimal(?::\w+|)\s+(.*)$ ^python3.5-venv(?::\w+|)\s+(.*)$ ^libtommath-dev(?::\w+|)\s+(.*)$ ^libtommath-docs(?::\w+|)\s+(.*)$ ^libtommath0(?::\w+|)\s+(.*)$ ^libvpx-dev(?::\w+|)\s+(.*)$ ^libvpx-doc(?::\w+|)\s+(.*)$ ^libvpx3(?::\w+|)\s+(.*)$ ^vpx-tools(?::\w+|)\s+(.*)$ ^libx11-6(?::\w+|)\s+(.*)$ ^libx11-data(?::\w+|)\s+(.*)$ ^libx11-dev(?::\w+|)\s+(.*)$ ^libx11-doc(?::\w+|)\s+(.*)$ ^libx11-xcb-dev(?::\w+|)\s+(.*)$ ^libx11-xcb1(?::\w+|)\s+(.*)$ ^libxpm-dev(?::\w+|)\s+(.*)$ ^libxpm4(?::\w+|)\s+(.*)$ ^xpmutils(?::\w+|)\s+(.*)$ ^exim4(?::\w+|)\s+(.*)$ ^exim4-base(?::\w+|)\s+(.*)$ ^exim4-config(?::\w+|)\s+(.*)$ ^exim4-daemon-heavy(?::\w+|)\s+(.*)$ ^exim4-daemon-light(?::\w+|)\s+(.*)$ ^exim4-dev(?::\w+|)\s+(.*)$ ^eximon4(?::\w+|)\s+(.*)$ ^binutils(?::\w+|)\s+(.*)$ ^binutils-aarch64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-alpha-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-arm-linux-gnueabi(?::\w+|)\s+(.*)$ ^binutils-arm-linux-gnueabihf(?::\w+|)\s+(.*)$ ^binutils-dev(?::\w+|)\s+(.*)$ ^binutils-doc(?::\w+|)\s+(.*)$ ^binutils-hppa-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-hppa64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-m68k-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mips-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mips64-linux-gnuabi64(?::\w+|)\s+(.*)$ ^binutils-mips64el-linux-gnuabi64(?::\w+|)\s+(.*)$ ^binutils-mipsel-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-multiarch(?::\w+|)\s+(.*)$ ^binutils-multiarch-dev(?::\w+|)\s+(.*)$ ^binutils-powerpc-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-powerpc-linux-gnuspe(?::\w+|)\s+(.*)$ ^binutils-powerpc64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-powerpc64le-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-s390x-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-sh4-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-source(?::\w+|)\s+(.*)$ ^binutils-sparc64-linux-gnu(?::\w+|)\s+(.*)$ ^libjs-jquery-ui(?::\w+|)\s+(.*)$ ^libjs-jquery-ui-docs(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^host(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libbind9-140(?::\w+|)\s+(.*)$ ^libdns-export162(?::\w+|)\s+(.*)$ ^libdns162(?::\w+|)\s+(.*)$ ^libirs-export141(?::\w+|)\s+(.*)$ ^libirs141(?::\w+|)\s+(.*)$ ^libisc-export160(?::\w+|)\s+(.*)$ ^libisc160(?::\w+|)\s+(.*)$ ^libisccc-export140(?::\w+|)\s+(.*)$ ^libisccc-export140-udeb(?::\w+|)\s+(.*)$ ^libisccc140(?::\w+|)\s+(.*)$ ^libisccfg-export140(?::\w+|)\s+(.*)$ ^libisccfg140(?::\w+|)\s+(.*)$ ^liblwres141(?::\w+|)\s+(.*)$ ^lwresd(?::\w+|)\s+(.*)$ ^libtiff-doc(?::\w+|)\s+(.*)$ ^libtiff-opengl(?::\w+|)\s+(.*)$ ^libtiff-tools(?::\w+|)\s+(.*)$ ^libtiff5(?::\w+|)\s+(.*)$ ^libtiff5-dev(?::\w+|)\s+(.*)$ ^libtiffxx5(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^libcurl3(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^ffmpeg(?::\w+|)\s+(.*)$ ^ffmpeg-doc(?::\w+|)\s+(.*)$ ^libav-tools(?::\w+|)\s+(.*)$ ^libavcodec-dev(?::\w+|)\s+(.*)$ ^libavcodec-extra(?::\w+|)\s+(.*)$ ^libavcodec-ffmpeg-extra56(?::\w+|)\s+(.*)$ ^libavcodec-ffmpeg56(?::\w+|)\s+(.*)$ ^libavdevice-dev(?::\w+|)\s+(.*)$ ^libavdevice-ffmpeg56(?::\w+|)\s+(.*)$ ^libavfilter-dev(?::\w+|)\s+(.*)$ ^libavfilter-ffmpeg5(?::\w+|)\s+(.*)$ ^libavformat-dev(?::\w+|)\s+(.*)$ ^libavformat-ffmpeg56(?::\w+|)\s+(.*)$ ^libavresample-dev(?::\w+|)\s+(.*)$ ^libavresample-ffmpeg2(?::\w+|)\s+(.*)$ ^libavutil-dev(?::\w+|)\s+(.*)$ ^libavutil-ffmpeg54(?::\w+|)\s+(.*)$ ^libpostproc-dev(?::\w+|)\s+(.*)$ ^libpostproc-ffmpeg53(?::\w+|)\s+(.*)$ ^libswresample-dev(?::\w+|)\s+(.*)$ ^libswresample-ffmpeg1(?::\w+|)\s+(.*)$ ^libswscale-dev(?::\w+|)\s+(.*)$ ^libswscale-ffmpeg3(?::\w+|)\s+(.*)$ ^iperf3(?::\w+|)\s+(.*)$ ^libiperf-dev(?::\w+|)\s+(.*)$ ^libiperf0(?::\w+|)\s+(.*)$ ^quagga(?::\w+|)\s+(.*)$ ^quagga-doc(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^gir1.2-vips-8.0(?::\w+|)\s+(.*)$ ^libvips-dev(?::\w+|)\s+(.*)$ ^libvips-doc(?::\w+|)\s+(.*)$ ^libvips-tools(?::\w+|)\s+(.*)$ ^libvips42(?::\w+|)\s+(.*)$ ^python-vipscc(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^libsofia-sip-ua-dev(?::\w+|)\s+(.*)$ ^libsofia-sip-ua-glib-dev(?::\w+|)\s+(.*)$ ^libsofia-sip-ua-glib3(?::\w+|)\s+(.*)$ ^libsofia-sip-ua0(?::\w+|)\s+(.*)$ ^sofia-sip-bin(?::\w+|)\s+(.*)$ ^sofia-sip-doc(?::\w+|)\s+(.*)$ ^lib32ncurses5(?::\w+|)\s+(.*)$ ^lib32ncurses5-dev(?::\w+|)\s+(.*)$ ^lib32ncursesw5(?::\w+|)\s+(.*)$ ^lib32ncursesw5-dev(?::\w+|)\s+(.*)$ ^lib32tinfo-dev(?::\w+|)\s+(.*)$ ^lib32tinfo5(?::\w+|)\s+(.*)$ ^lib64ncurses5(?::\w+|)\s+(.*)$ ^lib64ncurses5-dev(?::\w+|)\s+(.*)$ ^lib64tinfo5(?::\w+|)\s+(.*)$ ^libncurses5(?::\w+|)\s+(.*)$ ^libncurses5-dev(?::\w+|)\s+(.*)$ ^libncursesw5(?::\w+|)\s+(.*)$ ^libncursesw5-dev(?::\w+|)\s+(.*)$ ^libtinfo-dev(?::\w+|)\s+(.*)$ ^libtinfo5(?::\w+|)\s+(.*)$ ^libx32ncurses5(?::\w+|)\s+(.*)$ ^libx32ncurses5-dev(?::\w+|)\s+(.*)$ ^libx32ncursesw5(?::\w+|)\s+(.*)$ ^libx32ncursesw5-dev(?::\w+|)\s+(.*)$ ^libx32tinfo-dev(?::\w+|)\s+(.*)$ ^libx32tinfo5(?::\w+|)\s+(.*)$ ^ncurses-base(?::\w+|)\s+(.*)$ ^ncurses-bin(?::\w+|)\s+(.*)$ ^ncurses-doc(?::\w+|)\s+(.*)$ ^ncurses-examples(?::\w+|)\s+(.*)$ ^ncurses-term(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^vim-athena-py2(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-gnome-py2(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gtk-py2(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-gtk3-py2(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^vim-nox-py2(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^xdmx(?::\w+|)\s+(.*)$ ^xdmx-tools(?::\w+|)\s+(.*)$ ^xmir(?::\w+|)\s+(.*)$ ^xnest(?::\w+|)\s+(.*)$ ^xorg-server-source(?::\w+|)\s+(.*)$ ^xserver-common(?::\w+|)\s+(.*)$ ^xserver-xephyr(?::\w+|)\s+(.*)$ ^xserver-xorg-core(?::\w+|)\s+(.*)$ ^xserver-xorg-dev(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy(?::\w+|)\s+(.*)$ ^xserver-xorg-xmir(?::\w+|)\s+(.*)$ ^xvfb(?::\w+|)\s+(.*)$ ^xwayland(?::\w+|)\s+(.*)$ ^exim4(?::\w+|)\s+(.*)$ ^exim4-base(?::\w+|)\s+(.*)$ ^exim4-config(?::\w+|)\s+(.*)$ ^exim4-daemon-heavy(?::\w+|)\s+(.*)$ ^exim4-daemon-light(?::\w+|)\s+(.*)$ ^exim4-dev(?::\w+|)\s+(.*)$ ^eximon4(?::\w+|)\s+(.*)$ ^open-vm-tools(?::\w+|)\s+(.*)$ ^open-vm-tools-desktop(?::\w+|)\s+(.*)$ ^open-vm-tools-dev(?::\w+|)\s+(.*)$ ^krb5-admin-server(?::\w+|)\s+(.*)$ ^krb5-doc(?::\w+|)\s+(.*)$ ^krb5-gss-samples(?::\w+|)\s+(.*)$ ^krb5-k5tls(?::\w+|)\s+(.*)$ ^krb5-kdc(?::\w+|)\s+(.*)$ ^krb5-kdc-ldap(?::\w+|)\s+(.*)$ ^krb5-locales(?::\w+|)\s+(.*)$ ^krb5-multidev(?::\w+|)\s+(.*)$ ^krb5-otp(?::\w+|)\s+(.*)$ ^krb5-pkinit(?::\w+|)\s+(.*)$ ^krb5-user(?::\w+|)\s+(.*)$ ^libgssapi-krb5-2(?::\w+|)\s+(.*)$ ^libgssrpc4(?::\w+|)\s+(.*)$ ^libk5crypto3(?::\w+|)\s+(.*)$ ^libkadm5clnt-mit9(?::\w+|)\s+(.*)$ ^libkadm5srv-mit9(?::\w+|)\s+(.*)$ ^libkdb5-8(?::\w+|)\s+(.*)$ ^libkrad-dev(?::\w+|)\s+(.*)$ ^libkrad0(?::\w+|)\s+(.*)$ ^libkrb5-3(?::\w+|)\s+(.*)$ ^libkrb5-dev(?::\w+|)\s+(.*)$ ^libkrb5support0(?::\w+|)\s+(.*)$ ^xrdp(?::\w+|)\s+(.*)$ ^libaxis-java(?::\w+|)\s+(.*)$ ^libaxis-java-doc(?::\w+|)\s+(.*)$ ^libsndfile1(?::\w+|)\s+(.*)$ ^libsndfile1-dev(?::\w+|)\s+(.*)$ ^sndfile-programs(?::\w+|)\s+(.*)$ ^gsl-bin(?::\w+|)\s+(.*)$ ^libgsl-dev(?::\w+|)\s+(.*)$ ^libgsl2(?::\w+|)\s+(.*)$ ^python-urllib3(?::\w+|)\s+(.*)$ ^python3-urllib3(?::\w+|)\s+(.*)$ ^python-pip(?::\w+|)\s+(.*)$ ^python-pip-whl(?::\w+|)\s+(.*)$ ^python3-pip(?::\w+|)\s+(.*)$ ^xrdp(?::\w+|)\s+(.*)$ ^cobbler(?::\w+|)\s+(.*)$ ^cobbler-common(?::\w+|)\s+(.*)$ ^cobbler-web(?::\w+|)\s+(.*)$ ^koan(?::\w+|)\s+(.*)$ ^python-cobbler(?::\w+|)\s+(.*)$ ^python-koan(?::\w+|)\s+(.*)$ ^libprocps4(?::\w+|)\s+(.*)$ ^libprocps4-dev(?::\w+|)\s+(.*)$ ^procps(?::\w+|)\s+(.*)$ ^traceroute(?::\w+|)\s+(.*)$ ^intel-microcode(?::\w+|)\s+(.*)$ ^avahi-autoipd(?::\w+|)\s+(.*)$ ^avahi-daemon(?::\w+|)\s+(.*)$ ^avahi-discover(?::\w+|)\s+(.*)$ ^avahi-dnsconfd(?::\w+|)\s+(.*)$ ^avahi-ui-utils(?::\w+|)\s+(.*)$ ^avahi-utils(?::\w+|)\s+(.*)$ ^libavahi-client-dev(?::\w+|)\s+(.*)$ ^libavahi-client3(?::\w+|)\s+(.*)$ ^libavahi-common-data(?::\w+|)\s+(.*)$ ^libavahi-common-dev(?::\w+|)\s+(.*)$ ^libavahi-common3(?::\w+|)\s+(.*)$ ^libavahi-compat-libdnssd-dev(?::\w+|)\s+(.*)$ ^libavahi-compat-libdnssd1(?::\w+|)\s+(.*)$ ^libavahi-core-dev(?::\w+|)\s+(.*)$ ^libavahi-core7(?::\w+|)\s+(.*)$ ^libavahi-glib-dev(?::\w+|)\s+(.*)$ ^libavahi-glib1(?::\w+|)\s+(.*)$ ^libavahi-gobject-dev(?::\w+|)\s+(.*)$ ^libavahi-gobject0(?::\w+|)\s+(.*)$ ^libavahi-qt4-1(?::\w+|)\s+(.*)$ ^libavahi-qt4-dev(?::\w+|)\s+(.*)$ ^libavahi-ui-dev(?::\w+|)\s+(.*)$ ^libavahi-ui-gtk3-0(?::\w+|)\s+(.*)$ ^libavahi-ui-gtk3-dev(?::\w+|)\s+(.*)$ ^libavahi-ui0(?::\w+|)\s+(.*)$ ^python-avahi(?::\w+|)\s+(.*)$ ^charon-cmd(?::\w+|)\s+(.*)$ ^libcharon-extra-plugins(?::\w+|)\s+(.*)$ ^libstrongswan(?::\w+|)\s+(.*)$ ^libstrongswan-extra-plugins(?::\w+|)\s+(.*)$ ^libstrongswan-standard-plugins(?::\w+|)\s+(.*)$ ^strongswan(?::\w+|)\s+(.*)$ ^strongswan-charon(?::\w+|)\s+(.*)$ ^strongswan-ike(?::\w+|)\s+(.*)$ ^strongswan-ikev1(?::\w+|)\s+(.*)$ ^strongswan-ikev2(?::\w+|)\s+(.*)$ ^strongswan-libcharon(?::\w+|)\s+(.*)$ ^strongswan-nm(?::\w+|)\s+(.*)$ ^strongswan-plugin-af-alg(?::\w+|)\s+(.*)$ ^strongswan-plugin-agent(?::\w+|)\s+(.*)$ ^strongswan-plugin-attr-sql(?::\w+|)\s+(.*)$ ^strongswan-plugin-certexpire(?::\w+|)\s+(.*)$ ^strongswan-plugin-coupling(?::\w+|)\s+(.*)$ ^strongswan-plugin-curl(?::\w+|)\s+(.*)$ ^strongswan-plugin-dhcp(?::\w+|)\s+(.*)$ ^strongswan-plugin-dnscert(?::\w+|)\s+(.*)$ ^strongswan-plugin-dnskey(?::\w+|)\s+(.*)$ ^strongswan-plugin-duplicheck(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-aka(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-aka-3gpp2(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-dynamic(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-gtc(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-md5(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-mschapv2(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-peap(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-radius(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-sim(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-sim-file(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-sim-pcsc(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-simaka-pseudonym(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-simaka-reauth(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-simaka-sql(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-tls(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-tnc(?::\w+|)\s+(.*)$ ^strongswan-plugin-eap-ttls(?::\w+|)\s+(.*)$ ^strongswan-plugin-error-notify(?::\w+|)\s+(.*)$ ^strongswan-plugin-farp(?::\w+|)\s+(.*)$ ^strongswan-plugin-fips-prf(?::\w+|)\s+(.*)$ ^strongswan-plugin-gcrypt(?::\w+|)\s+(.*)$ ^strongswan-plugin-gmp(?::\w+|)\s+(.*)$ ^strongswan-plugin-ipseckey(?::\w+|)\s+(.*)$ ^strongswan-plugin-kernel-libipsec(?::\w+|)\s+(.*)$ ^strongswan-plugin-ldap(?::\w+|)\s+(.*)$ ^strongswan-plugin-led(?::\w+|)\s+(.*)$ ^strongswan-plugin-load-tester(?::\w+|)\s+(.*)$ ^strongswan-plugin-lookip(?::\w+|)\s+(.*)$ ^strongswan-plugin-mysql(?::\w+|)\s+(.*)$ ^strongswan-plugin-ntru(?::\w+|)\s+(.*)$ ^strongswan-plugin-openssl(?::\w+|)\s+(.*)$ ^strongswan-plugin-pgp(?::\w+|)\s+(.*)$ ^strongswan-plugin-pkcs11(?::\w+|)\s+(.*)$ ^strongswan-plugin-pubkey(?::\w+|)\s+(.*)$ ^strongswan-plugin-radattr(?::\w+|)\s+(.*)$ ^strongswan-plugin-soup(?::\w+|)\s+(.*)$ ^strongswan-plugin-sql(?::\w+|)\s+(.*)$ ^strongswan-plugin-sqlite(?::\w+|)\s+(.*)$ ^strongswan-plugin-sshkey(?::\w+|)\s+(.*)$ ^strongswan-plugin-systime-fix(?::\w+|)\s+(.*)$ ^strongswan-plugin-unbound(?::\w+|)\s+(.*)$ ^strongswan-plugin-unity(?::\w+|)\s+(.*)$ ^strongswan-plugin-whitelist(?::\w+|)\s+(.*)$ ^strongswan-plugin-xauth-eap(?::\w+|)\s+(.*)$ ^strongswan-plugin-xauth-generic(?::\w+|)\s+(.*)$ ^strongswan-plugin-xauth-noauth(?::\w+|)\s+(.*)$ ^strongswan-plugin-xauth-pam(?::\w+|)\s+(.*)$ ^strongswan-starter(?::\w+|)\s+(.*)$ ^strongswan-tnc-base(?::\w+|)\s+(.*)$ ^strongswan-tnc-client(?::\w+|)\s+(.*)$ ^strongswan-tnc-ifmap(?::\w+|)\s+(.*)$ ^strongswan-tnc-pdp(?::\w+|)\s+(.*)$ ^strongswan-tnc-server(?::\w+|)\s+(.*)$ ^hibagent(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^squid(?::\w+|)\s+(.*)$ ^squid3(?::\w+|)\s+(.*)$ ^gir1.2-poppler-0.18(?::\w+|)\s+(.*)$ ^libpoppler-cpp-dev(?::\w+|)\s+(.*)$ ^libpoppler-cpp0(?::\w+|)\s+(.*)$ ^libpoppler-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-doc(?::\w+|)\s+(.*)$ ^libpoppler-glib8(?::\w+|)\s+(.*)$ ^libpoppler-private-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt4-4(?::\w+|)\s+(.*)$ ^libpoppler-qt4-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt5-1(?::\w+|)\s+(.*)$ ^libpoppler-qt5-dev(?::\w+|)\s+(.*)$ ^libpoppler58(?::\w+|)\s+(.*)$ ^poppler-utils(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^libtiff-doc(?::\w+|)\s+(.*)$ ^libtiff-opengl(?::\w+|)\s+(.*)$ ^libtiff-tools(?::\w+|)\s+(.*)$ ^libtiff5(?::\w+|)\s+(.*)$ ^libtiff5-dev(?::\w+|)\s+(.*)$ ^libtiffxx5(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^idle-python3.5(?::\w+|)\s+(.*)$ ^libpython3.5(?::\w+|)\s+(.*)$ ^libpython3.5-dev(?::\w+|)\s+(.*)$ ^libpython3.5-minimal(?::\w+|)\s+(.*)$ ^libpython3.5-stdlib(?::\w+|)\s+(.*)$ ^libpython3.5-testsuite(?::\w+|)\s+(.*)$ ^python3.5(?::\w+|)\s+(.*)$ ^python3.5-dev(?::\w+|)\s+(.*)$ ^python3.5-doc(?::\w+|)\s+(.*)$ ^python3.5-examples(?::\w+|)\s+(.*)$ ^python3.5-minimal(?::\w+|)\s+(.*)$ ^python3.5-venv(?::\w+|)\s+(.*)$ ^afflib-tools(?::\w+|)\s+(.*)$ ^libafflib-dev(?::\w+|)\s+(.*)$ ^libafflib0v5(?::\w+|)\s+(.*)$ ^ec2-hibinit-agent(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre-jamvm(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^redis-sentinel(?::\w+|)\s+(.*)$ ^redis-server(?::\w+|)\s+(.*)$ ^redis-tools(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^bluetooth(?::\w+|)\s+(.*)$ ^bluez(?::\w+|)\s+(.*)$ ^bluez-cups(?::\w+|)\s+(.*)$ ^bluez-hcidump(?::\w+|)\s+(.*)$ ^bluez-obexd(?::\w+|)\s+(.*)$ ^bluez-tests(?::\w+|)\s+(.*)$ ^libbluetooth-dev(?::\w+|)\s+(.*)$ ^libbluetooth3(?::\w+|)\s+(.*)$ ^glibc-doc(?::\w+|)\s+(.*)$ ^glibc-source(?::\w+|)\s+(.*)$ ^libc-bin(?::\w+|)\s+(.*)$ ^libc-dev-bin(?::\w+|)\s+(.*)$ ^libc6(?::\w+|)\s+(.*)$ ^libc6-amd64(?::\w+|)\s+(.*)$ ^libc6-armel(?::\w+|)\s+(.*)$ ^libc6-dev(?::\w+|)\s+(.*)$ ^libc6-dev-amd64(?::\w+|)\s+(.*)$ ^libc6-dev-armel(?::\w+|)\s+(.*)$ ^libc6-dev-i386(?::\w+|)\s+(.*)$ ^libc6-dev-s390(?::\w+|)\s+(.*)$ ^libc6-dev-x32(?::\w+|)\s+(.*)$ ^libc6-i386(?::\w+|)\s+(.*)$ ^libc6-pic(?::\w+|)\s+(.*)$ ^libc6-s390(?::\w+|)\s+(.*)$ ^libc6-x32(?::\w+|)\s+(.*)$ ^locales(?::\w+|)\s+(.*)$ ^locales-all(?::\w+|)\s+(.*)$ ^multiarch-support(?::\w+|)\s+(.*)$ ^nscd(?::\w+|)\s+(.*)$ ^libtinyxml-dev(?::\w+|)\s+(.*)$ ^libtinyxml-doc(?::\w+|)\s+(.*)$ ^libtinyxml2.6.2v5(?::\w+|)\s+(.*)$ ^tar(?::\w+|)\s+(.*)$ ^tar-scripts(?::\w+|)\s+(.*)$ ^xdmx(?::\w+|)\s+(.*)$ ^xdmx-tools(?::\w+|)\s+(.*)$ ^xmir(?::\w+|)\s+(.*)$ ^xnest(?::\w+|)\s+(.*)$ ^xorg-server-source(?::\w+|)\s+(.*)$ ^xserver-common(?::\w+|)\s+(.*)$ ^xserver-xephyr(?::\w+|)\s+(.*)$ ^xserver-xorg-core(?::\w+|)\s+(.*)$ ^xserver-xorg-dev(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy(?::\w+|)\s+(.*)$ ^xserver-xorg-xmir(?::\w+|)\s+(.*)$ ^xvfb(?::\w+|)\s+(.*)$ ^xwayland(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^vim-athena-py2(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-gnome-py2(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gtk-py2(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-gtk3-py2(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^vim-nox-py2(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^audiofile-tools(?::\w+|)\s+(.*)$ ^libaudiofile-dev(?::\w+|)\s+(.*)$ ^libaudiofile1(?::\w+|)\s+(.*)$ ^libzookeeper-java(?::\w+|)\s+(.*)$ ^libzookeeper-java-doc(?::\w+|)\s+(.*)$ ^libzookeeper-mt-dev(?::\w+|)\s+(.*)$ ^libzookeeper-mt2(?::\w+|)\s+(.*)$ ^libzookeeper-st-dev(?::\w+|)\s+(.*)$ ^libzookeeper-st2(?::\w+|)\s+(.*)$ ^libzookeeper2(?::\w+|)\s+(.*)$ ^python-zookeeper(?::\w+|)\s+(.*)$ ^zookeeper(?::\w+|)\s+(.*)$ ^zookeeper-bin(?::\w+|)\s+(.*)$ ^zookeeperd(?::\w+|)\s+(.*)$ ^openssh-client(?::\w+|)\s+(.*)$ ^openssh-client-ssh1(?::\w+|)\s+(.*)$ ^openssh-server(?::\w+|)\s+(.*)$ ^openssh-sftp-server(?::\w+|)\s+(.*)$ ^ssh(?::\w+|)\s+(.*)$ ^ssh-askpass-gnome(?::\w+|)\s+(.*)$ ^ssh-krb5(?::\w+|)\s+(.*)$ ^libecpg-compat3(?::\w+|)\s+(.*)$ ^libecpg-dev(?::\w+|)\s+(.*)$ ^libecpg6(?::\w+|)\s+(.*)$ ^libpgtypes3(?::\w+|)\s+(.*)$ ^libpq-dev(?::\w+|)\s+(.*)$ ^libpq5(?::\w+|)\s+(.*)$ ^postgresql-9.5(?::\w+|)\s+(.*)$ ^postgresql-client-9.5(?::\w+|)\s+(.*)$ ^postgresql-contrib-9.5(?::\w+|)\s+(.*)$ ^postgresql-doc-9.5(?::\w+|)\s+(.*)$ ^postgresql-plperl-9.5(?::\w+|)\s+(.*)$ ^postgresql-plpython-9.5(?::\w+|)\s+(.*)$ ^postgresql-plpython3-9.5(?::\w+|)\s+(.*)$ ^postgresql-pltcl-9.5(?::\w+|)\s+(.*)$ ^postgresql-server-dev-9.5(?::\w+|)\s+(.*)$ ^monit(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^libxerces-c-dev(?::\w+|)\s+(.*)$ ^libxerces-c-doc(?::\w+|)\s+(.*)$ ^libxerces-c-samples(?::\w+|)\s+(.*)$ ^libxerces-c3.1(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-common(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^libmail-spf-xs-perl(?::\w+|)\s+(.*)$ ^libspf2-2(?::\w+|)\s+(.*)$ ^libspf2-dev(?::\w+|)\s+(.*)$ ^spfquery(?::\w+|)\s+(.*)$ ^libmail-spf-xs-perl(?::\w+|)\s+(.*)$ ^libspf2-2(?::\w+|)\s+(.*)$ ^libspf2-dev(?::\w+|)\s+(.*)$ ^spfquery(?::\w+|)\s+(.*)$ ^libfreeimage-dev(?::\w+|)\s+(.*)$ ^libfreeimage3(?::\w+|)\s+(.*)$ ^libfreeimageplus-dev(?::\w+|)\s+(.*)$ ^libfreeimageplus-doc(?::\w+|)\s+(.*)$ ^libfreeimageplus3(?::\w+|)\s+(.*)$ ^xdmx(?::\w+|)\s+(.*)$ ^xdmx-tools(?::\w+|)\s+(.*)$ ^xmir(?::\w+|)\s+(.*)$ ^xnest(?::\w+|)\s+(.*)$ ^xorg-server-source(?::\w+|)\s+(.*)$ ^xserver-common(?::\w+|)\s+(.*)$ ^xserver-xephyr(?::\w+|)\s+(.*)$ ^xserver-xorg-core(?::\w+|)\s+(.*)$ ^xserver-xorg-dev(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy(?::\w+|)\s+(.*)$ ^xserver-xorg-xmir(?::\w+|)\s+(.*)$ ^xvfb(?::\w+|)\s+(.*)$ ^xwayland(?::\w+|)\s+(.*)$ ^xdmx(?::\w+|)\s+(.*)$ ^xdmx-tools(?::\w+|)\s+(.*)$ ^xmir(?::\w+|)\s+(.*)$ ^xnest(?::\w+|)\s+(.*)$ ^xorg-server-source(?::\w+|)\s+(.*)$ ^xserver-common(?::\w+|)\s+(.*)$ ^xserver-xephyr(?::\w+|)\s+(.*)$ ^xserver-xorg-core(?::\w+|)\s+(.*)$ ^xserver-xorg-dev(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy(?::\w+|)\s+(.*)$ ^xserver-xorg-xmir(?::\w+|)\s+(.*)$ ^xvfb(?::\w+|)\s+(.*)$ ^xwayland(?::\w+|)\s+(.*)$ ^libpam-cracklib(?::\w+|)\s+(.*)$ ^libpam-doc(?::\w+|)\s+(.*)$ ^libpam-modules(?::\w+|)\s+(.*)$ ^libpam-modules-bin(?::\w+|)\s+(.*)$ ^libpam-runtime(?::\w+|)\s+(.*)$ ^libpam0g(?::\w+|)\s+(.*)$ ^libpam0g-dev(?::\w+|)\s+(.*)$ ^libxerces-c-dev(?::\w+|)\s+(.*)$ ^libxerces-c-doc(?::\w+|)\s+(.*)$ ^libxerces-c-samples(?::\w+|)\s+(.*)$ ^libxerces-c3.1(?::\w+|)\s+(.*)$ ^postfix(?::\w+|)\s+(.*)$ ^postfix-cdb(?::\w+|)\s+(.*)$ ^postfix-dev(?::\w+|)\s+(.*)$ ^postfix-doc(?::\w+|)\s+(.*)$ ^postfix-ldap(?::\w+|)\s+(.*)$ ^postfix-mysql(?::\w+|)\s+(.*)$ ^postfix-pcre(?::\w+|)\s+(.*)$ ^postfix-pgsql(?::\w+|)\s+(.*)$ ^postfix(?::\w+|)\s+(.*)$ ^postfix-cdb(?::\w+|)\s+(.*)$ ^postfix-dev(?::\w+|)\s+(.*)$ ^postfix-doc(?::\w+|)\s+(.*)$ ^postfix-ldap(?::\w+|)\s+(.*)$ ^postfix-mysql(?::\w+|)\s+(.*)$ ^postfix-pcre(?::\w+|)\s+(.*)$ ^postfix-pgsql(?::\w+|)\s+(.*)$ ^libssh-4(?::\w+|)\s+(.*)$ ^libssh-dev(?::\w+|)\s+(.*)$ ^libssh-doc(?::\w+|)\s+(.*)$ ^libssh-gcrypt-4(?::\w+|)\s+(.*)$ ^libssh-gcrypt-dev(?::\w+|)\s+(.*)$ ^libapache-session-ldap-perl(?::\w+|)\s+(.*)$ ^python-jinja2(?::\w+|)\s+(.*)$ ^python-jinja2-doc(?::\w+|)\s+(.*)$ ^python3-jinja2(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^exim4(?::\w+|)\s+(.*)$ ^exim4-base(?::\w+|)\s+(.*)$ ^exim4-config(?::\w+|)\s+(.*)$ ^exim4-daemon-heavy(?::\w+|)\s+(.*)$ ^exim4-daemon-light(?::\w+|)\s+(.*)$ ^exim4-dev(?::\w+|)\s+(.*)$ ^eximon4(?::\w+|)\s+(.*)$ ^libtinyxml-dev(?::\w+|)\s+(.*)$ ^libtinyxml-doc(?::\w+|)\s+(.*)$ ^libtinyxml2.6.2v5(?::\w+|)\s+(.*)$ ^ceph(?::\w+|)\s+(.*)$ ^ceph-common(?::\w+|)\s+(.*)$ ^ceph-fs-common(?::\w+|)\s+(.*)$ ^ceph-fuse(?::\w+|)\s+(.*)$ ^ceph-mds(?::\w+|)\s+(.*)$ ^ceph-resource-agents(?::\w+|)\s+(.*)$ ^ceph-test(?::\w+|)\s+(.*)$ ^libcephfs-dev(?::\w+|)\s+(.*)$ ^libcephfs-java(?::\w+|)\s+(.*)$ ^libcephfs-jni(?::\w+|)\s+(.*)$ ^libcephfs1(?::\w+|)\s+(.*)$ ^librados-dev(?::\w+|)\s+(.*)$ ^librados2(?::\w+|)\s+(.*)$ ^libradosstriper-dev(?::\w+|)\s+(.*)$ ^libradosstriper1(?::\w+|)\s+(.*)$ ^librbd-dev(?::\w+|)\s+(.*)$ ^librbd1(?::\w+|)\s+(.*)$ ^librgw-dev(?::\w+|)\s+(.*)$ ^librgw2(?::\w+|)\s+(.*)$ ^python-ceph(?::\w+|)\s+(.*)$ ^python-cephfs(?::\w+|)\s+(.*)$ ^python-rados(?::\w+|)\s+(.*)$ ^python-rbd(?::\w+|)\s+(.*)$ ^radosgw(?::\w+|)\s+(.*)$ ^rbd-fuse(?::\w+|)\s+(.*)$ ^rbd-mirror(?::\w+|)\s+(.*)$ ^rbd-nbd(?::\w+|)\s+(.*)$ ^libde265-0(?::\w+|)\s+(.*)$ ^libde265-dev(?::\w+|)\s+(.*)$ ^libde265-examples(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-5v5(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-2-extra(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-2(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^libde265-0(?::\w+|)\s+(.*)$ ^libde265-dev(?::\w+|)\s+(.*)$ ^libde265-examples(?::\w+|)\s+(.*)$ ^python-ujson(?::\w+|)\s+(.*)$ ^python3-ujson(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^login(?::\w+|)\s+(.*)$ ^passwd(?::\w+|)\s+(.*)$ ^uidmap(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^libcurl3(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libtiff-doc(?::\w+|)\s+(.*)$ ^libtiff-opengl(?::\w+|)\s+(.*)$ ^libtiff-tools(?::\w+|)\s+(.*)$ ^libtiff5(?::\w+|)\s+(.*)$ ^libtiff5-dev(?::\w+|)\s+(.*)$ ^libtiffxx5(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^roundcube(?::\w+|)\s+(.*)$ ^roundcube-core(?::\w+|)\s+(.*)$ ^roundcube-mysql(?::\w+|)\s+(.*)$ ^roundcube-pgsql(?::\w+|)\s+(.*)$ ^roundcube-plugins(?::\w+|)\s+(.*)$ ^roundcube-sqlite3(?::\w+|)\s+(.*)$ ^libecpg-compat3(?::\w+|)\s+(.*)$ ^libecpg-dev(?::\w+|)\s+(.*)$ ^libecpg6(?::\w+|)\s+(.*)$ ^libpgtypes3(?::\w+|)\s+(.*)$ ^libpq-dev(?::\w+|)\s+(.*)$ ^libpq5(?::\w+|)\s+(.*)$ ^postgresql-9.5(?::\w+|)\s+(.*)$ ^postgresql-client-9.5(?::\w+|)\s+(.*)$ ^postgresql-contrib-9.5(?::\w+|)\s+(.*)$ ^postgresql-doc-9.5(?::\w+|)\s+(.*)$ ^postgresql-plperl-9.5(?::\w+|)\s+(.*)$ ^postgresql-plpython-9.5(?::\w+|)\s+(.*)$ ^postgresql-plpython3-9.5(?::\w+|)\s+(.*)$ ^postgresql-pltcl-9.5(?::\w+|)\s+(.*)$ ^postgresql-server-dev-9.5(?::\w+|)\s+(.*)$ ^dnsmasq(?::\w+|)\s+(.*)$ ^dnsmasq-base(?::\w+|)\s+(.*)$ ^dnsmasq-base-lua(?::\w+|)\s+(.*)$ ^dnsmasq-utils(?::\w+|)\s+(.*)$ ^libxml2(?::\w+|)\s+(.*)$ ^libxml2-dev(?::\w+|)\s+(.*)$ ^libxml2-doc(?::\w+|)\s+(.*)$ ^libxml2-utils(?::\w+|)\s+(.*)$ ^python-libxml2(?::\w+|)\s+(.*)$ ^libde265-0(?::\w+|)\s+(.*)$ ^libde265-dev(?::\w+|)\s+(.*)$ ^libde265-examples(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^less(?::\w+|)\s+(.*)$ ^python-cryptography(?::\w+|)\s+(.*)$ ^python-cryptography-doc(?::\w+|)\s+(.*)$ ^python3-cryptography(?::\w+|)\s+(.*)$ ^libc-ares-dev(?::\w+|)\s+(.*)$ ^libc-ares2(?::\w+|)\s+(.*)$ ^libde265-0(?::\w+|)\s+(.*)$ ^libde265-dev(?::\w+|)\s+(.*)$ ^libde265-examples(?::\w+|)\s+(.*)$ ^libgit2-24(?::\w+|)\s+(.*)$ ^libgit2-dev(?::\w+|)\s+(.*)$ ^lib32ncurses5(?::\w+|)\s+(.*)$ ^lib32ncurses5-dev(?::\w+|)\s+(.*)$ ^lib32ncursesw5(?::\w+|)\s+(.*)$ ^lib32ncursesw5-dev(?::\w+|)\s+(.*)$ ^lib32tinfo-dev(?::\w+|)\s+(.*)$ ^lib32tinfo5(?::\w+|)\s+(.*)$ ^lib64ncurses5(?::\w+|)\s+(.*)$ ^lib64ncurses5-dev(?::\w+|)\s+(.*)$ ^lib64tinfo5(?::\w+|)\s+(.*)$ ^libncurses5(?::\w+|)\s+(.*)$ ^libncurses5-dev(?::\w+|)\s+(.*)$ ^libncursesw5(?::\w+|)\s+(.*)$ ^libncursesw5-dev(?::\w+|)\s+(.*)$ ^libtinfo-dev(?::\w+|)\s+(.*)$ ^libtinfo5(?::\w+|)\s+(.*)$ ^libx32ncurses5(?::\w+|)\s+(.*)$ ^libx32ncurses5-dev(?::\w+|)\s+(.*)$ ^libx32ncursesw5(?::\w+|)\s+(.*)$ ^libx32ncursesw5-dev(?::\w+|)\s+(.*)$ ^libx32tinfo-dev(?::\w+|)\s+(.*)$ ^libx32tinfo5(?::\w+|)\s+(.*)$ ^ncurses-base(?::\w+|)\s+(.*)$ ^ncurses-bin(?::\w+|)\s+(.*)$ ^ncurses-doc(?::\w+|)\s+(.*)$ ^ncurses-examples(?::\w+|)\s+(.*)$ ^ncurses-term(?::\w+|)\s+(.*)$ ^libmqtt-client-java(?::\w+|)\s+(.*)$ ^libgoogle-gson-java(?::\w+|)\s+(.*)$ ^libgoogle-gson-java-doc(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^vim-athena-py2(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-gnome-py2(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gtk-py2(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-gtk3-py2(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^vim-nox-py2(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^graphviz(?::\w+|)\s+(.*)$ ^graphviz-dev(?::\w+|)\s+(.*)$ ^graphviz-doc(?::\w+|)\s+(.*)$ ^libcdt5(?::\w+|)\s+(.*)$ ^libcgraph6(?::\w+|)\s+(.*)$ ^libgraphviz-dev(?::\w+|)\s+(.*)$ ^libgv-guile(?::\w+|)\s+(.*)$ ^libgv-lua(?::\w+|)\s+(.*)$ ^libgv-perl(?::\w+|)\s+(.*)$ ^libgv-python(?::\w+|)\s+(.*)$ ^libgv-ruby(?::\w+|)\s+(.*)$ ^libgv-tcl(?::\w+|)\s+(.*)$ ^libgvc6(?::\w+|)\s+(.*)$ ^libgvc6-plugins-gtk(?::\w+|)\s+(.*)$ ^libgvpr2(?::\w+|)\s+(.*)$ ^libpathplan4(?::\w+|)\s+(.*)$ ^libxdot4(?::\w+|)\s+(.*)$ ^libodbc1(?::\w+|)\s+(.*)$ ^odbcinst(?::\w+|)\s+(.*)$ ^odbcinst1debian2(?::\w+|)\s+(.*)$ ^unixodbc(?::\w+|)\s+(.*)$ ^unixodbc-dev(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^libcurl3(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^xdmx(?::\w+|)\s+(.*)$ ^xdmx-tools(?::\w+|)\s+(.*)$ ^xmir(?::\w+|)\s+(.*)$ ^xnest(?::\w+|)\s+(.*)$ ^xorg-server-source(?::\w+|)\s+(.*)$ ^xserver-common(?::\w+|)\s+(.*)$ ^xserver-xephyr(?::\w+|)\s+(.*)$ ^xserver-xorg-core(?::\w+|)\s+(.*)$ ^xserver-xorg-dev(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy(?::\w+|)\s+(.*)$ ^xserver-xorg-xmir(?::\w+|)\s+(.*)$ ^xvfb(?::\w+|)\s+(.*)$ ^xwayland(?::\w+|)\s+(.*)$ ^xdmx(?::\w+|)\s+(.*)$ ^xdmx-tools(?::\w+|)\s+(.*)$ ^xmir(?::\w+|)\s+(.*)$ ^xnest(?::\w+|)\s+(.*)$ ^xorg-server-source(?::\w+|)\s+(.*)$ ^xserver-common(?::\w+|)\s+(.*)$ ^xserver-xephyr(?::\w+|)\s+(.*)$ ^xserver-xorg-core(?::\w+|)\s+(.*)$ ^xserver-xorg-dev(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy(?::\w+|)\s+(.*)$ ^xserver-xorg-xmir(?::\w+|)\s+(.*)$ ^xvfb(?::\w+|)\s+(.*)$ ^xwayland(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^host(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libbind9-140(?::\w+|)\s+(.*)$ ^libdns-export162(?::\w+|)\s+(.*)$ ^libdns162(?::\w+|)\s+(.*)$ ^libirs-export141(?::\w+|)\s+(.*)$ ^libirs141(?::\w+|)\s+(.*)$ ^libisc-export160(?::\w+|)\s+(.*)$ ^libisc160(?::\w+|)\s+(.*)$ ^libisccc-export140(?::\w+|)\s+(.*)$ ^libisccc-export140-udeb(?::\w+|)\s+(.*)$ ^libisccc140(?::\w+|)\s+(.*)$ ^libisccfg-export140(?::\w+|)\s+(.*)$ ^libisccfg140(?::\w+|)\s+(.*)$ ^liblwres141(?::\w+|)\s+(.*)$ ^lwresd(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^libmaven-shared-utils-java(?::\w+|)\s+(.*)$ ^libmaven-shared-utils-java-doc(?::\w+|)\s+(.*)$ ^yard(?::\w+|)\s+(.*)$ ^yard-doc(?::\w+|)\s+(.*)$ ^nodejs(?::\w+|)\s+(.*)$ ^nodejs-dev(?::\w+|)\s+(.*)$ ^nodejs-legacy(?::\w+|)\s+(.*)$ ^klibc-utils(?::\w+|)\s+(.*)$ ^libklibc(?::\w+|)\s+(.*)$ ^libklibc-dev(?::\w+|)\s+(.*)$ ^golang-github-lxc-lxd-dev(?::\w+|)\s+(.*)$ ^lxc2(?::\w+|)\s+(.*)$ ^lxd(?::\w+|)\s+(.*)$ ^lxd-client(?::\w+|)\s+(.*)$ ^lxd-tools(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^python-imaging(?::\w+|)\s+(.*)$ ^python-pil(?::\w+|)\s+(.*)$ ^python-pil-doc(?::\w+|)\s+(.*)$ ^python-pil.imagetk(?::\w+|)\s+(.*)$ ^python3-pil(?::\w+|)\s+(.*)$ ^python3-pil.imagetk(?::\w+|)\s+(.*)$ ^percona-xtrabackup(?::\w+|)\s+(.*)$ ^percona-xtrabackup-test(?::\w+|)\s+(.*)$ ^xtrabackup(?::\w+|)\s+(.*)$ ^zabbix-agent(?::\w+|)\s+(.*)$ ^zabbix-frontend-php(?::\w+|)\s+(.*)$ ^zabbix-java-gateway(?::\w+|)\s+(.*)$ ^zabbix-proxy-mysql(?::\w+|)\s+(.*)$ ^zabbix-proxy-pgsql(?::\w+|)\s+(.*)$ ^zabbix-proxy-sqlite3(?::\w+|)\s+(.*)$ ^zabbix-server-mysql(?::\w+|)\s+(.*)$ ^zabbix-server-pgsql(?::\w+|)\s+(.*)$ ^libjs-cryptojs(?::\w+|)\s+(.*)$ ^libnghttp2-14(?::\w+|)\s+(.*)$ ^libnghttp2-dev(?::\w+|)\s+(.*)$ ^libnghttp2-doc(?::\w+|)\s+(.*)$ ^nghttp2(?::\w+|)\s+(.*)$ ^nghttp2-client(?::\w+|)\s+(.*)$ ^nghttp2-proxy(?::\w+|)\s+(.*)$ ^nghttp2-server(?::\w+|)\s+(.*)$ ^less(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.0(?::\w+|)\s+(.*)$ ^libphp7.0-embed(?::\w+|)\s+(.*)$ ^php7.0(?::\w+|)\s+(.*)$ ^php7.0-bcmath(?::\w+|)\s+(.*)$ ^php7.0-bz2(?::\w+|)\s+(.*)$ ^php7.0-cgi(?::\w+|)\s+(.*)$ ^php7.0-cli(?::\w+|)\s+(.*)$ ^php7.0-common(?::\w+|)\s+(.*)$ ^php7.0-curl(?::\w+|)\s+(.*)$ ^php7.0-dba(?::\w+|)\s+(.*)$ ^php7.0-dev(?::\w+|)\s+(.*)$ ^php7.0-enchant(?::\w+|)\s+(.*)$ ^php7.0-fpm(?::\w+|)\s+(.*)$ ^php7.0-gd(?::\w+|)\s+(.*)$ ^php7.0-gmp(?::\w+|)\s+(.*)$ ^php7.0-imap(?::\w+|)\s+(.*)$ ^php7.0-interbase(?::\w+|)\s+(.*)$ ^php7.0-intl(?::\w+|)\s+(.*)$ ^php7.0-json(?::\w+|)\s+(.*)$ ^php7.0-ldap(?::\w+|)\s+(.*)$ ^php7.0-mbstring(?::\w+|)\s+(.*)$ ^php7.0-mcrypt(?::\w+|)\s+(.*)$ ^php7.0-mysql(?::\w+|)\s+(.*)$ ^php7.0-odbc(?::\w+|)\s+(.*)$ ^php7.0-opcache(?::\w+|)\s+(.*)$ ^php7.0-pgsql(?::\w+|)\s+(.*)$ ^php7.0-phpdbg(?::\w+|)\s+(.*)$ ^php7.0-pspell(?::\w+|)\s+(.*)$ ^php7.0-readline(?::\w+|)\s+(.*)$ ^php7.0-recode(?::\w+|)\s+(.*)$ ^php7.0-snmp(?::\w+|)\s+(.*)$ ^php7.0-soap(?::\w+|)\s+(.*)$ ^php7.0-sqlite3(?::\w+|)\s+(.*)$ ^php7.0-sybase(?::\w+|)\s+(.*)$ ^php7.0-tidy(?::\w+|)\s+(.*)$ ^php7.0-xml(?::\w+|)\s+(.*)$ ^php7.0-xmlrpc(?::\w+|)\s+(.*)$ ^php7.0-xsl(?::\w+|)\s+(.*)$ ^php7.0-zip(?::\w+|)\s+(.*)$ ^gerbv(?::\w+|)\s+(.*)$ ^anope(?::\w+|)\s+(.*)$ ^glibc-doc(?::\w+|)\s+(.*)$ ^glibc-source(?::\w+|)\s+(.*)$ ^libc-bin(?::\w+|)\s+(.*)$ ^libc-dev-bin(?::\w+|)\s+(.*)$ ^libc6(?::\w+|)\s+(.*)$ ^libc6-amd64(?::\w+|)\s+(.*)$ ^libc6-armel(?::\w+|)\s+(.*)$ ^libc6-dev(?::\w+|)\s+(.*)$ ^libc6-dev-amd64(?::\w+|)\s+(.*)$ ^libc6-dev-armel(?::\w+|)\s+(.*)$ ^libc6-dev-i386(?::\w+|)\s+(.*)$ ^libc6-dev-s390(?::\w+|)\s+(.*)$ ^libc6-dev-x32(?::\w+|)\s+(.*)$ ^libc6-i386(?::\w+|)\s+(.*)$ ^libc6-pic(?::\w+|)\s+(.*)$ ^libc6-s390(?::\w+|)\s+(.*)$ ^libc6-x32(?::\w+|)\s+(.*)$ ^locales(?::\w+|)\s+(.*)$ ^locales-all(?::\w+|)\s+(.*)$ ^multiarch-support(?::\w+|)\s+(.*)$ ^nscd(?::\w+|)\s+(.*)$